Skip to content

Instantly share code, notes, and snippets.

View ethicalhack3r's full-sized avatar
💭
"><img src=x onerror=alert('Github @ethicalhack3r')><"

Ryan Dewhurst ethicalhack3r

💭
"><img src=x onerror=alert('Github @ethicalhack3r')><"
1.2k followers · 9 following
View GitHub Profile
@ethicalhack3r
ethicalhack3r / info.text
Last active August 13, 2022 07:20
Simple WPScan commands
Get your API token from wpvulndb.com if you also want the vulnerabilities associated with the detected plugin displaying.
For all plugins with known vulnerabilities:
wpscan --url example.com -e vp --plugins-detection mixed --api-token YOUR_TOKEN
For all plugins in our database (could take a very long time):
wpscan --url example.com -e ap --plugins-detection mixed --api-token YOUR_TOKEN
@ethicalhack3r
ethicalhack3r / ids.txt
Created October 18, 2019 14:03
> select id from vulnerabilities where poc != '';
+------+
| id |
+------+
| 6028 |
| 6219 |
| 6499 |
| 6548 |
| 7680 |
| 7710 |
@ethicalhack3r
ethicalhack3r / is_wordpress.rb
Last active October 17, 2019 09:21
#!/usr/bin/env ruby
require 'wpscan'
require 'uri'
filename = ARGV[0]
def check_wordpress( website )
WPScan::Browser.instance( disable_tls_checks: true )
@ethicalhack3r
ethicalhack3r / mad5.txt
Created March 1, 2019 15:09
Yes, this is a joke. But we will really be releasing a WordPress plugin. Let us know if you find any vulnerabilities ;)
9f10c5276812e8fdabc2c4e5bb75f836
@ethicalhack3r
ethicalhack3r / http_ntlm__auth_brute.rb
Created August 17, 2018 12:51
Brute Forces HTTP NTLM Basic Authentication using Typhoeus
#!/usr/bin/env ruby
require 'typhoeus'
target_url = ARGV[0]
usernames = File.read(ARGV[1]).split("\n")
passwords = File.read(ARGV[2]).split("\n")
hydra = Typhoeus::Hydra.new
@ethicalhack3r
ethicalhack3r / wp_php_object_injection.rb
Last active August 16, 2024 01:42
Burp Suite Extension to detect PHP Object Injection in WordPress Plugins (read the code comments for additional info)
java_import 'burp.IBurpExtender'
java_import 'burp.IScannerCheck'
java_import 'burp.IScanIssue'
require 'java'
java_import 'java.util.Arrays'
java_import 'java.util.ArrayList'
#
# You will need to download JRuby's Complete.jar file from http://jruby.org/download and configure Burp Extender with its path.
@ethicalhack3r
ethicalhack3r / html_test.html
Created March 6, 2017 11:10 — forked from rwestergren/html_test.html
HTML Email Filter Test
<a onafterprint="console.log(244599)" onbeforeprint="console.log(309354)" onbeforeunload="console.log(879813)" onerror="console.log(949564)" onhashchange="console.log(575242)" onload="console.log(301053)" onmessage="console.log(976974)" onoffline="console.log(796090)" ononline="console.log(432638)" onpagehide="console.log(504345)" onpageshow="console.log(696619)" onpopstate="console.log(398418)" onresize="console.log(943097)" onstorage="console.log(882233)" onunload="console.log(929443)" onblur="console.log(932104)" onchange="console.log(102339)" oncontextmenu="console.log(761265)" onfocus="console.log(188946)" oninput="console.log(143653)" oninvalid="console.log(304208)" onreset="console.log(318472)" onsearch="console.log(778420)" onselect="console.log(942035)" onsubmit="console.log(603589)" onkeydown="console.log(650647)" onkeypress="console.log(579383)" onkeyup="console.log(821763)" onclick="console.log(284098)" ondblclick="console.log(477370)" ondrag="console.log(439095)" ondragend="console.log(546684)" o
@ethicalhack3r
ethicalhack3r / magento_version.rb
Created December 12, 2016 11:09
Finds the remote version of magento
#!/usr/bin/env ruby
require 'typhoeus'
require 'json'
require 'uri'
require 'digest/md5'
# https://raw.githubusercontent.com/gwillem/magento-version-identification/master/version_hashes.json
target = ARGV[0]
@ethicalhack3r
ethicalhack3r / events.txt
Last active March 3, 2023 07:41
List of event attributes
loadedstart
onabort
onafterprint
onanimationend
onanimationiteration
onanimationstart
onautocomplete
onautocompleteerror
onbeforecopy
onbeforecut
@ethicalhack3r
ethicalhack3r / euskalhack.md
Created February 29, 2016 15:36
[CFP] EuskalHack (San Sebastian / Donostia) 2016

Introduction

EuskalHack Security Congress is the first Ethical Hacking association in Euskadi, with the aim of promoting the community and culture in digital security to anyone who may be interested.

This exclusive conference is shaping up to be the most relevant in the Basque Country, with an estimated 125 attendees for the first edition.

The participants include specialised companies, state security organisations, professionals, hobbyists and students in the area of security and Information Technology.

Estimated date and location