Skip to content

Instantly share code, notes, and snippets.

View dlenski's full-sized avatar

Dan Lenski dlenski

View GitHub Profile
@dlenski
dlenski / filter_messages_from_pidgin_log.py
Last active January 29, 2016 21:58
Filter raw protocol messages from Pidgin debug log (`pidgin -d`)
#/usr/bin/env python2
from __future__ import print_function
from sys import stdin, stderr, stdout
import re
message = []
message_started = message_ended = None
for line in stdin:
"""Example of using hangups to lookup contacts by id."""
import sys
import asyncio
import hangups
# Path where OAuth refresh token is saved, allowing hangups to remember your
@dlenski
dlenski / ssh-cipher-benchmark.sh
Last active December 6, 2022 09:14
Check speed of ssh cipher(s) on your system
#!/bin/bash
# Based on: http://www.systutorials.com/5450/improving-sshscp-performance-by-choosing-ciphers/#comment-28725
#
# You should set up PublicKey authentication so that you don't have to type your
# password for every cipher tested.
set -o pipefail
ciphers="$@"
@dlenski
dlenski / gist:3adcdd3dd5ed897a8e8c4f172726aaca
Created January 20, 2018 03:23 — forked from kzap/gist:5819745
If you want to give only Travis-CI access to a private key or secret file in your repository, you will need to encrypt it, but rather than storing the entire encrypted file in an environment variable, just store the a secret password in a secure environment variable that you will use to encrypt and decrypt your private key file. The encryption o…
# generate your private key, put the public key on the server you will be connecting to
ssh-keygen -t rsa -f ./my_key
# generate the password/secret you will store encrypted in the .travis.yml and use to encrypt your private key
cat /dev/urandom | head -c 10000 | openssl sha1 > ./secret
# encrypt your private key using your secret password
openssl aes-256-cbc -pass "file:./secret" -in ./my_key -out ./my_key.enc -a
# download your Travis-CI public key via the API. eg: https://api.travis-ci.org/repos/travis-ci/travis-ci/key
@dlenski
dlenski / fake_PAN_GlobalProtect_server.py
Created May 29, 2018 18:16
quick-and-dirty simulator of PAN GlobalProtect server
#!/usr/bin/env python3
# This is used for testing openconnect's (https://github.com/dlenski/openconnect).
# handling of the atrocious XML+JavaScript mess used for
# authenticating to a PAN GlobalProtect VPN.
#
# Requires a recent version of Flask and Python 3.x, and a server.pem
#
# Should be fairly easy to tweak to fit various authentication scenarios.
@dlenski
dlenski / bagcerts
Created July 17, 2018 03:56
Add "bag attributes" to a certificate chain
#!/bin/bash
#
# This script takes one or more x509 certificates in .PEM format (from
# stdin or files listed on command line) and adds helpful "bag
# attributes" before each certificate. This makes it easier for
# humans to identify the contents of the bundle.
#
# Requires (g)awk and openssl's x509 command line utility.
#
# Output fields included can be specified via openssl-x509 options:
@dlenski
dlenski / jun_ssl_log.py
Last active May 21, 2024 19:30
Juniper VPN logging script for mitmproxy v4.0.4
#!/usr/bin/python3
# Run like this with mitmproxy v4.0.4:
# mitmdump --script jun_ssl_log.py --tcp-hosts JUNIPER.SERVER.COM
#
# It will dump the TCP flows with the server in a raw-ish format to /tmp/TCPFlow*,
# and will replace the MD5 hash of the "real" server certificate with that of the
# MITM'ed server certificate (as provided to the client) anywhere it appears in the
# TCP flows' content.
@dlenski
dlenski / fakeserver.py
Last active May 10, 2022 21:17
Fake server for RSA SecurID token generation (see https://github.com/dlenski/rsa_ct_kip#fake-server)
#!/usr/bin/env python3
# Needs: Python 3.5+, Flask, PyCryptoDome
# server.pem, rsapubkey.pem + rsaprivkey.pem (1024-bit) in the current directory
#
# What it does:
# Pretends to be the "CT-KIP" web service (https://tools.ietf.org/html/rfc3948) that
# RSA SecurID Token for Windows v5.0.x talks to to set up a new token, using an
# authentication code.
#
#!/usr/bin/env python3
'''
Exhaustive solution to
https://fivethirtyeight.com/features/the-robot-invasion-has-come-for-our-pool-halls/
Consider 15 standard pool balls arranged in a triangle (7 solids, 7 stripes, one 8-ball).
- Solids are all equivalent to each other
- Stripes are all equivalent to each other
- Robot can perform one of three operations: rotate 120° CW, rotate 120° CCW, swap 2 balls
@dlenski
dlenski / make_RSA_token.sh
Last active January 20, 2021 17:51
Make a working RSA token from seed, expiration date, and serial number
#!/bin/bash
# Takes SN, EXPIRATION, and SEED environment variables
# (SEED must be 32 hex digits) and converts them to
# an RSA SecurID token in CTF format.
#
# Requires:
# stoken >=v0.9
# perl5
# base64