Skip to content

Instantly share code, notes, and snippets.

View dustyfresh's full-sized avatar
πŸ‘½

Dustin dustyfresh

πŸ‘½
138 followers · 103 following
View GitHub Profile
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active September 24, 2025 15:54
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@jamesbercegay
jamesbercegay / 2019_vbulletin_0day_info.txt
Last active November 29, 2022 17:45
I have done some preliminary research into this bug and so far it does not seem like a backdoor. Just some really weird logic when handling routes, and rendering templates.
As to why widgetConfig[code] executes via a POST request, it is because of the following code located in /includes/vb5/frontend/applicationlight.php
$serverData = array_merge($_GET, $_POST);
if (!empty($this->application['handler']) AND method_exists($this, $this->application['handler']))
{
$app = $this->application['handler'];
@mak
mak / trick.py
Created May 16, 2019 19:23
Get config from unpacked trickbot
import re
import sys
import pefile
from mlib.crypto import xor
from mlib.malware import trickbot
from mlib.struct import udword
def find_cfg_params(data):
@nullenc0de
nullenc0de / content_discovery_nullenc0de.txt
Last active April 2, 2025 06:37
content_discovery_nullenc0de.txt
This file has been truncated, but you can view the full file.
/
$$$lang-translate.service.js.aspx
$367-Million-Merger-Blocked.html
$defaultnav
${idfwbonavigation}.xml
$_news.php
$search2
£º
.0
@nullenc0de
nullenc0de / params.txt
Created March 29, 2019 00:57
List of parameters for content discovery
0
1
11
12
13
14
15
16
17
2
@jhaddix
jhaddix / all.txt
Created January 19, 2019 04:35 — forked from orangetw/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@andrew-morris
andrew-morris / jacked.txt
Last active July 5, 2018 23:31
Quick research to find the most (relatively) unsafe ASNs using GreyNoise Intelligence
RATIO ASN POPPED SIZE ORG
0.3945 AS52635 404 1024 SPEEDCONNECT - TECNOLOGIA E EQUIPAMENTOS
0.2500 AS60490 1 4 MTS PJSC
0.2500 AS198517 1 4 DOLNET GROUP sp. z o.o.
0.2158 AS263256 442 2048 PROVEDOR DE INTERNET EXTREMA LTDA - ME
0.2080 AS264643 213 1024 Enredes S.A.
0.1941 AS133469 795 4096 Multinet (Udaipur) Private Limited
0.1592 AS263051 326 2048 Infopardall Ltda me
0.1426 AS133692 146 1024 Fastnet Communication Pvt. Ltd.
0.1406 AS135195 36 256 NS COMPUTERS
@netspooky
netspooky / pspnfo.txt
Last active June 23, 2021 01:06
This is a collection of NFO templates from various PSP Crack / Warez Groups
--- 4Fun
β–„β–€ β–„β–„β–ˆβ–“β–„ ____________________ __________ β–„β–“β–ˆβ–„β–„ β–€β–„
β–β–ˆ β–ˆβ–ˆβ–ˆβ–€β–ˆβ–ˆβ–“β–„ / | \_ _____/ | \ \@TiLK β–„β–“β–ˆβ–ˆβ–€β–ˆβ–ˆβ–ˆ β–ˆβ–Œ
β–“β–ˆβ–ˆβ–€ β–‘β–β–ˆβ–“β–“ / | || __) | | / | \ β–“β–“β–ˆβ–Œβ–‘ β–€β–ˆβ–ˆβ–“
β–€β–ˆβ–“ β–‘β–β–ˆβ–“β–Œ / ^ / \ | | / | \ β–β–“β–ˆβ–Œβ–‘ β–“β–ˆβ–€
β–€β–€ β–„β–ˆβ–ˆβ–“ \____ |\___ / |______/\____|__ / β–“β–ˆβ–ˆβ–„ β–€β–€
β–„β–ˆβ–ˆβ–“β–€ β–„β–€ |__| \/ \/ β–€β–„ β–€β–“β–ˆβ–ˆβ–„
@jhaddix
jhaddix / content_discovery_all.txt
Created May 26, 2018 11:51
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
`
~/
~
×ℒם
___
__
_
@7MinSec
7MinSec / mostly_painless_cuckoo_sandbox_install.md
Last active August 18, 2024 02:59
Mostly painless Cuckoo Sandbox install

How to Build a Cuckoo Sandbox Malware Analysis System

I had a heck of a time getting a Cuckoo sandbox running, and below I hope to help you get one up and running relatively quickly by detailing out the steps and gotchas I stumbled across along the way. I mention this in the references at the end of this gist, but what you see here is heavily influenced by this article from Nviso

Build your Linux Cuckoo VM

  1. Setup a Ubuntu 16.04 64-bit desktop VM (download here) in VMWare with the following properties:
  • 100GB hard drive
  • 2 procs
  • 8 gigs of RAM