superstes

#/usr/bin/env python3

import os
from threading import Thread

# writing secret values to FIFO-pipes so they can only be read/consumed once
# safer than writing a text-file and then deleting it
# read-out the fifo-pipes via: cat /tmp/t555_1 /tmp/t555_3 /tmp/t555_2

payload = {

superstes

#!/usr/bin/env python3

# the netfilter uses the 'token bucket algorithm'
# it sometimes can be a bit 'unintuitive' how this rate-limit-algorithm works
#   the algorithm expects the packets, as defined by the limit, to be somewhat spread over the whole timewindow (second/minute/..)
#   token bucket punishes short-term overages beyond the burst capacity
# limit source code: https://github.com/torvalds/linux/blob/master/net/netfilter/nft_limit.c
# this script provides a way to easily test "rate-limit + burst" configurations
#   to get practical data you can simply run "tcpdump" on your target system and extract the packet-times from its output

superstes

#!/usr/bin/env bash

# PREPARE:
#   download & extract easyrsa: https://github.com/openvpn/easy-rsa/releases
#   cd into the EasyRSA* dir
#   cp vars.example vars
#   edit the vars to your needs - you might want to change 'rsa' to 'ec' and set the 'EASYRSA_REQ_*' infos

mkdir rootca subca
cp vars rootca/

superstes

/*
NOTE:
  These are not perfect, but good enough for frontend-validation.
  A exact validation needs to be done on the backend anyways..
*/

const REGEX_IP4 = /^([1-2]?)[0-9]{1,2}\.([1-2]?)[0-9]{1,2}\.([1-2]?)[0-9]{1,2}\.([1-2]?)[0-9]{1,2}$/
/*
tested:
 10.0.0.0

superstes

#!/bin/bash

# target: squid-openssl 4.13 with listener "http_port 127.0.0.1:3129 tproxy"

# see also:
#   https://docs.kernel.org/networking/tproxy.html
#   https://blog.cloudflare.com/mmproxy-creative-way-of-preserving-client-ips-in-spectrum/
#   https://latest.gost.run/en/tutorials/redirect/#forwarding-chain_1

# you might need to enable some iptables/nftables kernel modules:

superstes

#!/usr/sbin/nft -f

# see also:
#  https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks
#  https://docs.kernel.org/networking/tproxy.html
#  https://powerdns.org/tproxydoc/tproxy.md.html
#  http://git.netfilter.org/nftables/commit/?id=2be1d52644cf77bb2634fb504a265da480c5e901
#  http://wiki.squid-cache.org/Features/Tproxy4
#  https://serverfault.com/questions/1052717/how-to-translate-ip-route-add-local-0-0-0-0-0-dev-lo-table-100-to-systemd-netw
#  https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/net/netfilter/nft_tproxy.c

superstes

#!/bin/bash

if [ -z "$1" ]
then
  echo 'Provide a hostname of a website to check!'
  exit 1
fi

if [ -z "$2" ]
then

superstes

#!/bin/bash

if [ -z "$1" ]
then
  echo 'Provide the target hostname!'
  exit 1
fi

TARGET="$1"

superstes

#!/usr/bin/env python3

from sys import exit as sys_exit
from pathlib import Path
from argparse import ArgumentParser
from ipaddress import IPv4Address, IPv6Address, IPv4Network, IPv6Network, AddressValueError, NetmaskValueError


def _load_ip_list(ip_list_file: str) -> (list, list):
    safe_ips = []

superstes

#!/bin/bash

IP="1.1.1.1"

ip4="$(python3 -c "from ipaddress import IPv4Address; from sys import argv; ip=argv[1]; print(ip) if IPv4Address(ip).is_global else print('1')" "$IP" 2>/dev/null || echo '0')"

if [[ "$ip4" == '0' ]]
then
  ip6="$(python3 -c "from ipaddress import IPv6Address; from sys import argv; ip=argv[1]; print(ip) if IPv6Address(ip).is_global else print('1')" "$IP" 2>/dev/null || echo '0')"