Skip to content

Instantly share code, notes, and snippets.

View andresriancho's full-sized avatar
🎯
Focusing

Andres Riancho andresriancho

🎯
Focusing
973 followers · 13 following
View GitHub Profile
@andresriancho
andresriancho / sparty_v_0.1.py
Created August 24, 2013 14:41
Sparty
#!/usr/bin/python
# Sparty - Sharepoint/Frontend Auditor
# By: Aditya K Sood - SecNiche Security Labs ! (c) 2013
license = """
Copyright (c) 2013, {Aditya K sood}
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
@andresriancho
andresriancho / sts-console.py
Last active January 18, 2019 21:03
How to decode STS message from AWS using boto, helpful to debug permissions issues with IAM policies
>>> import json
>>> import pprint
>>> from boto.sts import STSConnection
>>> s = STSConnection()
>>> d = s.decode_authorization_message('48hdmxfrx3...41DFkQ') # replace with your own string
>>> pprint.pprint(json.loads(d.decoded_message), indent=4)
{ u'allowed': False,
u'context': { u'action': u'iam:PassRole',
u'conditions': { u'items': []},
u'principal': { u'arn': u'arn:aws:iam::334918212912:user/staging-bouncer',
@andresriancho
andresriancho / console
Created March 14, 2014 20:20
Learning about max filename sizes in Ubuntu with encryptedfs home
pablo@eulogia:/tmp$ cat main.c
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#ifdef __APPLE__
#include <sys/param.h>
#include <sys/mount.h>
#else
#include <sys/statfs.h>
#endif
@andresriancho
andresriancho / collect-sysinfo.py
Created March 30, 2014 14:38
Collect system information to report w3af bug
#!/usr/bin/env python
import subprocess
import sys
def get_platform():
import platform
curr_platform = platform.system().lower()
distro = platform.dist()
@andresriancho
andresriancho / rem-dep.patch
Created April 1, 2014 21:25
Remove dependency check for Kali
--- a/w3af/core/controllers/dependency_check/dependency_check.py
+++ b/w3af/core/controllers/dependency_check/dependency_check.py
@@ -23,23 +23,6 @@ import sys
import warnings
import logging
-try:
- # Is pip even there?
- import pip
- # We do this in order to check for really old versions of pip
@andresriancho
andresriancho / ssltest.py
Created April 8, 2014 14:40
CVE-2014-0160 OpenSSL 1.0.1 - Memory leak exploit
#!/usr/bin/python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected])
# The author disclaims copyright to this source code.
import sys
import struct
import socket
import time
import select
@andresriancho
andresriancho / profiling
Created April 23, 2014 18:12
Profiling analysis
>>> p.print_callers('abc.py', 5)
Ordered by: standard name
List reduced from 913 to 2 due to restriction <'abc.py'>
Function was called by...
ncalls tottime cumtime
abc.py:128(__instancecheck__) <-
abc.py:148(__subclasscheck__) <- 1585 0.008 0.012 HTTPRequest.py:32(HTTPRequest.__init__)
2449 0.011 0.017 HTTPRequest.py:80(HTTPRequest.get_headers)
1225 0.030 0.033 HTTPRequest.py:85(HTTPRequest.to_dict)
@andresriancho
andresriancho / phishtank_xml.py
Created June 22, 2014 15:40
Phishtank XML parsing (as HTML because the XML is broken)
import lxml.etree as etree
class CollectorTarget(object):
def __init__(self):
self.events = []
self.urls = 0
def start(self, tag, attrib):
#self.events.append("start %s %r" % (tag, dict(attrib)))
if tag == 'url':
@andresriancho
andresriancho / test_no_404.py
Created July 3, 2014 12:36
Check for broken links in your django site in a unittest!
import subprocess
import unittest
import re
import shlex
import os
import time
FNULL = open(os.devnull, 'w')
@andresriancho
andresriancho / cPickle-bug.py
Created September 8, 2014 16:35
Python cPickle bug
import cPickle
import Cookie
c = Cookie.SimpleCookie()
c['abc'] = 'def'
unpickled_highest = cPickle.loads(cPickle.dumps(c, cPickle.HIGHEST_PROTOCOL))
unpickled_default = cPickle.loads(cPickle.dumps(c))
print "c['abc'].value ", c['abc'].value