Skip to content

Instantly share code, notes, and snippets.

View st3rven's full-sized avatar
💭

sterven st3rven

💭
20 followers · 27 following
View GitHub Profile
@pikpikcu
pikpikcu / CVE-2021-25646.md
Last active January 10, 2022 12:32
CVE-2021-25646 
POST /druid/indexer/v1/sampler?for=example-manifest HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json
Content-Length: 1006
Connection: close
@Parasimpaticki
Parasimpaticki / gist:0b1f1f508b2ee2a146244ab53d0bb3b8
Created May 6, 2020 23:22
#!/bin/bash
#Escape slash from name for folder name
folderName=$(echo $1| awk '{gsub("/","_")}1');
mkdir $folderName && cd $folderName
fqdn=$1;
ipList=$(dig +short $fqdn|grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'); #Get all A names
if [ -z "$ipList" ]
then
ipArgument=$fqdn
@jhaddix
jhaddix / Github bash generated search links (from hunter.sh)
Created January 12, 2020 19:55
Github bash generated search links (from hunter.sh)
@jhaddix
jhaddix / all.txt
Created January 19, 2019 04:35 — forked from orangetw/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@NullArray
NullArray / geo-sorter.sh
Last active October 17, 2020 21:48
Wrapper for proxy fetcher to sort on geolocation.
#!/bin/bash
#____ ____ __
#\ \ / /____ _____/ |_ ___________
# \ Y // __ \_/ ___\ __\/ _ \_ __ \
# \ /\ ___/\ \___| | ( <_> ) | \/
# \___/ \___ >\___ >__| \____/|__|
# \/ \/
#--Licensed under GNU GPL 3
#----Authored by Vector/NullArray
##############################################
@wdormann
wdormann / checksvc.py
Last active September 20, 2022 10:03
Check for insecure services on Windows
import os
import subprocess
import ctypes
# See: https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/
svcinfo = {}
nonadmin = ['AU', 'AN', 'BG', 'BU', 'DG', 'WD', 'IU', 'LG']
FNULL = open(os.devnull, 'w')
@Evilcry
Evilcry / findautoelevate.ps1
Created July 8, 2018 07:40
Enumerate executables with auto-elevation enabled
# Find Autoelevate executables
Write-Host "System32 Autoelevate Executables" -ForegroundColor Green -BackgroundColor Black
Select-String -Path C:\Windows\System32\*.exe -pattern "<AutoElevate>true"
Write-Host "`nSysWOW64 Autoelevate Executables" -ForegroundColor Green -BackgroundColor Black
Select-String -Path C:\Windows\SysWOW64\*.exe -pattern "<AutoElevate>true"
@jhaddix
jhaddix / content_discovery_all.txt
Created May 26, 2018 11:51
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_
@Neo23x0
Neo23x0 / audit.rules
Last active October 23, 2025 06:15
Linux Auditd Best Practice Configuration
# IMPORTANT!
# This gist has been transformed into a github repo
# You can find the most recent version there:
# https://github.com/Neo23x0/auditd
# ___ ___ __ __
# / | __ ______/ (_) /_____/ /
# / /| |/ / / / __ / / __/ __ /
# / ___ / /_/ / /_/ / / /_/ /_/ /
# /_/ |_\__,_/\__,_/_/\__/\__,_/
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active November 18, 2025 18:33
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set