Skip to content

Instantly share code, notes, and snippets.

View evilpacket's full-sized avatar
:octocat:

Adam Baldwin evilpacket

:octocat:
View GitHub Profile
2klic-api-engine
360-products
65710f05-a7c1-48d1-9ee5-acdfb7f70007
69d1a00e-7f6c-40a4-ab2e-70257bcd245c-es2015
AlertLogic
AutoFixture
Basic-Material-framework
Boilerpipe-Scraper
Coflux
CornerJob
the counts for modules that have alternative url for the module (other than github or a regular package source)
220 blip.strongloop.com
135 packages.appdynamics.com
46 registry.npmjs.org
31 bitbucket.org
20 git.cobalt-engine.com
20 descinet.bbva.es
17 gitlab.hers.rs
11 appgyver-steroids.s3.amazonaws.com
var five = require("johnny-five"),
board;
var keypress = require('keypress');
board = new five.Board();
board.on("ready", function() {
console.log( "Ready event. Repl instance auto-initialized" );
var servo = new five.Servo(10)
>> servo.1373062175128 Board <- Serialport ready /dev/cu.usbmodem1411
string_decoder.js:109
charStr += buffer.toString(this.encoding, 0, end);
^
RangeError: toString() radix argument must be between 2 and 36
at Number.toString (native)
at StringDecoder.write (string_decoder.js:109:21)
at ReadStream.onData (readline.js:833:39)
at ReadStream.EventEmitter.emit (events.js:95:17)
@evilpacket
evilpacket / gist:5856305
Created June 25, 2013 06:08
CSP and FF 21.0
So on FF 21.0 I set the following header X-Content-Security-Policy I get the following error message in the console.
```
The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead.
```
If I set the Content-Security-Policy header it does not honor the policy.
Additionally report only does not appear to work at all in FF 21.0
#!/usr/bin/env ruby
#
# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
#
# ## Advisory
#
# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
#
# ## Caveats
#
@evilpacket
evilpacket / gist:6eeca8b06dc2f5c45549
Created October 25, 2015 04:56
Shitty ReDoS POC
var genstr = function (len, chr) {
var result = "";
for (i=0; i<=len; i++) {
result = result + chr;
}
return result;
}
r = /^([a-z0-9_\.\-\+])+\@(([a-z0-9\-])+\.)+([a-z0-9]{2,4})+$/
@evilpacket
evilpacket / gist:3997031
Created November 1, 2012 22:16
Base N in Lua
local floor,insert = math.floor, table.insert
local function basen(n,b)
n = floor(n)
if not b or b == 10 then return tostring(n) end
local digits = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
local t = {}
local sign = ""
if n < 0 then
sign = "-"
n = -n
@evilpacket
evilpacket / gist:384ac23c2459014a254c
Created September 20, 2015 21:19
retirejs against npm Sept 19th 2015
Count by module / version
1006 YUI@3.3.0
850 YUI@3.4.1
823 jquery@1.8.3
797 jquery@1.7.1
796 jquery@1.7.2
750 YUI@3.0.0
244 jquery@1.8.1
240 jquery@1.8.2
07:38:52-adam_baldwin~/tmp$ nvm use 0.12.4
Now using node v0.12.4
07:38:56-adam_baldwin~/tmp$ npm i nsp -g
/Users/adam_baldwin/.nvm/versions/node/v0.12.4/bin/nsp -> /Users/adam_baldwin/.nvm/versions/node/v0.12.4/lib/node_modules/nsp/bin/nspCLI.js
nsp@1.0.3 /Users/adam_baldwin/.nvm/versions/node/v0.12.4/lib/node_modules/nsp
├── strscanner@0.0.8
├── node-print@0.0.4
├── nsp-api@1.0.3
├── text-table@0.2.0
├── async@0.9.2