I hereby claim:
- I am inliniac on github.
- I am inliniac (https://keybase.io/inliniac) on keybase.
- I have a public key whose fingerprint is 1DBF 0366 7457 EB6A ED9E 0DF9 C1F4 95E3 9268 56B4
To claim this, I am signing this object:
Victor Julien inliniac
inliniac
/ segments.yaml
Created
January 27, 2017 08:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| segments: | |
| - size: 4 | |
| prealloc: 256 | |
| - size: 16 | |
| prealloc: 512 | |
| - size: 112 | |
| prealloc: 512 | |
| - size: 248 | |
| prealloc: 512 | |
| - size: 512 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function init (args) | |
| local needs = {} | |
| needs["protocol"] = "smtp" | |
| return needs | |
| end | |
| function setup (args) | |
| smtp = 0 | |
| filename = SCLogPath() .. "/smtp-lua.log" | |
| SCLogInfo(filename); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function init (args) | |
| local needs = {} | |
| needs["protocol"] = "smtp" | |
| return needs | |
| end | |
| function setup (args) | |
| smtp = 0 | |
| filename = SCLogPath() .. "/smtp-lua.log" | |
| SCLogInfo(filename); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function init (args) | |
| local needs = {} | |
| needs["tls"] = tostring(true) | |
| return needs | |
| end | |
| function match(args) | |
| sni = TlsGetSNI(); | |
| if sni == nil then | |
| return 0 |
inliniac
/ keybase.md
Created
September 26, 2014 07:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function init (args) | |
| local needs = {} | |
| needs["protocol"] = "http" | |
| return needs | |
| end | |
| function setup (args) | |
| sqlite3, errmsg = require("lsqlite3") | |
| db = sqlite3.open_memory() | |
| db:exec[[CREATE TABLE headers (id INTEGER PRIMARY KEY, header);]] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "network": { | |
| "servers": [ "x.x.x.x:5043" ], | |
| "ssl certificate": "./lumberjack.pub", | |
| "ssl key": "./lumberjack.key", | |
| "ssl ca": "./lumberjack.pub" | |
| }, | |
| "files": [ | |
| { | |
| "paths": [ "/var/log/suricata/eve.json" ], |
inliniac
/ Print unique request header names
Created
March 19, 2014 17:53
Lua output scripts for Suricata
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function init (args) | |
| local needs = {} | |
| needs["protocol"] = "http" | |
| return needs | |
| end | |
| function setup (args) | |
| sqlite3, errmsg = require("lsqlite3") | |
| db = sqlite3.open_memory() | |
| db:exec[[CREATE TABLE headers (id INTEGER PRIMARY KEY, header);]] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| lumberjack { | |
| # The port to listen on | |
| port => 5043 | |
| # The paths to your ssl cert and key | |
| ssl_certificate => "/etc/logstash/pki/lumberjack.pub" | |
| ssl_key => "/etc/logstash/pki/lumberjack.key" | |
| # Set this to whatever you want. |
inliniac
/ htp events
Created
October 1, 2013 11:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| static int HTPCallbackRequest(htp_tx_t *tx) { | |
| SCEnter(); | |
| HtpState *hstate = htp_connp_get_user_data(tx->connp); | |
| if (hstate == NULL) { | |
| SCReturnInt(HTP_ERROR); | |
| } | |
| SCLogDebug("transaction_cnt %"PRIu64", list_size %"PRIu64, | |
| hstate->transaction_cnt, HTPStateGetTxCnt(hstate)); |