Skip to content

Instantly share code, notes, and snippets.

jose nazario paralax

View GitHub Profile
paralax / stix_2_1.fsx
Created Apr 28, 2020
playing around with stix 2.1 (JSON) in F#
View stix_2_1.fsx
open System.Text
#I "/usr/local/share/dotnet/sdk/NuGetFallbackFolder/newtonsoft.json/9.0.1/lib/net40/"
#r "/usr/local/share/dotnet/sdk/NuGetFallbackFolder/newtonsoft.json/9.0.1/lib/net40/Newtonsoft.Json.dll"
module Json =
open Newtonsoft.Json
paralax /
Created Apr 20, 2020
playing around with networkx and wolfram's physics thinking
import networkx as nx
import matplotlib.pyplot as plt
g = nx.DiGraph(((1,2), (2,3), (3,4), (2,4)))
def wolfram(g):
ns = [ (x, n) for x,n in g.out_degree() if n == 2 ]
nns = []
for x, _ in ns:
paralax / censys.cs
Created Apr 6, 2020
Censys API via C#
View censys.cs
using System.IO;
using System.Net;
using System.Text;
var api_id = Environment.GetEnvironmentVariable("CENSYS_API_ID");
var api_secret = Environment.GetEnvironmentVariable("CENSYS_API_SECRET");
var credentials = System.Convert.ToBase64String(Encoding.ASCII.GetBytes(api_id + ":" + api_secret));
var wc = new WebClient();
paralax /
Created Apr 1, 2020
greynoise slack bot (python)
#!/usr/bin/env python3
import os
import re
import greynoise
import requests
from slackeventsapi import SlackEventAdapter
from slackclient import SlackClient
paralax / censys.ps1
Last active Oct 17, 2019
Censys from Powershell
View censys.ps1
# env vars for your Censys API creds
$apiid = $env:CENSYS_API_ID
$apisecret = $env:CENSYS_API_SECRET
$pair = "$apiid" + ":" + "$apisecret"
# Base64 encode them for auth
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
# set up our headers
paralax / recog_match.go
Last active Sep 29, 2019
recog_match for recog in golang
View recog_match.go
package main
// # build
// $ go get
// $ go build
// # install recog for the XML files
// $ git clone
// # usage:
// $ echo "Apache/2.4.33 (Unix) OpenSSL/1.0.2o" | ./recog_match recog/xml
paralax /
Last active Sep 24, 2019
oops command lives

years ago i saw my dad working in a terminal and i could have sworn i typed "oops " when he made a typo and it worked: the command was fixed and rerun, he didn't need to retype the whole thing. i always wanted the oops command.

however, it didn't exist, or at least as i knew it. so i wrote a portable version of it (it seems it exists in zsh, a shell i just don't use). the python part of it is really simple, just a levenshtein distance calculator and a replacement engine. you need to create a command alias for it however:

ksh, sh, bash:

$ alias oops='history>/tmp/oops_history && ~/bin/'

csh and derivatives:

paralax /
Last active May 29, 2019
check for software vulnerabilities on OSX
import glob
import plistlib
import sys
import xml
import requests
class VulnScanner(object):
def __init__(self):
self.url = '{0}&version={1}&dev=1'
paralax /
Last active Jan 21, 2020
Using Terraform and Docker, demoed with CyberChef

Using Terraform and Docker on OSX

Recently I had to learn myself some Terraform for real, and it hit me - Docker (which I have come to use extensively) would be a perfect environment in which to do this.

Before you begin, make sure you have Terraform installed:

$ brew install terraform

Start the Docker TCP listener

paralax / magecart.yar
Created Mar 20, 2019
yara rule to scan for magecart signals in HTML bodies
View magecart.yar
rule magecart
description = "This rule screens web pages to look for Magecart in script tag sources"
thread_level = 3
in_the_wild = true
$scriptopen = "<script "
$scriptclose = "</script>"
You can’t perform that action at this time.