Skip to content

Instantly share code, notes, and snippets.

@p120ph37
p120ph37 / VIPAccess.exp
Created January 2, 2014 01:34
Command-line implementation of Symantec's "VIP Access" token application on OSX. This will read from the same secret key and produce the same time-based one-time-passwords as the GUI application, but with output that can be captured and used in scripts. This can be useful for things like automating two-factor AnyConnect VPN logins through openco…
#!/usr/bin/expect -f
#
# VIPAccess.exp
#
# Command-line emulation of Symantec's VIP Access software token.
# Usage:
# ./VIPAccess.exp [v]
# If the "v" argument (or any argument) is specified, verbose output
# will be produced on stderr. The OTP value will be output on stdout.
#
@p120ph37
p120ph37 / curl_file_exists.sh
Last active January 2, 2024 23:36
How to test if a remote file exists from a shell script using curl.
url='http://example.com/index.html'
# "HEAD" request
# (most servers support "HEAD", but some don't)
if curl -sfILo/dev/null "$url"; then
echo "URL exists"
else
echo "URL does not exist"
fi
@p120ph37
p120ph37 / csd-wrapper.sh
Last active December 12, 2023 23:52
A simple implementation of a CSD-Wrapper as required for OpenConnect to comply with Cisco AnyConnect "hostscan" policies.
#!/bin/bash
unset URL TICKET STUB GROUP CERTHASH LANGSELEN
shift
while [ "$1" ]; do
if [ "$1" == "-ticket" ]; then shift; TICKET=$1; fi
if [ "$1" == "-stub" ]; then shift; STUB=$1; fi
if [ "$1" == "-group" ]; then shift; GROUP=$1; fi
if [ "$1" == "-certhash" ]; then shift; CERTHASH=$1; fi
if [ "$1" == "-url" ]; then shift; URL=$1; fi
@p120ph37
p120ph37 / ip-up
Created June 30, 2014 16:27
PPP VPN split-network/split-DNS script for OSX
#!/bin/sh
####################################################
## ##
## PPP VPN split-network/split-DNS script for OSX ##
## by Aaron Meriwether ##
## ##
## installation: ##
## sudo cp thisfile /etc/ppp/ip-up ##
## sudo chmod 755 /etc/ppp/ip-up ##
## ##
@p120ph37
p120ph37 / basicauthpost.c
Created July 14, 2015 21:14
libcurl basic-auth post example
/*
* HTTP POST with authentiction using "basic" method.
* Hybrid of anyauthput.c and postinmemory.c
*
* Usage:
* cc basicauthpost.c -lcurl -o basicauthpost
* ./basicauthpost
*
*/
#include <stdio.h>
@p120ph37
p120ph37 / d64
Created July 7, 2015 21:20
Base64 decode purely via Bash builtins.
#!/bin/sh
((V=N=0))
while :; do
((V<<=6,++N))
IFS= read -n1 C && {
printf -vC '%d' "'$C"
((C=C>64&&C<91?C-65:C>96&&C<123?C-71:C>47&&C<58?C+4:C==43?62:C==47?63:(V>>=6,--N,0),V|=C))
}
((N==4)) && {
@p120ph37
p120ph37 / minio-client.sh
Last active July 21, 2023 18:37
MinIO S3 in Alpine with instance-IAM-role credentials
# Using AWS instance IAM role to provide credentials to minio-client cli.
# Works in Alpine 3.18+ (the minio-client package is not available in 3.17)
# Should also work anywhere else minio, curl, and jq can run.
# Provides a very-lightweight way to access S3 from Alpine
apk add minio-client curl jq
export MC_HOST_s3=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/ | head -1) | jq -r '"https://\(.AccessKeyId):\(.SecretAccessKey):\(.Token)@s3.amazonaws.com"')
mcli ls s3/mybucket
@p120ph37
p120ph37 / dualfactor_anyconnect.md
Last active September 29, 2022 03:39
How to connect to a Cisco AnyConnect VPN server from the OSX (or Linux) command-line without using the AnyConnect client. Specifically, one which uses VeriSign/Symantec VIP Access dual-factor tokens.

(For Linux users, make sure you have oathtool and openconnect, then start from Step 6. If you don't have a token secret key, have a friend generate one for you on OSX via steps 3-5)

Step 1

Get homebrew and install oath-toolkit, openconnect, and tuntap.
And follow the additional tuntap installation instructions!

Step 2

After the tuntap module is installed, reboot or use kextload to activate it.

@p120ph37
p120ph37 / vpn.expect
Last active December 19, 2021 23:08
Expect script to connect to an AnyConnect VPN server on OSX using only oathtool and openconnect (not the Cisco AnyConnect client)
!/usr/bin/expect -f
set timeout 30
log_user 0
puts stderr "Generating OTP"
spawn oathtool --totp YOUR_SECRET_KEY_HERE
expect -re \\d+
set otp $expect_out(0,string)
puts stderr "Connecting to VPN server $server"
@p120ph37
p120ph37 / README.md
Last active January 25, 2021 18:13
Like `tee`, but with dynamically-attached socket clients
teesocket.pl

Like tee, but with dynamically-attached socket clients

Usage

Server mode

./teesocket.pl -s /tmp/my.sock