List TLS version and ciphers

On this small script you can get list of all TLS versions and ciphers availble connecting a remore destination . the chalange on that script is that sometimes the number of supported ciphers is great and that consumes time. the main tool used here is openssl along with parallel . I also added timeout and custom port that can be set during the run

The script is build around two loops, one that loop the TLS version , and one that loop the TLS ciphers on each verison. the main command is generating a file that later will be called using parallel command . feel free to copy and modify


TLS_V="tls1 tls1_1 tls1_2 tls1_3"

for V in $TLS_V
	TLS_CIPHEPS=`openssl ciphers -$V | tr ':' ' '`
	[ $V = "tls1_3" ] && CIPHER_COMAND="ciphersuites"
		echo "echo | timeout $TIMEOUT openssl s_client -$V -$CIPHER_COMAND $CIPHER -connect $TARGET:$TARGET_PORT &>/dev/null && echo \"$V $CIPHER\" >>$LOG" >>$RUN_F

parallel --gnu -k -j 100 <$RUN_F
cat $LOG | sort
rm -f $RUN_F $LOG

if statement one-liner bash

How to write a one liner if statement in Bash. Although I think code should be clear and easy to follow by anyone who reads it. however, I also love the simplicity and my code as short as possible, if statement that usually tends to be long, can also be one line in Bash

1. Simple do one command if true
 [ $arg -gt 10 ] && echo "$arg bigger is than 10" 

2. Run multiple commands

[  $arg -lt 10 ] && { date; echo "$arg smaller than 10"; }    

3. If true run one command else run another

[  $arg -gt 10 ] && echo Big || echo Small

netcat is awesome

“Good things last long”, my mama use to say.
and just like that netcat is no exception
Using netcat for security testing is fun simple, and you do not need to
install applications you know nothing about .
here are some fun examples from tests I use :

echo -e "GET / HTTP/1.0\r\\r\n\r\n" | nc 80

Simple HTTP flood

while true
    echo -e "GET / HTTP/1.0\r\\r\n\r\n" | nc 80 &

Simple UDP flood

cat /dev/urandom | nc -u 53

Simple SYN flood

while true
    nc -z 80

bash singleton process

Here is a simple, yet effective way, to make sure a script runs only once.
when the script start it run a simple line that detect if the number of running script
does not exceeds more then 1.

[[ `pgrep ${0##*/} | wc -l` > 2 ]] && exit 1

This trick may come handy for example when you run a backup in a cron
and you do not want 2 processes running at the same time .

Lock a file on Linux

Here is how to lock a file from write/delete in a dirty way .
this trick will work this file system ext2-4 XFS, ReiserFS, JFS and OCFS2.
and the trick is to use the command chattr for changing file extended attribute .
A file with the ‘i’ attribute cannot be modified: it cannot be deleted or renamed,
no link can be created to this file and no data can be written to the file.
Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

# echo "Test chattr" >/tmp/test.txt
# touch /tmp/test.txt
# lsattr /tmp/test.txt
--------------e---- /tmp/test.txt
# chattr +i /tmp/test.txt
# lsattr /tmp/test.txt
----i---------e---- /tmp/test.txt
# touch /tmp/test.txt
touch: cannot touch '/tmp/test.txt': Permission denied

Loop trick in bash

For loop in BASH can be written in many ways , it could use a numeric counter
or it could use an array . here are some example that may help :

1. Count up loop in BASH, from 0 to 100

for i in `seq 0 100` ; do echo  $i ;done

2. Countdown loop in BASH , from 100 to 0

for i in `seq 100 -1 0` ; do echo  $i ;done

3. Array variable as increment loop in BASH

ar="one two three four five six eight nine ten"
for i in $ar ;do echo $i ;done

4. Array as increment loop in BASH

for i in one two three four five ;do echo $i ;done

5. For loop without seq

for i in {1..100} ; do echo $i ;done

Overflow /tmp partition

Sometimes your /tmp directory may be mounted to a partition name overflow
and the size for this partition may be 1M ,while its a 100% full capacity.
This may happen if the root partition got full ,
and the system was in need for some space to operate.
to overcome this issue , you may just unmount the partition using

# unmount overflow

If you get an error saying the device is busy , you may also try unmounting the partition with the
Lazy unmount flag . Detach the file system from the file system hierarchy now,
and cleanup all references to the file system as soon as it is not busy anymore.

# unmount -l /tmp

Splitting Certificate chain

Here is how one can split a certificate chain into individual files .
sure this can be done manualy in any text editor , but there comes a time when … well
such simple task may consume a lot of time . here are 2 examples how you can do it :
Method 1 :

cat $file|awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > "mycert" n ".pem"}'

Method 2 :

csplit -k -f mycert $file '/END CERTIFICATE/+1' {*}

Clear all containers and images in docker

If you want to clear all containers and all images from docker
there is a set of commands you can run to do that .
Note that this will delete the containers and images with no way of recover.
Delete All Containers :

docker rm $(docker ps -a -q)

Delete All images :

docker rmi $(docker images -q)

Learn Python

I had a good “administrator” life with Bash and pearl , but I came to see the power of python .
learning python is very easy , all you needs to do is replace any script you are about to write in bash with python .
Yes I know its easier to just write it in Bash , but believe me after a very short period of time it would feel as if you have no need for Bash
of course python can do much more then just scripts , but one step at a time đŸ™‚