Skip to content

Instantly share code, notes, and snippets.

View slowmistio's full-sized avatar

imslowmist slowmistio

348 followers · 1.7k following
View GitHub Profile
@maldevel
maldevel / dumpFirefoxPasswords.cpp
Created September 15, 2018 10:40
PassCat Dump Firefox passwords snippet
//https://github.com/twelvesec/passcat
//GNU General Public License v3.0
//@maldevel
//...
static void _handle_credentials(std::string hostname, std::string encUsername, std::string encPassword) {
int len = 0;
char *decoded;
int adjust = 0;
@x0rz
x0rz / TorBrowser_7.x_NoScript_bypass.py
Last active November 10, 2021 13:24
Tor Browser 7.x NoScript bypass vulnerability https://twitter.com/Zerodium/status/1039127214602641409
#!/usr/bin/python
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer
PORT_NUMBER = 31337
class myHandler(BaseHTTPRequestHandler):
#Handler for the GET requests
def do_GET(self):
self.send_response(200)
@jgamblin
jgamblin / nmapburp.sh
Created September 6, 2018 19:49
NMap a network and send all open web servers to Burp.
#!/bin/bash
#Script to Scan All Sites Found With A Simple NMAP Scan With Burp.
sites=$(nmap "$1" --open 443 --resolve-all --open -oG - | awk 'NR!=1 && /open/{print $2}')
for site in $sites
do
curl -vgw "\\n" 'http://127.0.0.1:1337/v0.1/scan' -d '{"urls":["'"$site"'"]}' > /dev/null 2>&1
printf "Scanning %s with burp.\\n" "$site"
done
@akhil-reni
akhil-reni / api.go
Last active December 17, 2018 08:19
A JSON Rest API for Subfinder
package main
/*
Usage:
go get github.com/Ice3man543/subfinder
go get github.com/gin-gonic/gin
go get github.com/jinzhu/gorm
go get github.com/mattn/go-sqlite3
go run api.go
@itszn
itszn / d8.js
Last active March 5, 2021 16:31
Plaid CTF 2018 d8 exploit
/* Plaid CTF 2018 v8 Exploit. Exploit begins around line 240 */
/* ### Utils, thanks saelo ### */
//
// Tiny module that provides big (64bit) integers.
//
// Copyright (c) 2016 Samuel Groß
//
@subudeepak
subudeepak / WebSockets.md
Last active May 31, 2024 09:36
The problems and some security implications of websockets - Cross-site WebSockets Scripting (XSWS)

WebSockets - An Introduction

WebSockets is a modern HTML5 standard which makes communication between client and server a lot more simpler than ever. We are all familiar with the technology of sockets. Sockets have been fundamental to network communication for a long time but usually the communication over the browser has been restricted. The general restrictions

  • The server used to have a permanent listener while the client (aka browser) was not designated any fixed listener for a more long term connection. Hence, every communication was restricted to the client demanding and the server responding.
  • This meant that unless the client requested for a particular resource, the server was unable to push such a resource to the client.
  • This was detrimental since the client is then forced to check with the server at regular intervals. This meant a lot of libraries focused on optimizing asynchronous calls and identifying the response of asynchronous calls. Notably t