| Description | Command |
|---|---|
| Start a new session with session name | screen -S <session_name> |
| List running sessions / screens | screen -ls |
| Attach to a running session | screen -x |
| Attach to a running session with name | screen -r |
Marcos 'Tr0p' Tolosa marcostolosa
👽
marcostolosa
/ search-n-squeal.sh
Created
October 18, 2025 09:22
— forked from scumdestroy/search-n-squeal.sh
Search'N'Squeal : Bash script that searches a list of dorks on Github and notifies if new search result has appeared
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # func to do the search w/ curl | |
| # syntax `perform_search anti-fur_APIKEY gh_APIKEYAPIKEYAPIKEY` | |
| perform_search() { | |
| local search_term="$1" | |
| local api_key="$2" | |
| curl -s -H "Authorization: token $api_key" "https://api.github.com/search/repositories?q=$search_term" | jq '.items[].html_url' | |
| } |
marcostolosa
/ admin-logins-for-various-cms.txt
Created
October 18, 2025 09:22
— forked from scumdestroy/admin-logins-for-various-cms.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| WordPress: /wp-admin | |
| Drupal: /admin | |
| Joomla: /administrator | |
| Magento: /admin | |
| Concrete5: /dashboard | |
| SilverStripe: /admin | |
| Textpattern: /textpattern | |
| MODX: /manager | |
| Radiant CMS: /admin | |
| Contao: /contao |
marcostolosa
/ httpXparse.py
Created
October 18, 2025 09:21
— forked from scumdestroy/httpXparse.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| ''' | |
| Greetings bug-slaying brothers of the pythonian blood. This script takes my httpx output after slamming in a bunch of subdomains | |
| and organizes it so its a bit easier to read and work with. | |
| The HTTPX payload I use first is: | |
| httpx -sc -cl -title -bp -server -td -ip -cname -asn -cdn -vhost -fhr | anew httpx-quicc | |
| This script will organize the data by status code and then from smallest to largest for each status code |
marcostolosa
/ golinkfinderx.py
Created
October 18, 2025 09:21
— forked from scumdestroy/golinkfinderx.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| ''' | |
| Get the excellent GoLinkFinder tool via github.com/0xsha/GoLinkFinder | |
| ... based on my boy here: https://github.com/GerbenJavado/LinkFinder | |
| Anyways, this gives an excellent clean and parsed output after running GoLinkFinder on a gang of urls. | |
| use this like: | |
| python3 golinkfinderx.py urls.txt | |
| ''' |
marcostolosa
/ screen_cheatsheet.markdown
Created
October 14, 2025 11:42
— forked from jctosta/screen_cheatsheet.markdown
Screen Cheatsheet
marcostolosa
/ midiOutOpen.cpp
Created
October 11, 2025 01:39
— forked from SaumyajeetDas/midiOutOpen.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Saumyajeet Das | |
| // Written/Compiled: Visual Studio 2022 | |
| // Usage: midiOutOpen.exe <shellcode file> | |
| #pragma comment(lib, "winmm.lib") | |
| #include <stdio.h> | |
| #include <Windows.h> | |
| #include <mmsystem.h> | |
| BOOL ReadContents(PWSTR Filepath, PCHAR* Buffer, PDWORD BufferSize); |
marcostolosa
/ extractReport.py
Created
October 8, 2025 23:04
Script python para extrair relatórios públicos da HackerOne, busca por CWE, exibe em cores e salva em CSV
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import argparse | |
| import csv | |
| import sys | |
| import time | |
| import itertools | |
| from pyfiglet import Figlet | |
| # ------------------------------- | |
| # Banner com animação |
marcostolosa
/ JasonToddIsTheBestRobin.c
Created
October 8, 2025 01:36
— forked from whokilleddb/JasonToddIsTheBestRobin.c
Unnecessarily complicated way of controlling shellcode execution using InternetStatusCallback()
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <wininet.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "wininet.lib") | |
| // notepad.exe shellcode | |
| char shellcode[] = { | |
| 0xfc, 0x48, 0x83, 0xe4, 0xf0, 0xe8, 0xc0, 0x00, 0x00, 0x00, 0x41, 0x51, 0x41, 0x50, 0x52, 0x51, | |
| 0x56, 0x48, 0x31, 0xd2, 0x65, 0x48, 0x8b, 0x52, 0x60, 0x48, 0x8b, 0x52, 0x18, 0x48, 0x8b, 0x52, |
marcostolosa
/ seDebugPrivilege.c
Last active
October 8, 2025 01:53
Encontra PID, habilita SeDebugPrivilege e abre handle PROCCESS_ALL_ACCESS no LSASS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <tlhelp32.h> | |
| // 1. Encontra o PID do LSASS sozinho (dinâmico). | |
| // 2. Habilita SeDebugPrivilege. | |
| // 3. Abre um handle com privilégios mínimos pro LSASS (mais furtivo). | |
| BOOL EnableDebugPrivilege() { | |
| HANDLE hToken; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # -*- coding: utf-8 -*- | |
| """ | |
| CROT DALAM — TikTok OSINT (No-API Web Scraper) · Python CLI | |
| Approach | |
| • Drive a real browser with Playwright (Chromium) to load the public search page. | |
| • Scroll and collect unique video URLs (no login required). | |
| • Open each video page and extract metadata from meta tags / structured data / DOM. |
NewerOlder