Skip to content

Instantly share code, notes, and snippets.

View rossja's full-sized avatar

Jason Ross rossja

167 followers · 1 following
View GitHub Profile
@rossja
rossja / README.md
Last active April 9, 2024 00:21
Huggingface SFConvertbot Pull Request Scanner

HuggingFace SF_Convertbot Scanner

This script is designed to assist in identifying pull requests to HuggingFace repositories that are sourced from the SFConvertbot user.

The SFConvertbot user is part of an automated tool used by HuggingFace to provide safetensor versions of models. As published by HiddenLayer this bot can be used by malicious actors to potentially insert malicious content into models.

This tool is a simple script to query all models released by a HuggingFace author, and checks all

@rossja
rossja / slack-token-checker.py
Created February 6, 2024 23:39
Slack Token Checker
"""
presumes a list of slack tokens (1 per line)
in a file at ./tokens.txt
runs through them one by one using the slack auth.test endpoint
returns info if they are valid, otherwise no
"""
import requests
url = 'https://slack.com/api/auth.test'
@rossja
rossja / utils.js
Created November 11, 2021 17:55
/**
* utils module - provides various utility functions used by the application
* @module utils
*/
/**
* A function to sort an array of indices by a given property
* put simply: this lets you sort an array of json objects by
* whatever property you tell it to use.
* Example: `var teams = data.teams.sort(utils.GetSortOrder("name"))`
@rossja
rossja / web-servers.md
Created October 22, 2021 18:24 — forked from willurd/web-servers.md
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
@rossja
rossja / dc29-streams.md
Last active August 6, 2021 16:46
DEF CON 29 Streams List
@rossja
rossja / DC28Streams.md
Last active August 9, 2020 16:01
DEF CON 28 (Safe Mode) Stream List
@rossja
rossja / kiksnarf.py
Last active July 11, 2020 17:00
#!/usr/bin/env python3
# =================================================
# stupid script to dump kik profile data without a login or bot API key
# example command: `kiksnarf.py Kikteam`
# example output:
# fetching profile from: https://ws2.kik.com/user/Kikteam
# Name: Kik Team
# Display Pic URL: http://profilepics.cf.kik.com/9wG3zRZW8sLxLnpmyOfwNE7ChYk/orig.jpg
# Display Pic Last Updated: 2018-07-12T18:00:02Z
# =================================================
@rossja
rossja / config.py
Created May 5, 2020 14:55
Dockerized Overviewer
worlds["default"] = "/tmp/server/world/"
worlds["nether"] = "/tmp/server/world_nether/"
renders["default_day"] = {
"world": "default",
"title": "Default Day",
"rendermode": smooth_lighting,
"dimension": "overworld",
}
@rossja
rossja / ECB Cryptolocker.md
Last active February 25, 2020 23:04
ECB CryptoLocker

ECB CryptoLocker Idea

Random musings from a 3 AM brain spin. Likely a very stupid idea :)

To Lock

  • create a list of files to lock
  • randomize the list order
  • generate a random 8 bit ascii hex string to use as an IV
@rossja
rossja / authy-export.js
Created March 19, 2019 15:17
JSON export of TOTP keys from Authy
/*
// JSON export of TOTP keys from Authy
// based on the scripts and comments at <https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93>
// Last tested: 2019-03-19
// -----------------------------------------------------------
// Tested on:
// - Chrome version 72.0.3626.121 (Official Build) (64-bit)
// - Authy version 2.6.0
// -----------------------------------------------------------
// Directions: