Skip to content

Instantly share code, notes, and snippets.

View williamzujkowski's full-sized avatar
💭
Secure infrastructure and LEGO forts -- equally over-engineered.

William Zujkowski williamzujkowski

💭
Secure infrastructure and LEGO forts -- equally over-engineered.
View GitHub Profile
@williamzujkowski
williamzujkowski / vuln-scanner.py
Created November 18, 2025 01:28
NVD Vulnerability Scanner for Homelab - Python implementation
#!/usr/bin/env python3
"""
NVD Vulnerability Scanner for Homelab
Scans installed packages against National Vulnerability Database
"""
import requests
import json
import subprocess
from packaging import version
@williamzujkowski
williamzujkowski / promsketch-grafana-queries.json
Created November 17, 2025 05:07
Grafana dashboard queries optimized with PromSketch
{
"dashboard": {
"title": "PromSketch Optimized Metrics",
"panels": [
{
"title": "P99 Request Latency (Optimized)",
"targets": [
{
"expr": "histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m]))",
"datasource": "PromSketch"
@williamzujkowski
williamzujkowski / promsketch-benchmark.sh
Created November 17, 2025 05:07
PromSketch query performance benchmarking script
#!/bin/bash
# PromSketch benchmark script - compare query performance
PROMETHEUS_URL="http://localhost:9090"
PROMSKETCH_URL="http://localhost:8080"
QUERY='histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m]))'
echo "=== PromSketch Benchmark ==="
echo "Query: ${QUERY}"
echo ""
@williamzujkowski
williamzujkowski / promsketch-docker-compose.yaml
Created November 17, 2025 05:07
Prometheus + PromSketch + Grafana Docker Compose stack
version: '3.8'
services:
prometheus:
image: prom/prometheus:v2.48.0
container_name: homelab_prometheus
restart: unless-stopped
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
@williamzujkowski
williamzujkowski / authrest-test-suite.py
Created November 17, 2025 05:07
pytest test suite for AuthREST API authentication testing
#!/usr/bin/env python3
"""
pytest Test Suite for AuthREST Scanner
Tests authentication pattern detection
"""
import pytest
import requests
from authrest_scanner import AuthRestScanner, AuthTest
@pytest.fixture
@williamzujkowski
williamzujkowski / authrest-scanner.py
Created November 17, 2025 05:07
AuthREST-style API authentication security scanner in Python
#!/usr/bin/env python3
"""
AuthREST-style API Authentication Scanner
Parses OpenAPI specs and tests authentication patterns
"""
import json
import requests
from typing import Dict, List, Optional
from dataclasses import dataclass
@williamzujkowski
williamzujkowski / kubefence-k3s-setup.yaml
Created November 17, 2025 05:07
K3s cluster configuration with KubeFence DaemonSet deployment
# KubeFence K3s Cluster Configuration
# Deploys K3s with embedded etcd + KubeFence DaemonSet
# Tested on Ubuntu 24.04, K3s 1.28.6
---
# K3s server configuration (master node)
# Deploy with: curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server" sh -s - --config k3s-server.yaml
apiVersion: v1
kind: ConfigMap
metadata:
@williamzujkowski
williamzujkowski / kubefence-policy-generator.py
Created November 17, 2025 05:07
KubeFence policy generator from Kubernetes audit logs
#!/usr/bin/env python3
"""
KubeFence Policy Generator
Analyzes K3s audit logs and generates fine-grained API policies
Usage:
python3 kubefence-policy-generator.py --namespace default --output policies/
"""
import argparse
@williamzujkowski
williamzujkowski / kubefence-helm-install.sh
Created November 17, 2025 05:07
KubeFence Helm deployment with cert-manager and policy generation
#!/bin/bash
# KubeFence Helm Installation Script
# Deploys KubeFence as DaemonSet on K3s control plane nodes
# Tested on K3s 1.28.6, Ubuntu 24.04
set -euo pipefail
NAMESPACE="kubefence-system"
RELEASE_NAME="kubefence"
CHART_VERSION="0.1.0"
@williamzujkowski
williamzujkowski / nodeshield-cbom-generator.sh
Created November 17, 2025 04:44
NodeShield CBOM policy generation and validation workflow
#!/bin/bash
# NodeShield CBOM Generation Workflow
# Automates SBOM → CBOM conversion with manual review prompts
#
# Dependencies:
# - Syft (SBOM generator): https://github.com/anchore/syft
# - NodeShield CLI: npm install -g @nodeshield/cli
#
# Usage:
# ./generate-cbom.sh /path/to/nodejs/project