Skip to content

Instantly share code, notes, and snippets.

View z0rs's full-sized avatar

z0rs

14 followers · 0 following
View GitHub Profile
@z0rs
z0rs / action-recon.md
Last active August 6, 2025 07:33 
name: Full Recon

on:
  push:
    branches: [master]

jobs:
  full-recon:
    runs-on: ubuntu-latest
@z0rs
z0rs / nuclei.md
Created April 17, 2025 18:41

Intro

”Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks.”

FAQ

  • Q: What is nuclei?
  • A: Nuclei is a fast and customizable vulnerability scanner based on simple YAML-based templates.
@z0rs
z0rs / mtngroup.txt
Created April 17, 2025 18:20
https://ayoba-donations.vercel.app
https://ayo.ba
https://4.221.118.253
https://197.210.96.58
https://104.155.11.146
https://apiportal.chenosis.io
https://admin.marketplace.ayoba.me
https://aimco.co.ke
https://1app.mtn.co.za
https://cms.ayoba.me
@z0rs
z0rs / all-hilton.com
Created March 27, 2025 15:32
richardsondallas.hilton.com
uksupply.hilton.com
qwwwcreditscard.hilton.com
app.hilton.com
aviprd-ext.hhc.hilton.com
aws.hilton.com
blog.hilton.com
dubaijumeirah.hilton.com
tmx.hilton.com
travel.hilton.com
@z0rs
z0rs / hilton.com
Created March 25, 2025 13:10
https://alohaapac-1.hilton.com
https://alohaapac.hilton.com
https://alohaemea-1.hilton.com
https://alohaemea.hilton.com
https://aloha.hilton.com
https://alumni.hilton.com
https://asiapac.hilton.com
https://boost.hilton.com
https://curiodesignstudio.hilton.com
https://daintlreporting.hilton.com
@z0rs
z0rs / NucleiRecon
Last active January 17, 2025 05:08
name: Recon
on:
push:
branches: [master]
jobs:
scan-and-deploy:
runs-on: ubuntu-latest
steps:
@z0rs
z0rs / MuteVerifiedAccAnd5words.md
Created January 16, 2025 10:04 
(async function () {
    const delay = ms => new Promise(resolve => setTimeout(resolve, ms));

    async function scrollToLoadMore() {
        console.log("Scrolling to load more replies...");
        window.scrollTo(0, document.body.scrollHeight); // Scroll ke bawah
        await delay(2000);
    }
@z0rs
z0rs / Cachepoison.md
Last active November 16, 2024 16:19 
package main

import (
	"bufio"
	"crypto/tls"
	"fmt"
	"net/http"
	"net/url"
	"os"
@z0rs
z0rs / Soc.md
Last active October 6, 2024 13:16

Incident Summary

This report outlines the compromise of a WordPress server exploited through a vulnerable plugin by a threat actor. The attack, simulated in HackTheBox's Sherlock: Ultimatum challenge, targeted a known vulnerability in the Ultimate Member plugin, enabling the attacker to create a backdoor admin account and gain full control over the server. This detailed report examines the attack timeline, indicators of compromise (IoCs), and post-exploitation activities.

1. Objective

The objective of this investigation was to analyze the compromise of a WordPress server suspected of being attacked via a vulnerable plugin. The aim was to identify the exploit, document the attacker's methods, and gather actionable intelligence for remediation.

@z0rs
z0rs / Delete.js
Last active September 1, 2024 16:01
const deleteTweetsBetweenDates = async (startDate, endDate) => {
const processedButtons = new Set();
const delay = (ms) => new Promise(resolve => setTimeout(resolve, ms));
console.log("Script started");
while (true) {
console.log("Looking for tweets...");
const deleteButtons = Array.from(document.querySelectorAll('[data-testid="caret"]'))