Skip to content

Instantly share code, notes, and snippets.

View peterlynch's full-sized avatar

Peter Lynch peterlynch

View GitHub Profile
Copyright 2019-2022 Opendoor Technologies Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation
files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy,
modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software
is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
@byt3bl33d3r
byt3bl33d3r / log4j_rce_check.py
Created December 10, 2021 06:02
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/)
#! /usr/bin/env python3
'''
Needs Requests (pip3 install requests)
Author: Marcello Salvati, Twitter: @byt3bl33d3r
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License)
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021.

The Story of NPM and Yarn

In the beginning there was NPM, and for a time it was good. Packages went forth and multiplied. The New Gods proclaimed the great demon Dependency Management had been slain. But The Old Gods knew better, for they had seen much and knew that the demon can never be killed, only held at bay.

The Old Gods were ignored. In the folly of a young age grew an abundance of packages and with them grew the scourge of dependency. In the depths beneath the earth, in a place beyond memory, the great demon stirred.

The first sign something was wrong was non-deterministic package version mismatches. “This is fine!” The New Gods declared. “A temporary setback, nothing more! We can fix it.” And so they introduced shrinkwrap, a lamp to combat the growing darkness.

But it proved to be too little, too late, and dusk continued to fall. The New Gods suffered their first major defeat at the [Battle of Left-pad](https://www.theregister.co.uk/2016/03/23/npm_left_

@anvaka
anvaka / 00.Intro.md
Last active November 15, 2024 07:27
npm rank

npm rank

This gist is updated daily via cron job and lists stats for npm packages:

  1. Top 1,000 most depended-upon packages
  2. Top 1,000 packages with largest number of dependencies
  3. Top 1,000 packages with highest PageRank score

Creating a two way sync between a Github repository and Subversion

Another git <> svn post?

As many of you know I have been on a quest to get Jetpack core development moved from the WordPress.org Subversion (svn) repository to Github (git). As part of this process I setup an experimental Jetpack repository to see how synchronization works between git and svn. Lets just clear the air right now and say not well, not well at all. This is due to how git and svn each store their respective histories. But! I think I finally have it figure out.

Backfill

I wrote an article a couple months ago entitled Creating a synchronized Github fork of a WordPress.org Subversion plugin repository. This article is great (and still a recommended read) if you are only doing synchronization b

@trscavo
trscavo / cget.sh
Last active January 6, 2020 22:54
Shell script to retrieve a web resource via HTTP Conditional GET
#!/bin/bash
#####################################################################
# Retrieve a web resource via HTTP Conditional GET [RFC 7232] and
# output the resource on stdout. Cache the web resource and consult
# the cache on subsequent requests for the same resource. By default,
# return the cached resource (if it exists) if and only if the web
# server responds with 304 Not Modified.
#
# Usage: cget.sh [-vfcH] URL