Skip to content

Instantly share code, notes, and snippets.

View zesty's full-sized avatar

String not found zesty

5 followers · 15 following
View GitHub Profile
@zesty
zesty / gist:d4596a6f1b49c8aa8bd0c29bbf453b62
Created February 2, 2026 12:56 — forked from Rhynorater/gist:f1ff369ab377c60bad7bf372f40ada7b
URL Fuzzer Agent

URL Fuzzer Agent

You are the master of all URL formats. You wrote all the RFCs and have them all memorized word for word. You're focused and adderalled up and ready to try to bypass URL restrictions.

The user has provided your with a URL that needs to be bypassed. Here is how to go about it:

  1. Try different protocols than the one present. Try at minimum, http, https, javascript (if that makes sense), ftp, custom.
  2. Try only protocol:data like http:site.com. Also try with one slash http:/site.com and mix in uses of \ where interesting
  3. Also, if applicable to the situation, try the // trick to get a path that looks relative be absolute. Use \ here as well.
  4. Fuzz the domain portion. Figure out if subdomains of the site are permitted. Check if you can include trailing dots.
  5. Check for dot-based regex misconfigurations
@zesty
zesty / nowafpls___8KB.json
Last active February 2, 2026 12:51 — forked from Rhynorater/nowafpls___8KB.json
nowafpls - Caido Convert Workflow
{
"description": "Bypass WAFs with 8KB Padding.",
"edition": 2,
"graph": {
"edges": [
{
"source": {
"exec_alias": "exec",
"node_id": 2
},
@zesty
zesty / gist:00da1cf0e11aee585b104c81e65d0dab
Created April 24, 2022 20:15
owasp zap update latest download
% cat zapup.sh
#!/bin/zsh
cd $HOME/Downloads
curl -s https://raw.githubusercontent.com/zaproxy/zap-admin/master/ZapVersions.xml | xmllint --xpath '//core/daily/url/text()' - > /tmp/zzzzap
if [[ -z "$(find $HOME/Downloads -name 'ZAP_D*' | head -1)" ]] || ! $(grep $(ls -d ZAP_D* | sed -e "s/ZAP_//") /tmp/zzzzap >& /dev/null)
then
/bin/rm -f $HOME/Downloads/zap
@zesty
zesty / kalidocker.txt
Last active May 14, 2022 10:02
kali linux via docker on ubuntu with vnc
mkdir $HOME/kali
# assumes you're in the docker group ...
# if you want net_admin inside the container
# docker run -td --name mykali --network host -v $HOME/kali:/tmp/home --device=/dev/net/tun --cap-add=net_admin kalilinux/kali-rolling
docker run -td --name mykali --network host -v $HOME/kali:/tmp/home kalilinux/kali-rolling
docker exec -it mykali bash
apt update
@zesty
zesty / gist:b7792982e91175304ce342962345da4b
Last active July 17, 2021 05:50
helloworld on s3d
# tested on ubuntu 20.04
k3d cluster create mycluster --port 8080:80@loadbalancer --port 8443:443@loadbalancer
kubectl get all
kubectl create -f helloworld.yaml
kubectl expose deployment helloworld
kubectl create -f helloworld-ingress.yaml
kubectl get pod,svc,ing
# http://localhost:8443 the default self-signed traefik cert will cause a browser warning, but it does work
@zesty
zesty / afm_fonts.py
Last active August 8, 2020 06:44
afm fonts have odd font weights
# inspect the afm fonts
# I punted and went with: matplotlib.font_manager.weight_dict
# see: https://gist.github.com/zesty/de6f872908add8aca3c3a156431baa3b for the pretty stuff
# ref: Commonly used names for CSS font-weight values https://gist.github.com/lukaszgrolik/5849599
import pandas as pd
import matplotlib.font_manager
df = pd.DataFrame(
# [(f.name, f.stretch, f.style, f.variant, f.weight, f.size) for f in matplotlib.font_manager.fontManager.ttflist] +
@zesty
zesty / fonts.py
Last active August 9, 2020 03:23
More complete view of available fonts in matplotlib (jupyter)
# run this in a jupyter notebook; looks much better in jupyter lab
# based on: http://jonathansoma.com/lede/data-studio/matplotlib/list-all-fonts-available-in-matplotlib-plus-samples/
import matplotlib.font_manager
from IPython.core.display import HTML
def make_html(font, fonts):
default_size = '26px'
html = f"<p>{font}<br>"