Skip to content

Instantly share code, notes, and snippets.

View tlwr's full-sized avatar
🇳🇱
all day i think about shareholder value

toby lorne tlwr

🇳🇱
all day i think about shareholder value
111 followers · 148 following
View GitHub Profile
@tlwr
tlwr / compress_strings.rb
Last active January 29, 2021 13:23
Regular expressions
#!/usr/bin/env ruby
# if a character is followed by itself 1 or more times it is considered a duplicate
#
# the regular expression /(?<ct>(?<c>.)\k<c>{1,})|((?<d>.)\k<d>{0})/
# * capture group c captures a character
# * capture group ct captures the total string of duplicately matched charactesr
# * capture group d matches a character on its own
#
# scan therefore produces the following
@tlwr
tlwr / sni.bash
Created January 29, 2021 12:41
netsniff
#!/usr/bin/env bash
# Check if SNI is visible or if the TLS client uses ECH or ESNI
# Looks at the Client Hello and Handshake
# https://serverfault.com/questions/574405/tcpdump-server-hello-certificate-filter
tcpdump -X -i any -s 2048 -nn '(tcp[((tcp[12:1] & 0xf0) >> 2)+5:1] = 0x01) and (tcp[((tcp[12:1] & 0xf0) >> 2):1] = 0x16)'
@tlwr
tlwr / minimal.sh
Created January 27, 2021 14:56
iptables
iptables -A INPUT -i lo -j ACCEPT # Loopback
iptables -A INPUT -p icmp -j ACCEPT # ICMP
iptables -A INPUT -p tcp -m tcp --dport 2222 -m state --state NEW,ESTABLISHED -j ACCEPT # SSH port 2222
iptables -A INPUT -p udp -m state --state ESTABLISHED -j ACCEPT # DNS response
iptables -A INPUT -p tcp -m tcp -m state --state ESTABLISHED -j ACCEPT # Established TCP conns
iptables -A INPUT -j DROP # Drop remaining traffic
@tlwr
tlwr / be-merry.yml
Last active December 25, 2020 10:20
Concourse Christmas Tree
---
# Original from @alext https://gist.github.com/alext/e2de098f733b203bd350e4ccbacfe986
# Updated to meet the more strict YAML validation in Concourse 6
groups:
- name: tree
jobs:
- x
- xyxyxy
- yxyxyxyxyxy
- xyxyxyxyxyxyxyxyx
@tlwr
tlwr / publish-vpn-metrics
Last active October 30, 2020 12:36
Strongswan VPN metrics to Cloudwatch
#!/usr/bin/env bash
set -ueo pipefail
export PATH="$PATH:/usr/sbin/"
export AWS_DEFAULT_REGION=eu-west-2
export AWS_REGION=eu-west-2
up_connections="$(ipsec statusall \
| grep ESTABLISHED | awk '{print $1}' | grep -o '.*\[' | tr -d '[' | sort -u
)"
@tlwr
tlwr / app.rb
Created September 23, 2020 17:54
Hosts a random govdesign poster
require 'base64'
require 'http'
require 'rufus-scheduler'
require 'sinatra'
GH_URL = 'https://api.github.com/repos/alphagov/govdesign/contents'
STATE = {
lock: Mutex.new,
bytes: nil,
@tlwr
tlwr / README.md
Created August 18, 2020 14:47
grind_url
@tlwr
tlwr / xff.rb
Created June 10, 2020 11:00
X-Forwarded-For validation
require 'ipaddr'
def validate(xff_header, allowed_ips, trusted_ips)
request_path = xff_header.split(',').map(&:strip).map { |ip| IPAddr.new ip }
allowed_ranges = allowed_ips.map { |ip| IPAddr.new ip }
trusted_ranges = trusted_ips.map { |ip| IPAddr.new ip }
loop do
return :deny if request_path.empty?
@tlwr
tlwr / main.go
Last active March 2, 2020 14:37
Stupidly simple Go application instrumented with prometheus
package main
import (
"log"
"net/http"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promauto"
"github.com/prometheus/client_golang/prometheus/promhttp"
)
@tlwr
tlwr / CloudFront Field Level Encryption
Last active November 26, 2019 14:18
CloudFront form field encryption
See index.js