Nicolas Grekas - nicolas.grekas, gmail.com
17 June 2011 - Last updated on 3 sept. 2011
Not updated any more on this gist. See:
Ajay Kulal cydefenser
haykuro
/ discover_vuln_paths.py
Last active
August 5, 2018 20:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """...""" | |
| from requests import get | |
| from requests.exceptions import ConnectionError | |
| from netaddr import IPNetwork | |
| from pprint import pprint | |
| CONFIG = { | |
| "HOST": "192.168.1.0/24", | |
| "SCHEME": "http", | |
| "CONNECT_TIMEOUT": 3, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | exploits/windows/dcerpc/ms07_029_msdns_zonename | [] | |
|---|---|---|---|
| 10000 | exploits/unix/webapp/webmin_show_cgi_exec | [] | |
| 10000 | exploits/windows/backupexec/remote_agent | [] | |
| 10000 | exploits/windows/oracle/osb_ndmp_auth | [] | |
| 10001 | exploits/multi/misc/zend_java_bridge | [] | |
| 10008 | exploits/windows/misc/gimp_script_fu | [] | |
| 1000 | exploits/windows/http/altn_webadmin | [] | |
| 10050 | exploits/unix/misc/zabbix_agent_exec | [] | |
| 10051 | exploits/linux/misc/zabbix_server_exec | [] | |
| 10080 | exploits/linux/antivirus/escan_password_exec | [] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://www.123contactform.com/ | |
| http://99designs.com/ | |
| https://www.abacus.com/ | |
| https://www.acquia.com/ | |
| http://www.activecampaign.com/ | |
| http://activeprospect.com/ | |
| http://www.adobe.com/ | |
| https://www.aerofs.com/ | |
| https://www.airbnb.com/ | |
| http://en.altervista.org/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python2.7 | |
| # | |
| # Dahua backdoor Generation 2 and 3 | |
| # Author: bashis <mcw noemail eu> March 2017 | |
| # | |
| # Credentials: No credentials needed (Anonymous) | |
| #Jacked from git history | |
| # | |
| import string |
mhmdiaa
/ waybackurls.py
Last active
October 25, 2025 17:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import json | |
| def waybackurls(host, with_subs): | |
| if with_subs: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host | |
| else: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
EdOverflow
/ open_redirect_wordlist.txt
Last active
February 21, 2023 14:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /http://example.com | |
| /%5cexample.com | |
| /%2f%2fexample.com | |
| /example.com/%2f%2e%2e | |
| /http:/example.com | |
| /?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com | |
| /?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com | |
| /?url=/\/example.com&next=/\/example.com&redirect=/\/example.com | |
| /redirect?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com | |
| /redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| certstream --json | \ | |
| jq -r '.data | [ (.seen|floor|tostring), (.leaf_cert.all_domains[0]|split(".")|.[-1]), .chain[0].subject.CN, "200", "0" ] | join("|")' | \ | |
| logstalgia -g "Certificate Authorities,CODE=^200,0" --hide-response-code --hide-paddle --path-abbr-depth -1 --no-bounce -s 2 --address-abbr-depth -1 |
niklasb
/ railspwn.rb
Last active
March 7, 2021 12:14
Rails 5.1.4 YAML unsafe deserialization RCE payload
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'yaml' | |
| require 'base64' | |
| require 'erb' | |
| class ActiveSupport | |
| class Deprecation | |
| def initialize() | |
| @silenced = true | |
| end | |
| class DeprecatedInstanceVariableProxy |
orangetw
/ Advanced-HTTP-en.md
Created
November 19, 2017 19:52
— forked from nicolas-grekas/Advanced-HTTP-en.md
Advanced handling of HTTP requests in PHP