HackingLZ’s gists

HackingLZ / fingerprint.html

Created February 6, 2026 18:12

Browser Fingerprint Analyzer

	<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta charset="UTF-8">
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<title>VexTrio Fingerprint Analyzer</title>
	<link href="https://fonts.googleapis.com/css2?family=IBM+Plex+Mono:wght@300;400;500;600;700&family=Space+Grotesk:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500;600&display=swap" rel="stylesheet">
	<style>
	,::before,*::after{box-sizing:border-box;margin:0;padding:0}
	:root{

HackingLZ / acs.py

Created January 13, 2026 21:00

Standalone Azure Access Control Service (ACS) Domain Lookup

	#!/usr/bin/env python3
	"""
	Standalone Azure Access Control Service (ACS) Domain Lookup

	Queries the ACS metadata endpoint to extract domains associated with a tenant.
	Accepts either a domain name or tenant GUID as input.

	Usage:
	python3 acs_lookup.py contoso.com
	python3 acs_lookup.py ff13934a-ea67-4ad5-9552-dd16aad35221

HackingLZ / ipv4_to_ipv6_mapped.py

Last active December 7, 2025 16:12

IPv4 to IPv4-mapped IPv6 Address Converter

	#!/usr/bin/env python3
	"""
	IPv4 to IPv4-mapped IPv6 Address Converter

	Converts standard IPv4 addresses to the ::ffff: IPv6 mapped format.
	"""

	import ipaddress
	import sys

HackingLZ / cornflakev3.js

Created August 21, 2025 13:15

	const http = require('http');
	const { execSync, exec, spawn } = require('child_process');
	const fs = require('fs');
	const path = require('path');
	const zlib = require('zlib');

	// Constants
	const VERSION = '000010';
	const PORT_HTTP = 80;
	const PORT_IP = 443;

HackingLZ / emoji_lulz.py

Last active August 16, 2025 14:51

Detect Python code written by AI easily with science

HackingLZ / m365_osint_recon.py

Created August 7, 2025 16:28

	#!/usr/bin/env python3
	"""
	M365 OSINT Reconnaissance Tool
	Based on techniques from: https://dstreefkerk.github.io/2025-07-m365-email-osint-after-lockdown/

	This script performs modern M365/Azure AD reconnaissance after Microsoft's lockdown of traditional
	enumeration methods. It uses multiple validation techniques to discover organizational information
	and attempts to infer MOERA domains.
	"""

HackingLZ / trevor.rs

Created June 24, 2025 15:24

Trevor C2 Rust

	use aes::Aes256;
	use base64;
	use cbc::{Decryptor, Encryptor};
	use cbc::cipher::{block_padding::Pkcs7, BlockDecryptMut, BlockEncryptMut, KeyIvInit};
	use hostname;
	use rand::{Rng, RngCore};
	use sha2::{Digest, Sha256};
	use std::env;
	use std::io::Read;
	use std::process::{Command, Stdio};

HackingLZ / m4benchmark.txt

Last active November 13, 2024 12:23

M4 Max 64gb Hashcat Full Benchmark

	hashcat (v6.2.6) starting in benchmark mode

	Benchmarking uses hand-optimized kernel code by default.
	You can use it in your cracking session by setting the -O option.
	Note: Using optimized kernel code limits the maximum supported password length.
	To disable the optimized kernel code in benchmark mode, use the -w option.

	* Device #2: Apple's OpenCL drivers (GPU) are known to be unreliable.
	You have been warned.

HackingLZ / nicecurl.py

Created May 2, 2024 13:43

NICECURL Lnk Gen

	# https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/
	import argparse
	import random
	import win32com.client

	def insert_digit(word, digit):
	pos = random.randint(1, len(word) - 1)
	return word[:pos] + digit + word[pos:]

	def generate_command(url, file_path):

HackingLZ / nessus_report_download.py

Created March 26, 2024 13:35

Download Nessus reports as CSV via API

	import requests
	import time
	import os

	# Nessus API credentials and host
	nessus_url = "https://123.123.123.123:8834"
	access_key = "x"
	secret_key = "x"
	headers = {
	'X-ApiKeys': f'accessKey={access_key}; secretKey={secret_key}',

LZ HackingLZ