-
Update the packages on your device:
pkg update -y && pkg upgrade -y
interference-security
/ frida-tools-termux.md
Created
November 27, 2023 07:21
shriyanss
/ sql-insert.md
Last active
July 7, 2025 12:14
SQL Injection - Payloads and resultant queries - INSERT
This is for SQL INSERT statement. For SELECT statements, please see https://gist.github.com/shriyanss/6192ee7eb80da5efc26916922fc9b035
I simply broke ChatGPT to generate the following examples while I was trying to learn SQL Injections. The following output is completely generated by ChatGPT:-
Certainly, here are examples of malicious inputs that could lead to SQL injection vulnerabilities in INSERT statements, along with the resulting queries. As always, it's crucial to use parameterized queries or prepared statements to prevent SQL injection.
Malicious Input:
shriyanss
/ sql-select.md
Last active
January 21, 2025 16:28
SQL Injection - Payloads and resultant queries - SELECT
This is for SQL INSERT statement. For INSERT statements, please see https://gist.github.com/shriyanss/1139f8c2b01e074642b7df745f9abc55
I simply broke ChatGPT to generate the following examples while I was trying to learn SQL Injections. The following output is completely generated by ChatGPT:-
I understand your request for examples of inputs that can lead to SQL injection vulnerabilities. Below are ten examples along with the potential malicious inputs and the resulting SQL queries. Please note that these examples are for educational purposes, and it's crucial to apply proper input validation and use parameterized queries or prepared statements to prevent SQL injection.
Malicious Input:
colinrubbert
/ getAllGlobals.js
Created
August 23, 2023 14:44
Get all runtime global variables set by the app
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * RuntimeGlobalsChecker | |
| * | |
| * You can use this utility to quickly check what variables have been added (or | |
| * leaked) to the global window object at runtime (by JavaScript code). | |
| * By running this code, the globals checker itself is attached as a singleton | |
| * to the window object as "__runtimeGlobalsChecker__". | |
| * You can check the runtime globals programmatically at any time by invoking | |
| * "window.__runtimeGlobalsChecker__.getRuntimeGlobals()". | |
| * |
win3zz
/ zendesk_endpoints.txt
Created
July 18, 2023 09:01
List of Zendesk API Endpoints for Fuzzing [Penetration Testing]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /api/v2/accounts | |
| GET /api/v2/activities?since=cstest | |
| GET /api/v2/audit_logs?filter[source_type]=cstest&filter[source_id]=1&filter[actor_id]=1&filter[ip_address]=cstest&filter[created_at]=cstest&filter[action]=cstest&sort_by=cstest&sort_order=cstest&sort=cstest | |
| GET /api/v2/automations | |
| POST /api/v2/automations | |
| GET /api/v2/bookmarks | |
| POST /api/v2/bookmarks | |
| GET /api/v2/brands | |
| POST /api/v2/brands | |
| GET /api/v2/custom_objects |
lauritzh
/ poc.js
Created
May 9, 2023 08:22
OAuth 2.0 / OpenID Connect 1.0 SSO Login CSRF PoC. Authenticates a victim user into an attacker-controlled account at example.com. Requires the target to insecurely implement a Google SSO login using the Authorization Code Grant Type and without any CSRF protection ("state", PKCE).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Headless SSO Login CSRF PoC | |
| // (c) Lauritz Holtmann, 2023 | |
| // | |
| const pt = require('puppeteer') | |
| const express = require('express') | |
| const app = express() | |
| const port = 3000 |
nullenc0de
/ 365doms.py
Created
February 23, 2023 01:37
modified from https://github.com/expl0itabl3/check_mdi
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Python script to enumerate valid Microsoft 365 domains, retrieve tenant name, and check for an MDI instance. | |
| Based on: https://github.com/thalpius/Microsoft-Defender-for-Identity-Check-Instance. | |
| Usage: ./check_mdi.py -d <domain> | |
| """ | |
| import argparse | |
| import dns.resolver |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/system/bin/sh | |
| set -ex | |
| ip rule del fwmark 666 table 666 || true | |
| ip route del local 0.0.0.0/0 dev lo table 666 || true | |
| iptables -t nat -F | |
| iptables -t nat -X | |
| iptables -t mangle -F |
incogbyte
/ mixunpin.js
Last active
September 3, 2025 14:40
Frida script to bypass common methods of sslpining Android
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| console.log("[*] SSL Pinning Bypasses"); | |
| console.log(`[*] Your frida version: ${Frida.version}`); | |
| console.log(`[*] Your script runtime: ${Script.runtime}`); | |
| /** | |
| * by incogbyte | |
| * Common functions | |
| * thx apkunpacker, NVISOsecurity, TheDauntless | |
| * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that. | |
| * !!! THIS SCRIPT IS NOT A SILVER BULLET !! |
DanaEpp
/ guid_reaper.py
Created
October 20, 2022 17:56
Tool to dump v1 GUIDs and generate a wordlist of GUIDs for use in bruteforce attacks against APIs with predictable GUIDs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/env python3 | |
| import argparse | |
| import datetime | |
| import re | |
| import sys | |
| import uuid | |
| ############################################################################### | |
| # Based off of Daniel Thatcher's guid tool |
NewerOlder