Skip to content

Instantly share code, notes, and snippets.

View Zapotek's full-sized avatar

Tasos Laskos Zapotek

247 followers · 1 following
View GitHub Profile
@Zapotek
Zapotek / tls-gen.md
Created October 25, 2025 19:49

Here's a complete Bash script that generates:

  • A Certificate Authority (CA) (self-signed)
  • A server TLS certificate signed by the CA
  • A client certificate signed by the CA
  • Private keys for server and client
  • Public keys (extracted from certificates)

It uses openssl and includes secure defaults (RSA 4096, SHA-256, 365-day validity).

@Zapotek
Zapotek / my_app.rb
Created January 1, 2025 13:23
require 'net/http'
require 'sinatra'
require 'scnr/introspector'
class MyApp < Sinatra::Base
use SCNR::Introspector, scope: {
path_start_with: __FILE__
}
@Zapotek
Zapotek / app.rb
Created December 31, 2024 10:27
DOM XSS in Sinatra (Introspector loaded)
require 'sinatra'
require 'scnr/introspector'
class MyApp < Sinatra::Base
use SCNR::Introspector, scope: {
path_start_with: __FILE__
}
def process_params( params )
@Zapotek
Zapotek / browser_script.rb
Created May 26, 2024 08:10
URL = 'https://ginandjuice.shop/catalog'
# Proxy HTTP tragic through Burp/ZAP/whatever.
# Options.http.proxy_host = 'localhost'
# Options.http.proxy_port = 8282
b = Browser.new(
visible: true,
on_request: proc do |request, _|
# Inspect or manipulate HTTP traffic in the form of an HTTP::Request.
@Zapotek
Zapotek / sinatra_introspector_app.rb
Created January 8, 2024 08:20
require 'scnr/introspector'
require 'sinatra/base'
class MyApp < Sinatra::Base
use SCNR::Introspector, scope: {
path_start_with: __FILE__
}
def noop
end
@Zapotek
Zapotek / scnr_introspector_output.txt
Last active May 20, 2023 18:09
$ ./examples/sinatra_xss.rb
[*] Preparing plugins...
[*] ... done.
[*] [HTTP: 200] http://myapp/
[~] Identified as: linux, ruby, rack
[~] Analysis resulted in 1 usable paths.
[*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while.
[*] XSS: Auditing link input 'v' pointing to: 'http://myapp/'
@Zapotek
Zapotek / scnr_introspector_sinatra.rb
Created May 20, 2023 17:49
require 'pry'
require 'scnr/introspector'
require 'scnr/introspector/helpers/output'
include SCNR
include Introspector::Helpers::Output
# Location of the web application environment loader.
APP_PATH = "#{File.expand_path( File.dirname(__FILE__) )}/sinatra_xss.rb"
@Zapotek
Zapotek / sinatra_xss.rb
Created May 20, 2023 17:47
require 'sinatra/base'
class MyApp < Sinatra::Base
def noop
end
def process_params( params )
noop
params.values.join( ' ' )
@Zapotek
Zapotek / rest-agent.rb
Created May 17, 2023 18:41
#!/usr/bin/env ruby
require 'pp'
require_relative 'rest-http-helpers'
# Configure the REST server to use this Agent to provide Instances.
request :put, 'agent/url', 'localhost:1111'
request :post, 'instances', {
url: 'http://testhtml5.vulnweb.com',
@Zapotek
Zapotek / rest-single.rb
Created May 17, 2023 17:25
#!/usr/bin/env ruby
require 'pp'
require_relative 'rest-http-helpers'
# Create a new scanner Instance (process) and run a scan with the following options.
request :post, 'instances', {
# Scan this URL.
url: 'http://testhtml5.vulnweb.com',