Skip to content

Instantly share code, notes, and snippets.

View carlchan's full-sized avatar

Carl Chan carlchan

2 followers · 4 following
  • Toronto
View GitHub Profile
@carlchan
carlchan / gist:916ed5edbef7c8d1c00be67daae8933e
Last active December 19, 2021 19:27
Log4Shell regex
(\$|%(25)*24)(\{|%(25)*7B)(((\$|%(25)*24)(\{|%(25)*7B)[^}]+(j|%[46]a)(n|%[46]e)?(d|%[46]4)?(i|%[46]9)?(%(25)*7(d|%[46]4)|\})|(j|%[46]a)(n|%[46]e)?(d|%[46]4)?(i|%[46]9)?)((\$|%(25)*24)(\{|%(25)*7B)[^}]+(j|%[46]a)?(n|%[46]e)(d|%[46]4)?(i|%[46]9)?(%(25)*7(d|%[46]4)|\})|(j|%[46]a)?(n|%[46]e)(d|%[46]4)?(i|%[46]9)?)((\$|%(25)*24)(\{|%(25)*7B)[^}]+(j|%[46]a)?(n|%[46]e)?(d|%[46]4)(i|%[46]9)?(%(25)*7(d|%[46]4)|\})|(j|%[46]a)?(n|%[46]e)?(d|%[46]4)(i|%[46]9)?)((\$|%(25)*24)(\{|%(25)*7B)[^}]+(j|%[46]a)?(n|%[46]e)?(d|%[46]4)?(i|%[46]9)(%(25)*7(d|%[46]4)|\})|(j|%[46]a)?(n|%[46]e)?(d|%[46]4)?(i|%[46]9))|((\$|%(25)*24)(\{|%(25)*7B)[^}]+(j|%[46]a)?(n|%[46]e)?(d|%[46]4)?(i|%[46]9)?(%(25)*7(d|%[46]4)|\})|(j|%[46]a|n|%[46]e|d|%[46]4|i|%[46]9)+)+)
@carlchan
carlchan / check.sh
Last active May 19, 2021 13:54
Check SSL chains. checkchain will connect to a remote host and verify no certs in the chain are about to expire. checklocalchainfile functions will check combined chain files and print each cert subject/issuer so you can verify it's in the right order.
checkchain() {
host="$1"
hostname=${host%%:*}
port=${host##*:}
[ "${port}" '==' "${hostname}" ] && port=443
echo $hostname:$port
cert=""
echo | timeout 5 openssl s_client -showcerts -servername ${hostname} -connect ${hostname}:${port} 2>&1 | sed -n '/BEGIN CERT/,/END CERT/p'| while read line; do
cert+="${line}\n"
if [ "$line" '==' '-----END CERTIFICATE-----' ]; then
@carlchan
carlchan / escurl.sh
Last active June 18, 2021 20:20
Before I discovered HTTPie, I wrote this to help manage some elasticsearch clusters. saves hostname and login credentials in per session encrypted cache so you don't have to type them every time and they don't get saved in command history either.
#!/usr/bin/env bash
# Export ESUSER and/or ESPASS to login profile
# Credentials will be cached for your session
CACHEDCREDS="${HOME}/.escurl"
ESHOST_DEFAULT="https://$(hostname -f):9200"
showhelp() {
ESCURL=$(basename $0)
echo Usage: ${ESCURL} GET/DELETE/POST/PUT APIpath \[DATA\|@filename\]
@carlchan
carlchan / keystroke the clipboard basic.workflow
Created May 7, 2020 16:01 — forked from sscotth/keystroke the clipboard extended.workflow
Paste as keystrokes (macOS)
# Why?
# To paste text into windows that normally don't allow it or have access to the clipboard.
# Examples: Virtual machines that do not yet have tools installed, websites that highjack paste
#
# How?
# Create a service: open Automator, create new service, receive no input, use any application, run applescript code below, save
# Activate: open application menu from menu bar, go to services, and you will see your service
on run
tell application "System Events"
@carlchan
carlchan / yubikey-ssh-ca.sh
Created September 24, 2019 14:36
SSH CA using a Yubikey
#!/bin/sh
set -e
set -x
openssl genrsa 2048 > ca.key
yubico-piv-tool -s9c -aimport-key < ca.key
openssl req -x509 -days 3650 -sha256 -subj "/CN=SSH CA" -key ca.key | yubico-piv-tool -s9c -S"/CN=SSH CA" -averify -aimport-certificate
# Sign with:
@carlchan
carlchan / haproxy.cfg
Last active October 29, 2019 10:09
HAProxy - Client SSL Auth "knocking" and automatic certbot
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon