Skip to content

Instantly share code, notes, and snippets.

View ozzi-'s full-sized avatar
🎯
On point

ozzi-

🎯
On point
82 followers · 39 following
View GitHub Profile
@ridjex
ridjex / waf-smoke-test.sh
Last active April 17, 2025 10:07
Lightweight Bash script to test basic WAF (Web Application Firewall) protections against common SQL injection and XSS payloads. Use this to quickly assess your web application’s surface against low-hanging injection vulnerabilities.
#!/bin/bash
# 🚀 Discover More: Testing Your Firewall in 60 Seconds: A Lightweight WAF Testing Script That Anyone Can Use
# Learn how this script works and the best practices for WAF testing.
# Read the full article here:
# 👉 https://medium.com/@kochuraa/testing-your-firewall-in-60-seconds-a-lightweight-waf-testing-script-that-anyone-can-use-a7a725fefcb7
# Safe WAF Tester Script
# Usage: ./waf-smoke-test.sh <URL> [-o output.md] [-H "Header: Value"]
# Examples:
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active February 7, 2025 23:49
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@bencmbrook
bencmbrook / jwtES384.sh
Last active December 27, 2022 03:13
How to generate JWT ES384 key
# ECDSA using P-384 and SHA-384 (NIST curve, part of CNSA Suite, and approved to protect "top secret" systems)
# https://apps.nsa.gov/iaarchive/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/commercial-national-security-algorithm-suite-factsheet.cfm
# https://tools.ietf.org/html/rfc7518#section-3.4
# Generate private key
openssl ecparam -name secp384r1 -genkey -noout -out jwtES384key.pem
# Generate public key
openssl ec -in jwtES384key.pem -pubout -out jwtES384pubkey.pem
@joshbuchea
joshbuchea / semantic-commit-messages.md
Last active April 25, 2025 01:26
Semantic Commit Messages

Semantic Commit Messages

See how a minor change to your commit message style can make you a better programmer.

Format: <type>(<scope>): <subject>

<scope> is optional

Example

@c5e3
c5e3 / thinkmorse.sh
Last active April 3, 2025 15:19
#!/bin/bash
modprobe -r ec_sys
modprobe ec_sys write_support=1
on="\x8a"
off="\x0a"
led(){
echo -n -e $1 | dd of="/sys/kernel/debug/ec/ec0/io" bs=1 seek=12 count=1 conv=notrunc 2> /dev/null
@narainsagar
narainsagar / download.md
Created December 8, 2016 15:37
Download a file with custom data and filename into browser (via Pure JS)

Define below method:

i.e., I have created this for my angular2 app. so this function is written in TypeScript

  createDownloadLink(filename: string, data: string) {
    var dataUri = 'data:application/octet-stream;charset=utf-8,' + encodeURIComponent(data);
    var anchor = document.createElement('a');

 anchor.setAttribute('href', dataUri);
@danibram
danibram / iptables.sh
Created February 3, 2016 12:03
Redirect 443,80 to 8443,8080 on ubuntu with persistence
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443
sudo sh -c "iptables-save > /etc/iptables.rules"
sudo apt-get install iptables-persistent
@maxclaus
maxclaus / curl-get-status-code-and-response-body.sh
Created November 24, 2015 17:52
Curl - Get status code and response body
URL="http://stackoverflow.com/"
# store the whole response with the status at the and
HTTP_RESPONSE=$(curl --silent --write-out "HTTPSTATUS:%{http_code}" -X POST $URL)
# extract the body
HTTP_BODY=$(echo $HTTP_RESPONSE | sed -e 's/HTTPSTATUS\:.*//g')
# extract the status
HTTP_STATUS=$(echo $HTTP_RESPONSE | tr -d '\n' | sed -e 's/.*HTTPSTATUS://')
@lukehedger
lukehedger / ffmpeg-compress-mp4
Last active April 25, 2025 04:01
Compress mp4 using FFMPEG
$ ffmpeg -i input.mp4 -vcodec h264 -acodec mp2 output.mp4
@brianlmoon
brianlmoon / apache_cors_example
Last active April 22, 2025 09:41
CORS example for Apache with multiple domains
# Sets CORS headers for request from example1.com and example2.com pages
# for both SSL and non-SSL
SetEnvIf Origin "^https?://[^/]*(example1|example2)\.com$" ORIGIN=$0
Header set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN
Header set Access-Control-Allow-Credentials "true" env=ORIGIN
# Always set Vary: Origin when it's possible you may send CORS headers
Header merge Vary Origin