Sites with valid SSL certs ssl:"orgname" 200 Negative search This is used to specify things you don’t want to be appended to your search -"content" An example could be: ssl:"orgname" 200 -"nosniff" Look for patterns in html html:"Dashboard Jenkins" Search for a specific technology This example will find all sites that use Bootstrap http.component:bootstrap Jenkins: http.component:"jenkins" Resources: https://twitter.com/shodanhq/status/985964783089233920?lang=en https://medium.com/bugbountywriteup/using-shodan-better-way-b40f330e45f6 Assets belonging to an organization org:"Name of Organization" With a 200 response code:...

Search in conversation with a specific user in:@username <string to search for> Search in channel in:@channelname <string to search for> Resource: https://webapps.stackexchange.com/questions/103425/how-to-search-in-a-single-channel Keyboard Shortcuts Open search field COMMAND + g Create private channel w/ webhook Create a new private channel in slack Navigate to https://api.slack.com/apps and create a new app Navigate to https://api.slack.com/apps/YOURAPPID/incoming-webhooks Click Add New Webhook to Workspace Find the channel you created previously in the dropdown Click Allow Copy the Webhook URL and use it as needed

Generic Queries Update field UPDATE table_name SET column1 = value1, column2 = value2, ... WHERE condition; Get first row of data from table Replace table with a valid table in your db. SELECT * FROM <table> LIMIT 1; Single-line comment -- stuff to comment out Multi-line comment /** stuff to comment out **/ Delete the last n rows from a table DELETE FROM `table` WHERE `table`.`tableID` in (SELECT TOP 500 tableID FROM table ORDER BY tableID DESC) Delete the first n rows from a table DELETE FROM `table` WHERE `table`....

Installation on Ubuntu 20.04 sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - sudo apt-add-repository "deb [arch=amd64] \ https://apt.releases.hashicorp.com $(lsb_release -cs) main" sudo apt-get update && sudo apt-get install -y terraform # Verify it works terraform -v Resource: https://learn.hashicorp.com/tutorials/terraform/install-cli Commands This is used to download and configure providers in your terraform code: terraform init Resource: https://learn.hashicorp.com/tutorials/terraform/eks Reconfigure state If you need to reconfigure your state, run the following:...

Create session with a name SESSION_NAME='mysession' tmux new -s "${SESSION_NAME}" Create detached session with a name This particular example will run SimpleHTTPServer in the background: SESSION_NAME='python_sesh' tmux new -s "${SESSION_NAME}" -d 'python3 -m http.server' Kill tmux session programmatically kill -9 "$(top -n 1 | pgrep tmux)" Attach to session with name SESSION_NAME='mysession' tmux a -t "${SESSION_NAME}" # Alternatively: tmux attach -t "${SESSION_NAME}" List sessions # Outside of a tmux session: tmux ls # Within a tmux session: Ctrl b s Background session Ctrl b d Rename current session Ctrl b $ Kill session SESSION_NAME='ohno' tmux kill-session -t "${SESSION_NAME}" Background session on remote host and close ssh session return ~ ....

This contains various regexes that I find useful. Match any character except newline . Match first word of a string on multiple lines /(word1|word2|word3)/igm Multiple lines of neg and pos floating point numbers that are less than 1000 /^-?\d{1,3}\.\d+$/igm Do not return result from a group (?:) For example, do not return the year from this string: 12/06/2016 05:52 (^\d{2}\/\d{2}\/(?:2015|2016) (\d{2}:\d{2})$) Everything else that you expect from a capture group will be captured in the output....

Useful Keyboard Shortcuts Select the beginning of a function Shift-V - Get version of vim :version Get to the end of a function $% Autoindent the current file gg=G Breaking it down: gg to get to the start of the file, = to indent and G to get to the end of the file. Use JQ to make JSON human readable :%!jq '.' Alternatively, you can also use python: :%!python -m json....

Symbols to keep in mind ⌘ is the command key aka the windows key ⇧ is the shift key ⌃ is the control key ⌥ is the alt key Switch between windows On Mac: ⌘ tab number For example: ⌘2 Resource: https://zellwk.com/blog/useful-vscode-keyboard-shortcuts/ Markdown This extension is great, install it: https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one&ssr=false#overview Show preview of MD file On Mac: ⌘⇧V On Windows and Linux: Ctrl Shift V Extensions via command line List existing extensions:...

XXE Valid use case This is a non-malicious example of how external entities are used: <?xml version="1.0" standalone="no" ?> <!DOCTYPE copyright [ <!ELEMENT copyright (#PCDATA)> <!ENTITY c SYSTEM "http://www.xmlwriter.net/copyright.xml"> ]> <copyright>&c;</copyright> Resource: https://xmlwriter.net/xml_guide/entity_declaration.shtml Testing methodology Once you’ve intercepted the POST to the vulnerable page, see if you can get the system to do what it would normally, but with entities: <?xml version="1.0"?> <!DOCTYPE a [ <!ENTITY test "THIS IS A STRING!...

Powershell Enable ISE using powershell In the few months that I’ve been developing powershell, I’ve found the ISE to be incredibly useful. If you get on a new machine and the ISE isn’t there, here’s how you can get it going in the powershell terminal: Import-Module ServerManager Add-WindowsFeature Powershell-ISE Securely store credentials in XML for Import Start out by storing your username and password (in a SecureString format) in a PSCredential object:...