Skip to content

Instantly share code, notes, and snippets.

View 0xtavi's full-sized avatar

0xtavi 0xtavi

8 followers · 3 following
View GitHub Profile
@EvergreenTheTree
EvergreenTheTree / gruvbox.theme
Created May 12, 2015 17:59
Gruvbox dark theme for xfce4-terminal (put this in ~/.xfce4/config/terminal/terminalrc)
ColorForeground=#f2f2e5e5bcbc
ColorBackground=#323230302f2f
ColorCursor=#d65bc4cd8ca1
ColorPalette=#323230302f2f;#cccc24241d1d;#989897971a1a;#d7d799992121;#454585858888;#b1b162628686;#68689d9d6a6a;#929283837474;#1d1d20202121;#fbfb49493434;#b8b8bbbb2626;#fafabdbd2f2f;#8383a5a59898;#d3d386869b9b;#8e8ec0c07c7c;#b9b9a6a69393
@anthony-dandrea
anthony-dandrea / iOSHack.md
Last active June 28, 2022 07:48
How to pop iOS locks

Pop App Locks

For these hacks the iPhone must be jailbroken. But there currently is a jailbreak available for iOS 8.4 and some below. 4 digit pins can be bruteforced unless there is a attempt limit. Even with the limit it can still be hacked but you would need to break the phone open to rig the power to cut before the attempt is registered. Example here.

For all of these you need:

  • Phone to be jailbroken
  • OpenSSH installed on the phone

###1) Dump the iOS Keychain

@mgeeky
mgeeky / sqlmap-tamper-scripts-evaluation.md
Last active March 27, 2025 08:15
SQLMap Tamper scripts evaluation against F5 Big-IP ASM WAF

SQLMap Tamper scripts evaluation against F5 Big-IP ASM WAF

The below table represents results of tests launched against F5 Big-IP ASM WAF appliance in it's XX version of YY and ZZ version of XY

Below names are to be passed to the --tamper= parameter of sqlmap.

The column Violation Rating represents most dominant rating of topmost 20 Requests observed by F5 in it's Security>>Event Logs:Application:Requests view.

The scale is 0-5.

@tothi
tothi / mkpsrevshell.py
Created February 17, 2019 00:05
reverse PowerShell cmdline payload generator (base64 encoded)
#!/usr/bin/env python3
#
# generate reverse powershell cmdline with base64 encoded args
#
import sys
import base64
def help():
print("USAGE: %s IP PORT" % sys.argv[0])
@dhruvkar
dhruvkar / browser.py
Last active November 14, 2023 14:26
Run Browser in a Virtual Display using Selenium and transfer session to Python Requests
"""
If you use Chrome, get Chromedriver and put in your PATH:
http://chromedriver.chromium.org/downloads
If you use Firefox, get Geckodriver and put in your PATH:
https://github.com/mozilla/geckodriver/releases
Also install:
pip install requests
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active April 29, 2025 12:54
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@h4x0r-dz
h4x0r-dz / Generic keys
Created May 5, 2022 09:15
(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k