skycfg
PayloadsAllTheThings
skycfg | PayloadsAllTheThings | |
---|---|---|
6 | 34 | |
634 | 56,965 | |
0.5% | - | |
3.9 | 8.5 | |
about 1 month ago | about 21 hours ago | |
Go | Python | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
skycfg
-
Jsonnet – The Data Templating Language
I can definitely sympathize here - in every context, just straight JSON/YAML configuration seems never expressive enough, but the tooling created in response always seems to come with sharp edges.
Here are some of the things I appreciate about Jsonnet:
- It evals to JSON, so even though the semantics of the language are confusing, it is reasonably easy to eval and iterate on some Jsonnet until it emits what one is expecting - and after that, it's easy to create some validation tests so that regressions don't occur.
- It takes advantage of the fact that JSON is a lowest-common-denominator for many data serialization formats. YAML is technically a superset of JSON, so valid JSON is also valid YAML. Proto3 messages have a canonical JSON representation, so JSON can also adhere to protobuf schemas. This covers most "serialized data structure" use-cases I typically encounter (TOML and HCL are outliers, but many tools that accept those also accept equivalent JSON). This means that with a little bit of build-tool duct-taping, Jsonnet can be used to generate configurations for a wide variety of tooling.
- Jsonnet is itself a superset of JSON - so those more willing to write verbose JSON than learn Jsonnet can still write JSON that someone else can import/use elsewhere. Using Jsonnet does not preclude falling back to JSON.
- The tooling works well - installing the Jsonnet VSCode plugin brings in a code formatter that does an excellent job, and rules_jsonnet[0] provides good bazel integration, if that's your thing.
I'm excited about Jsonnet because now as long as other tool authors decide to consume JSON, I can more easily abstract away their verbosity without writing a purpose-built tool (looking at you, Kubernetes) without resorting to text templating (ahem Helm). Jsonnet might just be my "one JSON-generation language to rule them all"!
---
Though if Starlark is your thing, do checkout out skycfg[1]
[0] - https://github.com/bazelbuild/rules_jsonnet
[1] - https://github.com/stripe/skycfg
-
The Dhall Configuration Language
Can you say more about what GCL does better than all of the open source ones?
Anecdotally, I've heard a lot of GCL horror stories, and many Xooglers have chosen to create things like Jsonnet or Skycfg (https://github.com/stripe/skycfg) instead.
- YAML: It's Time to Move On
- Opinion-driven design
-
Migrating Millions of Concurrent WebSockets to Envoy
If you’re looking at other solutions check out https://github.com/stripe/skycfg It works with Envoy and lots of other things that support protobuf configs
-
Yaml Is The Worst Thing Ever Created K8s Should
This is good and there are several other options like https://github.com/stripe/skycfg#why-use-skycfg to add full language support (using Go or python for ex) to configurations.
PayloadsAllTheThings
-
php shell not executed in wordpress
Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too
-
XXE-XML External Entities Attacks
An alternative display version is available at PayloadsAllTheThingsWeb.
-
Becoming a security researcher. Help with a realistic timeline?
- https://github.com/swisskyrepo/PayloadsAllTheThings - https://book.hacktricks.xyz/welcome/readme
-
Want to hack school laptop? Any tips or applications that I can download?
If it's windows - oofta-may. Start here: https://github.com/swisskyrepo/PayloadsAllTheThings
- Where do I start on this journey?
-
How important is webtesting in the exam?
It is a method for initial access so it is possible that it could appear in one of the exam machines Payload all the things has a lot of useful resources for sql injection https://swisskyrepo.github.io/PayloadsAllTheThings/
- GitHub (or any website) page with good scripts for social media tools
- cómo empezar en seguridad informática
-
It's official: BlackLotus malware can bypass secure boot
> If you run as a user who doesn't have admin access you should be protected,
That's not very reassuring. Privilege escalation on Windows is a well studied subject:
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/mas...
-
you think that hack the box is the best way to start a career in CiberSecurity speaking about hacking?
Payloadallthethings github
What are some alternatives?
jsonnet - Jsonnet - The data templating language
sql-injection-payload-list - 🎯 SQL Injection Payload List
isopod - An expressive DSL and framework for Kubernetes configuration without YAML
nuclei-templates - Community curated list of templates for the nuclei engine to find security vulnerabilities.
nestedtext - Human readable and writable data interchange format
CVE-2021-44228-PoC-log4j-bypass-words - 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
ron - Rusty Object Notation
OWASP-Testing-Checklist - OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.
rules_jsonnet - Jsonnet rules for Bazel
IPRotate_Burp_Extension - Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
starlark - Starlark Language
web-pentesting-checklist - checklist for testing the web applications