- https://scans.io/
- https://commoncrawl.org/
- https://web.archive.org/ (For JS snippets this can be extremely handy. See killbox.sh below that was written for a HackerOne event.)
- https://www.shodan.io/
- https://opendata.rapid7.com/
- https://www.virustotal.com/en/documentation/public-api/ (You can fetch previously-scanned URLs via the API.)
- https://securitytrails.com/
- https://threatcrowd.org/
- https://dnsdumpster.com/
- https://crt.sh/
Julio C. Stefanutto jcesarstef
royra
/ ssh-login-attempts-usernames
Created
April 16, 2023 08:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .log | |
| 0 | |
| 1 | |
| 1234 | |
| 12345 | |
| 123456 | |
| 18Renmeng | |
| 2 | |
| ACrenshaw | |
| AGorg |
vavkamil
/ blind-xss-cloudflare-worker.js
Last active
November 2, 2023 14:43
Serverless Blind XSS hunter with Cloudflare Worker
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| addEventListener("fetch", event => { | |
| event.respondWith(handleRequest(event.request)) | |
| }) | |
| //////////////////////////////////////////////////////////////////////////////////////////////////// | |
| // ! DON'T LEAK THE SECRETS ! | |
| // Use Workers KV if you can https://developers.cloudflare.com/workers/reference/storage/ | |
| const telegram_token = "*****REDACTED*****"; | |
| const telegram_url = "https://api.telegram.org/bot" + telegram_token + "/sendMessage"; |
x0rz
/ TorBrowser_7.x_NoScript_bypass.py
Last active
June 26, 2025 15:11
Tor Browser 7.x NoScript bypass vulnerability https://twitter.com/Zerodium/status/1039127214602641409
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer | |
| PORT_NUMBER = 31337 | |
| class myHandler(BaseHTTPRequestHandler): | |
| #Handler for the GET requests | |
| def do_GET(self): | |
| self.send_response(200) |
EdOverflow
/ a-recon-services-list-for-liveoverflow.md
Last active
April 29, 2021 13:29
bmaupin
/ build-openssl.sh
Last active
September 17, 2025 17:40
Build openssl (with SSLv2/3 support for security testing)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Cache sudo password | |
| sudo -v | |
| # Get latest OpenSSL 1.0.2 version from https://openssl.org/source/ | |
| # v1.1.0 seems to have removed SSLv2/3 support | |
| openssl_version=1.0.2k | |
| # Install build dependencies |
yusufhm
/ logstash-ossec-alerts.conf
Last active
May 22, 2017 16:54
Logstash configuration for reading OSSEC alerts files and send to Elasticsearch (credits to https://mig5.net)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| file { | |
| type => "ossec" | |
| path => "/var/ossec/logs/alerts/alerts.log" | |
| sincedb_path => "/opt/logstash/" | |
| codec => multiline { | |
| pattern => "^\*\*" | |
| negate => true | |
| what => "previous" | |
| } |