Skip to content

Instantly share code, notes, and snippets.

Avatar

J.C. Jones jcjones

View GitHub Profile
@jcjones
jcjones / README-Downloading_All_CRLs.md
Last active Nov 26, 2021
How to try downloading all CRLs in certificates trusted by the Mozilla Root Program
View README-Downloading_All_CRLs.md

How to try downloading all CRLs in certificates trusted by the Mozilla Root Program:

Censys.io SQL query to find all CRLs:

SELECT parsed.extensions.crl_distribution_points
   FROM certificates.certificates
WHERE validation.nss.valid = true
  AND parsed.extensions.crl_distribution_points LIKE 'http%'
  AND parsed.validity.end >= '2017-07-18 00:00'
GROUP BY parsed.extensions.crl_distribution_points
View downloadedCRLs-nssTrusted-2017-08-15.log
This file has been truncated, but you can view the full file.
Script started on Tue Aug 15 18:54:52 2017
bash-3.2$ wget --recursive --tries 3 --level=1 --force-directories -P downloaded_crls/ --input-file=all_crls.csv --rejected-log=crl-failures.log
[1@1[1@2
--2017-08-15 19:00:34-- http://crl.godaddy.com/gdig2s1-367.crl
Resolving crl.godaddy.com... 72.167.18.237
Connecting to crl.godaddy.com|72.167.18.237|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 58276 (57K) [application/pkix-crl]
View password-pwn-check.py
import requests, getpass, hashlib
"""
Uses Troy Hunt's HaveIBeenPwned password check API.
https://haveibeenpwned.com/API/v2#PwnedPasswords
"""
rawpass = getpass.getpass().encode('utf-8')
passhash = hashlib.sha1(rawpass).hexdigest()
print("Checking hash: {}".format(passhash))
r = requests.get("https://haveibeenpwned.com/api/pwnedpassword/{}".format(passhash),
View create_jks_from_nss_keystore.sh
#!/bin/bash
#
# Download the current NSS keystore from Mozilla-Central, and import it into
# a Java Keystore (JKS).
#
function ensure_in_path() {
prog=$1
shift
View IssuerToCompanyMap.sql
DROP TABLE IF EXISTS `company`;
DROP TABLE IF EXISTS `issuercompany`;
CREATE TABLE IF NOT EXISTS `company` (
`companyID` INT NOT NULL AUTO_INCREMENT,
`companyName` VARCHAR(255) NOT NULL,
PRIMARY KEY (`companyID`));
CREATE TABLE IF NOT EXISTS `issuercompany` (
`companyID` INT NOT NULL,
@jcjones
jcjones / AvgNumberOfNames.sql
Created Feb 21, 2016
How many DNS Names are, on average, in each certificate issued by Let's Encrypt?
View AvgNumberOfNames.sql
SELECT
AVG(count)
FROM
(SELECT
c.certID,
(SELECT
COUNT(n.name)
FROM
name AS n
WHERE
@jcjones
jcjones / letsencrypt-ct-sql-views.sql
Last active Feb 22, 2016
Useful views for the ct-sql database
View letsencrypt-ct-sql-views.sql
CREATE VIEW `le_certificate` AS
SELECT
`certificate`.`certID` AS `certID`,
`certificate`.`serial` AS `serial`,
`certificate`.`issuerID` AS `issuerID`,
`certificate`.`subject` AS `subject`,
`certificate`.`notBefore` AS `notBefore`,
`certificate`.`notAfter` AS `notAfter`
FROM
`certificate`
@jcjones
jcjones / letsencrypt-renew.sh
Last active Oct 11, 2016
Cron script to renew Let's Encrypt certs using the official client
View letsencrypt-renew.sh
#!/bin/bash
# This is free and unencumbered software released into the public domain.
#
# This script is designed to be run daily by cron. Please run it with randomness in its timing to
# avoid load spikes at Let's Encrypt. One example, running between midnight at 2 AM, would be:
#
# 0 0 * * * sleep $[(RANDOM % 115)+5]m ; /usr/sbin/letsencrypt-renew.sh
#
# If you aren't using Nginx, adjust the startServer and stopServer methods to suit. Also, you could
# use the webroot method.
@jcjones
jcjones / user-agents-2016-01-11.csv
Created Jan 11, 2016
User Agents in LE Production, 12 hour period, 11 Jan 2016
View user-agents-2016-01-11.csv
user_agent _approxcount percentage
Go 1.1 package http 667546 63.69%
- 77436 7.39%
LetsEncryptPythonClient/0.1.1 (Ubuntu 14.04) Authenticator/webroot Installer/none 35653 3.40%
LiveConfig (2.0.1) 25291 2.41%
Go-http-client/1.1 24507 2.34%
acme-python 22750 2.17%
LetsEncryptPythonClient/0.1.1 (Ubuntu 15.10) Authenticator/webroot Installer/none 15648 1.49%
LetsEncryptPythonClient/0.1.1 (debian 7.9) Authenticator/webroot Installer/none 14265 1.36%
LetsEncryptPythonClient/0.1.1 (Ubuntu 12.04) Authenticator/webroot Installer/none 12466 1.19%