Skip to content

Instantly share code, notes, and snippets.

View jcjones's full-sized avatar

J.C. Jones jcjones

111 followers · 20 following
View GitHub Profile
@jcjones
jcjones / IssuerToCompanyMap.sql
Created April 5, 2016 22:21
DROP TABLE IF EXISTS `company`;
DROP TABLE IF EXISTS `issuercompany`;
CREATE TABLE IF NOT EXISTS `company` (
`companyID` INT NOT NULL AUTO_INCREMENT,
`companyName` VARCHAR(255) NOT NULL,
PRIMARY KEY (`companyID`));
CREATE TABLE IF NOT EXISTS `issuercompany` (
`companyID` INT NOT NULL,
@jcjones
jcjones / create_jks_from_nss_keystore.sh
Created December 19, 2016 17:35
#!/bin/bash
#
# Download the current NSS keystore from Mozilla-Central, and import it into
# a Java Keystore (JKS).
#
function ensure_in_path() {
prog=$1
shift
@jcjones
jcjones / password-pwn-check.py
Last active August 3, 2017 16:37
import requests, getpass, hashlib
"""
Uses Troy Hunt's HaveIBeenPwned password check API.
https://haveibeenpwned.com/API/v2#PwnedPasswords
"""
rawpass = getpass.getpass().encode('utf-8')
passhash = hashlib.sha1(rawpass).hexdigest()
print("Checking hash: {}".format(passhash))
r = requests.get("https://haveibeenpwned.com/api/pwnedpassword/{}".format(passhash),
@jcjones
jcjones / downloadedCRLs-nssTrusted-2017-08-15.log
Created August 17, 2017 22:36
This file has been truncated, but you can view the full file.
Script started on Tue Aug 15 18:54:52 2017
bash-3.2$ wget --recursive --tries 3 --level=1 --force-directories -P downloaded_crls/ --input-file=all_crls.csv --rejected-log=crl-failures.log
[1@1[1@2
--2017-08-15 19:00:34-- http://crl.godaddy.com/gdig2s1-367.crl
Resolving crl.godaddy.com... 72.167.18.237
Connecting to crl.godaddy.com|72.167.18.237|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 58276 (57K) [application/pkix-crl]
Saving to: ‘downloaded_crls/crl.godaddy.com/gdig2s1-367.crl’
@jcjones
jcjones / README-Downloading_All_CRLs.md
Last active November 26, 2021 05:33
How to try downloading all CRLs in certificates trusted by the Mozilla Root Program

How to try downloading all CRLs in certificates trusted by the Mozilla Root Program:

Censys.io SQL query to find all CRLs:

SELECT parsed.extensions.crl_distribution_points
   FROM certificates.certificates
WHERE validation.nss.valid = true
  AND parsed.extensions.crl_distribution_points LIKE 'http%'
  AND parsed.validity.end >= '2017-07-18 00:00'
GROUP BY parsed.extensions.crl_distribution_points
@jcjones
jcjones / crtshToDNStruct.py
Last active October 19, 2017 03:15
Take a list of https://crt.sh/ IDs and produce binary forms of the Subject DNs
import sys, re, requests
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.x509.oid import NameOID
def hex_string_for_struct(bytes):
return [ "0x{:02X}".format(x) for x in bytes ]
def hex_string_human_readable(bytes):
@jcjones
jcjones / ocspchecker-crtsh
Created November 13, 2017 23:21
#!/bin/bash
if [ ! -x $(which ocspchecker) ] ; then
go install github.com/jcjones/ocspchecker
fi
for id in $@; do
echo "Downloading crt.sh ID ${id}"
curl --silent https://crt.sh/?d=${id} > /tmp/${id}.pem || exit 1
ocspchecker -pem /tmp/${id}.pem
echo ""
@jcjones
jcjones / huge_cert_1
Created September 28, 2018 15:27
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7e:3e:18:16:bd:36:93:b9:2d:b6:a9:c4:a1:fa:28:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
Validity
Not Before: Nov 18 00:00:00 2015 GMT
Not After : Feb 17 23:59:59 2019 GMT
@jcjones
jcjones / EmptyEpsilonPlayOnMac.sh
Last active July 10, 2019 23:20
#!/bin/bash
# Date : (2019-07-07 14-39)
# Last revision : (2019-07-10 16-00)
# Wine version used : 4.11
# Distribution used to test : MacOS 10.14.5
# Author : Pug
# PlayOnLinux : 4.3.4
# Script licence : Public Domain
# Program licence : GPL2
@jcjones
jcjones / generate-hex.py
Created November 1, 2019 17:54
Broken RSA PKCS8 structure - missing the prime1 field of PKCS1
pkcs1 = {
"version": 0,
"modulus": 25919547779068344813557225018916459243888511060580538521317535335916939669305711198124884121889905971452025616014278206275340890512969518554057142602273923483999163870181876938187799162284290847100195363021806949618646246749945850028053399500856599964212551512723624622979641733723716683062556541446382026036719662605892702171703485093064473383644496568073302712792779146792258459955311804887040246129590180745167177685560045626455120174460475726780417816070155430314837988907034054380822924150908056421408653448071530817548866905564640574264813470442105775538969501246892411050963085070599532463413097543580760453193,
"publicExponent": 65537,
"privateExponent": 6861045132845227059914105614052561682148677691669609262978418343950548077927208719731914639769078364782485319538820793177359564347147339790893438971332957330979713670444408519213298440076718153340772222678827333597575035302471285018946097235773079270933355869855645512602817107841967697907582447793030431476561