Skip to content

Instantly share code, notes, and snippets.

Avatar

dade 0xdade

View GitHub Profile
@0xdade
0xdade / selfdestruct.py
Created Jan 23, 2020
Simple code snippet for a python file to delete itself, whether it's a standalone .py file or compiled into an executable using pyinstaller
View selfdestruct.py
#!/usr/bin/env python3
'''
Determine if this python is part of an executable or a standalone script and then delete the file accordingly.
If the script has been bundled into an executable using pyinstaller (such as pyinstaller --onefile <fname>.py) then the realpath of __file__ will be incorrect, thus the use of sys.executable.
Example of just relying on __file__:
$ pyinstaller --onefile test.py
[...]
$ ls dist/
@0xdade
0xdade / tags.py
Created Apr 9, 2022
Some really awful ways to build html elements in python. attributes with - in them not supported. Self-closing tags not supported. Comments not supported. Doctype strings not supported. attribute validation on tags not supported.
View tags.py
# First approach, just make a function manually for every tag
# Then feed them all back to the same core html_element function for rendering
import inspect
import sys
def html_element(*args, **kwargs):
tag = inspect.stack()[1][3]
attrs = [f"{kwarg}=\"{kwargs.get(kwarg)}\"" for kwarg in kwargs]
children = "\n".join([f"{child}" for child in args])
return f'<{tag}{" " if attrs else ""}{" ".join(attrs)}>{children}</{tag}>'
@0xdade
0xdade / secure_file_submit_share.txt
Last active Apr 30, 2021
Some design thoughts on building an open source solution for solving the "simple secure file submission" and "simple secure file share" problems
View secure_file_submit_share.txt
User Experience:
Workflow:
(Optional) Click pre-authenticated upload url, if provided
(Optional) Sign in, if required
Drag and drop a file
interface shows the file name (and maybe some additional metadata, not sure if we get any metadata at this point though)
Set of checkboxes for the following (if they are not enforced to a specific value by the server operator):
Save Encryption Key
Burn After Reading
Expiration Duration
@0xdade
0xdade / apache-modrewrite-cloud.conf
Last active Feb 23, 2021
Rickroll clouds with apache mod_rewrite
View apache-modrewrite-cloud.conf
This file has been truncated, but you can view the full file.
# Built by Sephiroth on 2020-06-24 03:05:40.431464 (UTC)
# (aws) syncToken: 1592887752
# (aws) createDate: 2020-06-23-04-49-12
# (azure) changeNumber: 95
# (azure) cloud: Public
# (gcp) _cloud-netblocks count: 8
# (oci) last_updated_timestamp: 2020-06-19T14:53:54.841671
# (asn) ASN Data collected from api.hackertarget.com
@0xdade
0xdade / auto-limiter.yml
Last active Sep 29, 2020
Github action to automatically limit the repo to collaborators every day. REPO_MANAGER is a personal access token in the repository secrets. Gross, but github doesn't give us individual repo admin tokens because it's 2020 and principle of yoloscope
View auto-limiter.yml
name: Automatically limit
on:
schedule:
- cron: "0 0 * * *"
jobs:
limiter:
runs-on: ubuntu-latest
steps:
- name: Remove existing limit
run: |
View nginx_shameless_proxy.conf
# A quick nginx config that does some shameless transparent proxying.
# The sub_filter module is available on my ubuntu install out of the box, but may not always be available
# This demonstration of sub_filter is also extremely minimal. All requests that begin with `/` will load relatively anyways, this attempts to replace any fully qualified requests
server {
listen 80;
listen [::]:80;
server_name exploit.party;
return 301 https://$server_name$request_uri;
}
@0xdade
0xdade / wildcard_nginx_config.md
Last active Jun 28, 2020
Distribute the denial of secrets
View wildcard_nginx_config.md

Distributing the denial of secrets

Twitter made ddosecrets.com a forbidden place. I don't like being forbidden from going places or sharing links to said places.

It's dangerous to go alone, take these:

@0xdade
0xdade / nginx-cloud-block.conf
Last active Jun 24, 2020
Block clouds in nginx with ngx_http_geo_module
View nginx-cloud-block.conf
This file has been truncated, but you can view the full file.
# Built by Sephiroth on 2020-06-24 03:05:20.327355 (UTC)
# (aws) syncToken: 1592887752
# (aws) createDate: 2020-06-23-04-49-12
# (azure) changeNumber: 95
# (azure) cloud: Public
# (gcp) _cloud-netblocks count: 8
# (oci) last_updated_timestamp: 2020-06-19T14:53:54.841671
# (asn) ASN Data collected from api.hackertarget.com
@0xdade
0xdade / iptables-cloud-block
Last active Jun 24, 2020
DROP clouds using iptables
View iptables-cloud-block
This file has been truncated, but you can view the full file.
# Built by Sephiroth on 2020-06-24 03:04:16.607901 (UTC)
# (aws) syncToken: 1592887752
# (aws) createDate: 2020-06-23-04-49-12
# (azure) changeNumber: 95
# (azure) cloud: Public
# (gcp) _cloud-netblocks count: 8
# (oci) last_updated_timestamp: 2020-06-19T14:53:54.841671
# (asn) ASN Data collected from api.hackertarget.com
@0xdade
0xdade / dadeco_dlp.sh
Created Jun 16, 2020
Next Generation Data Loss Prevention Platform Provided By DadeCo
View dadeco_dlp.sh
#!/bin/bash
# DadeCo Next Generation Data Loss Prevention Platform
# Advanced AI, blockchain powered, cloud native
# Copyright 2020 DadeCo
# Author: dade, of DadeCo
ngrep -qt -d any -i "confidential|secret"