Skip to content

Instantly share code, notes, and snippets.

View DinisCruz's full-sized avatar

Dinis Cruz DinisCruz

202 followers · 0 following
View GitHub Profile
@DinisCruz
DinisCruz / JavapHelper.java
Last active September 5, 2016 13:55
javap helper to quickly extract list of methods called from method
package ....appsec.utils;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
public class JavapHelper {
@DinisCruz
DinisCruz / javap-test.java
Created September 5, 2016 10:04
Here is an experiment with javap to extract the methods programatically. It looks like javassit will be a better way to do this (specially since it is native)
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
/**
* Created by diniscruz on 01/09/2016.
*/
public class JavapHelper {
@DinisCruz
DinisCruz / Vulnerability_Weak_Crypto.java
Created September 4, 2016 15:43
Java test that confirms how Random().nextInt() values can be predicted
import org.junit.Test;
import java.util.ArrayList;
import java.util.Random;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
public class Vulnerability_Weak_Crypto {
@DinisCruz
DinisCruz / XSS_Tests.cs
Created June 3, 2016 08:36
Testing ASP.NET Controls for default xss
namespace Tests.XSS_Tests
{
public static class HtmlControls_ExtensionMethods
{
public static string render_Control(this Control control)
{
var stringBuilder = new StringBuilder();
using (var stringWriter = new StringWriter(stringBuilder))
using (var htmlTextWriter = new HtmlTextWriter(stringWriter))
@DinisCruz
DinisCruz / cash-p29.java
Created May 30, 2016 10:50
Elegant Objects code snippets
//executed in https://www.compilejava.net/
public class CashTest
{
public static void main(String[] args)
{
System.out.println(new Cash(12).Value());
System.out.println(new Cash("12").Value());
// System.out.println(new Cash("12.12f").Value()); // doesn't work and throws exception
System.out.println(new Cash(12.12f).Value());
@DinisCruz
DinisCruz / dockerode.tests.coffee
Created May 24, 2016 13:43
# Number of test I wrote while learning dockerode
require 'fluentnode'
Docker = require('dockerode')
MemoryStream = require 'memorystream'
fs = require 'fs'
create_Docker = ()=>
docker_Files = process.env.HOME.path_Combine('.docker/machine/machines/default')
@DinisCruz
DinisCruz / electron-tests.coffee
Created May 19, 2016 17:10
Testing wallbyjs electron integration, see https://twitter.com/DinisCruz/status/733343716195336193
chai = require 'chai'
expect = chai.expect
$ = require 'jquery'
#require 'electron-prebuilt'
describe 'testing in coffee', ->
@DinisCruz
DinisCruz / electron-tests.coffee
Created May 19, 2016 17:09
Testing wallbyjs electron integration
chai = require 'chai'
expect = chai.expect
$ = require 'jquery'
#require 'electron-prebuilt'
describe 'testing in coffee', ->
@DinisCruz
DinisCruz / install-steps.txt
Last active May 26, 2016 17:14
GCloud Windows Setup scripts
New windows VM (note: this needs to be converted into a script)
1) installed chocolatey
@powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" && SET PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin
2) installed chrome, fiddler, git, VS Code
choco install googlechrome git fiddler4 -y
@DinisCruz
DinisCruz / first-version.cs
Last active November 10, 2019 21:04
Confirming which ASP.NET controls are vulnerable to XSS via the .Text propert
public static class HtmlControls_ExtensionMethods
{
public static string renderControl(this Control control)
{
var stringBuilder = new StringBuilder();
using (var stringWriter = new StringWriter(stringBuilder))
using (var htmlTextWriter = new HtmlTextWriter(stringWriter))
control.RenderControl(htmlTextWriter);
return stringBuilder.str();