Skip to content

Instantly share code, notes, and snippets.


Filippo Valsorda FiloSottile

View GitHub Profile
FiloSottile / gist:2667279
Created May 12, 2012
Render only an element with PhantomJS
View gist:2667279
page.clipRect = page.evaluate(function() {
return document.getElementById(ELEMENT_ID).getBoundingClientRect();
View glyphicons-halflings
FiloSottile / bookmarklet_en
Last active Jan 16, 2016
Krumiro, a bookmarklet to send a message to all your FB friends.
View bookmarklet_en
javascript:(function(){var msg_m_prompt='Insert the message for males. I\'ll replace %name with the recipient name.';var msg_f_prompt='Insert the message for females. I\'ll replace %name with the recipient name.';var throttle_prompt='Insert the pause in milliseconds between a friend and the next.';var exclude_prompt='Insert the list of friends to ignore, comma separated.';var exerror_alert='%s is not in your friends, you might have made a mistake. Do you want to continue?';var time_alert='The script will take %s seconds!';var done='Done!';if(!Array.prototype.indexOf){Array.prototype.indexOf=function(d){if(void 0===this||null===this)throw new TypeError;var c=Object(this),b=c.length>>>0;if(0===b)return-1;var a=0;0<arguments.length&&(a=Number(arguments[1]),a!==a?a=0:0!==a&&(a!==1/0&&a!==-(1/0))&&(a=(0<a||-1)*Math.floor(Math.abs(a))));if(a>=b)return-1;for(a=0<=a?a:Math.max(b-Math.abs(a),0);a<b;a++)if(a in c&&c[a]===d)return a;return-1};}function size(obj){var s=0,key;for(key in obj){if(obj.hasOwnProperty(key))s++
FiloSottile / gist:2352407
Created Apr 10, 2012
Get element by id from HTML document using only HTMLParser
View gist:2352407
import HTMLParser
class IDParser(HTMLParser.HTMLParser):
"""Modified HTMLParser that isolates a tag with the specified id"""
def __init__(self, id): = id
self.result = None
self.started = False
self.depth = {}
self.html = None
FiloSottile /
Last active Nov 20, 2017
Python function to check a RSA signature
# You can `pip install rsa`
import rsa
### Run once, on your dev environment
### Store the private key in a secure place; add the pubkey to your program
(pubkey, privkey) = rsa.newkeys(1024)
FiloSottile /
Created Mar 18, 2012
How to send a HEAD HTTP request in Python with urllib2
import urllib2
class HeadRequest(urllib2.Request):
def get_method(self):
return "HEAD"
class HEADRedirectHandler(urllib2.HTTPRedirectHandler):
Subclass the HTTPRedirectHandler to make it use our
HeadRequest also on the redirected URL
FiloSottile / rasterize.js
Created May 12, 2012
PhantomJS rasterize.js with "Retina" output
View rasterize.js
var page = require('webpage').create(),
address, output, size;
if (phantom.args.length < 2 || phantom.args.length > 3) {
console.log('Usage: rasterize.js URL filename');
} else {
address = phantom.args[0];
output = phantom.args[1];
page.viewportSize = { width: 1280, height: 1024 };
joyrexus / demo.txt
Last active Oct 19, 2018
Demonstrate how to extract and run code blocks from ** files.
View demo.txt
% -x >
% python
hello world!
% -x | python -s
hello world!
FiloSottile /
Created Sep 5, 2012
Building the Armory Bitcoin client for the Raspberry Pi

Armory on the RPi

Building the Armory Bitcoin client for the Raspberry Pi

This is how I got Armory (etotheipi/BitcoinArmory; cross-compiled for the Raspberry Pi.

This is a great way to keep an air-gapped offline wallet for only $30 dollars for the RPi (that you can also use for other things; experiment, it's awesome) and $7 for a Class 10 4GB SD card, really easy to keep in a safe and secret place.


View bounty.txt
GitHub RCE by Environment variable injection Bug Bounty writeup
Disclaimer: I'll keep this really short but I hope you'll get the key points.
GitHub blogged a while ago about some internal tool called gerve:
Upon git+sshing to gerve basically looks up your permission
on the repo you want to interact with. Then it bounces you further in
another forced SSH session to the back end where the repo actually is.