Skip to content

Instantly share code, notes, and snippets.

@ishideo
ishideo / Reduce docker image size.md
Created March 14, 2024 02:22 — forked from shinsenter/Reduce docker image size.md
Make your Docker images smaller by reducing the number of layers
@ishideo
ishideo / zgrab.sh
Created February 29, 2024 09:55 — forked from gabemarshall/zgrab.sh
Zgrab2 helper script to include the http(s) port in the output
#!/bin/bash
#
# ex: ./zgrab.sh www.contoso.com 443
echo $1 | zgrab2 http --retry-https --port $2 | awk '{first=substr($0,1,1);gsub(/./,"{\"port\":'"$2"',",first);end=substr($0,2);print first end}'
@ishideo
ishideo / jq-cheetsheet.md
Created February 29, 2024 09:52 — forked from olih/jq-cheetsheet.md
jq Cheet Sheet

Processing JSON using jq

jq is useful to slice, filter, map and transform structured json data.

Installing jq

On Mac OS

brew install jq

@ishideo
ishideo / offsec.md
Created February 29, 2024 09:51 — forked from jivoi/offsec.md
Penetrating Testing/Assessment Workflow

Penetrating Testing/Assessment Workflow & other fun infosec stuff

https://github.com/jivoi/pentest

My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*

@ishideo
ishideo / pentest cheat sheet
Created February 29, 2024 09:42 — forked from githubfoam/pentest cheat sheet
pentest cheat sheet
----------------------------------------------------------------------------------------------------
OWASP Top Ten https://owasp.org/www-project-top-ten/
The CWE Top 25
https://www.sans.org/top25-software-errors/
2022 CWE Top 25 Most Dangerous Software Weaknesses
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html
OSSTMM 3 – The Open Source Security Testing Methodology Manual
https://www.isecom.org/OSSTMM.3.pdf
OWASP Web Security Testing Guide
https://owasp.org/www-project-web-security-testing-guide/

nmap --top-ports <#ports> -v -oG - localhost

Top 100:

7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157

Top 1000:

@ishideo
ishideo / elasticsearch-cheatsheet.txt
Created September 1, 2023 00:19 — forked from stephen-puiszis/elasticsearch-cheatsheet.txt
Elasticsearch Cheatsheet - An Overview of Commonly Used Elasticsearch API Endpoints and What They Do
# Elasticsearch Cheatsheet - an overview of commonly used Elasticsearch API commands
# cat paths
/_cat/allocation
/_cat/shards
/_cat/shards/{index}
/_cat/master
/_cat/nodes
/_cat/indices
/_cat/indices/{index}
@ishideo
ishideo / jarm-list.csv
Created July 25, 2023 00:55 — forked from gboddin/jarm-list.csv
JARM exploration
HASH Description
21d2ad00021d21d00021d2ad21d21df4e3c58923bbd15f0f36892ab3187607 QNAP devices
29d29d00029d29d21c29d29d29d29de89a29da3ee50098446f31579da51a6e Docker registries
29d29d20d29d29d00029d29d29d29d7d36b37b24a2d9588a0b8abfe23303d7 Kubernetes masters
29d29d15d29d29d21c29d29d29d29d7e041aa174fa2d3165f8bda79299bfea Ubiquity/CommVault
2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d F5?
3fd3fd0003fd3fd0003fd3fd3fd3fd5b4368bf786845fef915ced422fd1b09 Minio
29d29d00029d29d21c42d43d00041db6525da0b3c6db046c54191c7bbf62aa FSecure policy manager
@ishideo
ishideo / file0.py
Created May 21, 2021 08:30 — forked from esehara/file0.py
はてなブックマークのお気に入りユーザーで、既にアクティヴではないユーザーを調べる ref: http://qiita.com/esehara@github/items/d595c89c52a81052bf42
# -*- coding: utf-8 -*-
from bs4 import BeautifulSoup
import sys
import urllib
def _init():
if len(sys.argv) == 1:
print "usage: lastbookmark.py user_name"
sys.exit(1)
@ishideo
ishideo / octopress-to-cryogen.clj
Created April 8, 2021 09:43 — forked from rickerbh/octopress-to-cryogen.clj
Babashka script to port posts from jekyll/octopress format to cryogen
(require '[clojure.java.io :as io]
'[clojure.string :as string]
'[clojure.tools.cli :refer [parse-opts]])
(def cli-options
[["-o" "--out DIR" "Output directory"
:default "out"]
["-s" "--source SOURCE" "Source directory"
:default "source/_posts"]
["-h" "--help"]])