Skip to content

Instantly share code, notes, and snippets.

View santaklouse's full-sized avatar

Alex santaklouse

29 followers · 30 following
View GitHub Profile
@santaklouse
santaklouse / mac-docker-gui.txt
Created August 6, 2025 10:52 — forked from roaldnefs/mac-docker-gui.txt
Running GUI application in Docker on MacOS
# Install XQuartz
brew cask install xquartz
# Restart MacOS
# Open XQuartz
open -a XQuartz
# Ensure the "Allow connections from network clients" option in Preferences >> Security is turned on
@santaklouse
santaklouse / github-to-bitbucket
Created May 12, 2025 11:32 — forked from sangeeths/github-to-bitbucket
Forking a Github repo to Bitbucket
Go to Bitbucket and create a new repository (its better to have an empty repo)
git clone [email protected]:abc/myforkedrepo.git
cd myforkedrepo
Now add Github repo as a new remote in Bitbucket called "sync"
git remote add sync [email protected]:def/originalrepo.git
Verify what are the remotes currently being setup for "myforkedrepo". This following command should show "fetch" and "push" for two remotes i.e. "origin" and "sync"
git remote -v
@santaklouse
santaklouse / index.md
Created December 8, 2023 01:53 — forked from paj28/index.md

Unicode XSS via Combining Characters

Most application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.

Recap of Unicode XSS

Lab: https://4t64ubva.xssy.uk/

A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:

@santaklouse
santaklouse / README.md
Last active August 2, 2022 13:34 — forked from Roni-Carta/wp-wordlist.sh
wp-wordlist helps you create wordlist of all the Wordpress' Themes and Plugins available

fuzz target.com wordpress site:

./fuzz.wp.sh https://target.com
@santaklouse
santaklouse / openssl_commands.md
Created July 14, 2022 15:41 — forked from Hakky54/openssl_commands.md
Some list of openssl commands for check and verify your keys

openssl 🔐

Install

Install the OpenSSL on Debian based systems

sudo apt-get install openssl
@santaklouse
santaklouse / parseURLParameters.js
Last active February 9, 2021 16:56 — forked from pirate/parseURLParameters.js
Parse URL query parameters in ES6
const getUrlParams = search => {
let params = {};
search
.slice(search.indexOf('?') + 1)
.split('&')
.forEach(hash => {
const [key, val] = hash.split('=')
params[key] = val === void(0)
? true
: decodeURIComponent(val);
@santaklouse
santaklouse / ngrok-selfhosting-setup.md
Created November 28, 2018 19:36 — forked from lyoshenka/ngrok-selfhosting-setup.md
How to setup Ngrok with a self-signed SSL cert

Intro

The plan is to create a pair of executables (ngrok and ngrokd) that are connected with a self-signed SSL cert. Since the client and server executables are paired, you won't be able to use any other ngrok to connect to this ngrokd, and vice versa.

DNS

Add two DNS records: one for the base domain and one for the wildcard domain. For example, if your base domain is domain.com, you'll need a record for that and for *.domain.com.

Different Operating Systems

@santaklouse
santaklouse / copymysql.sh
Created November 23, 2018 16:54 — forked from ecdundar/copymysql.sh
Copy MySQL Database One Server (Remote) To Another (Local) Server
#!/bin/bash
# copymysql.sh
# GENERATED WITH USING ARTUR BODERA'S SCRIPT
# Source script at: https://gist.github.com/2215200
MYSQLDUMP="/usr/bin/mysqldump"
MYSQL="/usr/bin/mysql"
@santaklouse
santaklouse / sshd_tunnel.sh
Created March 2, 2018 14:30 — forked from ripper/sshd_tunnel.sh
A script to launch user sshd limited to creation of reverse tunnels
#!/bin/sh
AUTHORIZED_KEYS=authorized_keys
HOST_RSA_KEY=ssh_host_rsa_key
SSHD=/usr/sbin/sshd
PORT=8443
case "$AUTHORIZED_KEYS" in /*) ;; *) AUTHORIZED_KEYS=$PWD/$AUTHORIZED_KEYS ;; esac
case "$HOST_RSA_KEY" in /*) ;; *) HOST_RSA_KEY=$PWD/$HOST_RSA_KEY ;; esac
@santaklouse
santaklouse / blueborne-nexus5.py
Created November 17, 2017 04:39 — forked from jesux/blueborne-nexus5.py
Blueborne RCE PoC - Nexus5 6.0.1
import os
import sys
import time
import struct
import select
import binascii
import bluetooth
from bluetooth import _bluetooth as bt