Skip to content

Instantly share code, notes, and snippets.

Avatar

Myo Soe (aka Aung Khant) yehgdotnet

View GitHub Profile
@yehgdotnet
yehgdotnet / install_phpzip.md
Last active Jun 10, 2021
MAMP PRO for Mac OSX - Installing PHP ZIP extension
View install_phpzip.md

From Terminal

# install dependencies
brew install autoconf # required by pecl 
brew install libzip


# install zip extenion in your selected MAMP PHP version 
ls /Applications/MAMP/bin/php/
View get-shodan-favicon-hash.py
# https://twitter.com/brsn76945860/status/1171233054951501824
pip install mmh3
-----------------------------
# python 2
import mmh3
import requests
response = requests.get('https://cybersecurity.wtf/favicon.ico')
favicon = response.content.encode('base64')
@yehgdotnet
yehgdotnet / readlocal.js
Created May 25, 2021
Read local file using JavaScript
View readlocal.js
<!-- https://www.geeksforgeeks.org/how-to-read-a-local-text-file-using-javascript/ -->
<!DOCTYPE html>
<html>
<head>
<title>Read Text File</title>
</head>
<body>
<input type="file" name="inputfile"
View is-vpn-active.sh
while true
do
sudo ifconfig tun0 &> /dev/null && echo -e "\033[1;32m" "-- VPN is active --" "\033[0m"
sudo ifconfig tun0 &> /dev/null || echo -e "\033[1;31m" "-- VPN is NOT active --" "\033[0m"
sleep 5
done
View gist:d541c60eaa8b6cd9db71e7463ed1bb1c
A very fast and easy solution is to use FileSaver.js :
1) Add the following line into the ==UserScript== section of your Greasemonkey script
// @require https://raw.githubusercontent.com/eligrey/FileSaver.js/master/src/FileSaver.js
2) Add the 2 following lines of code to the GM script
var blob = new Blob(["Hello, world!"], {type: "text/plain;charset=utf-8"});
saveAs(blob, "hello world.txt");
@yehgdotnet
yehgdotnet / recon-by-mentor.sh
Created Aug 16, 2020
CyberMentor's Recon script - https://pastebin.com/raw/MhE6zXVt by Heath Adams
View recon-by-mentor.sh
#!/bin/bash
url=$1
if [ ! -d "$url" ];then
mkdir $url
fi
if [ ! -d "$url/recon" ];then
mkdir $url/recon
fi
# if [ ! -d '$url/recon/eyewitness' ];then
# mkdir $url/recon/eyewitness
View gist:b88fa0bcd3845678d5d8434753a88566
Purpose: To prevent deobfuscation
Symbols are usually stripped during the build process, so you need the compiled byte-code and libraries to verify whether any unnecessary metadata has been discarded.
First find the nm binary in your Android NDK and export it (or create an alias).
View review object serialisation class
Object Serialization
Search the source code for the following keywords:
import java.io.Serializable
implements Serializable
JSON
Static analysis depends on the library being used. In case of the need to counter memory-dumping, make sure that highly sensitive information is not stored in JSON as you cannot guarantee any anti-memory dumping techniques with the standard libraries. You can check for the following keywords per library:
@yehgdotnet
yehgdotnet / gist:ec6ae948a6735d66f6eaff2ef60649a3
Created Feb 13, 2021
Bypass IP-based restriction through spoofed localhost header
View gist:ec6ae948a6735d66f6eaff2ef60649a3
X-Azure-ClientIP: 127.0.0.1
X-Azure-SocketIP: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Forwarded-Host: localhost
View shodan.go
package main
import (
"log"
//"os"
"context"
"github.com/ns3777k/go-shodan/shodan"
"fmt"
"flag"
"strings"