Skip to content

Instantly share code, notes, and snippets.

View dhondta's full-sized avatar

Alex dhondta

517 followers · 46 following
View GitHub Profile
@dhondta
dhondta / README.md
Last active July 31, 2023 22:15
Tinyscript tool to generate PDF's from reports in a STIX package

STIX report to PDF

This Tinyscript-based tool allows to decompres a STIX XML file and to output it as a PDF using pdfkit.

This can be installed using:

$ pip install bs4 pdfkit tinyscript
$ tsm install stix-reports-to-pdf
@dhondta
dhondta / README.md
Last active December 3, 2023 18:57
Tinyscript tool for generating preview image(s) of a PDF

PDF preview generator

This Tinyscript-based tool aims to generate preview images of an input PDF (e.g. a book).

This can be installed using:

$ pip install pdf2image tinyscript
$ tsm install pdf-preview-generator
@dhondta
dhondta / README.md
Last active August 9, 2025 09:11
Tinyscript tool for getting IP locations from an email (EML file)

Get Email Origin

This Tinyscript-based allows to load an email and to parse the receivers, indicating where the found IP addesses originate from.

This can be installed using:

$ pip install ipaddress mail_parser maxminddb-geolite2 tinyscript
$ tsm install get-email-origin
@dhondta
dhondta / README.md
Last active July 31, 2023 22:14
Tinyscript tool for generating loose comparison hashes for PHP type juggling

PHP loose comparison input generator

This Tinyscript-based allows to generate a string with a given alphabet that has a given hash matching the format used for type juggling with PHP, that is when a loose comparison of the type ("0e12345" == ...) is used.

This can be installed using:

$ pip install tinyscript
$ tsm install loose-comparison-input-generator
@dhondta
dhondta / README.md
Last active June 9, 2025 07:59
Proof-of-Concept for Python parso Cache Load Vulnerability (CVE-2019-12760)

CVE-2019-12760 - ACE in Python's parso Module

Description

** DISPUTED ** A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This is disputed because "the cache directory is not under control of the attacker in any common configuration."

References

@dhondta
dhondta / README.md
Last active June 9, 2025 07:57
Proof-of-Concept for logging Python code injection

ACE in Python's logging Native Module

Description

While loading a configuration file, logging/config.py's handler parsing function calls eval() twice on unsanitized variables coming from the configuration file, therefore allowing an attacker to execute arbitrary code.

References

@dhondta
dhondta / README.md
Last active June 9, 2025 08:00
Proof-of-Concept for python-xdg 0.25 Python code injection (CVE-2019-12761)

CVE-2019-12761 - Code Injection in Python's xdg Module

Description

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.

References