dotfiles
ZAP
dotfiles | ZAP | |
---|---|---|
4 | 61 | |
29 | 11,987 | |
- | 0.7% | |
8.3 | 9.2 | |
about 1 month ago | 7 days ago | |
Shell | Java | |
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dotfiles
-
Ask HN: Full-text browser history search forever?
Chromium and Firefox have all your history stored in a sqlite database.
I have a script to extract the last visited website from chrome for example: https://github.com/BarbUk/dotfiles/blob/master/bin/chrome_hi...
For firefox, you can use something like:
sqlite3 ~/.mozilla/firefox/.[dD]efault/places.sqlite "SELECT strftime('%d.%m.%Y %H:%M:%S', visit_date/1000000, 'unixepoch', 'localtime'),url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER BY visit_date;"
-
Managing dot files (linux) - home dir with .gitignore whitelist, good or bad?
ssh() { case "${1}" in (-h|--help) command ssh -h 2>&1 | grep -v "^unknown" printf -- '%s\n' "Overlay options:" printf -- '\t %s\n' "dotfiles: syncs dotfiles to a remote host" \ "nokeys: Forces password based authentication" \ "raw: Runs ssh in its default, noisy state" return 0 ;; (dotfiles) # Inspired by # https://github.com/cdown/sshrc/blob/master/sshrc # https://github.com/fsquillace/kyrat # https://github.com/BarbUk/dotfiles/blob/master/bin/ssh_connect remote_host="${2:?Remote Host not defined}" for dotfile in .bashrc .exrc .inputrc .pwords.dict .vimrc; do if ! [[ -r ~/"${dotfile}" ]]; then printf -- '%s\n' "Local copy of ${dotfile} missing" >&2 continue fi local_sum=$(cksum ~/"${dotfile}" | awk '{print $1}') remote_sum=$(command ssh -q "${remote_host}" cksum "${dotfile}" 2>/dev/null | awk '{print $1}') if [[ "${local_sum}" = "${remote_sum}" ]]; then printf -- '%s\n' "${remote_host}:~/${dotfile} matches the local version" else printf -- '%s\n' "${remote_host}:~/${dotfile} appears outdated, updating..." scp ~/"${dotfile}" "${remote_host}:" || return 1 fi done ;; (nokeys) command ssh \ -o PubkeyAuthentication=no \ -o StrictHostKeyChecking=no \ -q \ "${@:2}" ;; (raw) command ssh "${@:2}" ;; (*) command ssh -o StrictHostKeyChecking=no -q "${@}" ;; esac }
-
Post your most useful self written command line utilities
Thanks to /u/abbidabbi for the idea, I have updated my script to handle media role.
ZAP
-
Bruno
I use ZAP [1] with the OAST add-on for this at the moment. I admit the UX isn't perfect, but it serves my purpose.
If I also want control over the responses (e.g. return a 401 status code for every fifth request), I have a custom extender script [2] for that.
[1]: https://www.zaproxy.org/
-
What is API Discovery, and How to Use it to Reduce Your Attack Surface
Implement tools like Burp Suite or OWASP ZAP for in-depth security scanning of your APIs.
-
Best Hacking Tools for Beginners 2024
OWASP ZAP
-
Autorize – The most popular tool to discover AuthZ/AuthN flaws
The use of capital punctuation implies a warning? an alert? Would this same response be warranted for Burp which is also a commercial, closed source product?
If this is an issue for some, then ZAP being open source[1] maybe favourable.
That said, Burp is the defacto tool for a reason - it's best in class. Every pentester I know, including myself, has a paid subscription. The fact that it's closed source hasn't been an issue.
[1] https://github.com/zaproxy/zaproxy
-
Show HN: Pākiki Proxy – An intercepting proxy for penetration pesting
Briefly reviewed your product. Seems like OWASP ZAP is your competition: https://www.zaproxy.org/
It runs entirely in the browser so it uses the browser "native" frameworks.
-
Vulnerability Scanning of Node.js Applications
Dynamic analysis involves testing your application while it's running. Tools like OWASP ZAP and Burp Suite can help identify vulnerabilities like SQL injection or Cross-Site Scripting by sending malicious requests to your application and analyzing the responses.
-
Is this fraud? And if so, to what extent am I responsible?
> Lying is not an embellishment or puffery, it's a lie. Engaging a company for a 3 day pen test that's totally insufficient, that would be an embellishment.
I agree, but if the RFP question was phrased "have you done penetration testing?" then that leaves a lot of room for embellishment. If the question is "do you have SOC2 certification?" and you answer "yes" untruthfully, then that is a lie. If they ask for the SOC2 or pentest report and you give them a falsified document, that's where you're (probably) committing fraud.
> One of the most important part of pen tests is that they are external.
AWS/Google/etc have internal security teams doing their pen tests, so no, this isn't true.
> Just doing your job as an engineer and looking for bugs is not a pen test.
What about an engineer spending an afternoon running ZAP[0]?
> It's like saying, "what is an audit really? We have accountants and they check our books for anomalies."
Yeah, which is why you don't just ask a company "do you keep track of your finances?" if you're investing in them, you request external auditors.
[0] https://www.zaproxy.org/
-
The essential security checklist for user identity
In addition to manual security reviews, you can also implement DevSecOps practices to automate security checks. For example, you can set up a CI/CD pipeline to run static code analysis tools like CodeQL and automatically run penetration tests using tools like OWASP ZAP.
-
The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)
OWASP ZAP (open source)
-
How can i make web server from scratch
I would start by installing Burp Suite or OWASP Zap and seeing what the actual messages look like
What are some alternatives?
kyrat - SSH wrapper script that brings your dotfiles always with you on Linux and OSX
nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
dotfiles - :unicorn: My personal dotfiles
SonarQube - Continuous Inspection
lightshot - A simple screenshot tool i made that is really lightweight
mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
DownloadNet - 💾 DownloadNet - All content you browse online available offline. Search through the full-text of all pages in your browser history. ⭐️ Star to support our work!
SQLMap - Automatic SQL injection and database takeover tool
nyxt - Nyxt - the hacker's browser.
awesome-dva - A curated list of "damn vulnerable apps" and exploitable VMs / wargames. See contributing.md for information.
monolith - ⬛️ CLI tool for saving complete web pages as a single HTML file
HTML Purifier - Standards compliant HTML filter written in PHP