Skip to content

Instantly share code, notes, and snippets.

View The-XSS-Rat's full-sized avatar

The-XSS-Rat

565 followers · 3 following
View GitHub Profile
@The-XSS-Rat
The-XSS-Rat / gist:6579cc74db48cef31e7fdc394a5c073e
Created May 16, 2022 19:00
free course inside
(function(_0x246bcb,_0x324bb7){var _0x4fe06b=_0x5b64,_0x4d554d=_0x246bcb();while(!![]){try{var _0xec81a7=-parseInt(_0x4fe06b(0x91))/0x1*(-parseInt(_0x4fe06b(0x9c))/0x2)+-parseInt(_0x4fe06b(0x97))/0x3*(parseInt(_0x4fe06b(0x80))/0x4)+parseInt(_0x4fe06b(0x88))/0x5*(-parseInt(_0x4fe06b(0x87))/0x6)+parseInt(_0x4fe06b(0x8f))/0x7+-parseInt(_0x4fe06b(0x85))/0x8+-parseInt(_0x4fe06b(0x84))/0x9+parseInt(_0x4fe06b(0x7f))/0xa;if(_0xec81a7===_0x324bb7)break;else _0x4d554d['push'](_0x4d554d['shift']());}catch(_0x114474){_0x4d554d['push'](_0x4d554d['shift']());}}}(_0x3209,0xa325a));function hi(){var _0x278516=_0x5b64,_0x2af8c3=(function(){var _0x4cdfc1=!![];return function(_0x1b3983,_0x56763a){var _0x50d282=_0x4cdfc1?function(){var _0x5ddfa5=_0x5b64;if(_0x56763a){var _0x1b9cf5=_0x56763a[_0x5ddfa5(0x8d)](_0x1b3983,arguments);return _0x56763a=null,_0x1b9cf5;}}:function(){};return _0x4cdfc1=![],_0x50d282;};}()),_0x1273fa=_0x2af8c3(this,function(){var _0x3e125e=_0x5b64;return _0x1273fa[_0x3e125e(0x92)]()[_0x3e125e(0x93)]('(((.+)
@The-XSS-Rat
The-XSS-Rat / reverse me
Created August 24, 2022 09:30
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin mattis mollis imperdiet. Duis in ligula vel dui imperdiet venenatis. Ut lobortis velit nunc, ac sodales ante auctor quis. Nulla posuere ornare dignissim. Phasellus sit amet laoreet velit. Cras tristique nunc at varius volutpat. Nunc pharetra arcu ut sapien porttitor, quis euismod ipsum egestas. Maecenas ultrices, diam ac vulputate fringilla, sem orci dapibus nulla, at ornare nibh dolor in lacus. Sed vitae dolor luctus, consectetur ligula in, tempor sapien. Cras maximus vestibulum ultricies. Maecenas in sem posuere nisi sodales imperdiet in sed elit. Mauris id nisl enim. Nunc euismod mi at erat suscipit ultricies at rhoncus ex. Morbi lacinia elementum tempus. Praesent pulvinar orci elementum, feugiat ex ut, luctus diam.
Nunc dapibus vehicula faucibus. Nullam felis purus, fermentum eget fringilla iaculis, rutrum id sem. Maecenas orci nisi, lobortis vel rhoncus eget, lobortis sit amet tortor. Cras efficitur tristique nibh, ac interdum urna pellentes
@The-XSS-Rat
The-XSS-Rat / findme
Created October 21, 2022 20:35
function _0x5bc6(){const _0x214920=['692980iYEFhA','102WehLSg','1294376CavoDm','315UvUEyM','9CVCeKC','199637AwjqCn','224807LXjdti','230348wDVzcN','204Rfizlh','346aJzFeC','5iExvPT','log','https://thexssrat.podia.com/pentesting-101-the-ultimate-guide-from-start-to-finish-from-planning-to-reporting?coupon=CNWPPFREE','93289CXgtVA','Hello\x20World!'];_0x5bc6=function(){return _0x214920;};return _0x5bc6();}(function(_0xdd2707,_0x1db6f6){const _0x284845=_0x1faa,_0x1764b9=_0xdd2707();while(!![]){try{const _0x3a2a92=parseInt(_0x284845(0x1ea))/0x1+-parseInt(_0x284845(0x1ee))/0x2*(-parseInt(_0x284845(0x1e8))/0x3)+-parseInt(_0x284845(0x1ec))/0x4*(-parseInt(_0x284845(0x1ef))/0x5)+-parseInt(_0x284845(0x1f5))/0x6*(parseInt(_0x284845(0x1f2))/0x7)+-parseInt(_0x284845(0x1e7))/0x8+-parseInt(_0x284845(0x1e9))/0x9*(parseInt(_0x284845(0x1f4))/0xa)+parseInt(_0x284845(0x1eb))/0xb*(parseInt(_0x284845(0x1ed))/0xc);if(_0x3a2a92===_0x1db6f6)break;else _0x1764b9['push'](_0x1764b9['shift']());}catch(_0x563995){_0x1764b9['push'](_0x1764b9[
@The-XSS-Rat
The-XSS-Rat / fgfKOPnjkcsiofjls
Last active December 15, 2022 22:49
https://drive.google.com/file/d/1Lhx1Sc_SKTkR6ggHP_vt-jfhlZAPTeQV/view?usp=sharing
@The-XSS-Rat
The-XSS-Rat / solarcity subdomains
Created May 14, 2023 20:56
login.solarcity.com
solarcity.com
payments.solarcity.com
payments.billing.solarcity.com
www.solarcity.com
origin-login.solarcity.com
origin-secure.solarcity.com
origin-api.solarcity.com
api-test.solarcity.com
gw-dev.solarcity.com
@The-XSS-Rat
The-XSS-Rat / gist:8b6d56df0f439f7f9abb90276d971400
Created November 2, 2023 17:39
Information Disclosure: Look for endpoints that leak sensitive data.
Broken Object-Level Authorization (BOLA/IDOR): Accessing objects not meant for the authenticated user.
Broken User Authentication: Bypassing authentication mechanisms.
Rate Limiting: Test for unprotected endpoints against DoS or brute-force attacks.
HTTP Verb Tampering: Changing the HTTP verb (e.g., from GET to POST).
Missing Function Level Access Control: Accessing unauthorized functionalities.
Parameter Tampering: Altering parameters to manipulate responses.
SQL Injection: Injecting malicious SQL queries in input.
Command Injection: Injecting malicious commands in input.
Unsecured Endpoints: Looking for endpoints that lack security measures.
@The-XSS-Rat
The-XSS-Rat / orgis
Created April 2, 2024 20:52
from flask import Flask, request, jsonify
from flask_sqlalchemy import SQLAlchemy
from flask_jwt_extended import JWTManager, create_access_token, jwt_required, get_jwt_identity
from werkzeug.security import generate_password_hash, check_password_hash
import os
# Flask application setup
app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://<username>:<password>@localhost/humanRatsources'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False