Muhammad Daffa daffainfo

🌙

Learning

Vulnerability Researcher at spiderSilk

1.4k followers · 93 following

spiderSilk
Indonesia
https://daffa.info
@daffainfo

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

h4x0r-dz / Generic keys

Created May 5, 2022 09:15

(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k

anvbis / pwntools-cheatsheet.md

Last active June 13, 2025 05:20

pwntools-cheatsheet.md

Pwntools Cheatsheet

Program Interaction
Environment and Contexts
Logging and Output
Encoding, Packing and Utility
Assembly and Shellcraft
ELFs, Strings and Symbols
Return Oriented Programming
SROP and Sigreturn Frames

zafirr31 / pwntools_example.py

Last active July 20, 2024 00:57

Short pwntools tutorial for beginners



	from pwn import *

	BINARY = '<path_to_binary>'
	IP, PORT = '<ip>', 8080
	LOCAL = True

	if LOCAL:
	p = process(BINARY) # Makes pipe fd

TarlogicSecurity / kerberos_attacks_cheatsheet.md

Created May 14, 2019 13:33

A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

fransr / bucket-disclose.sh

Last active February 16, 2025 14:38

Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages

	#!/bin/bash

	# Written by Frans Rosén (twitter.com/fransrosen)
	_debug="$2" #turn on debug
	_timeout="20"
	#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
	_aws_key="AKIA..."
	H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
	H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"

Davor111 / sshuttle.sh

Created February 17, 2017 08:34

How to use sshuttle with .key, .csr or .pem files for authentication

	#It's not directly mentioned in the documentation on how to do this, so here you go. This command will tunnel everything including DNS:
	sshuttle --dns -vr [email protected] 0/0 --ssh-cmd 'ssh -i /your/key/path.pem'

natritmeyer / mount_smbfs.sh

Created September 19, 2013 09:40

How to mount and unmount a SMB share on Mac OS X (using mount_smbfs)

	#Mounting the share is a 2 stage process:
	# 1. Create a directory that will be the mount point
	# 2. Mount the share to that directory

	#Create the mount point:
	mkdir share_name

	#Mount the share:
	mount_smbfs //username:[email protected]/share_name share_name/