Skip to content

Instantly share code, notes, and snippets.

View yehgdotnet's full-sized avatar

Aung Khant yehgdotnet

99 followers · 207 following
View GitHub Profile
@yehgdotnet
yehgdotnet / gist:ec6ae948a6735d66f6eaff2ef60649a3
Last active March 22, 2025 09:01
Bypass IP-based restriction through spoofed localhost header
X-Azure-ClientIP: 127.0.0.1
X-Azure-SocketIP: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Real-Ip: 127.0.0.1
X-Target-IP: 127.0.0.1
X-Forwarded-Host: localhost
True-Client-IP: 127.0.0.1
@yehgdotnet
yehgdotnet / get-shodan-favicon-hash.py
Last active January 23, 2025 06:02
Get Shodan FAVICON Hash
# https://twitter.com/brsn76945860/status/1171233054951501824
pip install mmh3
-----------------------------
# python 2
import mmh3
import requests
response = requests.get('https://cybersecurity.wtf/favicon.ico')
favicon = response.content.encode('base64')
@yehgdotnet
yehgdotnet / gist:6353e367cb1178017980d2437417d6a5
Created November 24, 2016 02:10
.htaccess (allow only cloudflare IP range) Raw
<Files 403.shtml>
order allow,deny
allow from all
</Files>
# https://www.cloudflare.com/ips-v4
# https://www.cloudflare.com/ips-v6
deny from all
allow from 103.21.244.0/22
@yehgdotnet
yehgdotnet / readlocal.js
Created May 25, 2021 04:14
Read local file using JavaScript
<!-- https://www.geeksforgeeks.org/how-to-read-a-local-text-file-using-javascript/ -->
<!DOCTYPE html>
<html>
<head>
<title>Read Text File</title>
</head>
<body>
<input type="file" name="inputfile"
@yehgdotnet
yehgdotnet / xss2gif.py
Created December 1, 2019 12:41
XSS via valid gif
#!/usr/bin/env python2
#============================================================================================================#
#======= Simply injects a JavaScript Payload into a GIF. ====================================================#
#======= or it creates a JavaScript Payload as a GIF. ====================================================#
#======= The resulting GIF must be a valid (not corrupted) GIF. =============================================#
#======= Author: marcoramilli.blogspot.com ==================================================================#
#======= Version: PoC (don't even think to use it in development env.) ======================================#
#======= Disclaimer: ========================================================================================#
#THIS IS NOT PEP3 FORMATTED
#THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR
@yehgdotnet
yehgdotnet / recon-by-mentor.sh
Created August 16, 2020 16:57
CyberMentor's Recon script - https://pastebin.com/raw/MhE6zXVt by Heath Adams
#!/bin/bash
url=$1
if [ ! -d "$url" ];then
mkdir $url
fi
if [ ! -d "$url/recon" ];then
mkdir $url/recon
fi
# if [ ! -d '$url/recon/eyewitness' ];then
# mkdir $url/recon/eyewitness
@yehgdotnet
yehgdotnet / install_phpzip.md
Last active February 7, 2023 13:14
MAMP PRO for Mac OSX - Installing PHP ZIP extension

From Terminal

# install dependencies
brew install autoconf # required by pecl 
brew install libzip


# install zip extenion in your selected MAMP PHP version 
ls /Applications/MAMP/bin/php/
@yehgdotnet
yehgdotnet / goscreenshot.go
Created September 26, 2020 14:49
goscreenshot.go
//https://golangcode.com/headless-chrome-screenshot/
package main
import (
"context"
"io/ioutil"
"log"
"github.com/chromedp/cdproto/page"
@yehgdotnet
yehgdotnet / randomizeip.sh
Created September 25, 2020 14:56
Randomize Hostname and Renew IP
#!/bin/bash
echo +++++++++++++++++++++++++++++++++++++++++
echo Randomize Hostname and Renew IP
echo by Aung Khant, http://yehg.net
echo +++++++++++++++++++++++++++++++++++++++++
echo
########################################################
sleep 1
@yehgdotnet
yehgdotnet / read-ip-from-file.go
Created August 2, 2020 02:46
Golang Extract IP from file (raw.txt)
package main
import (
"fmt"
"regexp"
"io/ioutil"
"log"
)
func main() {