sleepy-puppy - Sleepy Puppy XSS Payload Management Framework

  •        16

So many amazing tools have come out since the release of Sleepy Puppy that streamline the original goals of the project. We're currently leaving Sleepy Puppy code online but are not planning on adding any new features or addressing issues/pull requests. If you are interested in maintaining this project, please reach out to me (sbehrens@netflix.com). Sleepy Puppy is a cross-site scripting (XSS) payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time.

https://github.com/Netflix-Skunkworks/sleepy-puppy

Tags
Implementation
License
Platform

   




Related Projects

sleepy-puppy - Sleepy Puppy XSS Payload Management Framework

  •    Javascript

Sleepy Puppy is a cross-site scripting (XSS) payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time.##Why Should I use Sleepy Puppy?## Often when testing for client side injections (HTML/JS/etc.) security engineers are looking for where the injection occurs within the application they are testing only. While this provides ample coverage for the application in scope, there is a possibility that the code engineers are injecting may be reflected back in a completely separate application.

zerotodocker - Dockerfiles to be used to create Dockerhub trusted builds of NetflixOSS

  •    Python

Zero To Docker is a project to help accelerate the evaluation of [NetflixOSS] (http://netflix.github.io). The Docker images created are [not intended to be used in production as is] (https://github.com/Netflix-Skunkworks/zerotodocker/wiki/Not-Production). The Docker images created are to allow for easier evaluation of the various NetflixOSS technologies, similar to many other published open source Docker images. Netflix continues to run our cloud deployments on virtual machines leveraging the deep IaaS support of Amazon EC2.

go-jira - simple jira command line client in Go

  •    Go

You can download one of the pre-built binaries for go-jira here. This will checkout this repository into $GOPATH/src/gopkg.in/Netflix-Skunkworks/go-jira.v1, build, and install it.

Zuul - Gateway service that provides dynamic routing, monitoring, resiliency, security, and more

  •    Java

Zuul is an edge service that provides dynamic routing, monitoring, resiliency, security, and more. Zuul is the front door for all requests from devices and web sites to the backend of the Netflix streaming application. As an edge service application, Zuul is built to enable dynamic routing, monitoring, resiliency and security. It also has the ability to route requests to multiple Amazon Auto Scaling Groups as appropriate.

stethoscope - Personalized, user-focused recommendations for employee information security.

  •    Python

Stethoscope is a web application that collects information from existing device data sources (e.g., JAMF or LANDESK) on a given user’s devices and gives them clear and specific recommendations for securing their systems. An overview is available on the Netflix Tech Blog. Stethoscope consists of two primary pieces: a Python-based back-end and a React-based front-end. Nginx is used to serve static files and route traffic to the back-end.


Sleepy

  •    C++

'Sleepy' is a non-invasive profiler for the Windows platform that allows statistical profiling of applications through sampling the instruction pointer register. Sleepy presents results in a GUI built with wxWindows.

sleepy - rest for go

  •    Go

I wrote about the creation of sleepy here. Sleepy is a micro-framework for building RESTful APIs.

Fido

  •    CSharp

Please note: FIDO is deprecated at Netflix and this repository is no longer maintained.FIDO is an orchestration layer used to automate the incident response process by evaluating, assessing and responding to malware. FIDO’s primary purpose is to handle the heavy manual effort needed to evaluate threats coming from today's security stack and the large number of alerts generated by them. As an orchestration platform FIDO can make using your existing security tools more efficient and accurate by heavily reducing the manual effort needed to detect, notify and respond to attacks against a network.

SkunkWorks

  •    C++

SkunkWorks: A Decal-based macro platform for Asheron's Call, featuring full ACScript compatibility and much more.

netflix-1080p - Chrome extension to play Netflix in 1080p and 5.1

  •    Javascript

What it is doing is testing your User-agent for the "CrOS" string anywhere in it. If the search returns true, it appends the 1080p profile to the profile playback array (what this line a && this.oo.push(x.V.TH); is doing). If it returns false, it does nothing. The playback profile array is set up like so: this.oo = [x.V.vA, x.V.wA];, x.V.vA is the SD profile and x.V.wA is the 720p profile. After reading this you think the easy solution would be to just change the User-agent to make it contain the string "CrOS" right? Not that simple. ChromeOS apparently has a different DRM implementation than chrome, even though both use Widevine. I could never get it to work when I tried, Netflix always threw license errors. The next easiest thing to do is just delete the conditional to append 1080p and just make the 1080p profile apart of the regular profiles (this.oo = [x.V.vA, x.V.wA]; -> this.oo = [x.V.vA, x.V.wA, x.V.TH];). This works perfectly, but only for the majority of Netflix content. A few videos, like Disney movies, have manifests completely restricted to Edge to the point where you can't obtain them without an Edge ESN.

stethoscope - Personalized, user-focused recommendations for employee information security.

  •    Python

Stethoscope is a web application that collects information from existing device data sources (e.g., JAMF or LANDESK) on a given user’s devices and gives them clear and specific recommendations for securing their systems. An overview is available on the Netflix Tech Blog.Stethoscope consists of two primary pieces: a Python-based back-end and a React-based front-end. Nginx is used to serve static files and route traffic to the back-end.

Puppy Linux community repo

  •    

The Puppy Linux community repo currently aims to provide all the tools to build the base of a puppylinux release from community efforts. The base will then be expanded with further capabilities to replicate the features of past PuppyLinux releases

Lashstudio for Puppy Linux

  •    

Lashstudio is a quick and dirty, lash centered, suite of applications for audio and midi. It is packed as a squashfs module for puppy linux.

Lxpup, Puppy derivative with LXDE.

  •    

This is a derivative of Puppy Linux 5.3.3 Slacko, with the LXDE desktop manager, and the latest softwares version fundamental LXDE. Kernel 3.1.

puppy

  •    C

Puppy will allow a user to communicate with a Topfield TF5000 or TF6000 PVRs via a USB port. ftpd-topfield provides a similar service via FTP.

Grauenwolf's .NET Wrapper for the Netflix API

  •    

This is a .NET Wrapper for the Netflix API. Currently it supports low level requests including OAuth signing. A high level object model is planned.

recipes-rss - RSS Reader Recipes that uses several of the Netflix OSS components

  •    Java

RSS is a Netflix Recipes application demonstrating how all of the following Netflix Open Source components can be tied together.Shared classes between edge and middletier.

rend - A memcached proxy that manages data chunking and L1 / L2 caches

  •    Go

Rend is currently in production at Netflix and serving live member traffic.Caching is used several ways at Netflix. Some people use it as a true working set cache, while others use it as the only storage mechanism for their service. Others use it as a session cache. This means that some services can continue as usual with some data loss, while others will permanently lose data and start to serve fallbacks. Rend is built to complement EVCache, which is the main caching solution in use at Netflix.

Netflix-Prize - The code I used to get in the top #150 in the Netflix Prize

  •    C

I'm not aware of folks having published their code for the Netflix Prize. Here's mine. Under the team name "Hi!", I competed alone in college. I did it mostly for fun, and to learn modern machine learning techniques. It was an incredibly valuable, but strenuous, time. Well worth it on all fronts, though. I peaked out at #45 or so, and then dropped out to work on my senior thesis, and came in #145 or so. What I learned in the process was that smarter wasn't always better -- make an algorithm, and then scale it up, and then make a dozen tweaks to it, and then average all of the results together. That's how you climbed the leaderboard. As for the technical nitty-gritty, everything that's speed sensitive is written in Cython, which was the best balance of speed and convenience in 2009. If I were to do it al again, I would use (Numba)[http://github.com/numba/numba].





We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.