Skip to content

Instantly share code, notes, and snippets.

View tomnomnom's full-sized avatar
☺️
Taking it easy

Tom Hudson tomnomnom

☺️
Taking it easy
11.4k followers · 139 following
View GitHub Profile
@tomnomnom
tomnomnom / php-curl-crlf-injection.mkd
Last active February 27, 2023 20:19
CRLF Injection Into PHP's cURL Options

CRLF Injection Into PHP's cURL Options

I spent the weekend meeting hackers in Vegas, and I got talking to one of them about CRLF Injection. They'd not seen many CRLF Injection vulnerabilities in the wild, so I thought I'd write up an example that's similar to something I found a few months ago.

If you're looking for bugs legally through a program like hackerone, or you're a programmer wanting to write secure PHP: this might be useful to you.

@tomnomnom
tomnomnom / convert-mp4-to-gif.mkd
Last active December 4, 2022 09:59
Crop an mp4 and convert it to a gif

Because I'll forget how to do this...

Crop

crop=w:h:x:y

ffmpeg -i in.mp4 -filter:v "crop=900:700:0:50" out.mp4
@tomnomnom
tomnomnom / ircuserlist-python3.py
Created January 3, 2017 13:25
IRC User List Script - Updated for Python 3
#!/usr/bin/env python3
# IRC User List
# Written by Tom Hudson for the Raspberry Pi User Guide
# Updated 2017-01-03 for Python 3.*
# http://tomhudson.co.uk/
import sys, socket, time
RPL_NAMREPLY = '353'
RPL_ENDOFNAMES = '366'
@tomnomnom
tomnomnom / chanscan.go
Created May 28, 2016 22:42
Using Go's channels to spread work across a bunch of worker goroutines
package main
import (
"fmt"
"net"
"sync"
"time"
)
const (
@tomnomnom
tomnomnom / once-per-jenkins-slave.groovy
Created May 16, 2016 12:47
Run a command once on each Jenkins slave using the CloudBees Workflow / Jenkins Pipeline plugin
// The ArrayList of slaves is not serializable, so fetching them should be marked as @NonCPS so that
// no attempt is made to serialize and save the local state of the function. See here for details:
// https://github.com/jenkinsci/pipeline-plugin/blob/master/TUTORIAL.md#serializing-local-variables
@NonCPS
def getSlaves() {
def slaves = []
hudson.model.Hudson.instance.slaves.each {
slaves << it.name
}
return slaves
@tomnomnom
tomnomnom / how-much-does-your-branch-suck.sh
Created April 21, 2016 11:38
Find out how much your branch sucks
#!/bin/bash
set -e
BRANCH=${1}
if [ -z "${BRANCH}" ]; then
echo "Usage: ${0} <branch>"
exit 1
fi
@tomnomnom
tomnomnom / bouncy.html
Created December 27, 2015 20:34
Bouncy Ball
<html>
<head>
<style>
canvas {
border: 1px solid #666666;
}
</style>
</head>
<body>
@tomnomnom
tomnomnom / robot.py
Last active August 27, 2015 15:58
Playing with OpenCV; making myself into a robot
import cv2
# See https://www.youtube.com/watch?v=FH5oDFgLSs4 for example output
cap = cv2.VideoCapture(0)
face_cascade = cv2.CascadeClassifier("/usr/share/opencv/haarcascades/haarcascade_frontalface_default.xml")
eye_cascade = cv2.CascadeClassifier("/usr/share/opencv/haarcascades/haarcascade_eye.xml")
fourcc = cv2.cv.CV_FOURCC(*'XVID')
out = cv2.VideoWriter('output.avi',fourcc, 15, (640,480))
@tomnomnom
tomnomnom / lolstore.go
Created January 21, 2015 14:20
lolstore
package main
import (
"fmt"
"io"
"log"
"net/http"
"os"
)
@tomnomnom
tomnomnom / simple-json-api.go
Created December 20, 2014 16:34
Simple JSON API Server in Go
package main
import (
"encoding/json"
"fmt"
"log"
"net/http"
)
// The `json:"whatever"` bit is a way to tell the JSON