cbeddow

import mercantile, mapbox_vector_tile, requests, json, os
from vt2geojson.tools import vt_bytes_to_geojson
    
# define an empty geojson as output
output= { "type": "FeatureCollection", "features": [] }

# vector tile endpoints -- change this in the API request to reference the correct endpoint
tile_coverage = 'mly1_public'

# tile layer depends which vector tile endpoints: 

cbeddow

import mercantile, mapbox_vector_tile, requests, json
from vt2geojson.tools import vt_bytes_to_geojson

# define an empty geojson as output
output= { "type": "FeatureCollection", "features": [] }

# vector tile endpoints -- change this in the API request to reference the correct endpoint
tile_coverage = 'mly1_public'

# tile layer depends which vector tile endpoints: 

EdOverflow

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output

tyranid

# Powershell script to bypass UAC on Vista+ assuming
# there exists one elevated process on the same desktop.
# Technical details in:
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html
# You need to Install-Module NtObjectManager for this to run.

Import-Module NtObjectManager

simonw

How to recover lost Python source code if it's still resident in-memory

I screwed up using git ("git checkout --" on the wrong file) and managed to delete the code I had just written... but it was still running in a process in a docker container. Here's how I got it back, using https://pypi.python.org/pypi/pyrasite/ and https://pypi.python.org/pypi/uncompyle6

Attach a shell to the docker container

Install GDB (needed by pyrasite)

apt-get update && apt-get install gdb

zhengxiaowai

#!/usr/bin/env python
# -*- coding:utf-8 -*-

from hsdo import make_app
from tornado.testing import AsyncHTTPSTestCase
from tornado.escape import json_encode


class BaseAsyncHTTPSTestCase(AsyncHTTPSTestCase):
    def get_app(self):

ipedrazas

The process starts by creating the CSR and the private key:

openssl req -nodes -newkey rsa:2048 -nodes -keyout dotmarks.net.key -out dotmarks.net.csr -subj "/C=GB/ST=London/L=London/O=dotmarks/OU=IT/CN=dotmarks.net"

Generates

• dotmarks.net.key
• dotmarks.net.csr

danbirken

from sqlalchemy import engine
from sqlalchemy import event

class DbStats():
    def __init__(self):
        self.clear()

    def clear(self):
        self.total_queries = 0
        self.total_time = 0

zs1621

import unittest, os, os.path, sys, urllib
import tornado.database
import tornado.options
from tornado.options import options
from tornado.testing import AsyncHTTPTestCase

# add application root to sys.path
APP_ROOT = os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))
sys.path.append(os.path.join(APP_ROOT, '..'))

textarcana

XWindows for Headless Selenium

How to set up a Headless Selenium Testing environment for CentOS 6.3.

On your CentOS 6.3 host

Follow these steps to set up a CentOS 6.3 host to run headless Selenium tests with Firefox.