Skip to content

Instantly share code, notes, and snippets.

@bonsaiviking
bonsaiviking / tls-hellofirst.nse
Created March 25, 2015 19:04
tls-hellofirst - Audit TLS implementations for handshake reversal. https://twitter.com/bonsaiviking/status/580727089944518656
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"
local bin = require "bin"
local tls = require "tls"
description = [[
Tries to confuse a TLS server into sending a ClientHello by first sending a HelloRequest.
@bonsaiviking
bonsaiviking / ssl-poodle.md
Last active August 29, 2015 14:07
Nmap NSE script for detecting POODLE-vulnerable servers (SSLv3 with CBC ciphersuites)
@bonsaiviking
bonsaiviking / service_fp.nse
Created October 1, 2014 17:53
turn a service_fp blob into binary blob
local lpeg = require "lpeg"
local U = require "lpeg-utility"
local getquote = U.escaped_quote()
local unescape = lpeg.P ( {
lpeg.Cs((lpeg.V "simple_char" + lpeg.V "unesc")^0),
esc = lpeg.P "\\",
simple_char = lpeg.P(1) - lpeg.V "esc",
unesc = (lpeg.V "esc" * lpeg.Cs( lpeg.V "esc" + lpeg.V "specials" + lpeg.V "code" + lpeg.P(1) ))/"%1",
specials = lpeg.S "trn0" / {t="\t", r="\r", n="\n", ["0"]="\0"},
@bonsaiviking
bonsaiviking / progress.sh
Created June 6, 2014 15:07
Display progress reading/writing a file according to position information on the file descriptor.
#!/bin/bash
# Usage: progress.sh $(pgrep myprocess) $FD_NUMBER
# Find $FD_NUMBER by doing: ls -l /proc/$(pgrep myprocess)/fd/
fd=/proc/$1/fd/$2
fdinfo=/proc/$1/fdinfo/$2
name=$(readlink $fd)
size=$(wc -c $fd | awk '{print $1}')
while [ -e $fd ]; do
@bonsaiviking
bonsaiviking / NmapHeartbleed.md
Last active September 20, 2021 23:31
Guide to using Nmap to scan for the Heartbleed bug.

Requirements

  1. Nmap. The script requires version 6.25 or newer. The latest version, 6.47, already includes the next 3 dependencies, so you can skip directly to the Scanning section below.
    • An easy way to get the latest Nmap release is to use Kali Linux.
    • Binary installers are available for Windows.
    • RPM installer available for Linux, or install from source.
    • .dmg installer available for Mac OS X.
  2. tls.lua. The script requires this Lua library for TLS handshaking.
  3. ssl-heartbleed.nse. This is the script itself.
@bonsaiviking
bonsaiviking / nmap-check.sh
Created April 9, 2014 16:49
Check for bugs and code quality issues in Nmap source files.
#!/bin/bash
PEP8=$(which pep8)
if [ -z $PEP8 ]; then
echo "No pep8 in your path. Skipping Python checks"
else
for file in $(find "$@" -name '*.py'); do
OUTPUT=$(mktemp)
"$PEP8" -r "$file" > "$OUTPUT"
@bonsaiviking
bonsaiviking / tls-extended-random.nse
Last active August 29, 2015 13:57
Nmap NSE script to check for TLS Extended Random support. Requires Nmap (http://nmap.org) and the latest version of the tls.lua library from https://svn.nmap.org/nmap/nselib/tls.lua
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local bin = require "bin"
local tls = require "tls"
description = [[
Checks for server support of the Extended Random TLS extension, which was
allegedly created to make exploitation of the Dual EC DRBG weakness easier. The
extension was never widely adopted, and IANA did not assign an ExtensionType
@bonsaiviking
bonsaiviking / lua.vim
Last active April 4, 2022 14:38
A Vim indent file for the Lua scripting language. Install as ~/.vim/indent/lua.vim
" Vim indent file
" Language: Lua
" Maintainer: Daniel Miller <daniel@bonsaiviking.com>
" Original Author: Daniel Miller <daniel@bonsaiviking.com>
" Last Change: 2014 Feb 6
" Only load this indent file when no other was loaded.
if exists("b:did_indent")
finish
endif
@bonsaiviking
bonsaiviking / pre-commit
Last active April 11, 2024 16:10
Pre-commit git hook for Nmap (WIP)
#!/bin/bash
#
# An example hook script to verify what is about to be committed.
# Called by "git commit" with no arguments. The hook should
# exit with non-zero status after issuing an appropriate message if
# it wants to stop the commit.
#
if git rev-parse --verify HEAD >/dev/null 2>&1
then
@bonsaiviking
bonsaiviking / cli_zenmap_png.py
Created December 20, 2013 22:18
YMMV, but this should export a PNG of a zenmap topology from a Nmap XML file
#!/usr/bin/env python
import sys
if len(sys.argv) != 4:
print """{0} - Output a PNG from Nmap XML
Usage: {0} <scan.xml> <out.png> <width_in_pixels>""".format(sys.argv[0])
sys.exit(1)
try: