This document contains excerpts from my web server logs collected over a period of 7 years that shows various kinds of recon and attack vectors.
There were a total of 37.2 million lines of logs out of which 1.1 million unique HTTP requests (Method + URI) were found.
$ sed 's/^.* - - \[.*\] "\(.*\) HTTP\/.*" .*/\1/' access.log > requests.txt
| import psycopg2 | |
| connection = psycopg2.connect("dbname=name-of-db user=prod password=xxxx host=somehost sslmode=verify-full sslrootcert=/usr/local/share/ca-certificates/ca-2019-root.pem") |
| #!/bin/bash | |
| OWNER=<org_name> | |
| REPO=$1 | |
| WORKFLOW_NAME=$2 | |
| # list workflows | |
| WORKFLOW_IDS=($(gh api -X GET /repos/$OWNER/$REPO/actions/workflows | jq -r '.workflows[] | select(.state=="disabled_manually") | .id')) | |
| for WORKFLOW_ID in "${WORKFLOW_IDS}" | |
| do |
| -- show running queries (pre 9.2) | |
| SELECT procpid, age(query_start, clock_timestamp()), usename, current_query | |
| FROM pg_stat_activity | |
| WHERE current_query != '<IDLE>' AND current_query NOT ILIKE '%pg_stat_activity%' | |
| ORDER BY query_start desc; | |
| -- show running queries (9.2) | |
| SELECT pid, age(query_start, clock_timestamp()), usename, query | |
| FROM pg_stat_activity | |
| WHERE query != '<IDLE>' AND query NOT ILIKE '%pg_stat_activity%' |
The standard way of understanding the HTTP protocol is via the request reply pattern. Each HTTP transaction consists of a finitely bounded HTTP request and a finitely bounded HTTP response.
However it's also possible for both parts of an HTTP 1.1 transaction to stream their possibly infinitely bounded data. The advantages is that the sender can send data that is beyond the sender's memory limit, and the receiver can act on
| --- | |
| # ^^^ YAML documents must begin with the document separator "---" | |
| # | |
| #### Example docblock, I like to put a descriptive comment at the top of my | |
| #### playbooks. | |
| # | |
| # Overview: Playbook to bootstrap a new host for configuration management. | |
| # Applies to: production | |
| # Description: | |
| # Ensures that a host is configured for management with Ansible. |
I screwed up using git ("git checkout --" on the wrong file) and managed to delete the code I had just written... but it was still running in a process in a docker container. Here's how I got it back, using https://pypi.python.org/pypi/pyrasite/ and https://pypi.python.org/pypi/uncompyle6
apt-get update && apt-get install gdb
create table mytable_clone (like mytable including defaults including constraints including indexes);
Slow queries:
SELECT (SELECT datname FROM pg_database WHERE dbid = oid), query, calls, (total_time / 1000 / 60) as total_minutes, (total_time/calls) as average_time FROM pg_stat_statements ORDER BY total_time DESC limit 5;Missing indexes
SELECT relname, seq_scan, seq_tup_read, idx_scan, seq_tup_read / seq_scan as ratio from pg_stat_user_tables where seq_scan > 0 order by seq_tup_read desc limit 10;| from app import app | |
| from werkzeug.contrib.profiler import ProfilerMiddleware | |
| if __name__ == '__main__': | |
| app.config['PROFILE'] = True | |
| app.wsgi_app = ProfilerMiddleware(app.wsgi_app, restrictions=[30]) | |
| app.run() |