Steve Woodrow woodrow

## great_aws_jqs.sh
# check for open ports in security groups
aws ec2 describe-security-groups | jq '.SecurityGroups | map(select(.IpPermissions[] | select(.FromPort >= 443 and .ToPort <= 443)))

## cluster_role_diff.sh-session
kubectl get clusterroles admin --output=json | jq '.rules | map(. as $rule | .apiGroups | map(. as $apiGroup | $rule.resources | map(. as $resource | $rule.verbs | map(. as $verb | $apiGroup + ":" + $resource + ":" + $verb)))) | flatten | sort' > /tmp/admin.json
kubectl get clusterroles edit --output=json | jq '.rules | map(. as $rule | .apiGroups | map(. as $apiGroup | $rule.resources | map(. as $resource | $rule.verbs | map(. as $verb | $apiGroup + ":" + $resource + ":" + $verb)))) | flatten | sort' > /tmp/edit.json
kubectl get clusterroles view --output=json | jq '.rules | map(. as $rule | .apiGroups | map(. as $apiGroup | $rule.resources | map(. as $resource | $rule.verbs | map(. as $verb | $apiGroup + ":" + $resource + ":" + $verb)))) | flatten | sort' > /tmp/view.json
vimdiff /tmp/edit.json /tmp/admin.json
vimdiff /tmp/view.json /tmp/edit.json

## gist:6347926
def compute_check_digit(str)
  str = str.strip.upcase
  values = str.chars.map do |char|
    case char
    when '<'
      0
    when 'A'..'Z'
      char.ord - 65 + 10
    when '0'..'9'
      char.ord - 48

## fido_u2f_dissector.lua
-- started based on https://gist.github.com/z4yx/218116240e2759759b239d16fed787ca

cbor = Dissector.get("cbor")
iso7816 = Dissector.get("iso7816")

ctaphid_proto = Proto("CTAPHID","FIDO Client to Authenticator Protocol over USB HID")
ctaphidfield_cid  = ProtoField.uint32("ctaphid.cid", "Channel ID", base.HEX)
ctaphidfield_cmd  = ProtoField.uint8("ctaphid.cmd", "Command", base.HEX)
ctaphidfield_bcnt = ProtoField.uint16("ctaphid.bcnt", "Payload Length", base.DEC_HEX)
ctaphidfield_seq  = ProtoField.uint8("ctaphid.seq", "Packet Sequence", base.HEX)

## hpkp_hashes.sh
# get the SHA-1 digest of the subjectPublicKeyInfo of a certificate as used by Chromium's preloaded public key pinning
# http://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h?r1=191212&r2=191211&pathrev=191212
curl -s https://pki.google.com/GIAG2.crt | openssl x509 -inform der -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha1
# (stdin)= 43dad630ee53f8a980ca6efd85f46aa37990e0ea

# get the base64-encoded SHA-256 digest of the subjectPublicKeyInfo of a certificate as used by HTTP Public Key Pinning
# (http://tools.ietf.org/html/draft-ietf-websec-key-pinning-11)
curl -s https://pki.google.com/GIAG2.crt | openssl x509 -inform der -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64
# 7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=

## onc_converter.py
import argparse
import json
import re
import sys
import uuid


class OpenVPNNetworkConfiguration(object):
    KNOWN_CONFIG_KEYS = {
        'name': {'key': 'Name'},
	# check for open ports in security groups
	aws ec2 describe-security-groups \| jq '.SecurityGroups \| map(select(.IpPermissions[] \| select(.FromPort >= 443 and .ToPort <= 443)))
	kubectl get clusterroles admin --output=json \| jq '.rules \| map(. as $rule \| .apiGroups \| map(. as $apiGroup \| $rule.resources \| map(. as $resource \| $rule.verbs \| map(. as $verb \| $apiGroup + ":" + $resource + ":" + $verb)))) \| flatten \| sort' > /tmp/admin.json
	kubectl get clusterroles edit --output=json \| jq '.rules \| map(. as $rule \| .apiGroups \| map(. as $apiGroup \| $rule.resources \| map(. as $resource \| $rule.verbs \| map(. as $verb \| $apiGroup + ":" + $resource + ":" + $verb)))) \| flatten \| sort' > /tmp/edit.json
	kubectl get clusterroles view --output=json \| jq '.rules \| map(. as $rule \| .apiGroups \| map(. as $apiGroup \| $rule.resources \| map(. as $resource \| $rule.verbs \| map(. as $verb \| $apiGroup + ":" + $resource + ":" + $verb)))) \| flatten \| sort' > /tmp/view.json
	vimdiff /tmp/edit.json /tmp/admin.json
	vimdiff /tmp/view.json /tmp/edit.json
	def compute_check_digit(str)
	str = str.strip.upcase
	values = str.chars.map do \|char\|
	case char
	when '<'
	0
	when 'A'..'Z'
	char.ord - 65 + 10
	when '0'..'9'
	char.ord - 48
	-- started based on https://gist.github.com/z4yx/218116240e2759759b239d16fed787ca

	cbor = Dissector.get("cbor")
	iso7816 = Dissector.get("iso7816")

	ctaphid_proto = Proto("CTAPHID","FIDO Client to Authenticator Protocol over USB HID")
	ctaphidfield_cid = ProtoField.uint32("ctaphid.cid", "Channel ID", base.HEX)
	ctaphidfield_cmd = ProtoField.uint8("ctaphid.cmd", "Command", base.HEX)
	ctaphidfield_bcnt = ProtoField.uint16("ctaphid.bcnt", "Payload Length", base.DEC_HEX)
	ctaphidfield_seq = ProtoField.uint8("ctaphid.seq", "Packet Sequence", base.HEX)
	# get the SHA-1 digest of the subjectPublicKeyInfo of a certificate as used by Chromium's preloaded public key pinning
	# http://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h?r1=191212&r2=191211&pathrev=191212
	curl -s https://pki.google.com/GIAG2.crt \| openssl x509 -inform der -pubkey -noout \| openssl pkey -pubin -outform der \| openssl dgst -sha1
	# (stdin)= 43dad630ee53f8a980ca6efd85f46aa37990e0ea

	# get the base64-encoded SHA-256 digest of the subjectPublicKeyInfo of a certificate as used by HTTP Public Key Pinning
	# (http://tools.ietf.org/html/draft-ietf-websec-key-pinning-11)
	curl -s https://pki.google.com/GIAG2.crt \| openssl x509 -inform der -pubkey -noout \| openssl pkey -pubin -outform der \| openssl dgst -sha256 -binary \| base64
	# 7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=
	import argparse
	import json
	import re
	import sys
	import uuid


	class OpenVPNNetworkConfiguration(object):
	KNOWN_CONFIG_KEYS = {
	'name': {'key': 'Name'},