Jonathan Hodgson
a93a6074e2
Adds check before running ruby commands
4 years ago
Jonathan Hodgson
ba2b85b2cd
BIN: analyse-headers: bug fixes
...
A couple of bug fixes, removed some unnecesary echos and fixed crash if
name is too long to fit in the heading box
4 years ago
Jonathan Hodgson
4d9c324cc7
VIM: Keep selection when using < or > in visual mode
...
When indenting or unindenting a code block, I normally visually select
it and use < or >. However, both of these unselect the selection.
The mappings make vim also do gv after such an action which re-selects
the previous selection.
4 years ago
Jonathan Hodgson
15b18a4a0a
BIN: Adds lucky13 to verifySSL
4 years ago
Jonathan Hodgson
c1ba95117a
BIN: Small adjustments to verifySSL
...
The script now prepends the command that is echoed with a $ in order to
indicate it is a command that is run
Also stops the script showing each cipher that is tested
4 years ago
Jonathan Hodgson
4c2f3dbc4d
BIN: adds sweet32 test to verifySSL
4 years ago
Jonathan Hodgson
a4dc363ee6
BIN: makes the verifySSL print progress messages to stderr
...
I chose to do this because I want to be able to pipe stdout to a file
and use it as evidence. I don't need the progress for that
4 years ago
Jonathan Hodgson
f5cecab111
ALIAS: makes verifySSL use the chacha ssl if it's available
4 years ago
Jonathan Hodgson
961f7797a7
BIN: starts verifySSL script
...
This will evolve to become a script that can be used to verify the
findings of a tool like testssl
Currently only supports "beast"
4 years ago
Jonathan Hodgson
6dad0bf8ab
BIN: fix csp check in analyse-headers
...
the csp function didn't correctly return 1 when a missconfigured csp was
found
4 years ago
Jonathan Hodgson
e94ba0b5b2
Improve handling of CSP
...
Although I'd like to re-do the csp handling, this change fixes the
detection of unsafe-inline and unsafe-eval.
4 years ago
Jonathan Hodgson
b8f104fd00
Makes detection of x-frame-options value case insensitive
...
In other words, sameorigin == SAMEORIGIN == saMeOriGIN
This is in line with the spec for the header:
https://tools.ietf.org/html/rfc7034
4 years ago
Jonathan Hodgson
b018a6637e
Update events
4 years ago
Jonathan Hodgson
fc085c063d
Update events
4 years ago
Jonathan Hodgson
26a403372d
Update events
4 years ago
Jonathan Hodgson
e772859c6e
VIM: adds firevim config
...
Does 2 thing:
* sets up my setting for editing text (spell checking etc)
* Sets the content type to html for domains starting with mail.
4 years ago
Jonathan Hodgson
206353d2b7
VIM: make filename in statusline 30 chars (maximum)
4 years ago
Jonathan Hodgson
2248c74519
Alias: changes kb to keys
...
I would like to use kb for a new tool I'm making.
4 years ago
Jonathan Hodgson
dc7a66bd95
aliases: adds enum4linux -> enum4linux-ng
...
This is a newer re-write with additional features and written in python
https://github.com/cddmp/enum4linux-ng
4 years ago
Jonathan Hodgson
168b2b94c1
aliases: fixes check for a couple of commands
...
I had forgotten to put the -p flag on type when checking for the
existence of commands
4 years ago
Jonathan Hodgson
91c195a66a
VIM: Hides git branch "blob" on status line if not in a git project
4 years ago
Jonathan Hodgson
bf8631198c
SH: adds bash shebang to shared dotfiles for syntax highlighting
4 years ago
Jonathan Hodgson
94f636208b
VIM: Adds lsp bindings for more languages
4 years ago
Jonathan Hodgson
23f2116f9d
VIM: Significant style changes to statusline
...
I have used colour and powerline symbols to differentiate different
parts of my status line.
Inspiration came from this:
https://www.reddit.com/r/vimporn/comments/kbtu74/my_theme_called_humanoid_and_my_statusbar/
4 years ago
Jonathan Hodgson
6feffc731b
BIN: analyse-headers: improve expect-ct description
4 years ago
Jonathan Hodgson
41fd57310a
BIN: analyse-headers: Checks the access-control-allow-origin header
...
Another suggestion by <Dom Ingram>.
For more details on the null issue, read here:
https://w3c.github.io/webappsec-cors-for-developers/#avoid-returning-access-control-allow-origin-null
4 years ago
Jonathan Hodgson
984298b29b
BIN: analyse-headers: fix most shellcheck warnings
...
The only checks I haven't fixed are the unused variables for colours. I
may use them in the future so haven't removed them
4 years ago
Jonathan Hodgson
6ac052cd39
BIN: analyse-headers: note on x-frame-options if frame-ancestors present
...
If the frame-ancestors content security policy is present, the
x-frame-options warning mentions that the content security helps
mitigate against clickjacking although for greater browser support,
x-frame-options should also be used
Thanks <Dom Ingram> for the suggestion
4 years ago
Jonathan Hodgson
1b42f81f47
BIN: analyse-headers: Adds generic version disclosure function
...
if the header contains the word "version" (case insensitively) it will
flag it as potential information disclosure
Thanks <Dom Ingram> for the suggestion
4 years ago
Jonathan Hodgson
e247c85bc9
BIN: analyse-headers: read from stdin if first arg is -
...
This makes testing much easier
4 years ago
Jonathan Hodgson
cad2f2d2d5
BIN: analyse-headers: Add more notes to expect-ct description
...
As pointed out by <Dom Ingram>, the expect-ct is likely to become
obsolete in June 2012
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
4 years ago
Jonathan Hodgson
7ea1e9a964
BIN: analyse-headers: Fix incorrect reporting of SSL issues
...
It turns out the SSL flags secure and httponly are not case sensitive.
https://tools.ietf.org/html/rfc6265#section-5.2.5
I cannot find any documentation about the SameSite=Strict so I will
leave it case sensitive for now. The spec for that section is here:
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05#section-5.2
Thanks <Dom Ingram> for flagging this
4 years ago
Jonathan Hodgson
0aa3a121ab
BORG: stop backing up git repos
4 years ago
Jonathan Hodgson
89b8b6283e
BORG: Fixes backup dir
4 years ago
Jonathan Hodgson
f7c59be6ca
BORG: Adds borg backup script
4 years ago
Jonathan Hodgson
8a49e623ff
VIM: Adds firevim plugin
4 years ago
Jonathan Hodgson
7a7ffc608d
BIN: analyse-headers: add expect-ct and start referrer-policy
4 years ago
Jonathan Hodgson
3ce547a0b2
BIN: Analyse-headers: Adds to description for cookie flag
4 years ago
Jonathan Hodgson
fb5774a584
BIN: analyse-headers: fix error "wrap command not found"
4 years ago
Jonathan Hodgson
9ef36af8f7
BIN: analyse-headers: adds feature-policy and permissions-policy checks
4 years ago
Jonathan Hodgson
61097006a4
BIN: analyse-headers: Wrap text in descriptions
...
The text in descriptions is now wrapped to 80 chars. This does not
affect the headers printed at the top which are not wrapped
4 years ago
Jonathan Hodgson
af81ccd62e
BIN: Adds SameSite check in analyse-headers script
...
The script will now warn you if the SameSite option is not set to Strict
on cookies.
4 years ago
Jonathan Hodgson
1f29c17ab5
BIN: Fix webtest script when : in cookies
...
If there was a colon in a cookie, the script would misidentify insecure
cookie configurations
4 years ago
Jonathan Hodgson
a3f75d9b32
BIN: Adds analyse-headers script
...
The script is in early stages of development but should work for some of
the most common mis-configurtaions.
4 years ago
Jonathan Hodgson
2b244e33b5
REM: adds monthly reminders file
4 years ago
Jonathan Hodgson
9e2c860192
REM: adds %b to bin reminders
4 years ago
Jonathan Hodgson
951e3adcdf
REM: Created birthday and anniversary specific functions
...
Then uses them in the yearly file
4 years ago
Jonathan Hodgson
dae0d9e86e
Rem: add to one-off events
4 years ago
Jonathan Hodgson
142b72fbd2
REM: Changes to uk hollidays
...
Omits bank hollidays
Re-structured dates around crhistmas
Adds some dates such as black friday
4 years ago
Jonathan Hodgson
85e1755799
SHELL: Adds aliases for cp and mv with progress bars
...
I found patches at the link below for mv and cp that add options for
progress bars. I have applied and compiled them and named the commands
cpg and mvg as recommended in the readme. They are named like that (I
assume) because they add a -g flag for progress.
If they are present and in my path, I always want to use them with the
progress bar flag in place of cp or mv
https://github.com/jarun/advcpmv
4 years ago