Skip to content

Instantly share code, notes, and snippets.

View postmodern's full-sized avatar
🚀
releasing new versions

Postmodern postmodern

🚀
releasing new versions
1.1k followers · 59 following
View GitHub Profile
@postmodern
postmodern / hash_merge_benchmark.rb
Created March 29, 2013 22:32
Benchmark of Hash#merge vs. Ruby 2.0 keyword arguments.
#!/usr/bin/env ruby
require 'benchmark'
Benchmark.bm do |b|
n = 1_000_000
hash1 = {a: 1, b: 2, c: 3}
hash2 = {x: 1, y: 2, z: 3}
@postmodern
postmodern / ssl_proxy.rb
Created March 22, 2013 03:47
Example of using Ronin::Network::SSL::Proxy to intercept requests to rubygems.org
#!/usr/bin/env ruby
require 'bundler/setup'
require 'ronin/network/ssl/proxy'
Ronin::Network::SSL::Proxy.start(port: 1337, server: ['rubygems.org', 443]) do |proxy|
address = lambda { |socket|
addrinfo = socket.peeraddr
"#{addrinfo[3]}:#{addrinfo[1]}"
@postmodern
postmodern / comment.md
Last active January 11, 2024 15:37
Crypto Privacy Copy Pasta
@postmodern
postmodern / scrap_github_tags.rb
Created February 12, 2013 10:41
Scraps the release tags from a GitHub project
require 'open-uri'
require 'nokogiri'
unless ARGV.length == 2
puts "usage: #{$0} USER PROJECT"
exit -1
end
url = URI("https://github.com/#{ARGV[0]}/#{ARGV[1]}/tags/")
doc = Nokogiri::HTML(open(url))
@postmodern
postmodern / gemcutter_rce.rb
Created January 30, 2013 18:35
Proof-of-Concept (PoC) exploit for Gemcutter utilizing the YAML deserialization vulnerability.
#!/usr/bin/env ruby
#
# Proof-of-Concept RCE exploit against Gemcutter
#
# ## Advisory
#
# * TBA
#
# ## Caveats
#
@postmodern
postmodern / rails_omakase.rb
Last active December 25, 2020 10:14
Proof-of-Concept exploit for the new Rails Remote Code Execution vulnerability (CVE-2013-0333)
#!/usr/bin/env ruby
#
# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0333)
#
# ## Advisory
#
# https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
#
# ## Caveats
#
@postmodern
postmodern / rails_rce.rb
Last active March 5, 2025 00:46
Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
#!/usr/bin/env ruby
#
# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
#
# ## Advisory
#
# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
#
# ## Caveats
#
@postmodern
postmodern / rails_sqli.rb
Last active December 1, 2017 11:49
Proof-of-Concept exploit for Rails SQL Injection (CVE-2013-0156)
#!/usr/bin/env ruby
#
# Proof-of-Concept exploit for Rails SQL Injection (CVE-2013-0156)
#
# ## Advisory
#
# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
#
# ## Caveats
#
@postmodern
postmodern / rails_jsonq.rb
Last active June 22, 2018 10:31
Proof-of-Concept exploit for Rails Unsafe Query Generation (CVE-2013-0155)
#!/usr/bin/env ruby
#
# Proof-of-Concept exploit for Rails Unsafe Query Generation (CVE-2013-0155)
#
# ## Advisory
#
# https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI
#
# ## Synopsis
#
@postmodern
postmodern / rails_dos.rb
Last active December 10, 2015 21:59
Proof-of-Concept exploit for Rails DoS (CVE-2013-0156)
#!/usr/bin/env ruby
#
# Proof-of-Concept exploit for Rails DoS (CVE-2013-0156)
#
# ## Advisory
#
# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
#
# ## Synopsis
#