27 KiB
27 KiB
Title: Bookmarks Date: 2021-05-05 15:21:00
Internet & HTTP
- 📊 Proxy networks and data collection tools
- 📑 Cours HTTP au CNAM de Stephane Bortzmeyer
- 📑 RFC 7231: Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
- 📑 Usenet Francophone — Liste de serveurs (et autres services) offrant un accès gratuit à la hiérarchie fr.*
Microservice
- 📑 Twelve Patterns for Hypermedia Microservices
- 📑 Microservices in a Post-Kubernetes Era
- 📑 How to choose a database for your microservices
APIs
- 📊 Public APIs: A Collection of Public and Free APIs for Development
- 📚 Mike Amoundsen blog
- 🔧 Agnostic Github client API — An EDSL for connecting to REST servers
- 📑 APIs You Won't Hate — A community that cares about API design and development
- 📑 A Web API ecosystem through feature-based reuse
- 📑 The Structure of Information Networks — Computer Science 685 — Cornell University — Fall 2007
- 📑 Mechanisms for obtaining information about the meaning of a given URI
- 📑 Python API Checklist
- 📑 Open Data Protocol (OData)
- 📑 API Evangelist is about making sense of the world of application programming interfaces
REST
- 📚 Roy T. Fielding's blog
- 📑 It is okay to use POST — Roy T. Fielding
- 📑 Misunderstanding REST
- 📑 Using Web Sequence Diagrams with your APIs
- 📑 Twelve Patterns for Evolvable APIs Revisited
- 📑 Some thoughts on resources, information resources and representations
- 📑 REST without the hypertext constraint is like pipe-and-filter without the pipes
- 📑 resources are just consistent mappings from an identifier to some set of views on server-side state.
- 📑 A REST API must not define fixed resource names or hierarchies
- 📑 principled design of the modern web architecture — Roy T. Fielding
GraphQL
- 🔧 GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration)
- 🔧 GraphQL Doctor: Prevent Breaking Changes in a GraphQL API with GitHub Checks
- 📑 GitHub GraphQL API
- 🔧 Graphene: GraphQL in Python Made Easy
- 📑 Representing State in REST and GraphQL
Traduction
- 📑 Entretiens autour de la traduction collaborative
- 📑 Orthotypographie, de Jean-Pierre Lacroux (Lexique des règles typographiques françaises)
- 📑 L'association Traduc.org
- 📑 Recommandations pour la traduction de documents techniques Red Hat de en_US -> fr_FR
- 📘 Petites leçons de typographie — Jacques André
- 🔧 Deepl
- 🔧 Gramalecte
Cybersecurity
- rockyou.txt (pour hashcat typiquement)
- Top 10 web hacking techniques of 2021
- Yes We Hack — bug bounty
- 🎮 IRC Puzzles
- 🎮 learn about common mistakes and gotchas when using Amazon Web Services
- 📑 ANSSI
- 📑 Auditing Algorithms
- 📑 BeEF - The Browser Exploitation Framework Project
- 📑 Five Minute Guide to Software Security
- 📑 GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
- 📑 Hacking Tools Cheat Sheet
- 📑 List of the most common french passwords
- 📑 Livre Blanc sur la Défense et la Sécurité Nationale
- 📑 Référentiel général de sécurité
- 📑 SSRF Cheat Sheet & Bypass Techniques
- 📑 The history of Lets'Encrypt
- 📑 Zero trust security model
- 📑 haveibeenpwned.com pwned our helpdesk!
- 📑 nmap cheat sheet
- 📘 Security books
- 📘 This page lists books that I have found to be highly relevant and useful for learning topics within computer security, digital forensics, incident response, malware analysis, and reverse engineering
- 📚 Collection of articles
- 📚 Collection of links
- 📚 Linux Security Tools
- 📚 Network Cheat Sheets (BGP, EIGRP, IPsec, ...)
- 📚 Password lists
- 📚 PortSwigger blog
- 📚 Reddit hacking Wiki (podcasts, osint, scanning, cracking, sqli, awesome, red team, phishing)
- 📚 SecLists — List of usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
- 📚 hackingthe.cloud — Knowledge about cloud, enumeration, exploitation, avoid detection, AWS, azure, GCP...
- 📼 MOOC de l'ANSSI
- 📼 Root KSK ceremony
- 🔧 ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
- 🔧 Inject javascript into a PDF file
- 🔧 JSFuck is an esoteric and educational programming style based on the atomic parts of JavaScript.
- 🔧 PDF Tools
- 🔧 Search numbers in a database of 290,695,246 primes and 2,050,312,768 known compisite numbers with known factors
- 🔧 Temporary email address redirection
- 🔧 fsociety — A Modular Penetration Testing Framework
Cybersecurity/Cryptography
- 🔧 Detect and decode encoded strings, recursively.
- 🔧 Quipqiup: A fast and automated cryptogram solver
- 🔧 lantern — Cryptanalysis library for breaking classical ciphers
- 🔧 hashID — Hash Identifier
- 🔧 Ciphey — Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes
- 🔧 codext — Python codecs extension featuring CLI tools for encoding/decoding anything
- 🔧 CyberChef — The Cyber Swiss Army Knife (source)
Cybersecurity/Writeups
Cybersecurity/Podcasts
Cybersecurity/OSINT
- The OSINT Framework
- Have I been Pwned (« Have them been pwned :D »)
- 🔧 theHarvester — E-mails, subdomains and names Harvester
- 🔧 SpiderFoot — automates OSINT for threat intelligence and mapping your attack surface.
- 🔧 XRay is a tool for recon, mapping and OSINT gathering from public networks.
- 🔧 GooHak — Automatically Launch Google Hacking Queries Against A Target Domain
- 🔧 TIDos-Framework — The Offensive Manual Web Application Penetration Testing Framework.
- 🔧 GHunt — Investigate Google emails and documents.
- 🔧 Online tool with IPv4 hosts, domains/whois/site info, ports/banners/protocols, technologies, maintain biggest SSL/TLS db, AS, OS,...
- Searchable online database of domains, emails, passwords, ...
- 🧰 OSINT4ALL
- 🔧 FinalRecon — An automatic web reconnaissance tool written in Python
- 🔧 recon-ng — Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
- 📊 shodan, censys, netcraft
- 🔧 RevealIn: Uncover the full name of a target on Linkedin.
- 🔧 Bibliogram is a website that takes data from Instagram's public profile views and puts it into a friendlier page
- 🔧 MetaGooFil — Metadata Harvester (old, python2)
- 🔧 SpiderFoot — SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
- 🔧 Machinae — Security Intelligence Collector
Cybersecurity/OSINT/DNS Enumeration
- SubScraper — Perform subdomain enumeration through various techniques and retrieve detailed output to aid in further testing.
- dnsdumpster.com
- dnsrecon
- subscraper
- finalrecon
- domainrecon
- OWASP Amass — In-depth Attack Surface Mapping and Asset Discovery
Cybersecurity/OSINT/Certificate transparency search engines
Or from command line with a postgresql client:
psql -h crt.sh -p 5432 -U guest certwatch
Cybersecurity/SDR
Cybersecurity/Pentesting
- Exploit DB
- CVE Details
- OpenCVE
- 🧰 Pentesting tools
- 🧰 Citadel — Collection of pentesting scripts
- 📑 Web Application Penetration Testing Notes
- PentesterLab exercises
- 🔧 nmap NSE script based on Vulners.com API
- 🔧 nmap NSE vulnerability scripts from NCSC
- 🔧 sqlmap
- 🔧 nosqlmap
- 📑 nmap modules
- 📑 OWASP Testing Guide
- Vulners — Vulnerability Assessment Platform
- 📚 Awesome-Hacking — A collection of awesome lists for hackers, pentesters & security researchers
- 🎮 root-me.org
- 🎮 ringzer0team challenges
- 🎮 pentesterlab
- 🎮 zenk-security
- 🎮 France Cybersecurity Challenge
- 📑 Pentesting cheat sheet
Cybersecurity/Reverse
Misc
- 📑 Degoogling my phone
- 🔧 diagram flowchart slides tree graphviz neato dot
- 📑 Carte du Métro Parisien
- 📑 GDPR
- 📼 PyData 2015
- 📼 PyData Paris 2016
- 📑 Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks
- 📑 The Web began dying in 2014, here's how
- 📑 pi-top — Raspberry Pi made simple, robust and modular
- 📑 Accessibility — Jupyter accessibility working group
- 🔧 Convert slides to videos using ffmpeg
- 🔧 n8n: an Open-Source IFTTT (Workflow Automation Tool)
- Tri de l'information et enseignement de l'esprit critique : une carte pour s'y retrouver
- Tout ce que vous avez toujours voulu savoir sur LaTeX sans jamais oser le demander
- LaTeX cheat sheet
Math
Unix
- 📑 30 interesting commands for the Linux shell
- 📑 Things Every Hacker Once Knew
- 📑 Linux Perf writer blog
- 🎮 Mysteries Wizardzines
Programming
- 📘 The modern documentation website Emacs deserves
- 📘 What are reddit's favorite books to learn about programming?
- 🔧 Find interesting unanswered question on stackoverflow
- 🔧 AdminLTE — Bootstrap admin dashboard template used by PiHole and hermes
- 📑 Floating point arithmetic rounding errors in various languages
- 📑 Learning git: Locations, Remotes, and GitHub
- 📚 Learn X in Y minutes
- 📼 Video Lectures — MIT
- 📚 600 free courses
- 📚 Awesome Falsehookds — A curated list of falsehoods programmers believe in.
- 📑 Talk about Bloom filters and HyperLogLog (probabilistic data structures)
- 📑 Pattern matching
- 📑 static duck typing
Dataviz
Programming/Podcasts
- 🎜 Teaching Python with Kelly & Sean
- 🎜 The Bug Hunters Café — A podcast all about (mis)adventures in creating, finding, and fixing bugs in code
- 🎜 PyBites Podcast — Julian Sequeira & Bob Belderbos
- 🎜 RedHat COMMAND_LINE HEROES
- 🎜 Between Chair and Keyboard
Programming/Github Actions
- Action to assign someone to an issue when one comments 'take'
- github cli — Take GitHub to the command line (can interact with github actions)
Programming/Make
Programming/Documentation
Programming/Python
- 📑 Python Design Patterns
- 🔧 pz — Easily handle day to day CLI operation via Python instead of regular Bash programs.
- 📑 Quantum Computing in Python
- 📑 setup.py vs requirements.txt
- 📑 How type annotations make your code better?
- 🔧 octomachinery — Bots Without Boilerplate
- 📑 octomachinery bot tutorial: How to Build a GitHub Bot
- 🔧 Test your project's packaging friendliness
- 🔧 flacon — minimalist REST and app backend framework for Python developers
- 🔧 Check MANIFEST.in in a Python source package for completeness
- 🔧 Unit testing Jupyter Notebooks
- 📑 Why do numbering should start at 0
- 📑 Instructor notes for COMP 3321
- 🔧 Scalene — Python profiling: memory and CPU
- 🔧 Sampling profiler for Python programs
- 📑 WTF Python
- 📚 All Algorithms implemented in Python
- 📑 Your Guide to the CPython Source Code
- 📑 Scipy Workshop
- 📚 comp.lang.python
- 🔧 FastAPI framework, high performance, easy to learn, fast to code, ready for production
- 🔧 Nuitka is a Python compiler written in Python
- 🔧 Pex — Python EXecutable
- 📑 Les secrets d'un code pythonique
- 📑 These series of posts are an accompaniment to a couple of talks given: Advanced asyncio: Solving Real-world Production Problems
- 🔧 Rich — Python library for rich text and beautiful formatting in the terminal
- 🔧 Mimic is a tool with the intention to defer actions done on objects or classes
- Examples using GTK4/libadwaita and Python: Giara, gnome-secrets
Programming/Python/Django
- 📑 [Django Classy Class Based Views](http://ccbv.co.uk/]
- 🔧 Django load settings from env: from djenv.settings import *
- 📑 Classy Django REST Framework
- 🔧 Wagtail — A Django CMS
- 🔧 Grappelli (Django Admin) — A beautiful content management interface
- 🔧 Alpine and HTMX in Django
- 🔧 django-restql: Turn your API made with Django REST Framework(DRF) into a GraphQL like API.
- 🔧 Turbo — The speed of a single-page web application without having to write any JavaScript.
Programming/Python/Teaching
Programming/Python/Tasks
"Celery Alternatives"
- 🔧 Procrastinate is an open-source Python 3.7+ distributed task processing library, leveraging PostgreSQL to store task definitions, manage locks and dispatch tasks.
- 🔧 Dramatiq is a background task processing library for Python with a focus on simplicity, reliability and performance.
- 🔧 Apache Kafka is an open-source distributed event streaming platform
Programming/Python/Data Science
- 📑 Jupyter tricks
- 🔧 Voilà turns Jupyter notebooks into standalone web applications
- 📚 A gallery of Voilà dashboards [jupyter][binder]
- 📚 Data Science Cheat Sheets
- 📚 Top 28 Cheat Sheets for Machine Learning, Data Science, Probability, SQL & Big Data
- 📚 Collecting Data Science Cheat Sheets
- 🔧 A Flexible And Efficient Library For Deep Learning
- 🔧 Keras: the Python deep learning API
- 🔧 dash — A productive Python framework for building web analytic applications
Programming/Python/Tests
Programming/GIT
Programming/Infra
- https://root-servers.org/
- https://www.ansible.com/ansible-best-practices-2017
- https://opensourceinfra.org/
- SDF Public Access UNIX System .. Est. 1987
- Testinfra — test your infrastructure
- vector.dev: Take Control Of Your Observability Data "successeur" de logstash.
- graylog pour centraliser les logs, alternative à ElasticSearch mais pour les logs.
- Pour les métriques système :
prometheus, il faut
oublier munin. Il faut utiliser Grafana pour l'affichage.
- Grafana Node Exporter Full
- postgres : Surveiller LSN Diff, c'est le truc important.
- Pour les métriques métier : Une recherche dans les logs (dans ES / Graylog), ou statsd.
- Nomad successeur de Mesos (qui n'est plus maintenu).
- Clair — Vulnerability Static Analysis for Containers
Art
My Google Dorks
- "tous les livres" "ajouts récents" "index alphabétique"
- "bibliothèque gérée par calibre"
allintext:
c'est bien.- inurl:/mjpg/video.mjpg