Skip to content

Instantly share code, notes, and snippets.

jose nazario paralax

View GitHub Profile
@paralax
paralax / stix_2_1.fsx
Created Apr 28, 2020
playing around with stix 2.1 (JSON) in F#
View stix_2_1.fsx
open System.Text
/// https://fsharpforfunandprofit.com/posts/serializating-your-domain-model/
#I "/usr/local/share/dotnet/sdk/NuGetFallbackFolder/newtonsoft.json/9.0.1/lib/net40/"
#r "/usr/local/share/dotnet/sdk/NuGetFallbackFolder/newtonsoft.json/9.0.1/lib/net40/Newtonsoft.Json.dll"
module Json =
open Newtonsoft.Json
@paralax
paralax / wolfram_graph_transform.py
Created Apr 20, 2020
playing around with networkx and wolfram's physics thinking
View wolfram_graph_transform.py
import networkx as nx
import matplotlib.pyplot as plt
g = nx.DiGraph(((1,2), (2,3), (3,4), (2,4)))
def wolfram(g):
ns = [ (x, n) for x,n in g.out_degree() if n == 2 ]
print(list(ns))
nns = []
for x, _ in ns:
@paralax
paralax / censys.cs
Created Apr 6, 2020
Censys API via C#
View censys.cs
using System.IO;
using System.Net;
using System.Text;
var api_id = Environment.GetEnvironmentVariable("CENSYS_API_ID");
var api_secret = Environment.GetEnvironmentVariable("CENSYS_API_SECRET");
var credentials = System.Convert.ToBase64String(Encoding.ASCII.GetBytes(api_id + ":" + api_secret));
var wc = new WebClient();
@paralax
paralax / greynoisebot.py
Created Apr 1, 2020
greynoise slack bot (python)
View greynoisebot.py
#!/usr/bin/env python3
# https://github.com/slackapi/python-slack-events-api/blob/master/example/example.py
import os
import re
import greynoise
import requests
from slackeventsapi import SlackEventAdapter
from slackclient import SlackClient
@paralax
paralax / censys.ps1
Last active Oct 17, 2019
Censys from Powershell
View censys.ps1
# env vars for your Censys API creds
$apiid = $env:CENSYS_API_ID
$apisecret = $env:CENSYS_API_SECRET
$pair = "$apiid" + ":" + "$apisecret"
# Base64 encode them for auth
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
# set up our headers
@paralax
paralax / recog_match.go
Last active Sep 29, 2019
recog_match for recog in golang
View recog_match.go
package main
// # build
// $ go get github.com/hdm/recog-go
// $ go build
// # install recog for the XML files
// $ git clone https://github.com/hdm/recog.git
// # usage:
// $ echo "Apache/2.4.33 (Unix) OpenSSL/1.0.2o" | ./recog_match recog/xml
@paralax
paralax / README.md
Last active Sep 24, 2019
oops command lives
View README.md

years ago i saw my dad working in a terminal and i could have sworn i typed "oops " when he made a typo and it worked: the command was fixed and rerun, he didn't need to retype the whole thing. i always wanted the oops command.

however, it didn't exist, or at least as i knew it. so i wrote a portable version of it (it seems it exists in zsh, a shell i just don't use). the python part of it is really simple, just a levenshtein distance calculator and a replacement engine. you need to create a command alias for it however:

ksh, sh, bash:

$ alias oops='history>/tmp/oops_history && ~/bin/oops.py'

csh and derivatives:

@paralax
paralax / vulmap_osx.py
Last active May 29, 2019
check for software vulnerabilities on OSX
View vulmap_osx.py
import glob
import plistlib
import sys
import xml
import requests
class VulnScanner(object):
def __init__(self):
self.url = 'https://vulmon.com/scannerapi?product={0}&version={1}&dev=1'
@paralax
paralax / README.md
Last active Jan 21, 2020
Using Terraform and Docker, demoed with CyberChef
View README.md

Using Terraform and Docker on OSX

Recently I had to learn myself some Terraform for real, and it hit me - Docker (which I have come to use extensively) would be a perfect environment in which to do this.

Before you begin, make sure you have Terraform installed:

$ brew install terraform

Start the Docker TCP listener

@paralax
paralax / magecart.yar
Created Mar 20, 2019
yara rule to scan for magecart signals in HTML bodies
View magecart.yar
rule magecart
{
meta:
description = "This rule screens web pages to look for Magecart in script tag sources"
thread_level = 3
in_the_wild = true
strings:
$scriptopen = "<script "
$scriptclose = "</script>"
You can’t perform that action at this time.