Skip to content

Instantly share code, notes, and snippets.

View paralax's full-sized avatar

jose nazario paralax

635 followers · 1 following
View GitHub Profile
@paralax
paralax / recog_match.go
Last active September 29, 2019 13:49
recog_match for recog in golang
package main
// # build
// $ go get github.com/hdm/recog-go
// $ go build
// # install recog for the XML files
// $ git clone https://github.com/hdm/recog.git
// # usage:
// $ echo "Apache/2.4.33 (Unix) OpenSSL/1.0.2o" | ./recog_match recog/xml
@paralax
paralax / README.md
Last active September 24, 2019 12:26
oops command lives

years ago i saw my dad working in a terminal and i could have sworn i typed "oops " when he made a typo and it worked: the command was fixed and rerun, he didn't need to retype the whole thing. i always wanted the oops command.

however, it didn't exist, or at least as i knew it. so i wrote a portable version of it (it seems it exists in zsh, a shell i just don't use). the python part of it is really simple, just a levenshtein distance calculator and a replacement engine. you need to create a command alias for it however:

ksh, sh, bash:

$ alias oops='history>/tmp/oops_history && ~/bin/oops.py'

csh and derivatives:

@paralax
paralax / vulmap_osx.py
Last active May 29, 2019 10:14
check for software vulnerabilities on OSX
import glob
import plistlib
import sys
import xml
import requests
class VulnScanner(object):
def __init__(self):
self.url = 'https://vulmon.com/scannerapi?product={0}&version={1}&dev=1'
@paralax
paralax / README.md
Last active August 3, 2021 03:22
Using Terraform and Docker, demoed with CyberChef

Using Terraform and Docker on OSX

Recently I had to learn myself some Terraform for real, and it hit me - Docker (which I have come to use extensively) would be a perfect environment in which to do this.

Before you begin, make sure you have Terraform installed:

$ brew install terraform

Start the Docker TCP listener

@paralax
paralax / magecart.yar
Created March 20, 2019 22:45
yara rule to scan for magecart signals in HTML bodies
rule magecart
{
meta:
description = "This rule screens web pages to look for Magecart in script tag sources"
thread_level = 3
in_the_wild = true
strings:
$scriptopen = "<script "
$scriptclose = "</script>"
@paralax
paralax / censys.go
Last active May 29, 2019 10:37
search censys from the CLI
package main
import (
"encoding/json"
"fmt"
"github.com/abadojack/gocensys"
"log"
"os"
"strings"
)
@paralax
paralax / to_cpes.py
Created November 2, 2018 02:04
prototype code to convert a web client user-agent to a sequence of MITRE CPE strings
import re
import shlex
# application-specific
def tocpe(prodstring):
if prodstring.startswith('Mozilla') or prodstring.startswith('Gecko'):
return None
templ = 'cpe:/a:{0}:{1}:{2}'
vendor = '*'
application = '*'
@paralax
paralax / avtech_rce.py
Last active October 25, 2018 18:56
Routersploit module for AVTECH Device Command Execution
from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
class Exploit(HTTPClient):
__info__ = {
"name": "AVTECH Device Command Execution",
"description": """This module exploits a vulnerability in AVTECH device httpd server. The cgi_query action in Search.cgi performs HTML requests with the wget system command, which uses the received parameters without sanitization or verification. By exploiting this issue, an attacker can execute any system command with root privileges without authentication.""",
"authors": (
"@jnazario", # routersploit module
'Gergely Eberhardt' # discovery and PoC
@paralax
paralax / dlink_dwr_cred.py
Last active September 8, 2022 15:37
D-Link Router Credential Retrieval
@paralax
paralax / dlink_dwr_dir_traversal.py
Created October 18, 2018 20:53
D-Link router Directory Traversal