aayla-secura
aayla-secura
/ create_ssl_cert.sh
Created
February 26, 2018 12:56
Create a CA ROOT X.509 self-signed certificate, then create and sign an X.509 subject certificate.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Defaults | |
| CA_EXPIRY=7300 # in days | |
| SUBJ_EXPIRY=730 # in days | |
| KEYDIR="$HOME/.ssl/private" | |
| CERTDIR="$HOME/.ssl/certs" | |
| CA="localCA" | |
| SUBJ="subj" | |
| CA_KEYLEN=4096 |
aayla-secura
/ time_response.py
Last active
September 29, 2022 00:38
Measure the average delay between sending an HTTP request and receiving the response
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # NO LONGER MAINTAINED, CURRENT CODE NOW LIVES HERE | |
| # https://github.com/aurainfosec/time_http_response | |
| # | |
| # Measure the average delay between sending an HTTP request and receiving the response. | |
| # Use for time-based attacks or just to check the server load. | |
| # | |
| # Features | |
| # - GET with URL parameters and no body | |
| # - POST with application/x-www-form-urlencoded body and no URL parameters |
aayla-secura
/ jwt_rs256_as_hs256.py
Last active
March 20, 2022 12:15
JWT RS256 to HS256 re-signing attack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| ############################################################# | |
| # @AaylaSecura1138, github.com/aayla-secura | |
| # Modify and distribute as you wish | |
| ############################################################# | |
| # NO LONGER MAINTAINED: CURRENT CODE LIVES HERE: | |
| # https://github.com/aurainfosec/jwt_resign_asym_to_sym | |
| ############################################################# | |
| # Some JWT libraries are vulnerable to a known attack which changes | |
| # the type of a JWT from an asymmetric (e.g. RS256) to a symmetric |
aayla-secura
/ pretty_print_table.awk
Last active
October 28, 2022 04:48
Format (pretty print) a table using awk. Automatically adjusts column widths. Somewhat customisable output.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Tested with GNU awk v4.2.1 and above | |
| # Copyright 2021 aayla-secura | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: | |
| # The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. | |
| # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CO |
aayla-secura
/ magicdict.py
Last active
September 29, 2022 00:38
A magic dictionary which never raises KeyError, can set default values for keys based on regex and can filter based on regex
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # EXAMPLE USAGE | |
| # import json | |
| # | |
| # mdorder = MagicDict() | |
| # mdorder.configure( | |
| # defaults={'^price$': 0, '_address$': 'No such street, PO 000'}) | |
| # create a default order | |
| # mdorder['price'] | |
| # mdorder['shipping_address'] | |
| # mdorder['billing_address'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # TODO | |
| # - Consolidate ports for the same host from different files | |
| ONE_PER_LINE=0 | |
| AS_URLS=0 | |
| AS_IPS=0 | |
| NO_VERSION=0 | |
| SEP=" " | |
| SUBSEP="," |
aayla-secura
/ JSON_to_URL_encoded_form.py
Last active
January 2, 2023 02:31
Convert JSON data to URL encoded form (application/x-www-form-urlencoded)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import json | |
| from urllib.parse import quote, quote_plus | |
| import sys | |
| import os | |
| import argparse | |
| parser = argparse.ArgumentParser( |
aayla-secura
/ search_gmail.py
Last active
November 30, 2020 07:41
Search for an email in gmail and extract regex from it
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from googleapiclient.discovery import build | |
| from google_auth_oauthlib.flow import InstalledAppFlow | |
| from google.auth.transport.requests import Request | |
| import pickle | |
| import base64 | |
| import os.path | |
| import sys | |
| import re | |
| import argparse | |
| import logging |
aayla-secura
/ jwt_bruteforce.py
Created
January 19, 2021 00:18
Brute-force a JWT signed with a shared key
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| ############################################################# | |
| # @AaylaSecura1138, github.com/aayla-secura | |
| # Modify and distribute as you wish | |
| ############################################################# | |
| import logging | |
| import jwt | |
| import sys | |
| import argparse |
aayla-secura
/ nasm_shell.sh
Last active
March 10, 2021 21:19
Show disassembly of given opcodes or assembly instructions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # See -h for help | |
| INTERACTIVE=1 | |
| READ_ARGS=() | |
| NASM_ARGS=() | |
| OBJDUMP_ARGS=() | |
| # Determine if interactive or stdin is redirected from file/heredoc/command | |
| # output/etc |
OlderNewer