vulhub
pip-tools
| vulhub | pip-tools | |
|---|---|---|
| 17 | 58 | |
| 16,220 | 7,477 | |
| 1.3% | 0.7% | |
| 8.9 | 8.9 | |
| 17 days ago | 3 days ago | |
| Dockerfile | Python | |
| MIT License | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vulhub
- HackTheBox - Writeup Builder [Retired]
-
Valkey Is Rapidly Overtaking Redis
This is pretty materially not fine:
https://github.com/vulhub/vulhub/tree/master/redis/CVE-2022-...
- 2 physical computers 1 vm
-
Making sense of Apache httpd's CVE-2023-25690
I just found this commit (https://github.com/vulhub/vulhub/pull/413/files) for vulnhub containing a POC. I still don't understand exactly how they get to secret.txt in their example but it's a huge step forward. Plenty of mistakes in the Changelog.
- I am setting up a pen testing lab , I want to generate some vulnerabilities on a windows server 2019 (VM)
-
How to create vulnerable machines
A GitHub repo called vulnhub contains numerous Dockerfiles to build vulnerable containers of various popular software. If you’re just getting started this is a good way to have one machine where you deploy vulnerable docker containers to poke at.
- Vulhub: Pre-Built Vulnerable Environments Based on Docker-Compose
- How can I make a ‘bad image’ that will generate ECR scan vulnerabilities?
- Pre-Built Vulnerable Environments Based on Docker-Compose
pip-tools
-
Pyenv – lets you easily switch between multiple versions of Python
> Why is the "requirements.txt" file a stupid flat listing of all transitive dependencies with pinned versions? It makes it harder to change library versions even if there are no true conflicts.
My friend, here is what you seek: https://github.com/jazzband/pip-tools
requirements.txt is flat because it's really the output of `pip freeze`. It's supposed to completely and exactly rebuild the environment. Unfortunately it's far too flexible and people abuse it by putting in only direct dependencies etc.
If you're writing packages, you don't need a requirements.txt at all, by the way. Package dependencies (only direct dependencies) live in pyproject.toml with the rest of the package config. requirements.txt (and pip tools) are only for when you want to freeze the whole environment, like for a server deployment.
-
lockfiles for hatch projects
For all my projects I found myself regenerating manual lock files using complex shell commands with pip-compile to get a reproducible environments across devices using a custom pre-install-command. I finally decided that instead of hacking together the same solution on all my projects I would build a plugin that handles this complexity for me.
-
Setting up Django in a Better Way in 5 Minutes and Understanding How It Works
Instead of venv, we are using pip-tools in this starter kit. pip-tools take things further in dependency management. Check out what pip-tools does in their official GitHub repo. In short, it helps your project find the best match for the dependent packages. For example, you might need two packages A and B in your project that requires same package C under the hood. But A requires any version of C from 1.0.1 to 1.0.10 and B requires any version of C from 1.0.7 to 1.0.15. Pip tools will automatically compile the version of 'C' that suits for both of your packages.
-
just-pip-tools: An example of managing python dependencies as layered lock files with just and pip-tools
I've created a small project called just-pip-tools that combines pip-tools and just to manage Python dependencies in a layered approach. This isn't a magic bullet; it's a set of files you can adapt to your needs.
-
Maintaining virtual environments
For small projects I recommend pip-tools. Just write packet list in requirements.in and pip-compile compile a requirements.txt with comments.
-
how to upgrade psycopg2 to psycopg3 as per django latest documentation
Take a look at pip-tools, great package. https://github.com/jazzband/pip-tools
- Single-file scripts that download their dependencies
-
What are people using to organize virtual environments these days?
pip-tools
-
How to know what a package depend on when pip is installing it?
I recommend generating a lockfile to document this information, as you might do with pip-tools.
-
A not so unfortunate sharp edge in Pipenv
Check out pip-tools [1] which does exactly that, albeit in a slightly more polished way.
[1]: https://github.com/jazzband/pip-tools
What are some alternatives?
docker-openvpn-client-socks - Expose an OpenVPN tunnel as a SOCKS proxy
Poetry - Python packaging and dependency management made easy
docker-bloodhound - BloodHound Docker Ready to Use
PDM - A modern Python package and dependency manager supporting the latest PEP standards
SniDust - SmartDNS Proxy to hide your GeoLocation. Based on DnsDist and nginx
Pipenv - Python Development Workflow for Humans.
docker-dev-ssl-proxy - A simple nginx proxy behind a self-generated & self-signed SSL certificate (local HTTPS). Also utilized in development of https://speaker.app / https://github.com/zenOSmosis/speaker.app.
conda - A system-level, binary package and environment manager running on all major operating systems and platforms.
frigate-synology-dsm7 - Dockerfile and docker-compose file to enable google coral USB accelerators in containers on Synology DSM 7
pip - The Python package installer
asterisk-docker - Asterisk + chan_dongle in docker.
miniforge - A conda-forge distribution.