Skip to content

Instantly share code, notes, and snippets.

J.C. Jones jcjones

Block or report user

Report or block jcjones

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View EmptyEpsilonPlayOnMac.sh
#!/bin/bash
# Date : (2019-07-07 14-39)
# Last revision : (2019-07-10 16-00)
# Wine version used : 4.11
# Distribution used to test : MacOS 10.14.5
# Author : Pug
# PlayOnLinux : 4.3.4
# Script licence : Public Domain
# Program licence : GPL2
View huge_cert_1
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7e:3e:18:16:bd:36:93:b9:2d:b6:a9:c4:a1:fa:28:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
Validity
Not Before: Nov 18 00:00:00 2015 GMT
Not After : Feb 17 23:59:59 2019 GMT
View ocspchecker-crtsh
#!/bin/bash
if [ ! -x $(which ocspchecker) ] ; then
go install github.com/jcjones/ocspchecker
fi
for id in $@; do
echo "Downloading crt.sh ID ${id}"
curl --silent https://crt.sh/?d=${id} > /tmp/${id}.pem || exit 1
ocspchecker -pem /tmp/${id}.pem
echo ""
@jcjones
jcjones / crtshToDNStruct.py
Last active Oct 19, 2017
Take a list of https://crt.sh/ IDs and produce binary forms of the Subject DNs
View crtshToDNStruct.py
import sys, re, requests
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.x509.oid import NameOID
def hex_string_for_struct(bytes):
return [ "0x{:02X}".format(x) for x in bytes ]
def hex_string_human_readable(bytes):
@jcjones
jcjones / README-Downloading_All_CRLs.md
Last active Aug 18, 2017
How to try downloading all CRLs in certificates trusted by the Mozilla Root Program
View README-Downloading_All_CRLs.md

How to try downloading all CRLs in certificates trusted by the Mozilla Root Program:

Censys.io SQL query to find all CRLs:

SELECT parsed.extensions.crl_distribution_points
   FROM certificates.certificates
WHERE validation.nss.valid = true
  AND parsed.extensions.crl_distribution_points LIKE 'http%'
  AND parsed.validity.end >= '2017-07-18 00:00'
GROUP BY parsed.extensions.crl_distribution_points
View downloadedCRLs-nssTrusted-2017-08-15.log
This file has been truncated, but you can view the full file.
Script started on Tue Aug 15 18:54:52 2017
bash-3.2$ wget --recursive --tries 3 --level=1 --force-directories -P downloaded_crls/ --input-file=all_crls.csv --rejected-log=crl-failures.log
[1@1[1@2
--2017-08-15 19:00:34-- http://crl.godaddy.com/gdig2s1-367.crl
Resolving crl.godaddy.com... 72.167.18.237
Connecting to crl.godaddy.com|72.167.18.237|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 58276 (57K) [application/pkix-crl]
View password-pwn-check.py
import requests, getpass, hashlib
"""
Uses Troy Hunt's HaveIBeenPwned password check API.
https://haveibeenpwned.com/API/v2#PwnedPasswords
"""
rawpass = getpass.getpass().encode('utf-8')
passhash = hashlib.sha1(rawpass).hexdigest()
print("Checking hash: {}".format(passhash))
r = requests.get("https://haveibeenpwned.com/api/pwnedpassword/{}".format(passhash),
View create_jks_from_nss_keystore.sh
#!/bin/bash
#
# Download the current NSS keystore from Mozilla-Central, and import it into
# a Java Keystore (JKS).
#
function ensure_in_path() {
prog=$1
shift
View IssuerToCompanyMap.sql
DROP TABLE IF EXISTS `company`;
DROP TABLE IF EXISTS `issuercompany`;
CREATE TABLE IF NOT EXISTS `company` (
`companyID` INT NOT NULL AUTO_INCREMENT,
`companyName` VARCHAR(255) NOT NULL,
PRIMARY KEY (`companyID`));
CREATE TABLE IF NOT EXISTS `issuercompany` (
`companyID` INT NOT NULL,
@jcjones
jcjones / AvgNumberOfNames.sql
Created Feb 21, 2016
How many DNS Names are, on average, in each certificate issued by Let's Encrypt?
View AvgNumberOfNames.sql
SELECT
AVG(count)
FROM
(SELECT
c.certID,
(SELECT
COUNT(n.name)
FROM
name AS n
WHERE
You can’t perform that action at this time.