Skip to content

Instantly share code, notes, and snippets.

Avatar

Dan Lenski dlenski

View GitHub Profile
@dlenski
dlenski / procnet.py
Created Jun 3, 2021
Print /proc/net/{tcp,udp}{,6} in a more human-readable format
View procnet.py
#!/usr/bin/python3
import argparse
from ipaddress import IPv4Address, IPv6Address
from binascii import unhexlify
from struct import unpack
import tabulate
def hexint(x):
return int(x, 16)
@dlenski
dlenski / cert_fingerprint_test.py
Last active Jun 5, 2020
Fingerprint-based certificate validation in Python (including pin-sha256)
View cert_fingerprint_test.py
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# This is a demonstration of how to do fingerprint-based certificate
# validation in Python, in the style of OpenConnect:
# https://gitlab.com/openconnect/openconnect/-/blob/HEAD/library.c#L1084-1143
#
# For Python <3.7, we monkey-patch ssl.SSLSocket directly, because ssl.SSLContext.sslsocket_class
# isn't available until Python 3.7. For Python 3.7+, we set ssl.SSLContext.sslsocket_class
# to our modified version (which is sort of monkey-patching too).
@dlenski
dlenski / formatted_link.js
Created Jan 30, 2020
Bookmarklet to copy current page title as a rich-text formatted link
View formatted_link.js
@dlenski
dlenski / geoclue.py
Created Dec 18, 2019
Playing around with freedesktop/python-geoclue
View geoclue.py
#!/usr/bin/env python
# old, Python 2.x only :-(
# https://github.com/freedesktop/python-geoclue
from __future__ import print_function
import Geoclue
from datetime import datetime
print("Geoclue version %s" % Geoclue.VERSION)
@dlenski
dlenski / make_RSA_token.sh
Last active Jan 20, 2021
Make a working RSA token from seed, expiration date, and serial number
View make_RSA_token.sh
#!/bin/bash
# Takes SN, EXPIRATION, and SEED environment variables
# (SEED must be 32 hex digits) and converts them to
# an RSA SecurID token in CTF format.
#
# Requires:
# stoken >=v0.9
# perl5
# base64
View robopool.py
#!/usr/bin/env python3
'''
Exhaustive solution to
https://fivethirtyeight.com/features/the-robot-invasion-has-come-for-our-pool-halls/
Consider 15 standard pool balls arranged in a triangle (7 solids, 7 stripes, one 8-ball).
- Solids are all equivalent to each other
- Stripes are all equivalent to each other
- Robot can perform one of three operations: rotate 120° CW, rotate 120° CCW, swap 2 balls
@dlenski
dlenski / fakeserver.py
Created Sep 7, 2018
Fake server for RSA SecurID token generation
View fakeserver.py
#!/usr/bin/env python3
# Needs: Python 3.5+, Flask, PyCryptoDome
# server.pem, rsapubkey.pem + rsaprivkey.pem (1024-bit) in the current directory
#
# What it does:
# Pretends to be the "CT-KIP" web service (https://tools.ietf.org/html/rfc3948) that
# RSA SecurID Token for Windows v5.0.x talks to to set up a new token, using an
# authentication code.
#
@dlenski
dlenski / jun_ssl_log.py
Last active Sep 4, 2018
Juniper VPN logging script for mitmproxy v4.0.4
View jun_ssl_log.py
#!/usr/bin/python3
# Run like this with mitmproxy v4.0.4:
# mitmdump --script jun_ssl_log.py --tcp-hosts JUNIPER.SERVER.COM
#
# It will dump the TCP flows with the server in a raw-ish format to /tmp/TCPFlow*,
# and will replace the MD5 hash of the "real" server certificate with that of the
# MITM'ed server certificate (as provided to the client) anywhere it appears in the
# TCP flows' content.
@dlenski
dlenski / bagcerts
Created Jul 17, 2018
Add "bag attributes" to a certificate chain
View bagcerts
#!/bin/bash
#
# This script takes one or more x509 certificates in .PEM format (from
# stdin or files listed on command line) and adds helpful "bag
# attributes" before each certificate. This makes it easier for
# humans to identify the contents of the bundle.
#
# Requires (g)awk and openssl's x509 command line utility.
#
# Output fields included can be specified via openssl-x509 options:
@dlenski
dlenski / fake_PAN_GlobalProtect_server.py
Created May 29, 2018
quick-and-dirty simulator of PAN GlobalProtect server
View fake_PAN_GlobalProtect_server.py
#!/usr/bin/env python3
# This is used for testing openconnect's (https://github.com/dlenski/openconnect).
# handling of the atrocious XML+JavaScript mess used for
# authenticating to a PAN GlobalProtect VPN.
#
# Requires a recent version of Flask and Python 3.x, and a server.pem
#
# Should be fairly easy to tweak to fit various authentication scenarios.