Skip to content

Instantly share code, notes, and snippets.

View fionn's full-sized avatar
🦜
wars are waged by technicians

Fionn Fitzmaurice fionn

🦜
wars are waged by technicians
54 followers · 94 following
View GitHub Profile
@fionn
fionn / pem.regex
Created September 1, 2023 15:44
Hyperscan-compatible regex patterns for private keys
(-----BEGIN ([A-Z0-9]+ )?PRIVATE KEY-----)(\s*[A-Za-z0-9+/\r\n]+={0,2})(\s*-----END ([A-Z0-9]+ )?PRIVATE KEY-----)
@fionn
fionn / stdin.sh
Created June 27, 2023 14:38
Flexible inputs for Bash scripts
#!/bin/bash
set -euo pipefail
function process {
return 0
}
function main {
mapfile -t inputs < <(echo "${1:-$(</dev/stdin)}")
@fionn
fionn / bic5.py
Last active June 14, 2023 17:37
https://bigiamchallenge.com/finisher/TwvEF1Ca
#!/usr/bin/env python3
import boto3 # type: ignore
import requests # type: ignore
REGION = "us-east-1"
IDENTITY_POOL_ID = REGION + ":b73cb2d2-0d00-4e77-8e80-f99d9c13da3b"
def main() -> None:
"""Entry point"""
@fionn
fionn / ssh-agent.service
Created July 22, 2022 16:49
Systemd user service for ssh-agent
[Unit]
Description=SSH agent
[Service]
Type=forking
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
ExecStart=/usr/bin/ssh-agent -a $SSH_AUTH_SOCK
[Install]
WantedBy=default.target
@fionn
fionn / cleanup_undo_dir.sh
Created July 15, 2022 12:02
Remove Vim undo files when the target doesn't exist anymore
#!/bin/bash
set -euo pipefail
undodir=${XDG_CACHE_HOME:-$HOME/.cache}/vim/undo/
pushd "$undodir" >/dev/null
for undo_file in *; do
real_file=${undo_file//%/\/}
@fionn
fionn / 200-hardening.conf
Created July 12, 2022 16:32
SSHd hardening
PermitRootLogin no
PasswordAuthentication no
KbdInteractiveAuthentication no
AllowAgentForwarding no
MaxAuthTries 1
MaxSessions 3
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org
@fionn
fionn / fix_twitter.filters
Created July 5, 2022 06:50
Blocklist to remove liked and recommended tweets from the Twitter timeline
! https://www.reddit.com/r/uBlockOrigin/wiki/solutions#wiki_twitter
! My Timeline - no inserted sections (Who to follow/Topics to follow, etc.)
twitter.com##[aria-label="Timeline: Your Home Timeline"] div[style^="transform: translateY"][style*="position: absolute;"]:not(:first-child:has-text(/^Show \d\d? Tweets?$/)):not(:has(>div:only-child:empty, article, [href^="/i/status/"], [role="progressbar"])):style(opacity: 0.2 !important)
! Other Timelines - no inserted sections (Who to follow/Topics to follow, etc.)
twitter.com##[aria-label$="’s Tweets"] div[style^="transform: translateY"][style*="position: absolute;"]:not(:has(>div:only-child:empty, article, [href^="/i/status/"], [role="progressbar"])):style(opacity: 0.2 !important)
! [User] liked
twitter.com##:is([aria-label="Timeline: Your Home Timeline"], [aria-label$="’s Tweets"]) article :not([role="button"]>div>div>svg>g>path)[d$="13.157H12z"]:upward(article):style(opacity: 0.2 !important)
! [User] Retweeted
!twitter.com##:is([aria-label="Timeline: Your Home
@fionn
fionn / k8shell
Created January 3, 2022 05:13
Get a shell on a k8s pod
#!/usr/bin/env bash
# Usage: k8shell namespace/pod.
set -euo pipefail
mapfile -d "/" -t ns_pod <<< "$1"
if [ "${#ns_pod[@]}" == 2 ]; then
ns="${ns_pod[0]}"
@fionn
fionn / san.sh
Last active July 8, 2022 13:08
Server name
#!/bin/bash
set -euo pipefail
echo | openssl s_client -servername "$1" -connect "$1":443 2>/dev/null | openssl x509 -noout -text | grep -A 1 "X509v3 Subject Alternative Name:" | grep "DNS:" | tr -d "DNS:" | tr -d " " | tr "," "\n"
@fionn
fionn / secure_object.py
Last active October 7, 2021 18:22
Dumb idea for intrinsic timing-attack-resistant Python object comparison
#!/usr/bin/env python3
import hmac
class SecureObject(bytes):
"""Bytes that can be compared safely"""
def __eq__(self, other: object) -> bool:
return hmac.compare_digest(self, other) # type: ignore