Skip to content

Instantly share code, notes, and snippets.

View hillar's full-sized avatar

Hillar hillar

39 followers · 7 following
View GitHub Profile
@hillar
hillar / influxdb-udp.mjs
Created January 26, 2022 10:07
influxdb v1.8 udp only client write points
import dgram from 'dgram';
export class InfluxUdp {
constructor(opts = {}) {
this.host = opts.hostname || opts.host || '127.0.0.1';
this.port = opts.port || 8089;
this.family = opts.family || 'udp4'
if (!(this.family === 'udp4' || this.family === 'udp6')) throw new Error('The family of socket must be either udp4 or udp6')
this.client = dgram.createSocket(this.family)
@hillar
hillar / sapper2openapi.mjs
Created December 11, 2020 14:06
import { manifest } from '@sapper/internal/manifest-server'
export const definition = () => {
const openapi = { openapi: '3.0.0', paths: {} }
const routes = manifest.server_routes
for (const route of routes) {
const pattern = route.pattern.toString()
let name = pattern.replace('^\\/', '').replace('\\/?$/', '')
let params
if (name.endsWith('\\/([^/]+?)')) {
@hillar
hillar / web-eid.min.js
Created June 1, 2020 07:25
var webeid = function(e) {
"use strict";
var t, s = Object.freeze({
VERSION: "0.0.1",
MSG_DEFAULT_TIMEOUT: 12e4
});
!function(e) {
e.ERR_WEBEID_AUTH_FAIL = "ERR_WEBEID_AUTH_FAIL",
e.ERR_WEBEID_STATUS_FAIL = "ERR_WEBEID_STATUS_FAIL",
e.ERR_WEBEID_MSG_PENDING = "ERR_WEBEID_MSG_PENDING",
@hillar
hillar / FarsightSecurityNewlyObservedDomains.bro
Last active February 17, 2020 03:24
bro script to detect new domain names
##! Detect domain names what are new
##! NOD is a register of first sightings in DNS.
##! see https://www.farsightsecurity.com/Services/NOD/
@load base/frameworks/notice
module FarsightSecurityNewlyObservedDomains;
export {
@hillar
hillar / transformwithpool.mjs
Last active February 11, 2020 08:18
stream transform with internal pooling
import { Transform } from "stream";
import { inspect } from "util";
import { kStringMaxLength as STRINGMAXLENGTH } from "buffer";
import { InfluxUdp } from "./influxdb-udp.mjs";
export function wait(ms, ...msg) {
ms = Math.round(ms);
return new Promise(resolve => {
//printProgress('pause ',ms, msg)
setTimeout(() => {
@hillar
hillar / Dockerfile.alpine.R
Last active September 10, 2019 21:58
R in ALPINE docker
FROM alpine:3
MAINTAINER "No Maintenance Intended http://unmaintained.tech/"
ENV LC_ALL en_US.UTF-8
ENV LANG en_US.UTF-8
ENV BUILD_DEPS \
libc-dev \
cairo-dev \
@hillar
hillar / nos.js
Created December 5, 2018 13:03
Newly Observed Sessions
/*
NOS === Newly Observed Sessions
depends on https://github.com/simme/node-http-digest-client
*/
'use strict'
@hillar
hillar / virustotal-mhr.bro
Last active July 9, 2018 00:22
BRO :: Virustotal public API Query
##! see https://www.virustotal.com/en/documentation/public-api/#getting-file-scans
#
# Virustotal public API file report query
# resource: a sha1 hash will retrieve the most recent report on a given sample.
# apikey: your API key.
# it is limited to at most 4 requests of any nature in any given 1 minute time frame
@load base/frameworks/files
@load base/frameworks/notice
@hillar
hillar / shadowserver-mhr.bro
Last active December 9, 2017 10:11
BRO :: ShadowServer Sandbox API Status Query
##! see http://www.shadowserver.org/wiki/pmwiki.php/Services/Sandboxapi
#
# ShadowServer Sandbox API Status Query
# http://innocuous.shadowserver.org/api/?query=#md5-or-sha1#
# Returns the md5, sha1, first seen date (UTC), last seen date (UTC), file type, and ssdeep hash
# on the first line as a CSV value. The second line is a JSON object containing antivirus vendor
# and signature details for the given sample.
@load base/frameworks/files
@hillar
hillar / malwarehash.bro
Created November 12, 2014 19:15
check hash with bro
##! modified TeamCymruMalwareHashRegistry
@load base/frameworks/files
@load base/frameworks/notice
@load frameworks/files/hash-all-files
module TeamCymruMalwareHashRegistryPlusVirusTotalPublicAPI;