This is a cheat sheet for how to perform various actions to ZSH, which can be tricky to find on the web as the syntax is not intuitive and it is generally not very well-documented.
| Description | Syntax |
|---|---|
| Get the length of a string | ${#VARNAME} |
| Get a single character | ${VARNAME[index]} |
UPDATE 2023-01-22 21:34:33
This guide was last tested on an Intel MacBook 2017. Since then it's unmaintained and won't be updated (I quit the game and bought a life-time crossover licence).
This has been forked from https://gist.github.com/Alex4386/4cce275760367e9f5e90e2553d655309
For the latest discussion, see the comments there.
| #!/usr/bin/env bash | |
| while true; do | |
| echo "ss23 rly, completely, sux" | |
| sleep 1 | |
| done |
| #!/usr/bin/env bash | |
| while true; do | |
| echo "ss23 sux" | |
| sleep 1 | |
| done |
| #!/jb/bin/bash | |
| CYCRIPT_PORT=1337 | |
| function help { | |
| echo "Syntax: $0 [-p PID | -P appname] [-l /path/to/yourdylib | -L feature]" | |
| echo | |
| echo For example: | |
| echo " $0 -P Reddit.app -l /path/to/evil.dylib # Injects evil.dylib into the Reddit app" | |
| echo " or" |
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
| /* SMBLoris attack proof-of-concept | |
| * | |
| * Copyright 2017 Hector Martin "marcan" <marcan@marcan.st> | |
| * | |
| * Licensed under the terms of the 2-clause BSD license. | |
| * | |
| * This is a proof of concept of a publicly disclosed vulnerability. | |
| * Please do not go around randomly DoSing people with it. | |
| * | |
| * Tips: do not use your local IP as source, or if you do, use iptables to block |
| #!/bin/bash | |
| # Send a Twilio SMS when a person logs in over SSH or uses sudo. Michael Fincham <michael@hotplate.co.nz> 2017-05-22 | |
| # | |
| # For a Debian host: | |
| # - Install the packages for libpam-script and curl | |
| # - Edit this script to set the configuration variables, and place it in /usr/share/libpam-script/pam_script_acct | |
| # - Add this line to /etc/pam.d/common-account: | |
| # account optional pam_script.so |
| 2070 Paradigm Shift Transcript | |
| Transcribed by Edwin Finch | |
| Sam, you're a legend. Enjoy | |
| ============================== | |
| Whew. | |
| Hey. |
| <!doctype html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="utf-8"> | |
| <title>Viewport Test</title> | |
| <meta name="viewport" content="width=device-width, initial-scale=1"> | |
| <script src="/workaround.js"></script> | |
| </head> | |
| <body> |