Skip to content

Instantly share code, notes, and snippets.

View GangGreenTemperTatum's full-sized avatar
🍣

Ads Dawson GangGreenTemperTatum

🍣
View GitHub Profile
@BuffaloWill
BuffaloWill / cloud_metadata.txt
Last active July 22, 2024 12:50
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@GangGreenTemperTatum
GangGreenTemperTatum / Creating a CSR and SSL Certificate with SAN Extensions.md
Last active June 8, 2023 15:08
Creating a CSR and SSL Certificate with SAN Extensions

Creating a CSR and SSL Certificate with SAN Extensions

Problem:

As per here Few days ago (after an update) FF simply refused to accept my self-signed certificate anymore, Firefox requires SAN (Subject Alternative Names) present:

It must be due to removed "subject common name" fallback support from certificate validation. This fallback mode was previously enabled only for manually installed certificates. The CA Browser Forum Baseline Requirements have required the presence of the "subjectAltName" extension since 2012, and use of the subject common name was deprecated in RFC 2818. Firefox from 101.0 onward no longer use certificate CN (Common Name) for matching domain name to certificate and have migrated to only using SAN (Subject Alternate Name) so if you self sign for internal devices you’ll need to regenerate.

@rossja
rossja / README.md
Last active June 17, 2024 16:24
Huggingface SFConvertbot Pull Request Scanner

HuggingFace SF_Convertbot Scanner

This script is designed to assist in identifying pull requests to HuggingFace repositories that are sourced from the SFConvertbot user.

The SFConvertbot user is part of an automated tool used by HuggingFace to provide safetensor versions of models. As published by HiddenLayer this bot can be used by malicious actors to potentially insert malicious content into models.

This tool is a simple script to query all models released by a HuggingFace author, and checks all

@DanaEpp
DanaEpp / har_capture_reader.py
Created May 10, 2024 17:49
HAR capture reader to use with Sensitive Data Detector. see: https://danaepp.com/sensitive-data-detection-using-ai-for-api-hackers
rom base64 import b64decode
import os
from typing import Iterator, Union
import json_stream
# This HAR capture reader was taken from mitmproxy2swagger and slightly modified to work for our needs.
# See https://github.com/alufers/mitmproxy2swagger/blob/master/mitmproxy2swagger/har_capture_reader.py
class HarFlowWrapper:
def __init__(self, flow: dict):
@DanaEpp
DanaEpp / sensitive_data_detector.py
Created May 10, 2024 17:52
Sensitive Data Detector see: https://danaepp.com/sensitive-data-detection-using-ai-for-api-hackers
import json
import sys
from typing import List
from dataclasses import dataclass
from presidio_analyzer import AnalyzerEngine, RecognizerResult
import argparse
from har_capture_reader import HarCaptureReader
analyzer: AnalyzerEngine = AnalyzerEngine()