Skip to content

Instantly share code, notes, and snippets.

Dan Lenski dlenski

Block or report user

Report or block dlenski

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
dlenski / formatted_link.js
Created Jan 30, 2020
Bookmarklet to copy current page title as a rich-text formatted link
View formatted_link.js
dlenski /
Created Dec 18, 2019
Playing around with freedesktop/python-geoclue
#!/usr/bin/env python
# old, Python 2.x only :-(
from __future__ import print_function
import Geoclue
from datetime import datetime
print("Geoclue version %s" % Geoclue.VERSION)
dlenski /
Last active Jan 30, 2020
Make a working RSA token from seed, expiration date, and serial number
# Takes SN, EXPIRATION, and SEED environment variables
# (SEED must be 32 hex digits) and converts them to
# an RSA SecurID token in CTF format.
# Requires:
# stoken >=v0.9
# perl5
# base64
#!/usr/bin/env python3
Exhaustive solution to
Consider 15 standard pool balls arranged in a triangle (7 solids, 7 stripes, one 8-ball).
- Solids are all equivalent to each other
- Stripes are all equivalent to each other
- Robot can perform one of three operations: rotate 120° CW, rotate 120° CCW, swap 2 balls
dlenski /
Created Sep 7, 2018
Fake server for RSA SecurID token generation
#!/usr/bin/env python3
# Needs: Python 3.5+, Flask, PyCryptoDome
# server.pem, rsapubkey.pem + rsaprivkey.pem (1024-bit) in the current directory
# What it does:
# Pretends to be the "CT-KIP" web service ( that
# RSA SecurID Token for Windows v5.0.x talks to to set up a new token, using an
# authentication code.
dlenski /
Last active Sep 4, 2018
Juniper VPN logging script for mitmproxy v4.0.4
# Run like this with mitmproxy v4.0.4:
# mitmdump --script --tcp-hosts JUNIPER.SERVER.COM
# It will dump the TCP flows with the server in a raw-ish format to /tmp/TCPFlow*,
# and will replace the MD5 hash of the "real" server certificate with that of the
# MITM'ed server certificate (as provided to the client) anywhere it appears in the
# TCP flows' content.
dlenski / bagcerts
Created Jul 17, 2018
Add "bag attributes" to a certificate chain
View bagcerts
# This script takes one or more x509 certificates in .PEM format (from
# stdin or files listed on command line) and adds helpful "bag
# attributes" before each certificate. This makes it easier for
# humans to identify the contents of the bundle.
# Requires (g)awk and openssl's x509 command line utility.
# Output fields included can be specified via openssl-x509 options:
dlenski /
Created May 29, 2018
quick-and-dirty simulator of PAN GlobalProtect server
#!/usr/bin/env python3
# This is used for testing openconnect's (
# handling of the atrocious XML+JavaScript mess used for
# authenticating to a PAN GlobalProtect VPN.
# Requires a recent version of Flask and Python 3.x, and a server.pem
# Should be fairly easy to tweak to fit various authentication scenarios.
dlenski / gist:3adcdd3dd5ed897a8e8c4f172726aaca
Created Jan 20, 2018 — forked from kzap/gist:5819745
If you want to give only Travis-CI access to a private key or secret file in your repository, you will need to encrypt it, but rather than storing the entire encrypted file in an environment variable, just store the a secret password in a secure environment variable that you will use to encrypt and decrypt your private key file. The encryption o…
View gist:3adcdd3dd5ed897a8e8c4f172726aaca
# generate your private key, put the public key on the server you will be connecting to
ssh-keygen -t rsa -f ./my_key
# generate the password/secret you will store encrypted in the .travis.yml and use to encrypt your private key
cat /dev/urandom | head -c 10000 | openssl sha1 > ./secret
# encrypt your private key using your secret password
openssl aes-256-cbc -pass "file:./secret" -in ./my_key -out ./my_key.enc -a
# download your Travis-CI public key via the API. eg:
dlenski /
Last active Dec 11, 2019
Check speed of ssh cipher(s) on your system
# Based on:
# You should set up PublicKey authentication so that you don't have to type your
# password for every cipher tested.
set -o pipefail
You can’t perform that action at this time.