thomaspatzke

xmlstarlet sel -t -m '//proto[@name="http"]' --if 'descendant::field[@name="http.request"]' -o 'URL: ' -v 'descendant::field[@name="http.request.full_uri"]/@show' -n -o 'Request: ' -v 'following-sibling::proto[@name="data-text-lines"]/field/@value' -n --elif 'descendant::field[@name="http.response"]' -o 'Code: ' -v 'descendant::field[@name="http.response.code"]/@show' -o ' ' -v 'descendant::field[@name="http.response.phrase"]/@show' -n -o 'Response: ' -v 'following-sibling::proto[@name="data-text-lines"]/field/@value' -n file.pdml | perl -ne 'if (/^((?:Request|Response): )?([0-9a-f]+)$/i) { $p = $1; $e = $2; $e =~ s/([0-9a-f]{2})/$1 /ig; print "$p"; print map { chr(hex($_)) } (split / /, $e); print "\n" if ($e !~ /0[da].?$/i) } else { print }'

thomaspatzke

xmlstarlet sel -T -t -m '//port/service[@name="http"]' -v 'concat(ancestor::host/address/@addr, ":", ../@portid, " <a href=http://", ancestor::host/address/@addr, ":", ../@portid, ">HTTP</a> <a href=https://", ancestor::host/address/@addr, ":", ../@portid, ">HTTPS</a><br />")' -n file.xml

thomaspatzke

xmlstarlet sel -t -m '//port/state[@state="open"]' -v 'concat(ancestor::host/address/@addr,";",ancestor::host/hostnames/hostname[position()=1]/@name,";",../@portid,";",../service/@name,";",../service/@product)' -n file.xml

thomaspatzke

readelf -l core | perl -ne 'if (/^\s*LOAD\s+\S+\s+(\S+)\s+\S+\s+(\S+)/) { print "printf \"=== $1 ===\\n\"\nfind $1, +$2, \"Search\"\n" }' > searchmem.gdb
gdb executable core < searchmem.gdb

thomaspatzke

xmlstarlet sel -T -t -m //content -v alias -o ';' -v created -o ';' -v title -n joomlaexport.xml | while IFS=';' read alias ts title; do echo $title > $alias.txt; xmlstarlet sel -T -t -m '//content[contains(alias,"'$alias'")]' -v introtext -n joomlaexport.xml | recode html >> $alias.txt; touch -d "$ts" $alias.txt; done

thomaspatzke

#!/usr/bin/python3
# openssl-heartbleed-server.py
# Check TLS clients for OpenSSL Heartbleed vulnerability.

import socketserver
import struct
import random


class HeartbleedServer(socketserver.BaseRequestHandler):

thomaspatzke

#!/usr/bin/python3
# mysapsso.py - Decoding MYSAPSSO2 cookies

import sys
import fileinput
import urllib.parse
import base64
import binascii
import re
import struct

thomaspatzke

| hd | perl -ne 's/^\d+\s+//d; s/\s+\|.*?$//g; s/([\da-f]+)\s+/%$1/g; print;'

thomaspatzke

Keybase proof

I hereby claim:

• I am thomaspatzke on github.
• I am thomaspatzke (https://keybase.io/thomaspatzke) on keybase.
• I have a public key whose fingerprint is ADDB 3A1A 80DE 4D0E 79B9 58AD 5F1A A4D8 C753 A286

To claim this, I am signing this object:

thomaspatzke

xmlstarlet sel -t -m '//items/item[contains(./request,"NavigationTarget")]' -v 'substring-before(substring-after(./request, "NavigationTarget="), "&")' -n Crawl-*.xml | perl -mURI::Escape -ne 'print URI::Escape::uri_unescape($_);' | sort -u