Skip to content

Instantly share code, notes, and snippets.

View OGoodness's full-sized avatar
:octocat:
Doing my best

Noah OGoodness

:octocat:
Doing my best
50 followers · 142 following
View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active October 30, 2025 16:39
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@JonnyWong16
JonnyWong16 / openPlexSearch.user.js
Last active January 31, 2024 19:35
Open the Plex search page when pressing enter in the search box.
// ==UserScript==
// @name Open Plex Serach Page on Enter
// @namespace https://app.plex.tv
// @version 1.1
// @description Open the Plex search page when pressing enter in the search box.
// @author JonnyWong16
// @homepage https://gist.github.com/JonnyWong16/1ebd38a5f5872408e5b840ed28006dec
// @downloadURL https://gist.github.com/JonnyWong16/1ebd38a5f5872408e5b840ed28006dec/raw/openPlexSearch.user.js
// @updateURL https://gist.github.com/JonnyWong16/1ebd38a5f5872408e5b840ed28006dec/raw/openPlexSearch.user.js
// @match https://app.plex.tv/*
@5t33
5t33 / lambda-api-demo-xray-sql.js
Created July 20, 2020 03:31
if(!process.env.FLYWAY_ENV ) {
const capturePostgres = require('aws-xray-sdk-postgres');
capturePostgres(require('pg'));
}
const pgPromise = require('pg-promise')();
module.exports.dbConfig = ({
host: process.env.DB_HOST,
user: process.env.DB_USER,
password: process.env.DB_PASS,
@dwisiswant0
dwisiswant0 / .bash_profile
Created May 27, 2020 07:38
SQLi & XSS Vulnerability Scanner
###
# ▶ go get -u github.com/lc/gau
# ▶ go get -u github.com/tomnomnom/qsreplace
# ▶ go get -u github.com/tomnomnom/hacks/kxss
# ▶ go get -u github.com/hahwul/dalfox
# ▶ git clone https://github.com/dwisiswant0/DSSS
###
gauq() {
@hussein98d
hussein98d / ssrf.sh
Created May 7, 2020 02:09
This script takes a domain name and a callback server, parses links , appends SSRF parameters and fire the requests.
echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d"
echo "Usage: bash script.sh domain.com http://server-callbak"
echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls"
if [ -z "$1" ]; then
echo >&2 "ERROR: Domain not set"
exit 2
fi
if [ -z "$2" ]; then
echo >&2 "ERROR: Sever link not set"
exit 2
@bodokaiser
bodokaiser / context.ts
Last active June 19, 2025 19:36
React Hook integration for AWS Amplify Auth
import React from "react"
import { CognitoUser } from "@aws-amplify/auth"
import { useAuth } from "./hooks"
import { SignInInput } from "./types"
interface AuthState {
user: CognitoUser | null
signIn(input : SignInInput): Promise<void>
signOut(): Promise<void>
@PulkitS01
PulkitS01 / create_density_map.py
Last active March 28, 2024 09:17
Libraries
for img_path in img_paths:
print (img_path)
mat = io.loadmat(img_path.replace('.jpg','.mat').replace('images','ground-truth').replace('IMG_','GT_IMG_'))
img= plt.imread(img_path)
k = np.zeros((img.shape[0],img.shape[1]))
gt = mat["image_info"][0,0][0,0][0]
for i in range(0,len(gt)):
if int(gt[i][1])<img.shape[0] and int(gt[i][0])<img.shape[1]:
k[int(gt[i][1]),int(gt[i][0])]=1
k = gaussian_filter_density(k)
@jeremysears
jeremysears / gremlin-cheat-sheet.md
Last active April 26, 2024 08:35
Gremlin Cheat Sheet in Groovy

Gremlin Cheat Sheet in Groovy

Gremin traversal examples taken from the excellent DS330: DataStax Enterprise Graph course.

Creating Vertices and Vertex Properties

Add a Vertex

Vertex u = graph.addVertex("user");
       u.property("userId","u2016");
 u.property("age",36);
@yujen
yujen / SeniaAnimationEventEditor.cs
Last active March 1, 2024 02:36
Unity animation event editing tool.
using System;
using System.Linq;
using System.Collections;
using System.Collections.Generic;
using System.Reflection;
using System.Reflection.Emit;
using UnityEngine;
using UnityEditor;
@alirobe
alirobe / reclaimWindows10.ps1
Last active October 22, 2025 05:28
This Windows 10 Setup Script turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things. Not guaranteed to catch everything. Review and tweak before running. Reboot after running. Scripts for reversing are included and commented. Fork of https://github.com/Disassembler0/Win10-Initial-Setup-Script (different defaults). N.…
###
###
### UPDATE: For Win 11, I recommend using this tool in place of this script:
### https://christitus.com/windows-tool/
### https://github.com/ChrisTitusTech/winutil
### https://www.youtube.com/watch?v=6UQZ5oQg8XA
### iwr -useb https://christitus.com/win | iex
###
### OR take a look at
### https://github.com/HotCakeX/Harden-Windows-Security