0x73746F66 chrisdlangton
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -ex | |
| sudo su - | |
| apt-get update | |
| apt-get install -y build-essential git jq curl wget gnupg | |
| wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add - | |
| sh -c "echo 'deb https://http.kali.org/kali kali-rolling main non-free contrib' > /etc/apt/sources.list.d/kali.list" | |
| sh -c "echo 'Package: *' > /etc/apt/preferences.d/kali.pref | |
| echo 'Pin: release a=kali-rolling' >> /etc/apt/preferences.d/kali.pref | |
| echo 'Pin-Priority: 50' >> /etc/apt/preferences.d/kali.pref" | |
| wget http://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2022.1_all.deb |
chrisdlangton
/ xor.py
Created
November 16, 2023 00:02
Use NLP to filter results of bruteforce key length for XOR encoded words, alphanumeric, or phrase
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import string, itertools, time, re | |
| from nltk.corpus import words | |
| from nltk.tokenize import word_tokenize | |
| import nltk | |
| flag = "The message is too secret" | |
| secret_key = 'CTFKey' | |
| def is_mostly_english(text, threshold: float = 0.5): |
chrisdlangton
/ hawkauth_mitm_poc.js
Last active
July 24, 2023 01:30
PoC for GHSA-mrcf-5cch-47mc mozilla/hawk
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Gist: https://gist.github.com/chrisdlangton/cd32ad083294c56c509828a7b9f7e90e | |
| * Advisory: https://github.com/chrisdlangton/hawk/security/advisories/GHSA-mrcf-5cch-47mc | |
| */ | |
| const hawk = require('hawk') | |
| const credentials = { | |
| id: 'dh37fgj492je', | |
| key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', | |
| algorithm: 'sha256' |
chrisdlangton
/ coverletter.txt
Created
February 2, 2023 08:39
ChatGPT Cloud Engineer job application cover letter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Cloud Engineer Cover Letter | |
| Chris | |
| Write a cover letter for a cloud engineer job at a product focussed company | |
| Dear Hiring Manager, | |
| I am writing to apply for the Cloud Engineer position at [Company Name], and I am confident that my extensive experience and skills make me an ideal candidate for this role. I have a passion for developing and deploying innovative cloud solutions that drive business success, and I am excited about the opportunity to bring my expertise to your team. |
chrisdlangton
/ cloud_metadata.txt
Created
July 5, 2022 00:31
— forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
chrisdlangton
/ cose_lookup.js
Created
July 16, 2021 07:48
Lookups for CBOR Object Signing and Encryption (COSE) used in WebAuthn
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** https://tools.ietf.org/id/draft-ietf-cose-webauthn-algorithms-03.html */ | |
| const COSE_Key_Types = [ | |
| void 0, | |
| 'OKP, Octet Key Pair - Elliptic Curve', | |
| 'EC2, Elliptic Curve Keys w/ x- and y-coordinate pair', | |
| 'RSA, RSA Key', | |
| 'Symmetric, Symmetric Keys', | |
| 'HSS-LMS, Public key for HSS/LMS hash-based digital signature', | |
| 'WalnutDSA, WalnutDSA public key', | |
| ] |
chrisdlangton
/ hmac_decorator.py
Last active
May 2, 2024 03:03
Time-based HMAC signature SHA256, SHA512, SHA3-256, SHA3-384, SHA3-512, and BLAKE2 for Python Flask with Javascript Forge.js and Bash/OpenSSL/Curl clients
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| import hmac | |
| from base64 import b64encode | |
| from functools import wraps | |
| from datetime import datetime, timedelta | |
| from flask import request, abort | |
| from flask_login import login_user | |
| from models import User, ApiKey | |
| def require_hmac(not_before_seconds: int = 3, expire_after_seconds: int = 3): |
chrisdlangton
/ hosting_providers.py
Created
October 26, 2020 13:43
List of web hosting providers - expected these services have customers that use CNAME records for custom/vanity domains
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| The following python list of tuples is in the form of; | |
| (<url_segment>, <provider_name>) | |
| url_segment: str = a substring match, can be of prefix suffic or any substring | |
| provider_name: str = human friendly name of the provier | |
| """ | |
| hosting_providers = [ | |
| ('.clients.turbobytes.net', 'TurboBytes',), | |
| ('.turbobytes-cdn.com', 'TurboBytes',), | |
| ('.afxcdn.net', 'afxcdn.net',), |
chrisdlangton
/ managed_dns.py
Last active
March 8, 2021 13:49
List of managed dns providers - WAF, Firewall, DDOS protection, CDN, Anti-bots, Anti-spam
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| The following python list of tuples is in the form of; | |
| (<url_segment>, <provider_name>, <ns_ignore_list>) | |
| url_segment: str = a substring match, can be of prefix suffic or any substring | |
| provider_name: str = human friendly name of the provier | |
| ns_ignore_list: list(str) = a list of url_segment substrings used to identify if the NS lookup is | |
| always going to be a match, useful when checking for provider customers | |
| usage of the service and excluding obligatory references to minimise | |
| double counting an single usage | |
| """ |
chrisdlangton
/ proxy_download_to_file.js
Last active
June 5, 2021 14:45
Node.js 14 download to file via proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require('dotenv').config() | |
| const { URL } = require('url'); | |
| const http = require('http') | |
| const https = require('https') | |
| const yaml = require('js-yaml') | |
| const fs = require('fs') | |
| const config = yaml.load(fs.readFileSync(process.env.CONFIG_FILE, 'utf8')) | |
| const download_to_file = (url, dest_path, callback) => { | |
| const file = fs.createWriteStream(dest_path) |
NewerOlder