Skip to content

Instantly share code, notes, and snippets.

View ScottHelme's full-sized avatar

Scott Helme ScottHelme

695 followers · 0 following
View GitHub Profile
@ScottHelme
ScottHelme / sri.js
Last active August 29, 2023 12:44
SRI Demo
alert(2)
@ScottHelme
ScottHelme / security-txt.md
Last active July 23, 2023 21:14

By request of Troy Hunt on Twitter: https://twitter.com/troyhunt/status/1682982538409828354

Note certain requirements from the RFC, including but not limited to: https://datatracker.ietf.org/doc/html/rfc9116

For web-based services, organizations MUST place the "security.txt" file under the "/.well-known/" path

The file MUST be accessed via HTTP 1.0 or a higher version, and the file access MUST use the "https" scheme

It MUST have a Content-Type of "text/plain" with the default charset parameter set to "utf-8"

@ScottHelme
ScottHelme / new.txt
Last active May 3, 2022 13:59
New CSP nonce list.
BDhAVojs+7iEm3+DAqHKq46Q
h7uz80W6lVI0PBIm0eFlknHz
7MebZuin0MSs4YQ8jPouE7qp
jmePb9jmmAa+j6OAGpYrnyP/
R+5sZ2sqLR42j7B1nHAl5Qhr
9C2YzbEmoqrKeF5gtUi48ho/
Oz3G01zsds1AxdA+0fGckBRK
0W6O3gljkpP6VufyEWoJOtej
z5l9SIyyUrrueIvO+ZU0Qx7b
/sko5Xx9dNRNOlLxWg6w9sTg
@ScottHelme
ScottHelme / old.txt
Created May 3, 2022 13:20
Old CSP nonce list
MjAyMzEyNjgwMiwxNjc4MTQyMjk1
MzI2OTk1NzE3LDEyMDEyOTE1MTQ=
ODY4MjgwNDIxLDQ0ODU3MDk5
OTg5NjQ4NjIsNDAxNDI2ODA2Mw==
MjIxMjkyMTk5OCwyMDkwNTc1Njc5
OTc2ODQ4OTkyLDI3ODUwNTkxNjA=
MTkxNjk1NjI2MiwxMjYxMzI4NTEw
MzEyNjI3ODQ2OCwyMTE0MDc3NDY5
MzQ0ODAwNDIxNCw4OTg5MDk4MTI=
MjkxMTI5NjE3NiwxNTA5NTk0NDQ3
@ScottHelme
ScottHelme / stuff.js
Created April 29, 2022 09:57
Stuff
let cspNonce = btoa(crypto.getRandomValues(new Uint32Array(2)))
@ScottHelme
ScottHelme / sites.txt
Last active October 3, 2021 03:19
Sites serving expired R3 intermediate.
List updated 30 Sep 2021 11:12 UTC
https://expired-r3-test.scotthelme.co.uk/
@ScottHelme
ScottHelme / sale.txt
Last active February 22, 2021 11:37
For Sale!
For Sale!! I'm having a clear out of some electronics, all in full working order!
Asus C223N Chromebook + case/charger - £89.99
Blackview A20 Android Smartphone (mint condition) - £49.99
Fire Tablet with kids case - £19.99
TP-Link 5 port PoE Switch - £19.99
TP-Link 5 port PoE Switch (unopened) - £24.99
Develo 100Mbps Powerline Adapters x 2 - £9.99 pair
WiFi Range Extender - £9.99
BT 100Mbps Powerline Adapters x2 - £9.99 pair
@ScottHelme
ScottHelme / lists.txt
Created January 13, 2021 10:57
My Pi-hole blocklist list.
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts https://mirror1.malwaredomains.com/files/justdomains http://sysctl.org/cameleon/hosts https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt https://hosts-file.net/ad_servers.txt https://v.firebog.net/hosts/AdguardDNS.txt https://adaway.org/hosts.txt https://v.firebog.net/hosts/Easyprivacy.txt https://v.firebog.net/hosts/Prigent-Ads.txt https://zerodot1.gitlab.io/CoinBlockerLists/hosts https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt https://raw.githubusercontent.com/ScottHelme/revocation-endpoints/master/ocsp.txt https://raw.githubusercontent.com/ScottHelme/revocation-endpoints/master/crl.txt https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/gambling/hosts https://www.malwaredomainlist.c
@ScottHelme
ScottHelme / sri.js
Created February 26, 2020 09:52
Detect SRI failures.
var observer = window.MutationObserver || window.WebKitMutationObserver;
if (observer) {
new MutationObserver(function(mutations) {
mutations.forEach(function(mutation) {
mutation.addedNodes.forEach(processNode);
});
}).observe(document, { childList: true, subtree: true });
}
var processNode = function(node) {
@ScottHelme
ScottHelme / ev-sites.txt
Last active June 24, 2022 22:03
Sites using EV in the Top 1 Million - 13th Sep 2019
14 apple.com
40 vk.com
44 github.com
49 tumblr.com
55 dropbox.com
85 medium.com
87 paypal.com
92 icloud.com
100 booking.com
112 weebly.com