Skip to content

Instantly share code, notes, and snippets.

View gamingrobot's full-sized avatar
🤖
Doing Stuff

Morgan Creekmore gamingrobot

🤖
Doing Stuff
87 followers · 425 following
View GitHub Profile
@jhaddix
jhaddix / cloud_metadata.txt
Last active March 4, 2026 21:23 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@eddiewebb
eddiewebb / readme.md
Last active January 12, 2026 06:31
Hugo JS Searching with Fuse.js
@strarsis
strarsis / howto.md
Last active November 16, 2025 06:16
KeeAgent (for KeePass) on Bash on Windows / WSL (2) - KeePass as an SSH agent

Update (March 2023) (Last checked: Oktober 2024)

Side note: The latest edge build of KeeAgent plugin offers an option for creating a WSL compatible socket. This would be very handy. I already tried to use that socket, but the socket file is currently empty and ssh inside WSL 2 is unable to use it. This appears to be a very new, unreleased and unstable feature. I will follow the development of it and when it finally works (well, for me) I will update this HOWTO. But until then, please use the proven wsl-ssh-agent/npiperelay.exe approach below.

Thanks to the instructions for WSL 2 of the wsl-ssh-agent project, KeeAgent works great in WSL 2 now: https://github.com/rupor-github/wsl-ssh-agent#wsl-2-compatibility The approach uses minimal and well-maintained tools.

Mini-changelog

  • 14.08.2025: Improve: Improve title of this gist.
@BoGnY
BoGnY / README.md
Last active March 12, 2026 19:44
[WINDOWS] How to enable auto-signing Git commits with GnuPG for programs that don't support it natively

[WINDOWS] How to enable auto-signing Git commits with GnuPG for programs that don't support it natively

This is a step-by-step guide on how to enable auto-signing Git commits with GPG for every applications that don't support it natively (eg. GitHub Desktop, Eclipse, Git Tower, ...)

Requirements

  • Install GPG4Win: this software is a bundle with latest version of GnuPG v2, Kleopatra v3 certificate manager, GNU Privacy Assistant (GPA) v0.9 which is a GUI that uses GTK+, GpgOL and GpgEX that are respectively an extension for MS Outlook and an extension for Windows Explorer shell
  • Install Git for Windows: so you can have a *nix based shell, this software is a bundle with latest version of Git which use MINGW environment, a Git bash shell, a Git GUI and an extension for Windows Explorer shell (Make sure your local version of Git is at least 2.0, otherwise Git don't have support for automatically sign your commits)
  • Verify
@mgeeky
mgeeky / xml-attacks.md
Last active January 2, 2026 20:14
XML Vulnerabilities and Attacks cheatsheet

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.

@ekaitz-zarraga
ekaitz-zarraga / usb_hid_keys.h
Created October 27, 2017 12:40 — forked from MightyPork/usb_hid_keys.h
USB HID Keyboard scan codes
/**
* USB HID Keyboard scan codes as per USB spec 1.11
* plus some additional codes
*
* Created by MightyPork, 2016
* Public domain
*
* Adapted from:
* https://source.android.com/devices/input/keyboard-devices.html
*/
@FrankSpierings
FrankSpierings / README.md
Last active November 4, 2025 21:29
Linux Container Escapes and Hardening
@jhaddix
jhaddix / all.txt
Last active March 3, 2026 08:34
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@stefansundin
stefansundin / download-slack-emoji.sh
Last active February 9, 2023 15:05
Download all of your Team's custom Slack emojis.
#!/bin/bash -eo pipefail
# Log in to Slack in a web browser and open the network tools to inspect the traffic.
# Filter the requests with "/api/" and pick one to inspect.
# You need the xoxc token from the request body, and a copy of the cookies. It is the "d" cookie that is important, but you can copy all of them. Make sure that the cookie value is percent encoded!
# Paste the values below.
# You need to have curl and jq installed.
# You can also get the xoxc token from localStorage. Run this in the JavaScript console:
# Object.entries(JSON.parse(localStorage.localConfig_v2)["teams"]).reduce((o,e) => Object.assign(o, { [e[1]["name"]]: e[1]["token"] }), {})
@BinaryShrub
BinaryShrub / initramfs-unlocker.sh
Last active May 29, 2020 04:32
LUKS remote decrypt (dropbear) for Ubuntu 16.04.1 on btrfs array
#!/bin/bash
## LUKS remote decrypt for Ubuntu 16.04.1 - by BinaryShrub
# NOTES:
# Tailor lines 67 - 69 to your system before running!
# Use at your own risk!
# Safety Check
if [ "$EUID" -ne 0 ]
then echo "You must run this as root"