Suchakra Sharma tuxology

## gist:91ab9cd7efb7ccf006eec49417939575
Basic Commands
==============
sl ocular -- --import scripts/deps.sc


import $file.scripts.java.ROOTKIT_suspicious_literals

cpg.method.fullName.l
cpg.method.name("executeQuery").caller.fullName.l
cpg.sink.method.name.l

## calltree.sc
// calltree.sc
// -----------
//
// Suchakra Sharma <suchakra@shiftleft.io> (2019)
//
// Prints the complete call-tree with all possible branches starting from the top of the input method. It is recommended to increase
// the max steps per query to a higher number (eg. "config.query.maxStepsPerCallQuery = 1000000L") for better results.
//
// Example Usage:
//   ocular> import $file.scripts.calltree

## contextual-sca-tarpit.json
[
  {
    "groupId": "net.lingala.zip4j",
    "artifactId": "zip4j",
    "version": "1.3.2",
    "callGraph": {
      "cveId": "CVE-2018-1002202",
      "versionRanges": [
        "[0,1.3.3)"
      ],

## path-traversal.java

protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
    String resourceName = req.getParameter( "resourceName" );
    BufferedReader r = new BufferedReader( new FileReader( resourceName ) );
    while ( ( x = r.readLine() ) != null ) {
        resp.getWriter().println( x );
    }
}

## open2ctf.txt
[suchakra@moria tracing]$ sudo ./open2ctf.py
trace path: /tmp/tmp26ga140x
^C[suchakra@moria tracing]$ babeltrace /tmp/tmp26ga140x
[00:24:50.796162597] (+?.?????????) 0 do_sys_open: { }, { pid = 909, comm = "iio-sensor-prox", filename = "/dev/iio:device2" }
[00:24:50.796399646] (+0.000237049) 0 do_sys_open: { }, { pid = 909, comm = "iio-sensor-prox", filename = "/dev/iio:device4" }
[00:24:50.801229686] (+0.004830040) 0 do_sys_open: { }, { pid = 1206, comm = "gnome-shell", filename = "/proc/self/stat" }
[00:24:50.801430938] (+0.000201252) 0 do_sys_open: { }, { pid = 1734, comm = "gnome-shell", filename = "/proc/self/stat" }
[00:24:50.807656245] (+0.006225307) 0 do_sys_open: { }, { pid = 18399, comm = "gnome-settings-", filename = "/proc/self/fd" }
[00:24:50.808197672] (+0.000541427) 0 do_sys_open: { }, { pid = 18399, comm = "gnome-settings-", filename = "" }
[00:24:50.816850646] (+0.008652974) 0 do_sys_open: { }, { pid = 18399, comm = "gsd-backlight-h", filename = "/etc/ld.so.cache" }

## kindent.sh
#!/bin/bash

indent -nbad -bap -nbc -bbo -hnl -br -brs -c33 -cd33 -ncdb -ce -ci4 \
-cli0 -d0 -di1 -nfc1 -i8 -ip0 -l80 -lp -npcs -nprs -npsl -sai \
-saf -saw -ncs -nsc -sob -nfca -cp33 -ss -ts8 -il1 \
$1

## disCPUscaling.sh
#!/bin/bash
# For more info : https://wiki.archlinux.org/index.php/CPU_frequency_scaling

set_scaling_gov() {
        gov=${1-performance}
        for i in $(ls -1 /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor); do
                echo ${gov} | sudo tee $i > /dev/null
        done
}


## JUDY.P8
-- JUDY --
-- Based on demo by Shane Riley's : https://gist.github.com/shaneriley/cae98eac6136e7293b28 --
player = {}
player.x = 20
player.y = 20
player.sprite = 0
player.speed = 3

function move()
 player.moving = true

## .muttrc
# IMAP server Login
set spoolfile=imaps://yourdomain.com/INBOX
set imap_user=your.email.id@yourdomain.com

mailboxes = imaps://yourdomain.com/INBOX
set imap_check_subscribed

# Useful if you use the sidebar-patched mutt
set sidebar_width= 30
set sidebar_visible= yes

## imperial_march.sh
sudo modprobe pcspkr

sudo beep -l 350 -f 392 -D 100 --new -l 350 -f 392 -D 100 --new -l 350 -f 392 -D 100 --new -l 250 -f 311.1 -D 100 --new -l 25 -f 466.2 -D 100 --new -l 350 -f 392 -D 100 --new -l 250 -f 311.1 -D 100 --new -l 25 -f 466.2 -D 100 --new -l 700 -f 392 -D 100 --new -l 350 -f 587.32 -D 100 --new -l 350 -f 587.32 -D 100 --new -l 350 -f 587.32 -D 100 --new -l 250 -f 622.26 -D 100 --new -l 25 -f 466.2 -D 100 --new -l 350 -f 369.99 -D 100 --new -l 250 -f 311.1 -D 100 --new -l 25 -f 466.2 -D 100 --new -l 700 -f 392 -D 100 --new -l 350 -f 784 -D 100 --new -l 250 -f 392 -D 100 --new -l 25 -f 392 -D 100 --new -l 350 -f 784 -D 100 --new -l 250 -f 739.98 -D 100 --new -l 25 -f 698.46 -D 100 --new -l 25 -f 659.26 -D 100 --new -l 25 -f 622.26 -D 100 --new -l 50 -f 659.26 -D 400 --new -l 25 -f 415.3 -D 200 --new -l 350 -f 554.36 -D 100 --new -l 250 -f 523.25 -D 100 --new -l 25 -f 493.88 -D 100 --new -l 25 -f 466.16 -D 100 --new -l 25 -f 440 -D 100 --new -l 50 -f 466.16 -D 400 --new -l 25 -f 311.13 -D 200 --ne
	Basic Commands
	==============
	sl ocular -- --import scripts/deps.sc


	import $file.scripts.java.ROOTKIT_suspicious_literals

	cpg.method.fullName.l
	cpg.method.name("executeQuery").caller.fullName.l
	cpg.sink.method.name.l
	// calltree.sc
	// -----------
	//
	// Suchakra Sharma <suchakra@shiftleft.io> (2019)
	//
	// Prints the complete call-tree with all possible branches starting from the top of the input method. It is recommended to increase
	// the max steps per query to a higher number (eg. "config.query.maxStepsPerCallQuery = 1000000L") for better results.
	//
	// Example Usage:
	// ocular> import $file.scripts.calltree
	[
	{
	"groupId": "net.lingala.zip4j",
	"artifactId": "zip4j",
	"version": "1.3.2",
	"callGraph": {
	"cveId": "CVE-2018-1002202",
	"versionRanges": [
	"[0,1.3.3)"
	],

	protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
	String resourceName = req.getParameter( "resourceName" );
	BufferedReader r = new BufferedReader( new FileReader( resourceName ) );
	while ( ( x = r.readLine() ) != null ) {
	resp.getWriter().println( x );
	}
	}
	[suchakra@moria tracing]$ sudo ./open2ctf.py
	trace path: /tmp/tmp26ga140x
	^C[suchakra@moria tracing]$ babeltrace /tmp/tmp26ga140x
	[00:24:50.796162597] (+?.?????????) 0 do_sys_open: { }, { pid = 909, comm = "iio-sensor-prox", filename = "/dev/iio:device2" }
	[00:24:50.796399646] (+0.000237049) 0 do_sys_open: { }, { pid = 909, comm = "iio-sensor-prox", filename = "/dev/iio:device4" }
	[00:24:50.801229686] (+0.004830040) 0 do_sys_open: { }, { pid = 1206, comm = "gnome-shell", filename = "/proc/self/stat" }
	[00:24:50.801430938] (+0.000201252) 0 do_sys_open: { }, { pid = 1734, comm = "gnome-shell", filename = "/proc/self/stat" }
	[00:24:50.807656245] (+0.006225307) 0 do_sys_open: { }, { pid = 18399, comm = "gnome-settings-", filename = "/proc/self/fd" }
	[00:24:50.808197672] (+0.000541427) 0 do_sys_open: { }, { pid = 18399, comm = "gnome-settings-", filename = "" }
	[00:24:50.816850646] (+0.008652974) 0 do_sys_open: { }, { pid = 18399, comm = "gsd-backlight-h", filename = "/etc/ld.so.cache" }
	#!/bin/bash

	indent -nbad -bap -nbc -bbo -hnl -br -brs -c33 -cd33 -ncdb -ce -ci4 \
	-cli0 -d0 -di1 -nfc1 -i8 -ip0 -l80 -lp -npcs -nprs -npsl -sai \
	-saf -saw -ncs -nsc -sob -nfca -cp33 -ss -ts8 -il1 \
	$1
	#!/bin/bash
	# For more info : https://wiki.archlinux.org/index.php/CPU_frequency_scaling

	set_scaling_gov() {
	gov=${1-performance}
	for i in $(ls -1 /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor); do
	echo ${gov} \| sudo tee $i > /dev/null
	done
	}
	-- JUDY --
	-- Based on demo by Shane Riley's : https://gist.github.com/shaneriley/cae98eac6136e7293b28 --
	player = {}
	player.x = 20
	player.y = 20
	player.sprite = 0
	player.speed = 3

	function move()
	player.moving = true
	# IMAP server Login
	set spoolfile=imaps://yourdomain.com/INBOX
	set imap_user=your.email.id@yourdomain.com

	mailboxes = imaps://yourdomain.com/INBOX
	set imap_check_subscribed

	# Useful if you use the sidebar-patched mutt
	set sidebar_width= 30
	set sidebar_visible= yes
	sudo modprobe pcspkr

	sudo beep -l 350 -f 392 -D 100 --new -l 350 -f 392 -D 100 --new -l 350 -f 392 -D 100 --new -l 250 -f 311.1 -D 100 --new -l 25 -f 466.2 -D 100 --new -l 350 -f 392 -D 100 --new -l 250 -f 311.1 -D 100 --new -l 25 -f 466.2 -D 100 --new -l 700 -f 392 -D 100 --new -l 350 -f 587.32 -D 100 --new -l 350 -f 587.32 -D 100 --new -l 350 -f 587.32 -D 100 --new -l 250 -f 622.26 -D 100 --new -l 25 -f 466.2 -D 100 --new -l 350 -f 369.99 -D 100 --new -l 250 -f 311.1 -D 100 --new -l 25 -f 466.2 -D 100 --new -l 700 -f 392 -D 100 --new -l 350 -f 784 -D 100 --new -l 250 -f 392 -D 100 --new -l 25 -f 392 -D 100 --new -l 350 -f 784 -D 100 --new -l 250 -f 739.98 -D 100 --new -l 25 -f 698.46 -D 100 --new -l 25 -f 659.26 -D 100 --new -l 25 -f 622.26 -D 100 --new -l 50 -f 659.26 -D 400 --new -l 25 -f 415.3 -D 200 --new -l 350 -f 554.36 -D 100 --new -l 250 -f 523.25 -D 100 --new -l 25 -f 493.88 -D 100 --new -l 25 -f 466.16 -D 100 --new -l 25 -f 440 -D 100 --new -l 50 -f 466.16 -D 400 --new -l 25 -f 311.13 -D 200 --ne