Skip to content

Instantly share code, notes, and snippets.

View dhondta's full-sized avatar

Alex dhondta

View GitHub Profile
@dhondta
dhondta / README.md
Last active February 16, 2022 08:15
Proof-of-Concept for python-xdg 0.25 Python code injection (CVE-2019-12761)

Description

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.

References

@dhondta
dhondta / evil-config.ini
Last active January 11, 2023 13:02
Proof-of-Concept for logging Python code injection
[loggers]
keys=root
[handlers]
keys=stream_handler
[formatters]
keys=formatter
[logger_root]
@dhondta
dhondta / README.md
Last active February 16, 2022 08:13
Proof-of-Concept for Python parso Cache Load Vulnerability (CVE-2019-12760)

Description

** DISPUTED ** A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This is disputed because "the cache directory is not under control of the attacker in any common configuration."

References

@dhondta
dhondta / README.md
Last active July 31, 2023 22:14
Tinyscript tool for generating loose comparison hashes for PHP type juggling

PHP loose comparison input generator

This Tinyscript-based allows to generate a string with a given alphabet that has a given hash matching the format used for type juggling with PHP, that is when a loose comparison of the type ("0e12345" == ...) is used.

This can be installed using:

$ pip install tinyscript
$ tsm install loose-comparison-input-generator
@dhondta
dhondta / README.md
Last active August 28, 2023 03:35
Tinyscript tool for getting IP locations from an email (EML file)

Get Email Origin

This Tinyscript-based allows to load an email and to parse the receivers, indicating where the found IP addesses originate from.

This can be installed using:

$ pip install ipaddress mail_parser maxminddb-geolite2 tinyscript
$ tsm install get-email-origin
@dhondta
dhondta / README.md
Last active December 3, 2023 18:57
Tinyscript tool for generating preview image(s) of a PDF

PDF preview generator

This Tinyscript-based tool aims to generate preview images of an input PDF (e.g. a book).

This can be installed using:

$ pip install pdf2image tinyscript
$ tsm install pdf-preview-generator
@dhondta
dhondta / README.md
Last active July 31, 2023 22:15
Tinyscript tool to generate PDF's from reports in a STIX package

STIX report to PDF

This Tinyscript-based tool allows to decompres a STIX XML file and to output it as a PDF using pdfkit.

This can be installed using:

$ pip install bs4 pdfkit tinyscript
$ tsm install stix-reports-to-pdf
@dhondta
dhondta / git-repos-update.sh
Created September 20, 2019 11:10
Bash RC helper functions
# Custom git repos update function
git-repos-update() {
local currdir=$(pwd)
for root in /opt ~/.opt; do
for D in $root/*; do
if [ -d "${D}" ]; then
cd "${D}"
cat .git/config 2>/dev/null | \
grep url | \
cut -d" " -f 3 && \
@dhondta
dhondta / README.md
Last active February 10, 2024 10:30
Tinyscript steganography tool based on base32/64 padding

Paddinganograph

This Tinyscript-based tool allows to unhide data hidden in base32/base64 strings. It can take a PNG or JPG in input to retrieve an EXIF value as the input data.

This can be installed using:

$ pip install tinyscript
$ tsm install paddinganograph
@dhondta
dhondta / README.md
Last active May 10, 2024 20:20
Tinyscript steganography tool implementing the Pixel Indicator Technique

StegoPIT

This Tinyscript-based tool allows to apply steganography based on PIT (Pixel Indicator Technique) in order to retrieve hidden data from an image.

$ pip install tinyscript
$ tsm install stegopit