Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code.
dslusser
0xdevalias
/ _deobfuscating-unminifying-obfuscated-web-app-code.md
Last active
May 13, 2026 16:46
Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Please Note, I am sharing this, hoping this will be used for good public use, such as data analysis, penetration testing etc | |
| # These links are already available all over the internet | |
| # Also Note, Trying to login into someone else's account without their permission is unethical and illegal | |
| # Collection 1 | |
| magnet:?xt=urn:btih:B39C603C7E18DB8262067C5926E7D5EA5D20E12E&dn=Collection%201&tr=udp%3a%2f%2ftracker.coppersurfer.tk%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.leechers-paradise.org%3a6969%2fannounce&tr=http%3a%2f%2ft.nyaatracker.com%3a80%2fannounce&tr=http%3a%2f%2fopentracker.xyz%3a80%2fannounce | |
| # Collection 2-5 & Antipublic | |
| magnet:?xt=urn:btih:D136B1ADDE531F38311FBF43FB96FC26DF1A34CD&dn=Collection%20%232-%235%20%26%20Antipublic&tr=udp%3a%2f%2ftracker.coppersurfer.tk%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.leechers-paradise.org%3a6969%2fannounce&tr=http%3a%2f%2ft.nyaatracker.com%3a80%2fannounce&tr=http%3a%2f%2fopentracker.xyz%3a80%2fannounce |
h4x0r-dz
/ Generic keys
Created
May 5, 2022 09:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
Chick3nman
/ Apple_M1_Ultra_v6.2.5-340
Created
March 19, 2022 16:23
Hashcat v6.2.5-340 benchmark on the Apple M1 Ultra
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Apple M1 Ultra, 20 Core CPU, 48 Core GPU, 64GB of RAM, 1TB SSD | |
| Thanks to @fhlipZero(https://twitter.com/fhlipZero) for running the benchmark on his hardware and allowing me to publish it. | |
| A copy of both a short benchmark and the following full run can be found at https://gist.github.com/fhlip0 | |
| hashcat (v6.2.5-340-g98b89e43d) starting in benchmark mode | |
| Benchmarking uses hand-optimized kernel code by default. |
acbart
/ download_canvas_rubric.js
Created
October 11, 2021 02:35
Snippet to download Canvas rubric data for current assignment as a CSV file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (async function(){ | |
| // https://stackoverflow.com/questions/8735792/how-to-parse-link-header-from-github-api | |
| const linkParser = (linkHeader)=>{ | |
| let re = /,[\s]*<(.*?)>;[\s]*rel="next"/g; | |
| let result = re.exec(linkHeader); | |
| if (result == null) { | |
| return null; | |
| } | |
| return result[1]; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Java.perform(function() { | |
| console.log('\n[.] Cert Pinning Bypass'); | |
| // Create a TrustManager that trusts everything | |
| console.log('[+] Creating a TrustyTrustManager that trusts everything...'); | |
| var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager'); | |
| var TrustyTrustManager = Java.registerClass({ | |
| name: 'com.example.TrustyTrustManager', | |
| implements: [X509TrustManager], | |
| methods: { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apt update | |
| apt -y install wget gnupg dirmngr | |
| wget -q -O - https://archive.kali.org/archive-key.asc | gpg --import | |
| gpg --keyserver hkp://keys.gnupg.net --recv-key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6 | |
| echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" >> /etc/apt/sources.list | |
| gpg -a --export ED444FF07D8D0BF6 | sudo apt-key add - | |
| apt update | |
| apt -y upgrade | |
| apt -y dist-upgrade | |
| apt -y autoremove --purge |
jakekarnes42
/ host_getter.svg
Created
August 13, 2019 23:44
An SVG "image" that uses an XXE attack to embed the hostname file of whichever system processes it into the image itself
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
DavidKuennen
/ minimal-analytics-snippet.js
Last active
March 22, 2026 15:24
Minimal Analytics Snippet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (function (context, trackingId, options) { | |
| const history = context.history; | |
| const doc = document; | |
| const nav = navigator || {}; | |
| const storage = localStorage; | |
| const encode = encodeURIComponent; | |
| const pushState = history.pushState; | |
| const typeException = 'exception'; | |
| const generateId = () => Math.random().toString(36); | |
| const getId = () => { |