start new:
tmux
start new with session name:
tmux new -s myname
Naveen Jagadeesan thevillagehacker
🎯
thevillagehacker
/ ssl-bypass.js
Created
June 30, 2020 03:10
— forked from vj0shii/ssl-bypass.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| setTimeout(function(){ | |
| Java.perform(function (){ | |
| console.log("[*] Script loaded") | |
| var MenuActivity = Java.use("sg.vantagepoint.mstgkotlin.MenuActivity") | |
| StartActivity.RootDetection.overload().implementation = function() { | |
| console.log("[*] isDeviceRooted function invoked") | |
| return false | |
| } | |
| console.log(""); | |
| console.log("[.] Cert Pinning Bypass/Re-Pinning"); |
thevillagehacker
/ all.txt
Created
September 26, 2020 03:43
— forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
thevillagehacker
/ content_discovery_all.txt
Created
September 26, 2020 03:43
— forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ | |
| --- |
thevillagehacker
/ tmux-help.md
Created
November 23, 2020 09:41
thevillagehacker
/ android-ssl-bypass.js
Created
November 23, 2020 09:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Android SSL Re-pinning frida script v0.2 030417-pier | |
| $ adb push burpca-cert-der.crt /data/local/tmp/cert-der.crt | |
| $ frida -U -f it.app.mobile -l frida-android-repinning.js --no-pause | |
| https://techblog.mediaservice.net/2017/07/universal-android-ssl-pinning-bypass-with-frida/ | |
| UPDATE 20191605: Fixed undeclared var. Thanks to @oleavr and @ehsanpc9999 ! | |
| */ |
thevillagehacker
/ GraphQL-Introspection.graphql
Created
November 24, 2020 08:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| query IntrospectionQuery { | |
| __schema { | |
| queryType { name } | |
| mutationType { name } | |
| subscriptionType { name } | |
| types { | |
| ...FullType | |
| } | |
| directives { | |
| name |
thevillagehacker
/ ffuf_oneline.sh
Created
December 8, 2020 04:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Basic Usage | |
| ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-proxy http://127.0.0.1:8080 | |
| # Basic Usage With a Cookie | |
| ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-proxy http://127.0.0.1:8080 -b "laravel_session=eyJpdiI6Ii8wQU11dTVlUkg2alRHUXBIVzlGSnc9PSIsInZhbHVlIjoiOWs3YllJWTdqNC9xa1pMeFRvMFh0OE1vRFpaWm9GSzFkRktVZS9yUHBDM0lIazZ4K0NsbndxWVIxQ05VZWhqZUZaR0RGQWlFdmdDc24yWllYRklGSXI5STd2b05Pam4yRXIwV1BUWkZhUnFLNUFzOWsycmRHcnlxS0FqRWNsSnEiLCJtYWMiOiI3ZTliMmM2YzIxOTExNDE0NmVjYTYyMGI4Nzg4YzJiYjNmNjVkNDI1YzEyODYwMzY5YzczNzY3NTUwZDk0OGYzIn0%3D;" | |
| # Adding a delay | |
| ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-proxy http://127.0.0.1:8080 –p 1 –t 3 | |
| # Adding a delay (new method) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bufio" | |
| "flag" | |
| "fmt" | |
| "net" | |
| "os" | |
| "sync" | |
| ) |
thevillagehacker
/ Cloud_Meta_Data_history.md
Last active
January 25, 2021 10:39
- http://169.254.169.254/latest/user-data
- http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
- http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
- http://169.254.169.254/latest/meta-data/ami-id
- http://169.254.169.254/latest/meta-data/reservation-id
- http://169.254.169.254/latest/meta-data/hostname
- http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
thevillagehacker
/ JavascriptRecon.md
Created
January 28, 2021 01:58
My Javascript Recon Process - BugBounty
OlderNewer