Pamplemousse

## gist:a7619e54c5e2e62652ff0f723376345b
# host

```
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever

## pentest_cheatsheet.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                Pamplemousse
                / pentest_cheatsheet.md
            
            
              Created
              July 14, 2021 04:28
            
          
    network

scan a box with default scripts and version detection

nmap -sC -sV <ip address>

system


## pwntools_http_server.py
import argparse
import sys

from pwnlib.tubes.listen import listen


def main(cli_arguments):
    l = listen(port=cli_arguments.port, bindaddr='localhost', typ='tcp')
    _ = l.wait_for_connection()

## bap-shell.nix
/*
    Using this `shell.nix`, here is how to install BAP using `opam`:
    ```
    opam init --comp=4.09.0
    eval $(opam env)
    opam install bap
    ```
*/

with import <nixpkgs> { };

## tag_parameter_definitions_decorator.py
def tag_parameter_definitions(func):
    """
    Add a `ParameterTag` to the definitions of the arguments of the function simulated by the handler.
    """
    @functools.wraps(func)
    def wrapper(self, state: 'ReachingDefinitionsState', codeloc: 'CodeLocation'):
        arch = state.arch

        tag = ParameterTag(
            function = codeloc.ins_addr,

## cross-shell.nix
with import <nixpkgs> { };

let
  armhfDependencies = [
    pkgsCross.armv7l-hf-multiplatform.buildPackages.targetPackages.glibc
    pkgsCross.armv7l-hf-multiplatform.buildPackages.targetPackages.ncurses5
    pkgsCross.armv7l-hf-multiplatform.buildPackages.targetPackages.readline5
  ];
in stdenv.mkDerivation {
  name = "cross-environment";

## firmware-analysis-shell.nix
with import <nixpkgs> { };

let
  python38WithPackages = python38.withPackages(ps: with ps; [
    binwalk
  ]);

  firmware-mod-kit = fetchFromGitHub {
    owner = "rampageX";
    repo = "firmware-mod-kit";

## zap-shell.nix
with import <nixpkgs> { };

stdenv.mkDerivation rec {
  name = "ZAP";

  buildInputs = [
    openjdk
  ];

  shellHook = ''

## contribute_to_nixpkgs_cheatsheet.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                Pamplemousse
                / contribute_to_nixpkgs_cheatsheet.md
            
            
              Last active
              August 13, 2021 21:54
            
          
    Contribute to nixpkgs cheatsheet

Tips and tricks for one who wants to write expressions to contribute to NixOS/nixpkgs .
Build a package from local nixpkgs

nix-build <PATH_TO_NIXPKGS> -A <PACKAGE>

  
## r2_backward_slicing.py
"""
Backward slice from a given sink.

Unfortunately, the BB definition used by Radare2 is too limiting:
    https://github.com/radareorg/radare2/issues/7170#issuecomment-631579110
"""
from functools import reduce

import r2pipe
import sys
	# host

	```
	$ ip addr
	1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
	link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	inet 127.0.0.1/8 scope host lo
	valid_lft forever preferred_lft forever
	inet6 ::1/128 scope host noprefixroute
	valid_lft forever preferred_lft forever
	import argparse
	import sys

	from pwnlib.tubes.listen import listen


	def main(cli_arguments):
	l = listen(port=cli_arguments.port, bindaddr='localhost', typ='tcp')
	_ = l.wait_for_connection()
	/*
	Using this `shell.nix`, here is how to install BAP using `opam`:
	```
	opam init --comp=4.09.0
	eval $(opam env)
	opam install bap
	```
	*/

	with import <nixpkgs> { };
	def tag_parameter_definitions(func):
	"""
	Add a `ParameterTag` to the definitions of the arguments of the function simulated by the handler.
	"""
	@functools.wraps(func)
	def wrapper(self, state: 'ReachingDefinitionsState', codeloc: 'CodeLocation'):
	arch = state.arch

	tag = ParameterTag(
	function = codeloc.ins_addr,
	with import <nixpkgs> { };

	let
	armhfDependencies = [
	pkgsCross.armv7l-hf-multiplatform.buildPackages.targetPackages.glibc
	pkgsCross.armv7l-hf-multiplatform.buildPackages.targetPackages.ncurses5
	pkgsCross.armv7l-hf-multiplatform.buildPackages.targetPackages.readline5
	];
	in stdenv.mkDerivation {
	name = "cross-environment";
	with import <nixpkgs> { };

	let
	python38WithPackages = python38.withPackages(ps: with ps; [
	binwalk
	]);

	firmware-mod-kit = fetchFromGitHub {
	owner = "rampageX";
	repo = "firmware-mod-kit";
	with import <nixpkgs> { };

	stdenv.mkDerivation rec {
	name = "ZAP";

	buildInputs = [
	openjdk
	];

	shellHook = ''
	"""
	Backward slice from a given sink.

	Unfortunately, the BB definition used by Radare2 is too limiting:
	https://github.com/radareorg/radare2/issues/7170#issuecomment-631579110
	"""
	from functools import reduce

	import r2pipe
	import sys