Link Dump: Clearing Out My Todo List
I tend to stumble across a lot of interesting things as I travel across the web, and one of my productivity methods is to save the things I don't have time to check out immediately to Todoist. Unfortunately, time can be short, and life busy, so those 'thats an interesting article', 'i could use that tech thing' and 'that would be cool to blog about' things tend to just build up, and clutter my todo lists in an ever less efficient manner. So today lets clear some of that out!
This post will be a vaguely categorised link dump, and depending on if I remember why I saved it, maybe some notes too.
Looking over everything, there seem to be trends around development, security, privacy, blog/website, docker, tech, automation, branding and general performance/efficiency. Not really surprising when I think about the things that tend to interest me :)
Hope you find something interesting!
- The State of Developer Ecosystem 2017 - Infographic | JetBrains
- Developer Survey Results 2017 - Stackoverflow
- A roadmap to becoming a web developer in 2017 – freeCodeCamp
- Most Used SDKs in Top 200 Free iOS Apps | MightySignal - Mobile App & SDK Intelligence for iOS / Android
- Frontend Package Managers
- Yarn: Package Manager
- yarnpkg/yarn: Fast, reliable, and secure dependency management.
- Using Bower with Yarn: bower support dropped for now
- Yarn vs Bower detailed comparison as of 2017 - Slant
- 13 Best front-end package managers as of 2017 - Slant
- Frontend JS Languages
- Code Review
- Automated code reviews & code analytics | Codacy: Check code style, security, duplication, complexity and coverage on every change while tracking code quality throughout your sprints.
- Code Climate: Get automated code review for test coverage, complexity, duplication, security, style, and more, and merge with confidence.
- Conscript — Conscript: Distribution mechanism for Scala apps using Github and Maven repositories as the infrastructure. You can use it to install and update apps similar to APT or Home Brew.
- Giter8 — Giter8: Command line tool to generate files and directories from templates published on Github or any other git repository
- lightbend/paradox: Paradox is a markdown documentation tool for software projects.
- sirthias/pegdown: A pure-Java Markdown processor based on a parboiled PEG parser supporting a number of extensions
- Ace - The High Performance Code Editor for the Web
- Experience IT - Cyber Security | learn2hack | TAFE: Hands on training for high school students run by industry experts with pathways to tertiary qualifications. This course provides an introduction to defensive and offensive security strategies and tactics and is suitable for high school students aged 15-18.
- 0CTF 2017
- DEF CON CTF 2017
- legitbs/quals-2016: 2016 DEF CON Qualifier Challenges
- legitbs/finals-2013: Source for many challenges from DEF CON 21 CTF Finals
- legitbs/quals-2013: Source for many challenges from DEF CON 21 CTF Qualifier
- flaws.cloud: Through a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS).
- CrikeyConCTF 2017 – Koala Gallery Writeup
- BSides 2017
- BSidesCBR CTF Round Up | OJ
- OJ/bsides-2017-ctf-docker: BSidesCBR CTF docker compose files
- BSides Canberra 2017 CTF - Rekt Exfil Write-up - RootUsers
- Reverse Engineering, etc
- binary.ninja: A reverse engineering platform
- Kaitai Struct: declarative binary format parsing language A new way to develop parsers for binary structures.
- Hopper: The macOS and Linux Disassembler
- Cerbero - Profiler: Cerbero Profiler is a tool designed primarily for malware and forensic analysis.
- Recon, DNS, etc
- find IP ranges, reverse IP lookups, etc
- seclists subdomain section
- Brutesubs – An automation framework for running multiple subdomain bruteforcing tools in parallel via Docker
- anshumanbh/brutesubs: An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose
- TheRook/subbrute: A DNS meta-query spider that enumerates DNS records, and subdomains.
- infosec-au/altdns: Generates permutations, alterations and mutations of subdomains and then resolves them
- OJ/gobuster: Directory/file & DNS busting tool written in Go
- Bulk access to whois data – APNIC: apnic offline database
- Microsoft/WhoisParsers: Download and parse Whois records from bulk whois database dumps of IANA organizations (ARIN, AFRINIC, APNIC, LACNIC, RIPE ). Crawl and parse RWhois records from RFC 2167 ARIN Referral Whois Servers
- jhaddix/domain enumall: enumall is a refactor of enumall.sh providing a script to identify subdomains using several techniques and tools.
- LaNMaSteR53 / Recon-ng — Bitbucket: Recon-ng is a full-featured Web Reconnaissance framework written in Python.
- dnsenum | Penetration Testing Tools
- ChrisTruncer/EyeWitness: EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
- Run Metasploit Framework as a Docker Container Without Installation Pains
- k0st/alpine-nikto | DockerHub: Dockerized nikto
- docker run --rm -it activeshadow/nikto /bin/bash
- kost/docker-webscan: Dockerized versions of various web security scanning tools and utilities
- Frameworks, automation, etc
- trustedsec/ptf: The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
- Golismero Project. The web knife.
- GoLismero is a free software framework for security testing. It's currently geared towards web security, but it can easily be expanded to other kinds of scans. It can run their own security tests and manage a lot of well known security tools (OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer...) take their results, feedback to the rest of tools and merge all of results. And all of this automatically.
- SpiderFoot – Open Source Intelligence Automation
- smicallef/spiderfoot: SpiderFoot, the open source footprinting and intelligence-gathering tool.
- Vulnerability Rating Taxonomy | Bugcrowd
- Bugcrowd’s VRT is a resource outlining Bugcrowd’s baseline priority rating, including certain edge cases, for vulnerabilities that we often see.
- PasteMonitor: PasteMonitor watches for keywords you're interested in on Pastebin.
- RequestBin — Collect, inspect and debug HTTP requests and webhooks
- Runscope/requestbin: Inspect HTTP requests. Debug webhooks.
- maurosoria/dirsearch: Web path scanner
- ImageTragick/PoCs: Proof of Concepts for CVE-2016–3714 https://imagetragick.com
- malfunkt/hyperfox (web): HTTP/HTTPs MITM proxy and traffic recorder with on-the-fly TLS cert generation
- reverse-shell/routersploit: The Router Exploitation Framework
- Evilginx - Advanced Phishing with Two-factor Authentication Bypass
- Secrets and LIE-abilities: The State of Modern Secret Management 
- Vulnerability Disclosures | CERT Australia
- Where are BURP setttings saved?
- On OSX it is stored in the com.apple.java.util.prefs.plist under ~/Library/Preferences.
- Also, you need to make sure you use the burp->exit to quit and not the Burp.StartBurp->Quit (Command-Q) to exit. Otherwise, it will not save the settings.
- VPN over DNS
- Whonix: Whonix is a free desktop operating system (OS) that is specifically designed for advanced security and privacy. Based on Tor, Debian GNU/Linux and the principle of security by isolation, it realistically addresses common attack vectors while maintaining usability.
- Docker image with Tor, Privoxy and a process manager under 15 MB
- 1: How to Route Traffic through a Tor Docker Container
- 2: Running a Tor relay with Docker
- 3: Tor Socks Proxy and Privoxy Containers
- Advanced Privacy and Anonymity Using VMs, VPN’s, Tor
- Part 1 - Introduction to Series
- Part 2 - Basic Setup Using VM's, VPNs and TOR
- Part 3 - Planning Advanced VM and VPN Setup
- Part 4 - Setting Up Secure Host Machines
- Part 5 - Installing VirtualBox and Creating Linux VMs
- Part 6 - Creating pfSense 2.2.6 VMs as VPN Clients
- Part 7 - Paying Anonymously with Cash and Bitcoins
- Part 8 - Creating Nested Chains of VPNs and Tor
Blog / Website / Social
- Ultimate Guide to Blocking and Cleaning Google Analytics Spam and Other Junk Traffic
- The Ultimate Guide to Instagram Hashtags in 2017
- Staticman: I bring user-generated content to static sites
- Blog Inspiration
- Jekyll Plugins
- Generate a /tag/index.html · Issue #43 · pattex/jekyll-tagging: TODO: Implement tag_cloud for my blog
- jekyll/jekyll-archives: Archive pages for your Jekyll tags and categories
- pattex/jekyll-tagging: Jekyll plugin to automatically generate a tag cloud and tag pages.
- toshimaru/jekyll-tagging-related_posts: Jekyll related_posts function based on tags (works on Jekyll3)
- octopress/paginate: A simple paginator for Jekyll sites.
- jekyll/jekyll-assets: Asset pipelines for Jekyll.
- robwierzbowski/jekyll-picture-tag: Easy responsive images for Jekyll.
- Jekyll wiki plugin?
- GitHub Issues
- Discoverability, etc
- Indieweb, etc
- IndieWebify.Me - a guide to getting you on the IndieWeb: We should all own the content we're creating, rather than just posting to third-party content silos.Publish on your own domain, and syndicate out to silos. This is the basis of the "Indie Web" movement.
- Activity Streams: JSON Activity Streams Spec
- backfeed - IndieWeb: Backfeed is the process of syndicating interactions on your POSSE copies back (AKA reverse syndicating) to your original posts.
- Bridgy - IndieWeb: Bridgy is an open source project and proxy that implements backfeed and POSSE as a service. Bridgy sends webmentions for comments, likes, etc. on Facebook, Twitter, Google+, Instagram, and Flickr.
- snarfed/bridgy: Bridgy pulls comments and likes from social networks back to your web site. You can also use it to publish your posts to those networks.
- Webmention - IndieWeb: Services you can use with Webmention to send copies of your posts to social meda sites (silos), and receive silo-specific interactions as Webmentions on your site!
- Checkmention: This site lets you test your webmention implementation on your indieweb site, and whether it robustly detects certain types of XSS attacks.
- indieweb/mention-client-ruby: A Ruby gem for sending webmention (and pingback) notifications
- W3C social working group
- Perlence/docker-multi-build: Concurrent multi-stage Docker builds
- This is outdated now, it exists in docker core
- How to Cross Compile Go Programs using Docker | Iron.io
- golang | DockerHub
Automation, Scraping, etc
- Guide to Web Automation | Hackernoon
- peterdemin/web-automation-2017: An attempt to cover state of web automation in 2017
- This GitHub should have a bunch of other projects detailed in some of the (probably closed) issues
- peterdemin/web-automation-2017: An attempt to cover state of web automation in 2017
- Scrapy: An open source and collaborative framework for extracting the data you need from websites. In a fast, simple, yet extensible way.
- scrapinghub/portia: Visual scraping for Scrapy
- Netflix/Scumblr: Web framework that allows performing periodic syncs of data sources and performing analysis on the identified results
- Home Assistant: Home Assistant is an open-source home automation platform running on Python 3.
- dundalek/markmap: Visualize markdown documents as mindmaps
- Can we use this to make nice markdown mindmap summaries?
- donnemartin/haxor-news: Browse Hacker News like a haxor: A Hacker News command line interface (CLI).
- Where does launchpad store folder information? (database, etc?)
- The Definitive Platform for Modern Apps | DC/OS: DC/OS (the datacenter operating system) is an open-source, distributed operating system based on the Apache Mesos distributed systems kernel.
- snapcraft - Snaps are universal Linux packages: package linux apps for every linux/server/cloud/device
- The Three-Hour Brand Sprint – GV Library
- Announcing a New Logo and Style for Docker - Docker Blog
- Logo Design - Get A Custom Logo Design from Professional Logo Designers | 99designs
- Docker - Create cool open-source project logo. | Logo design contest
- Homebrew and Cask for Alfred
- Alfred Workflow for Homebrew (danielbayerlein/alfred-workflows)
- idpaterson/alfred-wunderlist-workflow: Unbelievably fast task entry in Wunderlist with due dates, reminders, and recurrence
- Lacona: Blazingly fast, blissfully simple, incredibly powerful keyboard-driven commands for your Mac
- Automator services ~/Library/Services
- Boxstarter: Repeatable, reboot resilient windows environment installations made easy using Chocolatey packages
- Chocolatey - The package manager for Windows
- NuGet Gallery | Home
MacOS (OSX) on Windows
- Apple Magic Magic Trackpad 2
- ExtraMagic: OSX-Trackpad Multitouch on Windows
- Seer: OSX-like Spacebar Preview on Windows
brew bundle checkshould list whats missing · Issue #147 · Homebrew/homebrew-bundle: brew bundle check/dryrun
- Broken links in readme · Issue #123 · erocarrera/pefile
- Better modularisation · Issue #124 · erocarrera/pefile
- Flag to skip parsing on PE object instantiation · Issue #125 · erocarrera/pefile
- Github Flavoured Markdown · Issue #580 · jgm/gitit
- Sense: Sleep tracker
Performance, nootropics, etc
- Hong: Bulletproof Coach in Melbourne, written up on Living Bulletproof, etc
- Hapi | Flow
- Total Nootropics
- Nootroplus - Premium Nootropics
Interests, activities, etc