lotp
lotp copied to clipboard
boostsecurityio
boostsecurityio/lotp
# Description of the LOTP tool `awk` is a data-driven scripting language tool with many powerful features. Ref GTFObin https://gtfobins.github.io/gtfobins/gawk/#shell # Configuration files it might process some config file too.....
# Description of the LOTP tool `golangci-lint` is meta-linter tool for Golang that has tons of plugins that can be configured we a config file. # Configuration files ``` .golangci.yml...
Several npm commands (except npm ci) will consume package.json So typically npm install (unless with --ignore-scripts or .npmrc with ignore-scripts=true) will run preinstall, install, postinstall, preprepare, prepare, postprepare Those are...
Stylelint is a CSS linter and it loads raw Javascript as either `stylelint.config.js` or `.stylelintrc.js` Ref https://stylelint.io/user-guide/configure/
A malicious `Dockerfile` used in the context of docker build could have malicious `RUN` commands (other other)
Goreleaser uses a `.goreleaser.yaml` config file which has bunch of hooks https://goreleaser.com/customization/hooks/ and less obvious custom commands https://goreleaser.com/customization/publishers/
# Description of the LOTP tool xsltproc makes old-school XXE hard / if not impossible? because of URI constraints, but supported exsl:document extension ([exslt.github.io/exsl/elements/document/index.html](https://exslt.github.io/exsl/elements/document/index.html)) provides an arbitrary write primitive (ex....
# Description of the LOTP tool `sonar-scanner` is scanner with config file # Configuration files ``` sonar-project.properties ``` # injection `sonar.scanner.javaOpts`
# Description of the LOTP tool `docker` is tool to build / inspect OCI images and run containers. The build stage can be configured with `Dockerfile` # Configuration files ```...