- Drozer - Drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.
- Starting a session
adb forward tcp:31415 tcp:31415drozer console connectdrozer console connect --server <ip>
- List modules
lsls activity
- Retrieving package information
- Starting a session
run app.package.list -f
Note
More information you can find on Microsoft documentation.
Tip
You can install all Visual C++ Redistributable Packages using only one command with winget! https://gist.github.com/ChuckMichael/d4221fd8681a7e962c8d37d623ff3145
- x64 8.0.61000 (EOL)
Microsoft.VCRedist.2005.x64
akabe1
/ frida_multiple_unpinning.js
Last active
August 27, 2025 18:39
Another Android ssl certificate pinning bypass for various methods
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Android ssl certificate pinning bypass script for various methods | |
| by Maurizio Siddu | |
| Run with: | |
| frida -U -f <APP_ID> -l frida_multiple_unpinning.js [--no-pause] | |
| */ | |
| setTimeout(function() { | |
| Java.perform(function() { | |
| console.log(''); |
cubehouse
/ pinning.js
Last active
May 29, 2025 19:15
A Frida script to bypass SSL Pinning on Android. https://blog.jamie.holdings/2019/01/19/advanced-certificate-bypassing-in-android-with-frida/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // start with: | |
| // frida -U -l pinning.js -f [APP_ID] --no-pause | |
| Java.perform(function () { | |
| console.log('') | |
| console.log('===') | |
| console.log('* Injecting hooks into common certificate pinning methods *') | |
| console.log('===') | |
| var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager'); |
saibikalpa
/ root-detection-bypass.js
Created
January 8, 2019 06:15
Sample root detection bypass script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Java.perform(function(){ | |
| console.log("\nRoot detection bypass with Frida"); | |
| var DeviceUtils = Java.use("utils.DeviceUtils"); | |
| console.log("\nHijacking isDeviceRooted function in DeviceUtils class"); | |
| DeviceUtils.isDeviceRooted.implementation = function(){ | |
| console.log("\nInside the isDeviceRooted function"); | |
| return false; | |
| }; | |
| console.log("\nRoot detection bypassed"); | |
| }); |
The initial source comes from sdcuike/issueBlog#4
https://github.com/PacktPublishing free to download books code by Packet
https://github.com/EbookFoundation/free-programming-books Very immense
AveYo
/ .. MediaCreationTool.bat ..md
Last active
August 30, 2025 20:51
Universal MediaCreationTool wrapper for all MCT Windows 10 versions - MOVED TO github.com/AveYo/MediaCreationTool.bat
We did it! We broke gist.github.com ;) So head over to the new home! Thank you all!
2021.10.20: https://github.com/AveYo/MediaCreationTool.bat now open for interaction
Not just an Universal MediaCreationTool wrapper script with ingenious support for business editions,
A powerful yet simple windows 10 / 11 deployment automation tool as well!
In this guide I will go through all the steps to create a VPS, secure it and deploy a Django application. This is a summarized document from this digital ocean doc
Any commands with "$" at the beginning run on your local machine and any "#" run when logged into the server
Use this link and get $10 free. Just select the $5 plan unless this a production app.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [~] order by [~] | |
| /**/ORDER/**/BY/**/ | |
| /*!order*/+/*!by*/ | |
| /*!ORDER BY*/ | |
| /*!50000ORDER BY*/ | |
| /*!50000ORDER*//**//*!50000BY*/ | |
| /*!12345ORDER*/+/*!BY*/ | |
| [~] UNION select [~] |
Cheatsheet for HackTheBox with common things to do while solving these CTF challenges.
Because a smart man once said:
Never google twice.