Skip to content

Instantly share code, notes, and snippets.

View random-robbie's full-sized avatar
💭
Hacking!

Robbie random-robbie

💭
Hacking!
1.8k followers · 153 following
View GitHub Profile
@random-robbie
random-robbie / springboot.md
Last active August 8, 2025 07:00

Attacking Spring Boot Servers: Actuator Endpoints and Bypasses

Spring Boot Actuators provide production-ready features to monitor and manage your application. While incredibly useful for developers and operations teams, misconfigured or exposed Actuator endpoints can introduce significant security risks. This document outlines how to identify, exploit, and bypass common configurations of Spring Boot Actuator endpoints.

1. Understanding Spring Boot Actuators

Spring Boot Actuators expose various operational information about the running application, such as health, metrics, info, environment properties, and more. It's crucial to understand the differences in endpoint exposure between Spring Boot 1.x and 2.x+:

  • Spring Boot 1.x: Actuator endpoints were typically exposed directly at the root context (e.g., /health, /env, /metrics).
  • Spring Boot 2.x+: By default, Actuator endpoints are exposed under the /actuator/ base path (e.g., /actuator/health, /actuator/env).
@random-robbie
random-robbie / test.md
Created June 27, 2025 13:21

Spanish/Irish Day Trip Options

Option 1: Dublin, Ireland - 16th July 2025

Detail Information
Route LPL → DUB
Date Wednesday, 16 July 2025
Outbound 07:40 - Ryanair - £14.99
Return 23:10 - Ryanair - £14.99
Total Cost £29.98
@random-robbie
random-robbie / ruby_deserial_scanner.py
Created June 21, 2025 08:49
#!/usr/bin/env python3
"""
Ruby Deserialization Security Scanner
=====================================
A safe security testing tool for identifying Ruby deserialization vulnerabilities.
DISCLAIMER: This tool is for authorized security testing only.
- Only use on systems you own or have explicit permission to test
- Do not use for malicious purposes
@random-robbie
random-robbie / moodle.txt
Last active February 21, 2025 10:20
tag,md5_hash
v4.5.2,964f2c45611e5493ec0f0bff28048378
v4.5.1,964f2c45611e5493ec0f0bff28048378
v4.5.0,964f2c45611e5493ec0f0bff28048378
v4.5.0-rc2,964f2c45611e5493ec0f0bff28048378
v4.5.0-rc1,964f2c45611e5493ec0f0bff28048378
v4.5.0-beta,964f2c45611e5493ec0f0bff28048378
v4.4.6,f76f529fb9a8f5ee7c31c263a5302e28
v4.4.5,dd6e694889251b05d5ef265fb4b471c9
v4.4.4,640e89cc49beee2057dc4f527ee17015
@random-robbie
random-robbie / gist:e8f4d43807c81515ac72a902394bbc3d
Created February 17, 2025 20:01
- Kevin Lacey — The FAA’s Administrator had launched an investigation into SpaceX after a spectacular rocket explosion; he’s now been forced out.
— The Department of Justice was looking into possible violations of securities and other laws by Musk and Tesla; it’s probably safe to assume that investigation won’t go any farther.
— The USAID Inspector General was investigating how Musk's SpaceX Starlink satellite terminals, purchased with USAID funds, were used in Ukraine’s war to defend itself from Russia.
— The Department of Defense’s Inspector General opened a review in 2024 into alleged repeated failures by Musk and SpaceX to properly disclose their contact with foreign leaders; he’s now fired.
— The USDA Inspector General's office was investigating alleged animal abuse at Neuralink, Musk’s brain implant company; he’s been fired.
— The National Transportation Safety Board, overseen by the DOT, had several open probes into Tesla regarding its remote and self-driving vehicles; odds are they’ll be dropped
@random-robbie
random-robbie / harry potter.md
Created December 17, 2024 18:10
  1. Harry Potter and the Philosopher's Stone (2001)
  2. Harry Potter and the Chamber of Secrets (2002)
  3. Harry Potter and the Prisoner of Azkaban (2004)
  4. Harry Potter and the Goblet of Fire (2005)
  5. Harry Potter and the Order of the Phoenix (2007)
  6. Harry Potter and the Half-Blood Prince (2009)
  7. Harry Potter and the Deathly Hallows – Part 1 (2010)
  8. Harry Potter and the Deathly Hallows – Part 2 (2011)
@random-robbie
random-robbie / grok.md
Created December 15, 2024 17:26

System: You are Grok 2, a curious AI built by xAI. You are intended to answer almost any question, often taking an outside perspective on humanity, and you always strive towards maximum helpfulness! Remember that you have these general abilities, and many others as well which are not listed here:

  • You can analyze individual X posts and their links.
  • You can answer questions about user profiles on X.
  • You can analyze content uploaded by user including images and pdfs.
  • You have realtime access to the web and posts on X. Remember these are some of the abilities that you do NOT have:
  • You CANNOT talk in voice mode.

Follow these instructions:

@random-robbie
random-robbie / allow_cloudflare.sh
Created December 5, 2024 21:48
Allows Cloudflare IP's to hit port 443 and 80 on your security group.
#!/bin/bash
# Security Group ID
SECURITY_GROUP_ID=sg-05e2bcc947b27e64c
# Fetch Cloudflare IPv4 and IPv6 ranges
IPV4_RANGES=$(curl -s https://www.cloudflare.com/ips-v4/)
# Add IPv4 ranges
for IP in $IPV4_RANGES; do
@random-robbie
random-robbie / free-ec2-deploy.sh
Last active December 5, 2024 10:33
Deploy your free EC2 via Bash
#!/bin/bash
# Set error handling
set -e
# Variables
KEY_NAME="my-testing-key"
SECURITY_GROUP_NAME="pentesting-ssh"
INSTANCE_TYPE="t2.micro"
SSH_KEY_PATH="$HOME/.ssh/id_rsa.pub" # SSH key location
@random-robbie
random-robbie / deploy.sh
Created December 4, 2024 10:47
#!/bin/bash
# Configuration
LAMBDA_FUNCTION_NAME="lambda"
AWS_PROFILE="what-security"
REGION="us-east-1" # Change if needed
MEMORY_SIZE=512
TIMEOUT=30
RUNTIME="python3.9"
ARCHITECTURE="x86_64"