Skip to content

Instantly share code, notes, and snippets.

View leonjza's full-sized avatar
[hip, hip]

Leon Jacobs leonjza

[hip, hip]
View GitHub Profile
leonjza /
Last active February 22, 2024 18:19
extract a 1password 1pux exported organisation into separate vault exports

1Password 8 .1pux Vault Extrator

Looks like 1Password 8 only allows you to export whole organsations with all the vaults you have access to. Exporting to .1pux format means you can use this script to separate vaults into their own exports.


./ 1password_export.1pux
leonjza /
Created October 23, 2023 18:12


I was curious about how hard it would be to implement something like pypipe[1] in go. Turns out, not that hard.



$ echo "foo bar" | go run main.go 4
leonjza / Instructions.txt
Last active July 17, 2023 05:14
HTB Business CTF 2023 - scada/Breach solve
1. The door order that must be achieved to successfully allow the team to infiltrate the building is: [door_3, door_0, door_4, door_1, door_2] and must be sequential.
2. The coils for the doors have restricted access on the Modbus network and can not be written.
3. The sensors are hardwired to coils, thus driving the coil will result in the sensor signal being altered.
4. SYSTEM REST: Upon mission completion, the system will reset after approximately two minutes.
5. FLAG: the flag will be available on the holding registers starting at address 4 upon completion of the mission.
leonjza /
Last active July 10, 2023 15:05
SenseCon '23 Announcement Challenge
leonjza /
Last active July 9, 2023 11:26
Tailscale Webhook to Telegram

Tailscale Webhook to Telegram

These files are an example setup to have Tailscale webhooks deliver to a Telegram channel with fronted with Traefik, protected with an HTTP basic authentication setup.


Get a set of credentials to populate in the in the traefik.http.middlewares.basic-auth.basicauth.users label with htpasswd -Bn user. Remember to double escape the $ sign.

Then, in the Tailscale administrator console, add a new webhook endpoint that would point to something like after configuring your docker-compose.yml file appropriately.

leonjza /
Created February 15, 2023 19:59
Search HackerOne for Bounty Programs
# search h1 bounty programs
# 2023 @leonjza
# you need to grab a cookie and x-csrf-token value.
# one way to do that is (without auth):
# 1. browse to
# 2. open the console
# 3. search something
leonjza / patch.diff
Created September 30, 2022 13:21
tun2socks debug patch
diff --git a/docker/ b/docker/
index 78571d9..765b13f 100644
--- a/docker/
+++ b/docker/
@@ -1,55 +1,28 @@
+# Modified version of
leonjza /
Created August 24, 2022 09:15 — forked from joswr1ght/
Read a file of network + CIDR masks, one per line; count the number of IP addresses it represents
#!/usr/bin/env python3
# original:
import sys
def countips(netblock):
v = netblock.split('/')
# nothing?
leonjza /
Last active April 20, 2024 09:13
Forward a remote iOS device, locally.

Forwards a remote iOS device, exposed via usbmuxd on Linux to a local macOS client.
The inverse (aka ssh -R) is left as an excercise to the reader, but shouldn't be too hard :)

This is basically a simple usbfluxd that only depends on socat.


Copy the bash script to a local file, say and make it executable with chmod +x

leonjza /
Created May 28, 2022 13:02
macOS enable vnc remotely via ssh
# simple script to enable remote management via an ssh
set -e
if [ "$EUID" -ne 0 ]
then echo "please run as root (eg: sudo $0)"