Skip to content

Instantly share code, notes, and snippets.

View idoo's full-sized avatar
:octocat:

Ivan Verevkin idoo

:octocat:
38 followers · 48 following
View GitHub Profile
@ustayready
ustayready / gpt.py
Created January 16, 2023 23:49
CloudGPT - Use ChatGPT to analyze AWS policies for vulnerabilities
import openai
import boto3
import json
import time
from typing import Dict, List
openai.api_key = '### SET YOUR OPENAPI API KEY HERE ###'
session = boto3.session.Session()
client = session.client('iam')
@spencerwooo
spencerwooo / termiWidget.js
Last active April 21, 2024 01:04
🍋 TermiWidget - Terminal-like Widget for iOS 14, made with Scriptable.
// Variables used by Scriptable.
// These must be at the very top of the file. Do not edit.
// icon-color: orange; icon-glyph: quote-right;
// Change these to your usernames!
const user = "spencer"
const jike = "4DDA0425-FB41-4188-89E4-952CA15E3C5E"
const telegram = "realSpencerWoo"
const github = "spencerwooo"
@jotaelesalinas
jotaelesalinas / git-clone-if-newer.sh
Last active March 3, 2023 15:24
#!/bin/bash
set -u
##############################################################################
# DEPRECATION NOTE
#
# This script is outdated. Use it at your own risk.
# First, it has a bug related to the option -o (basically, it does nothing).
# Second, there is a new github repo with a new version, with no known bugs
# and with improved features:
@stefanocoding
stefanocoding / csrf_jwt_redirect_leak.md
Created May 15, 2019 23:46

You do not need to run 80 reconnaissance tools to get access to user accounts

An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked. The issue was mostly the same in both cases: not validating, or URI encoding, user input in the client-side, and sending sensitive information to my server using an open redirect.

CSRF token bug

  1. There is an open redirect on https://example.com/redirect?url=https://myserver.com/attack.php
  2. User loads https://example.com/?code=VALUE
  3. Javascript code in https://example.com/ makes a GET request to https://example.com/verify/VALUE with a header x-csrf-token set to the CSRF token for the session of the user 
    GET /verify/VALUE HTTP/1.1
Host: example.com
@butuzov
butuzov / mp3 to m4b.md
Created August 10, 2018 06:07
Convert mp3's to m4b using `ffmpeg`

Let's imagine we have a lot of mp3 files ( forexample one of the pluralsite courses converted to mp3 ).

URL=https://www.pluralsight.com/courses/run-effective-meetings
PASS=pass
USER=user
OUTPUT="%(playlist_index)s. %(title)s-%(id)s.%(ext)s"
youtube-dl --username $USER --password $PASS -o $OUTPUT --extract-audio --audio-format mp3 $URL
@areinisc
areinisc / README.md
Last active September 3, 2018 13:20
PHOTOMETRY --- doom-emacs -- automatic theme adjustment based on ambient light

Adding automatic light/dark theme switching to doom-emacs running on a mac with ambient light sensor.

Idea adapted from: Matt Bilyeu https://matthewbilyeu.com/blog/2018-04-09/setting-emacs-theme-based-on-ambient-light

Installation

  1. Make the lmutracker executable using clang and place it in your custom doom directory: 
    $ cd ~/.doom.d/    # start in your custom doom directory, wherever that is for you.

$ touch lmutracker.mm # copy in the contents of this file however you like

@podkovyrin
podkovyrin / podkovyr_btt.json
Last active January 29, 2020 13:50 — forked from vas3k/vas3k_btt_v2.json
BetterTouchTool Preset
{
"BTTPresetName" : "podkovyr-btt-preset",
"BTTPresetUUID" : "4DA9BBE8-9392-4B6C-A22B-AAF8189CE7C1",
"BTTPresetContent" : [
{
"BTTAppBundleIdentifier" : "BT.G",
"BTTAppName" : "Global",
"BTTAppSpecificSettings" : {
},
@ewpratten
ewpratten / hosts-yt-ads
Last active November 30, 2023 18:45
youtube ads hosts file
This project has been moved to a GitHub repository to allow Pull Requests.
See: https://github.com/Ewpratten/youtube_ad_blocklist
@d4rky-pl
d4rky-pl / codeship.rb
Last active September 29, 2017 12:03
Simple Ruby script to check Codeship status
#!/usr/bin/env ruby
require 'net/http'
require 'json'
require 'time'
# Replace YOUR_API_KEY with your Codeship API key
API_KEY = 'YOUR_API_KEY'
# Change this to ['repository/name', 'repository/name2'] if you want to filter only specific projects
PROJECTS = nil
@lirantal
lirantal / terminal-with-powerline.sh
Last active December 2, 2022 09:19
Hyper terminal + Powerline 9k terminal theme for oh-my-zsh
# Use hyper.is or iTerm2 as terminal emulators
# Install ohmyzsh
# https://github.com/robbyrussell/oh-my-zsh
# Copy over configs from ~/.bash_profile
# For example, it may have the nvm setup or any aliases like exa=ls and cat=bat
# ~/.hyper.js configuration:
copyOnSelect: true