Skip to content

Instantly share code, notes, and snippets.

View thevillagehacker's full-sized avatar
🎯
Focusing

Naveen Jagadeesan thevillagehacker

🎯
Focusing
View GitHub Profile
@thevillagehacker
thevillagehacker / cloud_metadata.txt
Created April 16, 2021 06:27 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@thevillagehacker
thevillagehacker / JavascriptRecon.md
Created January 28, 2021 01:58
My Javascript Recon Process - BugBounty

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

  • The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)
@thevillagehacker
thevillagehacker / content_discovery_all.txt
Created September 26, 2020 03:43 — forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_
---
@thevillagehacker
thevillagehacker / all.txt
Created September 26, 2020 03:43 — forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
setTimeout(function(){
Java.perform(function (){
console.log("[*] Script loaded")
var MenuActivity = Java.use("sg.vantagepoint.mstgkotlin.MenuActivity")
StartActivity.RootDetection.overload().implementation = function() {
console.log("[*] isDeviceRooted function invoked")
return false
}
console.log("");
console.log("[.] Cert Pinning Bypass/Re-Pinning");