Skip to content

Instantly share code, notes, and snippets.

View ozzi-'s full-sized avatar
🎯
On point

ozzi-

🎯
On point
83 followers · 39 following
View GitHub Profile
@ozzi-
ozzi- / tlscheck.sh
Created October 30, 2020 16:52
check supported tls versions of a server by defining a minimum allowed version
#!/bin/bash
# tlscheck will check if a specified url supports the defined mimum tls version and higher
# this is helpful to ensure hardening (i.E. does my server support 1.2 and newer only?)
# exit codes above 9 will signalize the tls version check that failed (i.E. 11 = TLS 1.1)
# exit codes below 6 will signalize wrong syntax
# exit code 6 means could not connect at all
# ----------------------------------------------------------------------------------------
# https://github.com/ozzi-
@ozzi-
ozzi- / doubleEncodingUTF8.java
Created October 26, 2020 14:54
java method to fix double encoded UTF-8 strings
public static void main(String[] args) {
String input = "werewrÀüèâ";
String result = fixDoubleUTF8Encoding(input);
System.out.println(result); // werewrÀüèâ
input = "üÀâé";
result = fixDoubleUTF8Encoding(input);
System.out.println(result); // üÀâé
}
@ozzi-
ozzi- / all_curl.sh
Created August 3, 2020 11:26
get response code, all headers, specific headers and response body from CURL
res=$(curl "https://zgheb.com" -i -sS -w "\r\n%{http_code}")
responseCode=$(echo "$res" | tail -1)
headersAndBody=$(echo "$res" | head -n -1)
headers=$(echo "$headersAndBody" | awk '{if($0=="\r")exit;print}')
body=$(echo "$headersAndBody" | awk '{if(body)print;if($0=="\r")body=1}')
powered=$(echo "$res" | grep -Fi "X-Powered-By" | cut -d ":" -f2 | awk '{$1=$1};1')
echo "Response Code:"
@ozzi-
ozzi- / bashSubstringCount
Created July 24, 2020 07:50
$ echo "f00 bar 123 f00 foo" | awk -F"f00" '{ print NF-1}'
2
@ozzi-
ozzi- / getServerCert.sh
Created June 26, 2020 07:15
openssl s_client -showcerts -servername {{URL}} -connect {{URL}}:443 2>/dev/null
@ozzi-
ozzi- / removeSubdomainsOfURL.java
Last active June 11, 2020 09:08
removes all subdomains of an url
public static String removeSubdomains(String url, ArrayList<String> secondLevelDomains) {
// We need our URL in three parts, protocol - domain - path
String protocol= getProtocol(url);
url = url.substring(protocol.length());
String urlDomain=url;
String path="";
if(urlDomain.contains("/")) {
int slashPos = urlDomain.indexOf("/");
path=urlDomain.substring(slashPos);
urlDomain=urlDomain.substring(0, slashPos);
@ozzi-
ozzi- / example.js
Created June 9, 2020 12:49
xhr1.open("POST","http://external2.com");
xhr2.open("POST","www.external2.com");
xhr3.open("POST","//external2.com");
xhr4.open("POST","http://gist.githubusercontent.com/testrlocal");
xhr4.open("POST","gist.githubusercontent.com/testrlocal");
@ozzi-
ozzi- / example.css
Created June 9, 2020 12:45
@import 'fonts.googleapis.com/css?family=Advent+Pro:400,200,700');
@import "www.fonts.googleapis.com/css?family=Advent+Pro:400,200,700");
@import "https://www.fonts.googleapis.com/css?family=Advent+Pro:400,200,700");
@import url("http://fonts.googleapis.com/css?family=Raleway+Dots");
@import url('//weloveiconfonts.com/api/?family=entypo');
@import url("weloveiconfonts.com/api/?family=entypo");
html{
}
@ozzi-
ozzi- / example.html
Last active June 11, 2020 12:20
<html>
<!-- all tags that should match -->
<link href="www.external.com">
<script type="text/javascript">
xhr1.open("POST","http://external.com");
xhr2.open("POST","www.external.com");
xhr2.open("POST","www.external-co-ul.co.uk");
xhr3.open("POST","//external.com");
xhr4.open("POST","http://gist.githubusercontent.com/testlocal");
</script>
@ozzi-
ozzi- / SecureFilePermissions.java
Last active January 10, 2020 07:49
cross-platform privilege hardening for files with java
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.attribute.PosixFilePermission;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;