| No | Tool | Description |
|---|---|---|
| 1 | OSV Scanner | OSV is a distributed vulnerability database. OSV-Scanner serves as the official tool to query this database and identify relevant vulnerabilities impacting your project's dependencies. |
| 2 | grype | A vulnerability scanner for container images and filesystems. |
| 3 | Yelp/detect-secrets | A secret scanner. Detects hardcoded secrets in the project. |
| 4 | Bandit | Bandit is a tool designed to find common security issues in Python code. |
| 5 | semgrep | Lightweight static analysis for many languages. Find bug variants with patterns that look like source code. |
| 6 | gitleaks | Detects and prevents hardcoded secrets in the project. |
Pouya Esmaeili PouyaEsmaeili
PouyaEsmaeili
/ Rate Limiter Constructor.py
Last active
January 3, 2023 21:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from datetime import timedelta | |
| from random import choices | |
| from redis import StrictRedis | |
| from string import ascii_uppercase, ascii_lowercase | |
| class RateLimiter(object): | |
| def __init__(self, | |
| con_pool: StrictRedis, | |
| number_of_requests: int, |
PouyaEsmaeili
/ Rate Limiter private methods.py
Created
January 3, 2023 22:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def _get_lock_name(self, client_id: str, resource_id: str) -> str: | |
| if self._limit_per_client: | |
| return f'{resource_id}-lock' | |
| return f'{client_id}-{resource_id}-lock' | |
| def _get_log_pattern(self, client_id: str, resource_id: str) -> str: | |
| if self._limit_per_client: | |
| return f'{resource_id}-*' | |
| return f'{client_id}-{resource_id}-*' |
PouyaEsmaeili
/ Rate Limiter public methods.py
Created
January 3, 2023 22:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def log(self, client_id: str, resource_id: str) -> bool: | |
| lock_name = self._get_lock_name(client_id, resource_id) | |
| with self._con_pool.lock(name=lock_name, timeout=self._lock_timeout): | |
| if self.is_allowed(client_id, resource_id): | |
| log_name = self._generate_log_name(client_id, resource_id) | |
| self._con_pool.setex( | |
| name=log_name, | |
| time=self._time_bound, | |
| value=self._log_value | |
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| stages: | |
| - vulnerability-scanning | |
| osv-scanner: | |
| stage: vulnerability-scanning | |
| image: golang | |
| before_script: | |
| - go install github.com/google/osv-scanner/cmd/osv-scanner@v1 | |
| script: | |
| - osv-scanner -v |
PouyaEsmaeili
/ scanners.md
Last active
December 13, 2023 13:54
Free and Open Source tools for vulnerability scanning.
PouyaEsmaeili
/ vulnerability_mitigation_useful_links.md
Last active
December 13, 2023 16:01
Useful links for vulnerability mitigation.
| No | Title | Description |
|---|---|---|
| 1 | CVSS Documentation | The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes. |
| 2 | CVSS Calculator | Common Vulnerability Scoring System Version 4.0 Online Calculator |
| 3 | NVD NIST | The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD |
PouyaEsmaeili
/ spiral_matrix.py
Created
December 21, 2023 21:22
Solution to Spiral Matrix challenge with Python Generator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Spiral Matrix | |
| # https://leetcode.com/problems/spiral-matrix/solutions/4437968/solution-with-python-generator/ | |
| from typing import List | |
| def row_seq_generator(m): | |
| for i in range(m): | |
| yield i | |
| if i == m - 1 - i: |
wget -E -m -p -k http://my.domain.com ref.
PouyaEsmaeili
/ scan.py
Last active
December 27, 2023 17:40
Scan a website for malicious URL with AsyncURLCrawler and Virus Total
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # For more details check my blog post: | |
| # https://medium.com/@pouya.esmaeili.g/viruscan-a-website-for-malicious-url-with-asyncurlcrawler-and-virus-total-2adaef0201c3 | |
| import asyncio | |
| from AsyncURLCrawler.parser import Parser | |
| from AsyncURLCrawler.crawler import Crawler | |
| from httpx import AsyncClient | |
| API_KEY = "API KEY" | |