I hereby claim:
- I am radekk on github.
- I am radekk (https://keybase.io/radekk) on keybase.
- I have a public key ASDTZzfkj8mjeJ6ZLTm-fWU9dLhJY2EpTMjShIcw9Cjz-go
To claim this, I am signing this object:
radekk
/ keybase.md
Last active
November 16, 2017 15:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ββββββββββββββββββββββββββββββββββββββββββββββ¦ββββββββββ | |
| β String β Entropy β | |
| β βββββββββββββββββββββββββββββββββββββββββββββ¬ββββββββββ£ | |
| β [email protected] β 3.8937 β | |
| β https://auth0.com/this-is-test-url-4575812 β 4.2728 β | |
| β THIS_IS_NOT_A_SECRET_ONLY_A_PROPERTY_KEY β 3.6464 β | |
| β /etc/init.d/rc4/script.sh β 3.5133 β | |
| β button[value="test1337"] β 3.9183 β | |
| ββββββββββββββββββββββββββββββββββββββββββββββ©ββββββββββ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Calculate Shannon's entropy for a string | |
| */ | |
| module.exports = (str) => { | |
| const set = {}; | |
| str.split('').forEach( | |
| c => (set[c] ? set[c]++ : (set[c] = 1)) | |
| ); |
radekk
/ detect.malicious.npm.sh
Last active
April 27, 2020 04:43
Detect malicious npm packages published by ~hacktask account
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Author: @radekk | |
| # List of vulnerable packages is from https://twitter.com/iamakulov/status/892485192883073024 | |
| # ---------------------- | |
| _IFS=$IFS | |
| _COUNTER=0 | |
| _COUNTER_ALL=0 | |
| _SCAN_PATH=${1:-~/} | |
| _VULN_PACKAGES="babelcli crossenv cross-env.js d3.js fabric-js ffmepg gruntcli http-proxy.js jquery.js mariadb mongose mssql.js mssql-node mysqljs nodecaffe nodefabric node-fabric nodeffmpeg nodemailer-js nodemailer.js nodemssql node-opencv node-opensl node-openssl noderequest nodesass nodesqlite node-sqlite node-tkinter opencv.js openssl.js proxy.js shadowsock smb sqlite.js sqliter sqlserver tkinter" | |
| _REGEXP="(babelcli|crossenv|cross-env\.js|d3\.js|fabric-js|ffmepg|gruntcli|http-proxy\.js|jquery\.js|mariadb|mongose|mssql\.js|nodecaffe|nodefabric|node-fabric|nodeffmpeg|nodemailer-js|nodemailer\.js|nodemssql|node-opencv|node-opensl|node-openssl|noderequest|nodesass|nodesqlite|node-sqlite|node-tkinter|opencv\.js|openssl\.js|proxy\.js|shadowsock|smb|sqlite\.js|sqliter|sqlserver|tkinter)" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <iframe id="ifr"></iframe> | |
| <script> | |
| var ifr = document.getElementById('ifr'); | |
| ifr.src = 'https://challenge.intigriti.io/#https://intigriti.io'; | |
| ifr.onload = () => { | |
| setTimeout(() => { | |
| ifr.src = 'https://challenge.intigriti.io/#javascript:alert(document.domain)'; |