Skip to content

Instantly share code, notes, and snippets.

View santrancisco's full-sized avatar
🏠
undefined

San santrancisco

🏠
undefined
27 followers · 20 following
View GitHub Profile
@santrancisco
santrancisco / gist:eb98a6e08916e413854ad3a0cd9333ac
Created August 15, 2016 23:11
keybase.md
### Keybase proof
I hereby claim:
* I am santrancisco on github.
* I am santrancisco (https://keybase.io/santrancisco) on keybase.
* I have a public key whose fingerprint is CC7C 67A8 A0E5 79FA 8ACB 6CAE CEA9 90A8 0EBA 8F5B
To claim this, I am signing this object:
@santrancisco
santrancisco / fswatch.sh
Last active June 28, 2018 04:18
Simple script to sync local copy of the code to remote server - helpful while debugging app remotely for example.
#!/bin/bash
set -e
export DELETEONSYNC=true
export LOCALPATH=`perl -e 'use Cwd "abs_path";print abs_path(shift)' $1`
export REMOTEPATH=$3
export LOCALPATHLENGTH=${#LOCALPATH}
export REMOTESERVER=$2
export LISTEXT="$4"
@santrancisco
santrancisco / gist:71e3f7efec2ac2e9b6583af49bf3a642
Last active August 2, 2018 06:27
Querying cert signed by Symantec before 1st June 2016 using data.gov.au
<html>
<body>please wait, loading...</body>
<script>
// Original code from Maxiosu ;) https://codepen.io/maxiosu/pen/gvJmgd?editors=0010
var query = "Symantec";
var sql = "SELECT s.domain, s.issuer_cn, s.not_valid_after, s.not_valid_before "+
"FROM ( "+
"SELECT key, UNNEST(domains) AS domain, issuer_cn, not_valid_after, not_valid_before "+
'FROM "b718232a-bc8d-49c0-9c1f-33c31b57cd88" '+
"WHERE not_valid_before < NOW() AND not_valid_after > NOW() "+
@santrancisco
santrancisco / getallorgingithub.go
Last active August 22, 2018 04:52
Get all organisations exist in Github - require github token due to rate limiting
package main
import (
"context"
"fmt"
"log"
"net/http"
"os"
"strings"
"time"
@santrancisco
santrancisco / bashtrick.md
Created January 31, 2019 02:14
bash tricks - to be updated

gnu sed

masking out key,token,secret when reading a file to stdout - could be used as an alias to used for demo/presenting.

gsed -r -e "s/((key|token|secret)[^(:|=)]*(=|:)[\t| ]+?['|\"]?+)[^('|\"|$)]*('|\"|$)/\1xxxxxxxxxxx\4/g" ~/.aws/credentials
@santrancisco
santrancisco / slackchallenge.py
Last active May 22, 2019 04:32
Simple httpserver in python to answer to slack challenge for event subscription
#!/usr/bin/env python
"""
Very simple HTTP server in python to answer challenge request from slack server when create an event subscription
Usage::
./dummy-web-server.py [<port>]
Send a GET request::
curl http://localhost
Send a HEAD request::
curl -I http://localhost
Send a POST request::
@santrancisco
santrancisco / gist:d027c777e3b0ce8f689f1e3b949e47cd
Last active June 18, 2019 05:54
Nodejs practice vulnerablecode
// Example of vulnerable code.
const express = require('express');
const router = express.Router();
const {
exec
} = require('child_process')
const fs = require('fs')
const uniqid = require('uniqid')
const streamifier = require('streamifier');
var magic = require('stream-mmmagic');
@santrancisco
santrancisco / cloudformation.json
Last active June 18, 2019 06:12
cloudformation example
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "CTF check",
"Resources": {
"sg": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "SSH Security Group",
"SecurityGroupIngress": {
"CidrIp": "0.0.0.0/0",
@santrancisco
santrancisco / errorcheck.txt
Last active January 31, 2020 06:19
custom burp-suite-error-message-checks search
[^\\]\"> ?<[Ss]+[0-9]+> 0 Web Medium Certain
[^\\]"&gt; ?<[Ss]+[0-9]+> 0 Web Medium Certain
@santrancisco
santrancisco / svgdata_san.js
Last active February 10, 2020 15:46
svgdata_san.js = A file use with draw.io to generate SVG with onclick-able elements for my demo
/**
* Sample plugin.
*/
Draw.loadPlugin(function(ui) {
/**
* Overrides SVG export to add metadata for each cell.
*/
var graphCreateSvgImageExport = Graph.prototype.createSvgImageExport;