I needed to inspect an HTTPS site's current certs and wanted to do it from the command line. Here are a couple of commands that I used that worked quite well.
nmap -p 443 --script ssl-cert [hostname]
# Start Bad Bot Prevention | |
<IfModule mod_setenvif.c> | |
# SetEnvIfNoCase User-Agent ^$ bad_bot | |
SetEnvIfNoCase User-Agent "^12soso.*" bad_bot | |
SetEnvIfNoCase User-Agent "^192.comAgent.*" bad_bot | |
SetEnvIfNoCase User-Agent "^1Noonbot.*" bad_bot | |
SetEnvIfNoCase User-Agent "^1on1searchBot.*" bad_bot | |
SetEnvIfNoCase User-Agent "^3D_SEARCH.*" bad_bot | |
SetEnvIfNoCase User-Agent "^3DE_SEARCH2.*" bad_bot | |
SetEnvIfNoCase User-Agent "^3GSE.*" bad_bot |
// Add ChatGPT Menu | |
const onOpen = () => { | |
const ui = SpreadsheetApp.getUi(); | |
ui.createMenu("ChatGPT") | |
.addItem("💾 Save Responses as Text", "saveAsText") | |
.addItem("ChatGPT API Sheet by Sarah Tamsin 💜", "openUrl") | |
.addToUi(); | |
}; |
#!/bin/bash | |
# Example for the Docker Hub V2 API | |
# Returns all images and tags associated with a Docker Hub organization account. | |
# Requires 'jq': https://stedolan.github.io/jq/ | |
# set username, password, and organization | |
UNAME="" | |
UPASS="" | |
ORG="" |
This is still a new situation. There is a lot we don't know. We don't know if there are more possible exploit paths. We only know about this one path. Please update your systems regardless.
This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
/* The world's smallest Brainfuck interpreter in C, by Kang Seonghoon | |
* http://j.mearie.org/post/1181041789/brainfuck-interpreter-in-2-lines-of-c */ | |
s[99],*r=s,*d,c;main(a,b){char*v=1[d=b];for(;c=*v++%93;)for(b=c&2,b=c%7?a&&(c&17 | |
?c&1?(*r+=b-1):(r+=b-1):syscall(4-!b,b,r,1),0):v;b&&c|a**r;v=d)main(!c,&a);d=v;} |
${...} is the property placeholder syntax. It can only be used to dereference properties.
#{...} is SpEL syntax, which is far more capable and complex. It can also handle property placeholders, and a lot more besides.
Both are valid, and neither is deprecated.
# https://stackoverflow.com/questions/6543519/undoing-accidental-git-stash-pop | |
# https://stackoverflow.com/questions/89332/how-to-recover-a-dropped-stash-in-git | |
accepted | |
If you have only just popped it and the terminal is still open, you will still have the hash value printed by git stash pop on screen (thanks, Dolda). | |
Otherwise, you can find it using this for Linux and Unix: | |
git fsck --no-reflog | awk '/dangling commit/ {print $3}' | |
and for Windows: |
It happens that there are many standards for storing cryptography materials (key, certificate, ...) and it isn't always obvious to know which standard is used by just looking at file name extension or file content. There are bunch of questions on stackoverflow asking about how to convert from PEM to PKCS#8 or PKCS#12, while many tried to answer the questions, those answers may not help because the correct answer depends on the content inside the PEM file. That is, a PEM file can contain many different things, such as an X509 certificate, a PKCS#1 or PKCS#8 private key. The worst-case scenario is that someone just store a non-PEM content in "something.pem" file.
This is a small tool using Tinyscript and pypdf or pikepdf to bruteforce the password of a PDF given an alphabet (defaults to printables) and a length (default is 8).
$ pip install pypdf tinyscript
$ wget https://gist.githubusercontent.com/dhondta/efe84a92e4dfae3b6c14932c73ab2577/raw/pdf-password-bruteforcer.py && chmod +x pdf-password-bruteforcer.py && sudo mv pdf-password-bruteforcer.py /usr/bin/pdf-password-bruteforcer