Discover hannob/ipmx Open Source project by Hanno Böck (@hannob)

test script for shellshocker and related vulnerabilities

2,047

bashcheck

Example scripts that cause segfaults in PHP

653

php-crashers

Named vulnerabilities and their practical impact

448

vulns

430

meltdownspectre-patches

Summary of the patch status for Meltdown / Spectre

346

vacdec

Python script to decode the EU Covid-19 vaccine certificate

optionsbleed

tlshelpers

A collection of shell scripts that help handling X.509 certificate and TLS issues

127

tls-what-can-go-wrong

TLS - what can go wrong?

100

smtpsmug

HTTP Public Key Pinning (HPKP) pin generation tools

hpkp

Apache use after free bug infos / ASAN stack traces

apache-uaf

superfishy

Archive of software and other data involved in the Superfish / Komodia incident

bash poc scripts to exploit open fpm ports

fpmvuln

Check for Let's Encrypt CAA issue

lecaa

List of Free Software and IT Security related conferences

hackercon

bignum-fuzz

Code to fuzz bignum libraries

selftls

Sample application to let OpenSSL talk to itself (for fuzzing)

pgpecosystem

Scripts to parse and analyze pgp key server data

com2txt

com2txt tool (from 1993)

zipeinfo

ZIP encryption info

Find PNG files with suspicious data in alpha channel

alphasecret

ctgrab

A history of PGP-related vulnerabilities

pgpbugs

mmapfail

Simple shell script to detect bad checks of mmap() return value

ed25519hetzner

Script to scan OpenSSH host key and known_hosts files for shared keys from server hoster Hetzner

proof of concept to backdoor files from owncloud encryption module

pwncloud

bash script to download publicly available .svn directories

svnscraper

Secure random passwords in Javascript

libfuzzer-examples

examples for libfuzzer

C++

secpw

HTML

badocspcert

Check for certs affected by July 2020 OCSP intermediate incident

Check for jitis meet default password vulnerability

jitsivuln

Check Diffie Hellman group prime parameter

primecheck

Bad packages from the pypi repository

pypi-bad

Setting the system time over HTTPS

httpstime

Script to convert between mbox and maildir format

mbox2maildir

poc exploit for webmin backdoor (CVE-2019-15107 and CVE-2019-15231)

webminex

asantoo

Overlay to use Gentoo with Address Sanitizer

An overview of E-Mail protocols and data formats

emailprotocols

silic

silic - simple link checker written in python

Parse mails with reports from DMARC and SMTP TLS Reporting

rpter

Decoder and encoder for Base64 (MIME), uuencoded, xxencoded and Binhex files.

uudeview

rompager-check

Online and offline check tool for the RomPager HTTP server and vulnerable versions

Trivial bash script to log into Telekom / T-Mobile wireless lan

tmobile-login

Simple password generator with no options

pwsec

private keys found on AVM Fritz!Box firmware images

fritzbox-keys

xssgame

Convert JPEG exif geotags to link on openstreetmap.org

exif2osm

Simple web index to use bloom filter for Pwned Passwords

pwbloom

Proof of concept for Apache htpasswd denial of service

htpasswdos

Patch for the Linux Kernel to implement "SymlinksIfOwnerMatches" features

symlinkown

Testing the rdrand CPU instruction

rdrand-test

crimesafe-csrf

Create CSRF tokens secure from compression attacks like CRIME/BREACH/TIME/HEIST

examples for C / C++ bugs caught by various safety tools

cbugs

procdown

Harden access to the /proc filesystem in Linux

Proof of Concept of Libreoffice file exfiltration vulnerability in Big Blue Button

CVE-2020-27603-bbb-libreoffice-poc

svgx

Shell script chaining various SVG optimization tools

Command line tool to send mails with authentication

smtpsend

Command line Forward-confirmed reverse DNS (FCrDNS) check written in Python

fcrdns

Scripts to compile ROS packages with compiler sanitizers

rosproject-scripts

Some trivial examples for web vulnerabilities

websec-examples

gccweverything

Get account ID and other account info with private key for ACME account

getacmeaccount

Shell script to guess CPU microarchitecture for latest CFLAGS

whichmicroarch

poc for stack buffer overflow in wolfssl

wolfoverflow

Scripts to create compromised key blocklists for the badkeys tool

squirrelpatches

Patches for Squirrelmail

blocklistmaker

ros-sanitizer-logs

Logs from ASAN/UBSAN/TSAN tests of ROS

rbltest

Simple script to query mailserver realtime block lists (RBLs)

Normalize and hash ASAN/MSAN crash dumps

sanhash

Test data for the snallygaster tool

snallygaster-testdata

fpracer

File permission race proof of concept

Docker image to access German emission data from thru.de

thrusql

Dockerfile

wifiinjection

Collection of Screenshots documenting WiFi Networks injecting content into HTTP pages

getkey

Bruteforce-search private keys in larger files

Scripts I've been using to inform owners of hosts affected by security vulnerabilities

abusescript

quick and dirty check for ACME API endpoints that reflect content

acmereflect

sriutil