Skip to content
View Spix0r's full-sized avatar
🕷️
Crawling...
🕷️
Crawling...
103 followers · 13 following

Block or report Spix0r

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Pinned Loading

  1. writeup-miner writeup-miner Public

    This is a useful Python script for extracting bug bounty or any other write-ups from Medium.com and other websites (soon).

    Python 101 12

  2. robofinder robofinder Public

    Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to uncover previously disallowed directories and paths for any domain—essential for deepening your #OSINT and #reco…

    Python 50 7

  3. This gist outlines a method for data... This gist outlines a method for data exfiltration using DNS in Out-Of-Band (OOB) scenarios. It explains how to utilize DNS queries to transmit sensitive information, such as system details, when direct communication is unavailable. The guide covers both simple queries (e.g., exfiltrating the username) and more complex data (e.g., output of the uname -a command), demonstrating the use of encoding techniques like hex and base64 for safe transmission. Additionally, it includes a prerequisite section for setting up your OOB server.
    1 
    # Data Exfiltration Using DNS (Out-Of-Band)
    2 
    
              
    
              
    
                3
                
    ## Description  
    
              
    
              
    
                4
                
    In an Out-Of-Band (OOB) situation where direct responses to requests are unavailable, we can leverage DNS (specifically UDP) to exfiltrate data. In this example, we'll demonstrate how to use `dig` to query DNS and exfiltrate information such as the username (`whoami`), and how to handle more complex data like the output of `uname -a` by encoding it before exfiltration.
    
              
    
              
    
                5
                
    
              
    
          
    
    
    
  
    

    4. 

      
  4. 
  
    
    
    
      
    
        
    
            
          fback  fback          Public
        
    
      
    


      
    
        This is a useful Python script for generating a target specific wordlist for fuzzing backup files.
      
    

      
    
          
  
  Python


          
            
    

            29
          
          
            
    

            8
          
      
    
    
    
  
    

    5. 

      
  5. 
  
    
    
    
      
    
        
    
            
          cloudrecon  cloudrecon          Public
        
    
      
    


      
    
        This script is used to search for cloud certificate entities such as Amazon, Azure, and others that have been extracted by the kaeferjaeger.gay provider.
      
    

      
    
          
  
  Shell


          
            
    

            30
          
          
            
    

            1
          
      
    
    
    
  
    

    6. 

      
  6. 
  
    
    
    
      
    
        
    
            
          django-rce-exploit  django-rce-exploit          Public
        
    
      
    


      
    
        A Python tool for exploiting Django RCE via deserialization vulnerabilities in session cookies, allowing remote code execution through forged cookies.
      
    

      
    
          
  
  Python


          
            
    

            9
          
      
    
    
    
  
    

    7.