Skip to content

Instantly share code, notes, and snippets.

@bonsaiviking
bonsaiviking / tls-extended-random.nse
Last active Aug 29, 2015
Nmap NSE script to check for TLS Extended Random support. Requires Nmap (http://nmap.org) and the latest version of the tls.lua library from https://svn.nmap.org/nmap/nselib/tls.lua
View tls-extended-random.nse
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local bin = require "bin"
local tls = require "tls"
description = [[
Checks for server support of the Extended Random TLS extension, which was
allegedly created to make exploitation of the Dual EC DRBG weakness easier. The
extension was never widely adopted, and IANA did not assign an ExtensionType
@bonsaiviking
bonsaiviking / service_fp.nse
Created Oct 1, 2014
turn a service_fp blob into binary blob
View service_fp.nse
local lpeg = require "lpeg"
local U = require "lpeg-utility"
local getquote = U.escaped_quote()
local unescape = lpeg.P ( {
lpeg.Cs((lpeg.V "simple_char" + lpeg.V "unesc")^0),
esc = lpeg.P "\\",
simple_char = lpeg.P(1) - lpeg.V "esc",
unesc = (lpeg.V "esc" * lpeg.Cs( lpeg.V "esc" + lpeg.V "specials" + lpeg.V "code" + lpeg.P(1) ))/"%1",
specials = lpeg.S "trn0" / {t="\t", r="\r", n="\n", ["0"]="\0"},
@bonsaiviking
bonsaiviking / ssl-poodle.md
Last active Aug 29, 2015
Nmap NSE script for detecting POODLE-vulnerable servers (SSLv3 with CBC ciphersuites)
View ssl-poodle.md
@bonsaiviking
bonsaiviking / tls-hellofirst.nse
Created Mar 25, 2015
tls-hellofirst - Audit TLS implementations for handshake reversal. https://twitter.com/bonsaiviking/status/580727089944518656
View tls-hellofirst.nse
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"
local bin = require "bin"
local tls = require "tls"
description = [[
Tries to confuse a TLS server into sending a ClientHello by first sending a HelloRequest.
@bonsaiviking
bonsaiviking / newnym.pl
Created Apr 25, 2012
Request a new identity from Tor via web request (suggest to make a bookmark)
View newnym.pl
#!/usr/bin/perl
use strict;
use warnings;
use HTTP::Daemon;
use IO::Socket;
my $torport=9051;
my $password="footor";
my $good = HTTP::Response->new(
@bonsaiviking
bonsaiviking / slammer.nse
Created Jul 16, 2012
Nmap script launcher for SQL Slammer worm
View slammer.nse
local nmap = require "nmap"
local shortport = require "shortport"
local bin = require "bin"
description = [[Sends the SQL Slammer worm to a host.
If vulnerable, it will attempt to propagate to other IP addresses.
DO NOT RUN THIS SCRIPT ON THE INTERNET. For use in closed environments
for educational purpose only.]]
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
@bonsaiviking
bonsaiviking / cipherstrength.pl
Created Jul 17, 2012
Rate TLS ciphers similar to ssllabs.com's ranking system
View cipherstrength.pl
#!/usr/bin/perl
use strict;
use warnings;
use 5.012;
my %kex_scores = (
NULL => 0,
anon => 0,
EXPORT => 40,
@bonsaiviking
bonsaiviking / printbomb.nse
Created Oct 5, 2012
NSE script for printing crap to PJL printers. Don't run this, please. Lots of improvements possible, too.
View printbomb.nse
description = [[
Print a bunch of pages.
]]
author = "Daniel Miller"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"intrusive", "dos"}
@bonsaiviking
bonsaiviking / headless.pl
Created Jan 31, 2013
Finding headless shells
View headless.pl
#!/usr/bin/perl -an
# One-liner version:
# lsof -d txt,0,1,2 | perl -anE'push@g,$F[1]if$F[4]eq"CHR"and$F[8]=~/^.dev.[pt]t[sy]/;$t{$F[1]}=$_ if$F[3]eq"txt"and$F[8]=~/^.(usr.)?bin.((b|d)?a|z|k|c|tc)*sh/;END{delete$t{$_}for@g;say values%t}'
# store the PID of processes that use a PTY/TTY for STDIN, STDOUT, or STDERR
push @g, $F[1] if $F[4] eq "CHR" and $F[8]=~/^.dev.[pt]t[sy]/;
# Store the whole line if the txt file descriptor is a shell
$t{$F[1]}=$_ if $F[3] eq "txt" and $F[8]=~/^.(usr.)?bin.((b|d)?a|z|k|c|tc)*sh/;
@bonsaiviking
bonsaiviking / test.nse
Created Feb 1, 2013
Minimal test script for Nmap's NSE script testing. Can be run simply with `nmap --script=test.nse` and no further arguments.
View test.nse
description = [[Minimal framework for testing NSE scripts. Modify as needed.]]
author = "Daniel Miller"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"testing"}
prerule = function() return true end
You can’t perform that action at this time.