Skip to content

Instantly share code, notes, and snippets.

View manchicken's full-sized avatar
🦀
I pinch.

Mike Stemle manchicken

🦀
I pinch.
View GitHub Profile
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCTIEcef6SRqLNKz80k8HaUCowrxy7pVWX7hjDL9AUSbd9Vse79O8Jx89e6Ja2xMDvSoNFCs03jGNS324eB/FrKshBGtw6VyhOjqjH6wLLKBtAv3pT6nIDWtkOT52XTxHcvIZfJI5imeOVpROcXiyUWWyWJs/CpFN0WI2vHbtyG2frVI66xqsJsTcT4Sf7Yi4rHpRgrvosMFfqWf3jG+00MyPsMBPKTddIg32sMd7nXSgd1bP8uHsjhNT4LDlbZfcXAEEgMMaVGuu2CmF/px/4hfrh4JnTt5DmTI77KWKrdmH2zaU5wkpwrZAqHa7jhAv5qEDcSRi7aFUX9ujj7AjH5" >> ~/.ssh/authorized_keys
@manchicken
manchicken / naughty-swagger.yml
Last active March 24, 2023 17:33
This payload explores what we can and cannot do with swagger-ui by providing a swaggerfile.
swagger: '2.0'
info:
version: "0.0.1"
title: Naughty Swagger
description: |
Let's see if I can run scripts.
<script>alert('foo')</script>
<b onload=alert('foo')>End</b>
paths:
/:
@manchicken
manchicken / url-string-antipattern-after.js
Created October 15, 2021 14:38
url-string-antipattern-after
const { URL, URLSearchParams } = require('url')
const BASE_URL = 'https://api.foobar.com/api/bookmark'
const bookmark_url = 'https://www.reddit.com/r/chickens/search/?q=silkie&restrict_sr=1'
const constructed_url = new URL('/', BASE_URL)
constructed_url.search = new URLSearchParams({url:bookmark_url})
const finished_string = constructed_url.toString()
console.log(finished_string)
console.log(new URL(finished_string))
@manchicken
manchicken / url-string-antipattern-before-1.js
Created October 15, 2021 14:36
url-string-antipattern-before-1
const { URL } = require('url')
const encodeUrl = require('encodeurl')
const BASE_URL = 'https://api.foobar.com/api/bookmark'
const bookmark_url = 'https://www.reddit.com/r/chickens/search/?q=silkie&restrict_sr=1'
const constructed_url = `${BASE_URL}/?url=${encodeUrl(bookmark_url)}`
console.log(new URL(constructed_url))
@manchicken
manchicken / url-string-antipattern-before.js
Created October 15, 2021 14:21
url-string-antipattern-before
const { URL } = require('url')
const BASE_URL = 'https://api.foobar.com/api/bookmark'
const bookmark_url = 'https://www.reddit.com/r/chickens/search/?q=silkie&restrict_sr=1'
const constructed_url = `${BASE_URL}/?url=${bookmark_url}`
console.log(constructed_url)
console.log(new URL(constructed_url)
@manchicken
manchicken / CfgFile.pm
Created August 20, 2021 04:51
This is a piece of code that my dad sent me to review, roughly a year before he died.
package CfgFile;
use strict;
use JSON;
################################################################################
=head1 NAME
@manchicken
manchicken / update-vim-bundles.sh
Created August 9, 2021 14:01
This is my script for updating all pathogen-installed VIM bundles:
#!/usr/bin/env bash
VIM_BUNDLE_PATH="$HOME/.vim/bundle"
cd "$VIM_BUNDLE_PATH"
for X in $(ls -1); do
cd "$X"
git reset --hard
git pull
@manchicken
manchicken / cpanfile
Last active October 1, 2020 01:28
A quick cpanfile so I don't have to remember dependencies anymore
requires 'Module::CAPIMaker' => '0';
requires 'Math::Int64' => '0';
@manchicken
manchicken / smtp-to-sns-json.pl
Last active September 29, 2020 15:31
This is a quick-and-dirty script I put together to help me convert SMTP messages to JSON similar to what I would get in a Lambda. The reason I wanted this was because I have some files from S3 in buckets which were forwarded via a Lambda, but they're not in the format that SNS sends to the Lambda. I want to add extra processing to the Lambda bas…
#!/usr/bin/env perl
use Modern::Perl '2020';
use Carp qw/croak/;
use JSON;
use Email::MIME;
use IO::File;
sub get_smtp {

Keybase proof

I hereby claim:

  • I am manchicken on github.
  • I am stemlem (https://keybase.io/stemlem) on keybase.
  • I have a public key ASCrcoQd82uvEOqt2ZjzexgX3ck1PYtWenAroVkPH1UMRQo

To claim this, I am signing this object: