Skip to content

Instantly share code, notes, and snippets.

View 0xdade's full-sized avatar

dade 0xdade

169 followers · 20 following
View GitHub Profile
@0xdade
0xdade / ytcracker_gpt2.txt
Last active February 26, 2020 18:49
I wrote a quick script to download lyrics for an artist from Genius and then feed it into GPT2 runs to try to generate the next Friday by Rebecca Black. The robot version of YTCracker raps a lot like a spam version of YTCracker himself. It's pretty amazing.
/*
I wrote a quick script to download lyrics for an artist from Genius and then feed it into GPT2 runs to try to generate the next Friday by Rebecca Black. The robot version of YTCracker raps a lot like a spam version of YTCracker himself. It's pretty amazing.
*/
======== SAMPLE 1 ========
done so just say so
The more I thought about itI could feel the pull of love
Because when it was happening to a girl my eyes rolled
I can't deny this love's a bit raw
But in spite of myself I still pulled back
@0xdade
0xdade / proxy_protocol.md
Created February 13, 2020 04:06
Reverse Proxying with PROXY PROTOCOL in Nginx

Summary

Reverse proxy SSL connections and retain the originating IP address without terminating SSL at the mid-point. This makes use of the PROXY protocol.

Testing Configuration

This example setup uses nginx version: nginx/1.14.0 (Ubuntu) as it ships out of the box with ubuntu 18.04.4 LTS. It was last tested on 2020-02-12.

Example Configuration to log originating IP

DNS example.com points to 192.168.10.10 192.168.10.10 has nginx installed with this in /etc/nginx/nginx.conf OUTSIDE OF the http block

@0xdade
0xdade / selfdestruct.py
Created January 23, 2020 04:26
Simple code snippet for a python file to delete itself, whether it's a standalone .py file or compiled into an executable using pyinstaller
#!/usr/bin/env python3
'''
Determine if this python is part of an executable or a standalone script and then delete the file accordingly.
If the script has been bundled into an executable using pyinstaller (such as pyinstaller --onefile <fname>.py) then the realpath of __file__ will be incorrect, thus the use of sys.executable.
Example of just relying on __file__:
$ pyinstaller --onefile test.py
[...]
$ ls dist/
@0xdade
0xdade / update-blog.sh
Created November 15, 2019 21:31
#!/bin/bash
# Enter repository folder and pull the latest version
# (This is done with a read-only deploy key on a private repo)
# `hugo` with no parameters builds the default version of the site, which has baseUrl="https://0xda.de"
# Copy the built files (from public/*) into the webserver folder
# Build a new version of the site with the baseUrl set to the onion address
# Copy the built files from public/* to the onion web server directory
cd 0xdade.github.com && \
git pull && \
@0xdade
0xdade / fetch-natlas-results.py
Created November 8, 2019 23:12
Simple script for downloading a list of ip addresses that match a query from a natlas server
#!/usr/bin/env python3
'''
Simple script for downloading a list of ip addresses that match a query from a natlas server
Input:
- Required: natlas url
- Required: Search query, contained in quotes if it includes spaces
- Optional: filename to save results to
Example: ./fetch-natlas-results.py https://natlas.io 'ports.port:443 "application/json"' json-443.txt
If no filename is present, the script will spit the results to stdout once they are all downloaded
'''
@0xdade
0xdade / breachgen.py
Last active November 7, 2019 20:05
A python port of http://whythefuckwasibreached.com/
#!/usr/bin/env python3
'''
Python version of generating excuses that are generated by http://whythefuckwasibreached.com/
These actors, methods, targets, mitigations are not my own - they are copied directly from the whythefuckwasibreached website.
I ported it to a python script so that it could be used for easy command line integration
Long live LOLBOAT Enterprise Edition
'''
import random
@0xdade
0xdade / graphdracula-example.html
Last active November 2, 2019 00:19
graphdracula without es6 modules
<html>
<head>
<!-- Using this pre-ES6 fork of Dracula https://github.com/grigoryk/dracula-js-fork -->
<script type="text/javascript" src="dracula-js-fork/raphael-min.js"></script>
<script type="text/javascript" src="dracula-js-fork/dracula_graph.js"></script>
<script type="text/javascript" src="dracula-js-fork/dracula_algorithms.js"></script>
<script type="text/javascript" src="dracula-js-fork/dracula_graffle.js"></script>
<script type="text/javascript" src="dracula-js-fork/seedrandom.js"></script>
<script>
function drawGraph() {
@0xdade
0xdade / prowl.sh
Last active October 20, 2019 09:01
# Based on https://twitter.com/stokfredrik/status/1185580290108018694
# Turns into a bash function to ease use further
# Relies on:
# - https://github.com/tomnomnom/unfurl
# - https://github.com/michenriksen/aquatone
# - https://cli.shodan.io/
# Put this function in your .bash_profile or .bashrc file and then source it and you can use it like so:
# $ prowl elasticsearch
function prowl {
@0xdade
0xdade / rename-master-branch.md
Last active October 17, 2019 23:45
Changing default branches on github
  1. $ git branch -m master main
  2. $ git push origin main
  3. Change "Default Branch" in Settings->Branches on github. https:github.com/your/repo/settings/branches.
  4. Accept any warnings about changing the default branch.
  5. If you have any branch protection rules that affect the master branch, delete them.
  6. $ git push origin :master
  7. If you had any branch protection rules affecting the master branch, recreate them on the main branch.
  8. Look through your repo for references to master and replace with main as necesary.
    • Examples of this include URLs to a file in the REPO that are not relative
  9. If you get a warning "Your branch is based on 'origin/master', but the upstream is gone." then use the command it recommends: git branch --unset-upstream
@0xdade
0xdade / SSRF.py
Created August 2, 2019 20:08
Simple SSRF example server
from flask import Flask, request, Response
import requests
app = Flask(__name__)
@app.route('/')
def index():
url = requests.args.get("url")
r = requests.get(url)
return Response(r)