Ads Dawson GangGreenTemperTatum

## endpoints bookmarklet
javascript:(function(){var scripts=document.getElementsByTagName("script"),regex=/(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g,jsRegex=/(?<=(\"|\'|\%60))(?:\/|https?:\/\/)[a-zA-Z0-9_?&=\/\-\#\.]+\.js(?:\?[^"'%60]*)?(?=(\"|\'|\%60))/g;const results=new Set;const paramMap=new Map();const jsFiles=new Set();function processContent(t,src){var e=t.matchAll(regex);for(let r of e){results.add(r[0]);var params=r[0].split('?')[1];if(params){params.split('&').forEach(param=>{var [key,]=param.split('=');if(key){if(!paramMap.has(key)){paramMap.set(key,[]);}paramMap.get(key).push(src||'Inline script or HTML');}});}}var j=t.matchAll(jsRegex);for(let r of j){jsFiles.add(r[0]);}}for(var i=0;i<scripts.length;i++){var t=scripts[i].src;if(t){jsFiles.add(t);fetch(t).then(function(t){return t.text()}).then(text=>processContent(text,t)).catch(function(t){console.log("An error occurred: ",t)});}else{processContent(scripts[i].textContent);}}var pageContent=document.documentElement.outerHTML;processContent(pageContent

## recon-install.sh
#!/usr/bin/env bash
# setup-recon.sh (v4)
# Works on Ubuntu / Debian / Kali
# Usage: sudo ./setup-recon.sh
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive

#-----------------------------
# Config
#-----------------------------

## sample_report.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                GangGreenTemperTatum
                / sample_report.md
            
            
              Last active
              September 2, 2025 11:54
            
              
                Sample Barebones BB Report
              
          
    Summary


Executive summary

Background


Explain the application feature/functionality which is affected.

  
## burp_custom_action_request_injection.java
// custom action in Burp Suite that automatically sends a payload to all parameters in a request at once. This helps run basic checks automatically for every request sent through Repeater. You can customize it with your own payloads and create multiple actions as needed, a real timesaver.

var injReq = original.parameters().stream().reduce(
  original,
  (req, param) -> req.withUpdatedParameters(
    HttpParameter.parameter(
      param.name(),
      param.value() + "'AND'1'='1",
      param.type()
    )

## javascript_hacking.sh
#Gather JSFilesUrls

cat $target | gau | grep ".js$" | uniq | sort >> jsfile_links.txt
cat $target | subjs >> jsfile_links.txt
cat jsfile_links.txt | hakcheckurl | grep "200" | cut -d" " -f2 | sort -u > live_jsfile_links.txt

#Gather Endpoints From JsFiles

cat live_jsfile_links.txt | while read url; do python3 ./tools/LinkFinder/linkfinder.py -d -i $url -o cli; done > endpoints.txt

## zapscan.py
import time
from zapv2 import ZAPv2
from datetime import datetime

# --- Configuration ---
# ZAP Connection Details
ZAP_ADDRESS = "http://localhost"  # Or your ZAP's IP/hostname
ZAP_PORT = "8081"  # Or your ZAP's port
ZAP_API_KEY = "YOUR_ZAP_API_KEY"  # Replace with your ZAP API key if you have one set, otherwise leave as '' or None

## bambdas.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                GangGreenTemperTatum
                / bambdas.md
            
            
              Created
              October 25, 2024 13:08
            
              
                Bambdas Cheat Sheet
              
          
    Display responses that came from a server-side cache (Varnish/Cloudfront) with this filter bambda:

return requestResponse.response().headerValue("X-Cache").toLowerCase().contains("hit");

  
## guid_reaper.py
#!/bin/env python3

import argparse
import datetime
import re
import sys
import uuid

###############################################################################
# Based off of Daniel Thatcher's guid tool

## all_the_forks.py
import requests
import json
import os
import time

# Get the GitHub Personal Access Token from environment variable
gh_pat = os.getenv('GH_PAT')

if not gh_pat:
    print('Error: GH_PAT environment variable is not set. Please set the environment variable to run the script.' + '\n' + 'https://docs.github.com/en/rest/authentication/authenticating-to-the-rest-api?apiVersion=2022-11-28')

## README.md

      
              2 files
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                GangGreenTemperTatum
                / README.md
            
            
              Created
              June 17, 2024 16:24
                — forked from rossja/README.md
            
              
                Huggingface SFConvertbot Pull Request Scanner
              
          
    HuggingFace SF_Convertbot Scanner

This script is designed to assist in identifying pull requests to HuggingFace repositories
that are sourced from the SFConvertbot user.
The SFConvertbot user is part of an automated tool used by HuggingFace to provide safetensor
versions of models. As published by HiddenLayer
this bot can be used by malicious actors to potentially insert malicious content into models.
This tool is a simple script to query all models released by a HuggingFace author, and checks all
	#!/usr/bin/env bash
	# setup-recon.sh (v4)
	# Works on Ubuntu / Debian / Kali
	# Usage: sudo ./setup-recon.sh
	set -euo pipefail
	export DEBIAN_FRONTEND=noninteractive

	#-----------------------------
	# Config
	#-----------------------------
	// custom action in Burp Suite that automatically sends a payload to all parameters in a request at once. This helps run basic checks automatically for every request sent through Repeater. You can customize it with your own payloads and create multiple actions as needed, a real timesaver.

	var injReq = original.parameters().stream().reduce(
	original,
	(req, param) -> req.withUpdatedParameters(
	HttpParameter.parameter(
	param.name(),
	param.value() + "'AND'1'='1",
	param.type()
	)
	#Gather JSFilesUrls

	cat $target \| gau \| grep ".js$" \| uniq \| sort >> jsfile_links.txt
	cat $target \| subjs >> jsfile_links.txt
	cat jsfile_links.txt \| hakcheckurl \| grep "200" \| cut -d" " -f2 \| sort -u > live_jsfile_links.txt

	#Gather Endpoints From JsFiles

	cat live_jsfile_links.txt \| while read url; do python3 ./tools/LinkFinder/linkfinder.py -d -i $url -o cli; done > endpoints.txt
	import time
	from zapv2 import ZAPv2
	from datetime import datetime

	# --- Configuration ---
	# ZAP Connection Details
	ZAP_ADDRESS = "http://localhost" # Or your ZAP's IP/hostname
	ZAP_PORT = "8081" # Or your ZAP's port
	ZAP_API_KEY = "YOUR_ZAP_API_KEY" # Replace with your ZAP API key if you have one set, otherwise leave as '' or None
	#!/bin/env python3

	import argparse
	import datetime
	import re
	import sys
	import uuid

	###############################################################################
	# Based off of Daniel Thatcher's guid tool
	import requests
	import json
	import os
	import time

	# Get the GitHub Personal Access Token from environment variable
	gh_pat = os.getenv('GH_PAT')

	if not gh_pat:
	print('Error: GH_PAT environment variable is not set. Please set the environment variable to run the script.' + '\n' + 'https://docs.github.com/en/rest/authentication/authenticating-to-the-rest-api?apiVersion=2022-11-28')