This is your work, valued

The Internet, <script>alert(/127.0.0.1/)</script>

Michal Špaček

Elite
@spaze

In your web, securing your app. Hacker, web developer, speaker, engineer. I believe HTTPS stands for How To Transfer Private Shit. "><script>alert(1)</script>

hashes. Magic hashes – PHP hash "collisions"

835

phpstan-disallowed-calls. PHPStan rules to detect disallowed method & function calls, constant, namespace, attribute, keyword & superglobal usages, with powerful rules to re-allow a call or a usage in places where it should be allowed.

336

oprah-proxy. Generate credentials for Opera's "browser VPN"

256

domains. Unofficial and incomplete lists of various domain names

77

vat-calculator. EOL, do not use this, use driesvints/vat-calculator or Stripe Checkout instead

48

jakobejitblokaci.cz. www.jakobejitblokaci.cz

41

letsgetacert. Let's get cert – a Certbot wrapper

24

encrypt-hash-password-php. Example of an encrypted password hash storage in PHP

21

upc_keys-lambda. Peter "blasty" Geissler's upc_keys.c with custom prefix support and Lambda sauce

16

csp-config. Build Content Security Policy from a config file

14

webtop100. Dokumenty k hodnocení soutěže WebTop100

13

phpinfo. Extract phpinfo() into a variable and move CSS to external file, sanitize sensitive info

13

michalspacek.cz. michalspacek.cz + michalspacek.com + subdomains source code because why not

11

security-txt. security.txt (RFC 9116) generator, parser, validator

8

exploited.cz. https://exploited.cz

8

nonce-generator. Content Security Policy Nonce Generator

7

ebabis.cz. A v březnu někdo přišel s tím matematickým modelem A v srpnu někdo, sice byl to ten stejný člověk, ale už přišel v nějakém čase A ty, který měli přijít, nepřišli

6

canhas.report. Reporting API demos, learn all about CSP & other reports (Network Error Logging/NEL, Crash, Deprecation, Intervention, Mixed Content & more) in this interactive app.

6

phpstan-stripe. Stripe SDK extension for PHPStan

5

cotel. Company Intel, data and proof-of-concept quick-and-dirty code for an bookmarking app. Abandoned.

5

hash_extender-openssl3.0. This is a fork of iagox86/hash_extender by Ron Bowes with a simple patch to compile with OpenSSL 3.0

5

fa-extract. A tool to extract only used icons from Font Awesome JS/SVG icons sets (PRE-ALPHA, I use it but YMMV)

5

emulated-prepared-statements. SQL Injection using Emulated Prepared Statements (the default) in PHP PDO_MYSQL in GBK

5

sri-macros. Subresource Integrity macros for Latte template engine

4

mysql-session-handler. Custom PHP session handler for Nette Framework that uses MySQL database for (possibly encrypted) storage

4

feed-exports. Atom feed Response and related objects for Nette framework

3

svg-icons-latte. SVG Icons Custom Tag for Latte Templating System

3

bez-komentare. Filtry odstraňující komentáře, jejich počet, notifikace z českých stránek

3

stupid-git-deploy. Shell

2

libini-djgpp. LibINI is a C library for DJGPP and Linux for reading, updating and writing Windows-like INI files. I wrote this back in 1999.

2

nepovolenainternetovahazardnihra.cz. nepovolenainternetovahazardnihra.cz + jakobejitblokaci.cz = BFF ❤

2

coding-standard. PHP Code Sniffer rules

2

reveal-input-details. Chrome JS snippet to reveal hidden inputs and input details

1

common-config. Configuration wants to be shared

1

phpcs-phar. PHP_CodeSniffer phar releases, automated and always up-to-date

1

phpstan-disallowed-calls-nette.

1

webleed. We Bleed scanner tools

1

encryption. Encryption helpers

1

svnwcdump. Dumps Subversion working copy located at a website and accessible using HTTP

1