Skip to content

Instantly share code, notes, and snippets.

Nerdin' out

Charles Neill cneill

Nerdin' out
View GitHub Profile
cneill / ben.go
Last active Aug 23, 2020
Analyze a set of numbers for "Benfordness"
View ben.go
package main
import (
View glance-log
2016-09-19 19:03:38.916 32495 INFO eventlet.wsgi.server [req-fa70e3a2-91ed-4cd8-a59d-8e0095cbfd31 1fadb086cfd94c1d8ab9d554657054d1 3330be90ba344c34b34afc27de7e7195 - default default] - - [19/Sep/2016 19:03:38] "POST /v2/tasks HTTP/1.1" 201 850 0.181028
2016-09-19 19:03:38.985 32495 INFO glance.domain [-] Task [e4bcbd26-c8d5-4d81-87f0-2f8c64fabd4e] status changing from processing to processing
2016-09-19 19:03:38.987 32495 DEBUG oslo_messaging._drivers.amqpdriver [-] CAST unique_id: caef117456034a4aaa1c30d4043b86f7 NOTIFY exchange 'glance' topic '' _send /usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/
2016-09-19 19:03:39.082 32495 DEBUG glance.async.taskflow_executor [-] Taskflow executor picked up the execution of task ID e4bcbd26-c8d5-4d81-87f0-2f8c64fabd4e of task type import _run /opt/stack/glance/glance/async/
2016-09-19 19:03:39.139 32495 ERROR glance.async.flows.base_import [-] Bad task configuration: Task was not config


  "errors": [ ErrorObjects ],
  "failures": [ FailureObjects ],
  "stats": {
    "severity": {
      "HIGH": 0,
      "MEDIUM": 0,

Requesting with these templates (all non-GET requests to SimpleHTTPServer return 501 status codes):

GET /derp HTTP/1.1
Accept: application/json

View idea.json
"errors": [],
"failures": {
"localhost:9000/test": {
"500_errors": {
"description": "This request returns an error with status code 501, which might indicate some server-side fault that could lead to further vulnerabilities",
"payloads": [
"confidence": "High",
"param": {

Syntribos Checks / Signals

Exception Checks

HTTP Request Failures

  • Inputs: Single requestslib exception object
  • Description: This signal is returned when requests throws an exception on a request
  • Check Location: syntribos.clients.http.checks
View syntribos-cafe-code.txt
doc/source/ = {'cafe': ('', None)}
doc/source/ 'cafe',
doc/source/ 'cafe.engine.http.client',
doc/source/ 'cafe.drivers.unittest.arguments'
syntribos/ cafe.drivers.unittest.arguments
syntribos/ action=cafe.drivers.unittest.arguments.ConfigAction,
syntribos/ help="test config. Looks in the ~/.opencafe/configs directory"
syntribos/clients/http/ Original from OpenCafe (
syntribos/clients/http/ cafe.engine.models.data_interfaces import ConfigSectionInterface
syntribos/ cafe.engine.models.data_interfaces import ConfigSectionInterface
View syntribos-cafe-docs.txt
CONTRIBUTING.rst:10:4. No new code will be accepted if it adds a new dependency on OpenCAFE, or adds
CONTRIBUTING.rst:11: on top of existing CAFE functionality IF it cannot stand on its own without
README.rst:35:CAFE Framework <>`__.
README.rst:83:- Create a directory named .opencafe in the user's home directory, or in the case of a python virtualenv, in the virtualenv root folder.
README.rst:87: $ cafe-config init
README.rst:93: $ cafe-config plugins install http
README.rst:98:Copy the data files from Syntribos data directory to .opencafe/data directory created during "cafe-config init". This directory contains the fuzz string files. Copy the example configuration file to .opencafe/configs directory created during "cafe-config init".
README.rst:102: $ cp syntribos/data/* .opencafe/data/
README.rst:103: $ cp syntribos/examples/configs/keystone.config .opencafe/configs/.
cneill /
Last active May 24, 2016
Description of testing concepts / etc. in Syntribos

Terminology for Syntribos


  • Meaning: A set of checks that is conducted to uncover the presence of a specific type of vulnerability. Tests should be able to specify requests or Request Chains that it knows how to interact with
  • Purpose: Identify vulnerabilities
  • Example: SQL Injection

Test Case

def _logTests(self, tests, bucket, status=None):
"""Log each test by adding to self.all_tests and the right "bucket"
based on the status of the test (e.g. self.aggregated_errors)
:param list tests: test results (e.g. test.failures)
:param dict bucket: place to store the tests (e.g. self.aggregated_errors)
for issue in tests:
url = issue.request.url
method = issue.request.method