Skip to content

Instantly share code, notes, and snippets.

@tin-z
tin-z / VR_roadmap.md
Last active November 6, 2024 19:18
Becoming a Vulnerability Researcher roadmap: my personal experience
@0xdevalias
0xdevalias / _deobfuscating-unminifying-obfuscated-web-app-code.md
Last active November 17, 2024 17:02
Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active November 8, 2024 17:29
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@AvasDream
AvasDream / oscp_prep.md
Last active October 11, 2024 21:17
Resource for OSCP like HTB Boxes with Ippsec Videos and Writeups.
@dwisiswant0
dwisiswant0 / st8out.sh
Last active February 17, 2024 16:48
St8out - Extra one-liner for reconnaissance
#!/bin/bash
#####
#
# St8out - Extra one-liner for reconnaissance
#
# Usage: ./st8out.sh target.com
#
# Resources:
# - https://github.com/j3ssie/metabigor
```zshrc
#▄███████▄ ▄████████ ▄█ █▄ ▄████████ ▄████████
#██▀ ▄██ ███ ███ ███ ███ ███ ███ ███ ███
# ▄███▀ ███ █▀ ███ ███ ███ ███ ███ █▀
#▀█▀▄███▀▄▄ ███ ▄███▄▄▄▄███▄▄ ▄███▄▄▄▄██▀ ███
# ▄███▀ ▀ ▀███████████ ▀▀███▀▀▀▀███▀ ▀▀███▀▀▀▀▀ ███
#▄███▀ ███ ███ ███ ▀███████████ ███ █▄
#███▄ ▄█ ▄█ ███ ███ ███ ███ ███ ███ ███
#▀████████▀ ▄████████▀ ███ █▀ ███ ███ ████████▀
# ███ ███
[ SecHackLabs ~/Projects/Rust/Development/findomain ] [develop]
└─ ▶ time ./target/release/findomain -t aol.com --query-database -i --threads 100

Target ==> aol.com

Searching subdomains in the Findomain database for the target aol.com 🔍

Performing asynchronous subdomains resolution for 70600 subdomains with 100 threads, it will take a while. 🧐
@tomnomnom
tomnomnom / short-wordlist.txt
Created September 29, 2019 19:44
short-wordlist
/.s3cfg
/phpunit.xml
/nginx.conf
/.vimrc
/LICENSE.md
/yarn.lock
/Gulpfile
/Gulpfile.js
/composer.json
/.npmignore
@tehryanx
tehryanx / trufflehog.json
Last active June 3, 2022 08:26
High signal patterns from trufflehog refactored to work with tomnomnom's gf
{
"flags": "-HnriE",
"patterns": [
"(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})",
"-----BEGIN RSA PRIVATE KEY-----",
"-----BEGIN DSA PRIVATE KEY-----",
"-----BEGIN EC PRIVATE KEY-----",
"-----BEGIN PGP PRIVATE KEY BLOCK-----",
"AKIA[0-9A-Z]{16}",
"amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}",