Bookmarks
Internet & HTTP
- Proxy networks and data collection tools
- Cours HTTP au CNAM de Stephane Bortzmeyer
- RFC 7231: Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
- Usenet Francophone — Liste de serveurs (et autres services) offrant un accès gratuit à la hiérarchie fr.*
Microservice
- Twelve Patterns for Hypermedia Microservices
- Microservices in a Post-Kubernetes Era
- How to choose a database for your microservices
APIs
- Public APIs: A Collection of Public and Free APIs for Development
- Mike Amoundsen blog
- Agnostic Github client API — An EDSL for connecting to REST servers
- APIs You Won't Hate — A community that cares about API design and development
- A Web API ecosystem through feature-based reuse
- The Structure of Information Networks — Computer Science 685 — Cornell University — Fall 2007
- Mechanisms for obtaining information about the meaning of a given URI
- Python API Checklist
- Open Data Protocol (OData)
- API Evangelist is about making sense of the world of application programming interfaces
REST
- Roy T. Fielding's blog
- It is okay to use POST — Roy T. Fielding
- Misunderstanding REST
- Using Web Sequence Diagrams with your APIs
- Twelve Patterns for Evolvable APIs Revisited
- Some thoughts on resources, information resources and representations
- REST without the hypertext constraint is like pipe-and-filter without the pipes
- resources are just consistent mappings from an identifier to some set of views on server-side state.
- A REST API must not define fixed resource names or hierarchies
- principled design of the modern web architecture — Roy T. Fielding
GraphQL
- GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration)
- GraphQL Doctor: Prevent Breaking Changes in a GraphQL API with GitHub Checks
- GitHub GraphQL API
- Graphene: GraphQL in Python Made Easy
- Representing State in REST and GraphQL
Traduction
- Entretiens autour de la traduction collaborative
- Orthotypographie, de Jean-Pierre Lacroux (Lexique des règles typographiques françaises)
- L'association Traduc.org
- Recommandations pour la traduction de documents techniques Red Hat de en_US -> fr_FR
- Petites leçons de typographie — Jacques André
- Deepl
- Gramalecte
Cybersecurity
- rockyou.txt (pour hashcat typiquement)
- Top 10 web hacking techniques of 2021
- Yes We Hack — bug bounty
- IRC Puzzles
- learn about common mistakes and gotchas when using Amazon Web Services
- ANSSI
- Auditing Algorithms
- BeEF - The Browser Exploitation Framework Project
- Five Minute Guide to Software Security
- GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
- Hacking Tools Cheat Sheet
- List of the most common french passwords
- Livre Blanc sur la Défense et la Sécurité Nationale
- Référentiel général de sécurité
- SSRF Cheat Sheet & Bypass Techniques
- The history of Lets'Encrypt
- Zero trust security model
- haveibeenpwned.com pwned our helpdesk!
- nmap cheat sheet
- Security books
- This page lists books that I have found to be highly relevant and useful for learning topics within computer security, digital forensics, incident response, malware analysis, and reverse engineering
- Collection of articles
- Collection of links
- Linux Security Tools
- Network Cheat Sheets (BGP, EIGRP, IPsec, ...)
- Password lists
- PortSwigger blog
- Reddit hacking Wiki (podcasts, osint, scanning, cracking, sqli, awesome, red team, phishing)
- SecLists — List of usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
- hackingthe.cloud — Knowledge about cloud, enumeration, exploitation, avoid detection, AWS, azure, GCP...
- MOOC de l'ANSSI
- Root KSK ceremony
- ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
- ffuf, Fast web fuzzer written in Go (program)
- Inject javascript into a PDF file
- JSFuck is an esoteric and educational programming style based on the atomic parts of JavaScript.
- PDF Tools
- Search numbers in a database of 290,695,246 primes and 2,050,312,768 known compisite numbers with known factors
- Temporary email address redirection
- fsociety — A Modular Penetration Testing Framework
Cybersecurity/Cryptography
- Detect and decode encoded strings, recursively.
- Quipqiup: A fast and automated cryptogram solver
- lantern — Cryptanalysis library for breaking classical ciphers
- hashID — Hash Identifier
- Ciphey — Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes
- codext — Python codecs extension featuring CLI tools for encoding/decoding anything
- CyberChef — The Cyber Swiss Army Knife (source)
Cybersecurity/Writeups
Cybersecurity/Podcasts
Cybersecurity/OSINT
- The OSINT Framework
- OSINT Tool Comparison Table
- Have I been Pwned (« Have them been pwned :D »)
- theHarvester — E-mails, subdomains and names Harvester
- SpiderFoot — automates OSINT for threat intelligence and mapping your attack surface.
- XRay is a tool for recon, mapping and OSINT gathering from public networks.
- GooHak — Automatically Launch Google Hacking Queries Against A Target Domain
- TIDos-Framework — The Offensive Manual Web Application Penetration Testing Framework.
- GHunt — Investigate Google emails and documents.
- Online tool with IPv4 hosts, domains/whois/site info, ports/banners/protocols, technologies, maintain biggest SSL/TLS db, AS, OS,...
- Searchable online database of domains, emails, passwords, ...
- OSINT4ALL
- FinalRecon — An automatic web reconnaissance tool written in Python
- recon-ng — Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
- shodan, censys, netcraft
- RevealIn: Uncover the full name of a target on Linkedin.
- Bibliogram is a website that takes data from Instagram's public profile views and puts it into a friendlier page
- MetaGooFil — Metadata Harvester (old, python2)
- SpiderFoot — SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
- Machinae — Security Intelligence Collector
- Sociétés Françaises
Cybersecurity/OSINT/User enumeration
- Whatsmyname — This tool allows you to enumerate usernames across many websites
- Sherlock — Can be used to find usernames across many social networks
Cybersecurity/OSINT/DNS Enumeration
- SubScraper — Perform subdomain enumeration through various techniques
- Amass — Subdomain discovery through alterations and permutations
- altdns — Generates permutations, alterations and mutations of subdomains and then resolves them
- dnsdumpster.com — dns recon & research, find & lookup dns records
- dnsrecon — DNS Enumeration Script
- finalrecon
- domainrecon
- OWASP Amass — In-depth Attack Surface Mapping and Asset Discovery
- dnsgen — Generates combination of domain names from the provided input
- regulator — Automated learning of regexes for DNS discovery
Cybersecurity/OSINT/Certificate transparency search engines
Or from command line with a postgresql client:
psql -h crt.sh -p 5432 -U guest certwatch
Cybersecurity/SDR
Cybersecurity/Pentesting
- Exploit DB
- CVE Details
- OpenCVE
- Pentesting tools
- Citadel — Collection of pentesting scripts
- Web Application Penetration Testing Notes
- PentesterLab exercises
- nmap NSE script based on Vulners.com API
- nmap NSE vulnerability scripts from NCSC
- sqlmap
- nosqlmap
- nmap modules
- OWASP Testing Guide
- Vulners — Vulnerability Assessment Platform
- Awesome-Hacking — A collection of awesome lists for hackers, pentesters & security researchers
- root-me.org
- ringzer0team challenges
- pentesterlab
- zenk-security
- France Cybersecurity Challenge
- Pentesting cheat sheet
Cybersecurity/Reverse
Misc
- Degoogling my phone
- diagram flowchart slides tree graphviz neato dot
- Carte du Métro Parisien
- GDPR
- PyData 2015
- PyData Paris 2016
- Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks
- The Web began dying in 2014, here's how
- pi-top — Raspberry Pi made simple, robust and modular
- Accessibility — Jupyter accessibility working group
- Convert slides to videos using ffmpeg
- n8n: an Open-Source IFTTT (Workflow Automation Tool)
- Tri de l'information et enseignement de l'esprit critique : une carte pour s'y retrouver
- Tout ce que vous avez toujours voulu savoir sur LaTeX sans jamais oser le demander
- LaTeX cheat sheet
Math
Unix
- 30 interesting commands for the Linux shell
- Things Every Hacker Once Knew
- Linux Perf writer blog
- Mysteries Wizardzines
Programming
- The modern documentation website Emacs deserves
- What are reddit's favorite books to learn about programming?
- Find interesting unanswered question on stackoverflow
- AdminLTE — Bootstrap admin dashboard template used by PiHole and hermes
- Floating point arithmetic rounding errors in various languages
- Learning git: Locations, Remotes, and GitHub
- Learn X in Y minutes
- Video Lectures — MIT
- 600 free courses
- Awesome Falsehookds — A curated list of falsehoods programmers believe in.
- Talk about Bloom filters and HyperLogLog (probabilistic data structures)
- related repo
- Pattern matching
- static duck typing
Dataviz
Programming/Podcasts
- Teaching Python with Kelly & Sean
- The Bug Hunters Café — A podcast all about (mis)adventures in creating, finding, and fixing bugs in code
- PyBites Podcast — Julian Sequeira & Bob Belderbos
- RedHat COMMAND_LINE HEROES
- Between Chair and Keyboard
Programming/Github Actions
- Action to assign someone to an issue when one comments 'take'
- github cli — Take GitHub to the command line (can interact with github actions)
Programming/Make
Programming/Documentation
Programming/Python
- Convert setup.cfg to pyproject.toml
- Python Design Patterns
- pz — Easily handle day to day CLI operation via Python instead of regular Bash programs.
- Quantum Computing in Python
- setup.py vs requirements.txt
- How type annotations make your code better?
- octomachinery — Bots Without Boilerplate
- octomachinery bot tutorial: How to Build a GitHub Bot
- Test your project's packaging friendliness
- flacon — minimalist REST and app backend framework for Python developers
- Check MANIFEST.in in a Python source package for completeness
- Unit testing Jupyter Notebooks
- Why do numbering should start at 0 (range)
- Instructor notes for COMP 3321
- Scalene — Python profiling: memory and CPU
- Sampling profiler for Python programs
- WTF Python
- All Algorithms implemented in Python
- Your Guide to the CPython Source Code
- Scipy Workshop
- comp.lang.python
- FastAPI framework, high performance, easy to learn, fast to code, ready for production
- Nuitka is a Python compiler written in Python
- Pex — Python EXecutable
- Les secrets d'un code pythonique
- These series of posts are an accompaniment to a couple of talks given: Advanced asyncio: Solving Real-world Production Problems
- Rich — Python library for rich text and beautiful formatting in the terminal
- Mimic is a tool with the intention to defer actions done on objects or classes
- Examples using GTK4/libadwaita and Python: Giara, gnome-secrets
Programming/Python/Django
- [Django Classy Class Based Views](http://ccbv.co.uk/]
- Django load settings from env: from djenv.settings import *
- Classy Django REST Framework
- Wagtail — A Django CMS
- Grappelli (Django Admin) — A beautiful content management interface
- Alpine and HTMX in Django
- django-restql: Turn your API made with Django REST Framework(DRF) into a GraphQL like API.
- Turbo — The speed of a single-page web application without having to write any JavaScript.
Programming/Python/Teaching
Programming/Python/Tasks
"Celery Alternatives"
- Procrastinate is an open-source Python 3.7+ distributed task processing library, leveraging PostgreSQL to store task definitions, manage locks and dispatch tasks.
- Dramatiq is a background task processing library for Python with a focus on simplicity, reliability and performance.
- Apache Kafka is an open-source distributed event streaming platform
Programming/Python/Data Science
- Jupyter tricks
- Voilà turns Jupyter notebooks into standalone web applications
- A gallery of Voilà dashboards [jupyter][binder]
- Data Science Cheat Sheets
- Top 28 Cheat Sheets for Machine Learning, Data Science, Probability, SQL & Big Data
- Collecting Data Science Cheat Sheets
- A Flexible And Efficient Library For Deep Learning
- Keras: the Python deep learning API
- dash — A productive Python framework for building web analytic applications
Programming/Python/Tests
Programming/GIT
Programming/Infra
- https://root-servers.org/
- https://www.ansible.com/ansible-best-practices-2017
- https://opensourceinfra.org/
- SDF Public Access UNIX System .. Est. 1987
- Testinfra — test your infrastructure
- vector.dev: Take Control Of Your Observability Data "successeur" de logstash.
- graylog pour centraliser les logs, alternative à ElasticSearch mais pour les logs.
- Pour les métriques système : prometheus, il faut oublier munin. Il faut utiliser Grafana pour l'affichage.
- Grafana Node Exporter Full
- postgres : Surveiller LSN Diff, c'est le truc important.
- Pour les métriques métier : Une recherche dans les logs (dans ES / Graylog), ou statsd.
- Nomad successeur de Mesos (qui n'est plus maintenu).
- Clair — Vulnerability Static Analysis for Containers
Art
My Google Dorks
- "tous les livres" "ajouts récents" "index alphabétique"
- "bibliothèque gérée par calibre"
allintext:
c'est bien.- inurl:/mjpg/video.mjpg