Skip to content

Instantly share code, notes, and snippets.

Avatar

Alex dhondta

View GitHub Profile
@dhondta
dhondta / latex-clean.sh
Created Apr 15, 2022 — forked from djsutherland/latex-clean.sh
A bash script to clean latex temp files
View latex-clean.sh
#!/bin/bash
# Note: you might prefer latexmk -c since latexmk is great. It doesn't clean all of these, but see
# https://tex.stackexchange.com/questions/83341/clean-bbl-files-with-latexmk-c/83386#83386
exts="-blx.aux -blx.bib -blx.bib .acn .acr .alg .algorithms .aux .bbl .bcf .blg .brf .dvi .fdb_latexmk .fls .glg"\
" .glo .gls .glsdefs .idx .ilg .ind .ist .keys .listing .loa .lof .log .lol .lot .maf .mtc .mtc0 .mw .nav .nlo"\
" .out .pdfsync .ptc .pyg .run.xml .snm .synctex.gz .syntex.gz(busy) .tdo .thm .toc .vrb .xdy"
for x in "${@:-.}"; do
@dhondta
dhondta / README.md
Last active Feb 23, 2022
Tinyscript tool for downloading the .git folder from a disclosed Web-hosted repository
View README.md

Git Web Recovery

This is a small tool using Tinyscript and PyBots for downloading a .git folder left on a Web server. Note that this tool does NOT rely on Directory Indexing.

$ pip install pybots tinyscript
$ wget https://gist.githubusercontent.com/dhondta/7511710facb5eecc575e133ec60ed87c/raw/git-web-recovery.py && chmod +x git-web-recovery.py && sudo mv git-web-recovery.py /usr/bin/git-web-recovery

@dhondta
dhondta / README.md
Last active Oct 30, 2021
Tinyscript tools for downloading resources from Pentester Academy
View README.md

Pentester Academy Download Tools

This is a set of tools using Tinyscript in order to download resources from pentesteracademy.com and compress videos.

  • pta-downloader.py: allows to download resources given some course identifiers while compressing downloaded videos if needed.
  • video-compressor.py: allows to compress videos a posteriori.

PTA Downloader

This tool relies on wget and ffmpeg and takes a session cookie on pentesteracademy.com as a first positional argument and then multiple course identifiers as next positional arguments (for a sequential download of multiple tools). A compression ratio can be specified or compression (with default ratio 30) can be enabled for compressing videos. Check out the examples at the end of the help message to see the different usages.

@dhondta
dhondta / README.md
Last active Apr 5, 2022
Tinyscript tool to bruteforce the password of a PDF
View README.md

PDF password bruteforcer

This is a small tool using Tinyscript and PyPDF2 to bruteforce the password of a PDF given an alphabet (defaults to printables) and a length (default is 8).

$ pip install PyPDF2 tinyscript
$ wget https://gist.githubusercontent.com/dhondta/efe84a92e4dfae3b6c14932c73ab2577/raw/pdf-password-bruteforcer.py && chmod +x pdf-password-bruteforcer.py && sudo mv pdf-password-bruteforcer.py /usr/bin/pdf-password-bruteforcer

@dhondta
dhondta / README.md
Last active Dec 22, 2021
Tinyscript tool for making an evil Pickle
View README.md

Evil Pickle creation tool

This is a Tinyscript wrapper for this Gist, working with Python 2 and 3.

$ pip install tinyscript
$ wget https://gist.githubusercontent.com/dhondta/0224d42a6f9dde00247ff8646f4e89aa/raw/evil-pickle-maker.py && chmod +x evil-pickle-maker.py && sudo mv evil-pickle-maker.py /usr/bin/evil-pickle-maker
@dhondta
dhondta / README.md
Last active Jul 27, 2020
Tinyscript Proof-of-Concept tool using PyBots for exploiting an SSTI vulnerability in Craft CMS (CVE-2018-14716)
View README.md

Craft CMS SEOmatic 3.1.4 SSTI Exploit (CVE-2018-14716)

This is an automation of this exploit using Tinyscript and Pybots for getting config settings or user properties.

@dhondta
dhondta / README.md
Last active Apr 18, 2020
Modification of Firefox-Decrypt to support dictionary attack
View README.md

Firefox-Decrypt modified for dictionary attack on master password

This script is the modification of this excellent project, a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles, to make it support dictionary attack. This is published as a Gist as the related PR was refused (for a reason I completely understand) and with the consent of the author.

For the main options, please refer to the original project. You can provide a wordlist of master passwords for a dictionary attack as follows:

$ python firefox_decrypt_modified.py -w passwords.lst l1u1xh65.default
@dhondta
dhondta / README.md
Last active Oct 30, 2021
Tinyscript Proof-of-Concept tool using PyBots for exploiting a Code Execution vulnerability in ClipperCMS
View README.md
@dhondta
dhondta / README.md
Last active Apr 27, 2020
Simple lexer module for parsing a line of arguments and keyword-arguments, useful for CLI tools
View README.md

Arguments Lexer

Simple arguments lexer for parsing a line of arguments and keyword-arguments.

The ValueLexer evaluates strings (delimited by single or double quotes), booleans, floats, integers and also binary, octal or hexadecimal (to an integer).

The ArgumentsLexer ensures that the input line of arguments has the form:

arg1 arg2 ... argN kw1=val1 kw2=val2 ... kwM=valM
@dhondta
dhondta / README.md
Last active Oct 30, 2021
Tinyscript cryptography tool implementing the Solitaire Cipher algorithm
View README.md

Solitaire-Cipher

This Tinyscript-based tool implements the Solitaire Encryption Algorithm of Bruce Schneier.

$ pip install tinyscript
$ wget https://gist.githubusercontent.com/dhondta/1858f406fc55e5e5d440ff26432ad0a4/raw/solitaire-cipher.py && chmod +x solitaire-cipher.py && sudo mv solitaire-cipher.py /usr/bin/solitaire-cipher