Skip to content

Instantly share code, notes, and snippets.

jose nazario paralax

Block or report user

Report or block paralax

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
paralax /
Last active May 29, 2019
check for software vulnerabilities on OSX
import glob
import plistlib
import sys
import xml
import requests
class VulnScanner(object):
def __init__(self):
self.url = '{0}&version={1}&dev=1'
paralax /
Last active May 29, 2019
Using Terraform and Docker, demoed with CyberChef

Using Terraform and Docker on OSX

Recently I had to learn myself some Terraform for real, and it hit me - Docker (which I have come to use extensively) would be a perfect environment in which to do this.

Before you begin, make sure you have Terraform installed:

$ brew install terraform

Start the Docker TCP listener

paralax / magecart.yar
Created Mar 20, 2019
yara rule to scan for magecart signals in HTML bodies
View magecart.yar
rule magecart
description = "This rule screens web pages to look for Magecart in script tag sources"
thread_level = 3
in_the_wild = true
$scriptopen = "<script "
$scriptclose = "</script>"
paralax / censys.go
Last active May 29, 2019
search censys from the CLI
View censys.go
package main
import (
paralax /
Created Nov 2, 2018
prototype code to convert a web client user-agent to a sequence of MITRE CPE strings
import re
import shlex
# application-specific
def tocpe(prodstring):
if prodstring.startswith('Mozilla') or prodstring.startswith('Gecko'):
return None
templ = 'cpe:/a:{0}:{1}:{2}'
vendor = '*'
application = '*'
paralax /
Last active Oct 25, 2018
Routersploit module for AVTECH Device Command Execution
from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
class Exploit(HTTPClient):
__info__ = {
"name": "AVTECH Device Command Execution",
"description": """This module exploits a vulnerability in AVTECH device httpd server. The cgi_query action in Search.cgi performs HTML requests with the wget system command, which uses the received parameters without sanitization or verification. By exploiting this issue, an attacker can execute any system command with root privileges without authentication.""",
"authors": (
"@jnazario", # routersploit module
'Gergely Eberhardt' # discovery and PoC
paralax /
Last active Oct 21, 2018
D-Link Router Credential Retrieval
paralax /
Created Oct 18, 2018
D-Link router Directory Traversal
paralax /
Created Oct 18, 2018
D-Link router Command Execution
View spelling-bee-generator.fsx
open System
open System.IO
how it works
- computes the Zipfs law letter distribution
- finds all words with 7 distinct letters
- from those it can then generate puzzles by placing the least likely letter in the center
You can’t perform that action at this time.