GitLab

CVE-2021-22205& GitLab CE/EE RCE

Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. Vuln Product Gitlab CE/EE < 13.10.3 Gitlab CE/EE < 13.9.6 Gitlab CE/EE < 13.8.8 Environment export GITLAB_HOME=/srv/gitlab sudo docker run --detach --hostname gitlab.example.com --publish 443:443 --publish 80:80 --name gitlab --restart always --volume $GITLAB_HOME/config:/etc/gitlab    

Read more
PDF

Fuzzing PDFs like its 1990s

This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things. Some disclosed vulnerabilities: CVE-2015-3723 CVE-2016-1737 CVE-2016-1740 CVE-2017-7031 The basic idea of this fuzzer was to mutate the streams of the pdf files without screwing the PDF Structure as a whole. I collected some hundreds of PDFs and converted the PDFs to Python script using Didier Stevens’s pdf-parser -g flag. The fuzzer uses cPDF that I modified to mutate […]

Read more
Email

A script that helps you understand why your E-Mail ended up in Spam

Whether you are trying to understand why a specific e-mail ended up in SPAM/Junk for your daily Administrative duties or for your Red-Team Phishing simulation purposes, this script is there for you to help! Idea arose while delivering a commercial Phishing Simulation exercises against MS Office365 E5 estate, equipped with MS Defender for Office365. As one can imagine, pretty tough security stack to work with from a phishing-simulation perspective.After digging manually through all these Office365 SMTP headers and trying to […]

Read more
Telegram

Eva Maria Telegram Bot

Features Auto Filter Manuel Filter IMDB Admin Commands Broadcast Index IMDB search Inline Search Random pics ids and User info Stats, Users, Chats, Ban, Unban, Leave, Disable, Channel Variables Required Variables BOT_TOKEN: Create a bot using @BotFather, and get the Telegram API token. API_ID: Get this value    

Read more
Telegram

A simple telegram bot to help you to remove forward tag from post from any messages

     Telegram Bot to Remove forward tag from any Post . If you need any more modes in repo or If you find out any bugs, mention in @DevelopedBotz Features Fully customisable. Customisable welcome & Forcesub messages. Remove forwarded tag from media also Can be deployed on heroku directly. Setup Add the bot to Database Channel with all permission Add bot to ForceSub channel as Admin with Invite Users via Link Permission if you enabled ForceSub Installation Deploy    

Read more
Django

Forward and backwards compatibility layer for Django 1.4, 1.7, 1.8, 1.9, 1.10, and 1.11

Forward and backwards compatibility layer for Django 1.4, 1.7, 1.8, 1.9, 1.10 and 1.11 Consider django-compat as an experiment based on the discussion on reddit. Let’s see where it goes. What started as an experiment based on this discussion on reddit has proven to be true in real life. django-compat is under active development. To learn about other features, bug fixes, and changes, please refer to the changelog. Two popular examples of open source reusable app that uses django-compat are […]

Read more
Django

Extends the Django Admin to include a extensible dashboard and navigation menu

django-admin-tools is a collection of extensions/tools for the default django administration interface, it includes: a full featured and customizable dashboard; a customizable menu bar; tools to make admin theming easier. The code is hosted on Github. Django-admin-tools is generously documented, you can browse the documentation online. a good start is to read the quickstart guide. The project was created by David Jean Louis and was previously hosted on Bitbucket. Please join the mailing list if you want to discuss of […]

Read more
Django

Extendable, adaptable rewrite of django.contrib.admin

One of the most useful parts of django.contrib.admin is the ability to configure various views that touch and alter data. django-admin2 is a complete rewrite of that library using modern Class-Based Views and enjoying a design focused on extendibility and adaptability. By starting over, we can avoid the legacy code and make it easier to write extensions and themes. Full Documentation at: https://django-admin2.readthedocs.io/ Features Rewrite of the Django Admin backend Drop-in themes Built-in RESTful API Screenshots Requirements

Read more
Drawing

Draw interactive NetworkX graphs with Altair

Draw NetworkX graphs with Altair nx_altair offers a similar draw API to NetworkX but returns Altair Charts instead. If you’d like to contribute, join the Gitter chatroom and share your ideas! Also, checkout the to-do list below. Examples If you’d like to start playing with nx_altair, download this notebook! Simple graph import networkx as nx import nx_altair as nxa # Generate a random graph G = nx.fast_gnp_random_graph(n=20, p=0.25) # Compute positions for viz. pos = nx.spring_layout(G) # Draw    

Read more
1 393 394 395 396 397 928