Reverse Engineering on macOS

Some notes, tools, and techniques for reverse engineering macOS binaries.

	plain
	𝅸𝅹𝅺󠀁󠀠󠀡󠀢󠀣󠀤󠀥󠀦󠀧󠀨󠀩󠀪󠀫󠀬󠀭󠀮󠀯󠀰󠀱󠀲󠀳󠀴󠀵󠀶󠀷󠀸󠀹󠀺󠀻󠀼󠀽󠀾󠀿󠁀󠁁󠁂󠁃󠁄󠁅󠁆󠁇󠁈󠁉󠁊󠁋󠁌󠁍󠁎󠁏󠁐󠁑󠁒󠁓󠁔󠁕󠁖󠁗󠁘󠁙󠁚󠁛󠁜󠁝󠁞󠁟󠁠󠁡󠁢󠁣󠁤󠁥󠁦󠁧󠁨󠁩󠁪󠁫󠁬󠁭󠁮󠁯󠁰󠁱󠁲󠁳󠁴󠁵󠁶

thezakman / interesting_dirsearch.txt

Created August 10, 2021 07:00 — forked from nullenc0de/interesting_dirsearch.txt

thezakman / api-linkfinder.yaml

Created August 10, 2021 06:58 — forked from nullenc0de/api-linkfinder.yaml

thezakman / api-linkfinder.sh

Created August 10, 2021 06:58 — forked from nullenc0de/api-linkfinder.sh

Exports links and params from API documentation

	wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
	echo https://stripe.com/docs/api \| hakrawler -t 500 -d 10 \|nuclei -t ./linkfinder.yaml -o api.txt
	cat api.txt \|grep url_params \|cut -d ' ' -f 7 \|tr , '\n' \| tr ] '\n' \| tr [ '\n' \|tr -d '"' \|tr -d "'" \|sort -u > api_params.txt
	cat api.txt \|grep relative_links \|cut -d ' ' -f 7 \|tr , '\n' \| tr ] '\n' \| tr [ '\n' \|tr -d '"' \|tr -d "'" \|sort -u > api_link_finder.txt

thezakman / graphql_introspection_query.graphql

Created July 25, 2021 08:29 — forked from a7v8x/graphql_introspection_query.graphql

GraphQL introspection query - for fetching the whole schema (from GraphiQL IDE) for https://atheros.ai/blog/graphql-introspection-and-introspection-queries

thezakman / gist:0269ee88ca8bb29441761181b13f3126

Created June 18, 2021 03:54 — forked from vmanoilov/gist:6a5d09cf958475f2115ea3fe01b61d4b

dorks 2018



	ntext:"bri".php?id= intext:"Credit Card" site:.com
	intext:"kartu kredit".php?id= intext:"Username" site:.com
	intext:"bayar dengan kartu kredit".php?id= intext:"Password" site:.com
	intitle:"bayar dengan kartu kredit".php?id= title:shop intext:"Credit Card" site:.com
	intitle:"human".php?id= title:education intext:"Username" site:.com
	intitle:"Publications".php?id= title:login intext:"Password" site:.com
	intitle:"project".php?id= title:join intext:"Username" site:.com
	intitle:"trade".php?id= title:orders intext:"Username" site:.com

thezakman / Jira bug-exploit

Created June 4, 2021 14:46 — forked from 0x240x23elu/Jira bug-exploit

Jira Bug CVE-2019-8449,CVE-2019-8451,CVE-2019-8451,cve-2018-20824,cve-2020-14179,cve-2020-14181,CVE-2018-5230






	cve-2019-8449
	The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
	https://jira.atlassian.com/browse/JRASERVER-69796
	https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
	=====================================================================================================================================

thezakman / bin-cc.md

Created May 28, 2021 19:58 — forked from erikhenrique/bin-cc.md

Bin de cartões de crédito para validação

Validação para cartão de crédito.

Bin e padrões para validação de cartão de crédito.

Bandeira	Começa com	Máximo de número	Máximo de número cvc
Visa	4	13,16	3
Mastercard	5	16	3

thezakman / hashtag2.py

Created May 14, 2021 02:41 — forked from joaomacalos/hashtag2.py

hashtag2-defapi

	# Query
	query = "SuperLeague OR #SuperLeague -filter:retweets"

	def collect_tweets(query, max_id=None, nitems=100, until=None, result_type='recent'):

	if until is not None:
	tweets = tweepy.Cursor(api.search,
	q=query,
	lang="en",
	tweet_mode="extended",

	wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
	echo https://stripe.com/docs/api \| hakrawler -t 500 -d 10 \|nuclei -t ./linkfinder.yaml -o api.txt
	cat api.txt \|grep url_params \|cut -d ' ' -f 7 \|tr , '\n' \| tr ] '\n' \| tr [ '\n' \|tr -d '"' \|tr -d "'" \|sort -u > api_params.txt
	cat api.txt \|grep relative_links \|cut -d ' ' -f 7 \|tr , '\n' \| tr ] '\n' \| tr [ '\n' \|tr -d '"' \|tr -d "'" \|sort -u > api_link_finder.txt