Skip to content

Instantly share code, notes, and snippets.

View brammittendorff's full-sized avatar
😸
Check the facts, expose those cats

Bram Mittendorff brammittendorff

😸
Check the facts, expose those cats
View GitHub Profile
@staaldraad
staaldraad / uid_awk.sh
Created December 12, 2017 14:06
Get the uid, gid and user groups without touching /etc/passwd or running the `id` command
awk -F: 'END {print "uid:"u" gid:"g" groups:"gg}{if($1=="Uid"){split($2,a," ");u=a[1]}if($1=="Gid"){split($2,a," ");g=a[1]}if($1=="Groups"){gg=$2}}' /proc/self/status
@staaldraad
staaldraad / awk_netstat.sh
Last active October 30, 2024 16:16
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
# Gawk version
# Remote
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'
# Local
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'
# No Gawk
# Local
grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){
# Usage: ./dns_check.py <list_of_domain_names.txt>
import dns.resolver
import requests
import re
import json
import sys
resolver = dns.resolver.Resolver()
resolver.timeout = 5
resolver.lifetime = 5
@spaze
spaze / opera-vpn.md
Last active August 25, 2024 11:20
Opera VPN behind the curtains is just a proxy, here's how it works

2023 update

ℹ️ Please note this research is from 2016 when Opera has first added their browser "VPN", even before the "Chinese deal" was closed. They have since introduced some real VPN apps but this below is not about them.

🕵️ Some folks also like to use this article to show a proof that the Opera browser is a spyware or that Opera sells all your data to 3rd parties or something like that. This article here doesn't say anything like that.


When setting up (that's immediately when user enables it in settings) Opera VPN sends few API requests to https://api.surfeasy.com to obtain credentials and proxy IPs, see below, also see The Oprah Proxy.

The browser then talks to a proxy de0.opera-proxy.net (when VPN location is set to Germany), it's IP address can only be resolved from within Opera when VPN is on, it's 185.108.219.42 (or similar, see below). It's an HTTP/S proxy which requires auth.

@wboykinm
wboykinm / falsehoods.md
Last active October 1, 2024 11:33
Falsehoods programmers believe about addresses - by Michael Tandy

Falsehoods programmers believe about addresses

This is an anchor-linked version of the excellent, amazing original opus magnum by Michael Tandy.

An address will start with, or at least include, a building number.

Counterexample: Royal Opera House, Covent Garden, London, WC2E 9DD, United Kingdom.

When there is a building number, it will be all-numeric.

Counterexample: 1A Egmont Road, Middlesbrough, TS4 2HT

@Potherca
Potherca / debug-bash-scripts.md
Last active January 10, 2024 21:29
Sometimes you want to be able to debug a bash script. This gist gives an example of how to do this.

Introduction

Sometimes you want to be able to debug a bash script. Usually the -x option will suffice but sometimes something more sophisticated is needed.

In such instances using the DEBUG trap is often a good choice.

Attached to this gist is a example script to demonstrate how such a thing would work.

@wvengen
wvengen / README.md
Last active September 27, 2024 11:07
Ruby memory analysis over time

Finding a Ruby memory leak using a time analysis

When developing a program in Ruby, you may sometimes encounter a memory leak. For a while now, Ruby has a facility to gather information about what objects are laying around: ObjectSpace.

There are several approaches one can take to debug a leak. This discusses a time-based approach, where a full memory dump is generated every, say, 5 minutes, during a time that the memory leak is showing up. Afterwards, one can look at all the objects, and find out which ones are staying around, causing the

#!/bin/bash
# This little hack-job will grab credentials from a running openvpn process in Linux
# Keep in mind this won't work if the user used the --auth-nocache flag
pid=$(ps -efww | grep -v grep | grep openvpn | awk '{print $2}')
echo $pid | grep rw-p /proc/$pid/maps | sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p' | while read start stop; do gdb --batch-silent --silent --pid $pid -ex "dump memory $pid-$start-$stop.dump 0x$start 0x$stop"; done
echo "Your credentials should be listed below as username/password"
strings *.dump | awk 'NR>=3 && NR<=4 { print }'
rm *.dump --force
@windytan
windytan / whistle-encode.pl
Last active February 6, 2022 09:06
whistle encoder
#!/usr/bin/perl
# windytan's pea whistle encoder
# http://www.windytan.com/2015/10/pea-whistle-steganography.html
# (c) 2015 Oona Räisänen
# ISC license
use warnings;
use strict;
my $data = $ARGV[0] // "OHAI!";
@googleinurl
googleinurl / facecheck2.0.php
Last active April 20, 2023 18:59
Verificação de usuários Facebook 2.0
<?php
/*
E d i ç ã o - 2.0 / 29-09-2015
--------------------------------------------------------------------------------
[+] AUTOR: Cleiton Pinheiro / Nick: googleINURL
[+] Blog: http://blog.inurl.com.br
--------------------------------------------------------------------------------
*/