Skip to content

Instantly share code, notes, and snippets.

View ricsirigu's full-sized avatar
👨‍💻
explo[r|it]ing

Riccardo Sirigu ricsirigu

👨‍💻
explo[r|it]ing
38 followers · 211 following
View GitHub Profile
@ricsirigu
ricsirigu / ChatGPT-Dan-Jailbreak.md
Created November 30, 2023 10:49 — forked from coolaj86/ChatGPT-Dan-Jailbreak.md
@ricsirigu
ricsirigu / recompile-and-run.sh
Created August 6, 2022 15:12 — forked from PuKoren/recompile-and-run.sh
Recompile APK + Sign with apktool
# You must first install apktool (https://github.com/iBotPeaches/Apktool) and android SDK
# and decompile apk using it
# apktool d -rf my-app.apk
# then generate a key for sign in:
# keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
rm signed-app.apk
apktool b -f -d com.myapp
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore com.myapp/dist/com.myapp.apk alias_name
zipalign -v 4 com.myapp/dist/com.myapp.apk signed-app.apk
@ricsirigu
ricsirigu / apk_relative_links.txt
Created August 30, 2021 10:36 — forked from nullenc0de/apk_relative_links.txt
@ricsirigu
ricsirigu / redirect_dorks.txt
Created November 1, 2020 19:48
Open Redirect Dorks
Open Redirect Dorks
/{payload}
?next={payload}
?url={payload}
?target={payload}
?rurl={payload}
?dest={payload}
?destination={payload}
?redir={payload}
@ricsirigu
ricsirigu / bypass-auth-endpoints.txt
Created October 17, 2020 08:13
Tricks to bypass endpoints auth 403/401
Payloads for basic tests
?
??
&
#
%
%20
%09
/
@ricsirigu
ricsirigu / WAHH_Task_Checklist.md
Last active November 4, 2020 09:51 — forked from jhaddix/Testing_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
@ricsirigu
ricsirigu / cloud_metadata.txt
Created July 22, 2019 08:48 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@ricsirigu
ricsirigu / content_discovery_all.txt
Created July 22, 2019 08:44 — forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_
@ricsirigu
ricsirigu / all.txt
Created July 22, 2019 07:49 — forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@ricsirigu
ricsirigu / google-dorks
Created February 27, 2019 15:48 — forked from stevenswafford/google-dorks
Listing of a number of useful Google dorks.
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!