-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathwhitebox_testing.cheat
More file actions
94 lines (67 loc) · 11.6 KB
/
Copy pathwhitebox_testing.cheat
File metadata and controls
94 lines (67 loc) · 11.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
% whitebox web testing for exploits, source code review
# Codex-assisted review workflow ideas adapted from 0xABCD01/codex-skills:
# https://github.com/0xABCD01/codex-skills
$ wordlist: locate whitebox-wordlists | grep '\.txt' | sort -u
$ blacklist: locate blacklist | grep '\.txt' | sort -u
$ source_file: find . -type f | grep -v '/\.git/' | sort
$ package_file: find . -maxdepth 3 -type f \( -name package.json -o -name pyproject.toml -o -name requirements.txt -o -name go.mod -o -name Cargo.toml -o -name composer.json \) | sort
$ migration_file: find . -type f \( -name alembic.ini -o -name manage.py -o -name schema.prisma -o -name knexfile.js -o -path '*/db/migrate/*' \) | sort
$ regex: printf '%s\n' '\\.js$|\\.html$|vendor|/\\.git'
$ bug_description: printf '%s\n' 'describe the bug here'
# repo scan
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ coreutils ]' -c cat <wordlist> | while read -r line; do echo "current statement: $line"; grep --color -inR --fixed-strings "$line"; done
# find all files in current workdirectory with blacklist on `.js .html .md .lock .json .log *vendor* */.git*` and filter on wordlist.
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ findutils ]' -c find . -type f -exec grep -Iq . {} \; -print | grep -iv '\.js$\|\.html$\|\.md$\|\.lock$\|\.json$\|\.log$\|vendor\|\/\.git' | while read -r file; do results=$(grep -i --fixed-strings -f <wordlist> "$file"); if [ -n "$results" ]; then echo -e "results in file: $file:"; grep --color -in --fixed-strings -f <wordlist> "$file"; else echo "no results found in file: $file"; fi; done
# find all files in current workdirectory with blacklist files on `regex` and filter on wordlist.
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ findutils ]' -c find . -type f -exec grep -Iq . {} \; -print | grep -iv '<regex>' | while read -r file; do results=$(grep -i --fixed-strings -f <wordlist> "$file"); if [ -n "$results" ]; then echo -e "results in file: $file:"; grep --color -in --fixed-strings -f <wordlist> "$file"; else echo "no results found in file: $file"; fi; done
# find all files in current workdirectory with blacklist as wordlist and filter(s) as a wordlist
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ findutils ]' -c find . -type f -exec grep -Iq . {} \; -print | grep -ivf <blacklist> | while read -r file; do results=$(grep -i --fixed-strings -f <wordlist> "$file"); if [ -n "$results" ]; then echo -e "results in file: $file:"; grep --color -in --fixed-strings -f <wordlist> "$file"; else echo "no results found in file: $file"; fi; done
# codex quick fix workflow for a single bug
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ codex ]' -c codex exec "Fix this bug with the smallest correct change. First read the error and the target file with about 20 lines of context. Do not refactor unrelated code. Add or run the narrow relevant test, then run the broader suite if it exists. Bug: <bug_description>"
# codex source review workflow for uncommitted changes
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ codex ]' -c codex exec "Review all uncommitted changes before push. Show changed files, inspect the diff, grep for hardcoded secrets, shell injection, SQL injection, unsafe deserialization, and path traversal. Then check correctness risks, edge cases, debug leftovers, and test coverage. Finish with critical findings, warnings, suggestions, and test status."
# codex dependency audit workflow
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ codex ]' -c codex exec "Audit project dependencies. Detect the package manager from <package_file>. Check vulnerabilities, outdated packages, unused dependencies, and missing imports. Separate critical/high issues from low-risk updates and list exact upgrade commands for important fixes."
# codex test writer workflow for one source file
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ codex ]' -c codex exec "Write tests for <source_file>. Detect the test framework, read existing tests for style, read the source fully, cover public functions, branches, error paths, and edge cases. Run the narrow tests and report what passed or failed."
# codex refactor safety workflow
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ codex ]' -c codex exec "Refactor <source_file> without changing behavior. Run baseline tests first. If they already fail, stop and report. Make a small plan, apply the refactor, run the same tests again, and report any changed pass/fail count."
# codex CI failure workflow
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ codex ]' -c codex exec "Fix the failing CI. Use gh run list --limit 5, inspect the most recent failed run with gh run view --log-failed, find the first real error, fix the smallest related code/config issue, run the same check locally, then report whether it is ready to push."
# codex migration review workflow
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ codex ]' -c codex exec "Create or review a database migration for <migration_file>. Detect the ORM, read recent migrations for style, ensure upgrade and rollback are both defined, avoid drop-and-recreate for renames, name indexes, run the migration, then run rollback."
# quick diff security grep before deeper review
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ git ]' -c git diff HEAD | grep -iE 'api_key|secret|password|token|private_key' | grep -v test | grep -v example
# shell injection grep before deeper review
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ git ]' -c git diff HEAD | grep -E 'os\.system\(|subprocess.*shell=True|exec\(|eval\('
# SQL injection grep before deeper review
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ git ]' -c git diff HEAD | grep -E "execute\(f['\"]|\.format\(.*SELECT|\.format\(.*INSERT|raw\(.*\+"
# unsafe deserialization grep before deeper review
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ git ]' -c git diff HEAD | grep -E 'pickle\.loads?\(|yaml\.load\([^)]*$|marshal\.loads?\('
# path traversal grep before deeper review
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ git ]' -c git diff HEAD | grep -E 'open\(.*\+|send_file|send_from_directory|os\.path\.join.*request|Path\(.*request'
# find likely authz/authn decision points
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ ripgrep ]' -c rg -n --hidden -g '!.git/**' -i 'is_admin|is_staff|role|permission|authorize|authenticate|jwt|session|csrf|tenant|owner|account_id|user_id'
# find likely injection sinks
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ ripgrep ]' -c rg -n --hidden -g '!.git/**' 'exec\(|eval\(|subprocess|os\.system|popen|raw\(|execute\(|innerHTML|dangerouslySetInnerHTML|template\(|Handlebars|render_template_string'
# find likely SSRF and file read sinks
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ ripgrep ]' -c rg -n --hidden -g '!.git/**' -i 'requests\.|httpx\.|urllib|fetch\(|axios|curl|open\(|readFile|send_file|download|urlparse|redirect'
# check php info while in cli
printf '%b\n' '\74?php echo phpinfo(); ?\76' | php -- -
# set mysql sql logging to verbose with profile file
echo -e '[mysqld]\nlog_error=/var/log/mysql/mysql_error.log\ngeneral_log_file=/var/log/mysql/mysqld.log\ngeneral_log=1\n\n[mysqld_safe]\nlog_error=/var/log/mysql/mysql_error.log' | tee /etc/mysql/conf.d/enable_debugger.cnf
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ systemd ]' -c systemctl restart mysql;
echo -e "use the following commands to tail the logs you just enabled:\ntail -F /var/log/mysql/mysql_error.log\nand:\ntail -F /var/log/mysql/mysqld.log"
# set mysql sql logging to verbose cli (excluding log_error it's a RO variable)
echo -e "SET global general_log_file='/var/log/mysql/mysqld.log'; \nSET global log_output = 'file';\nSET global general_log = on;" | mysql -u root -p
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ systemd ]' -c systemctl restart mysql
echo "use the following command to tail the log you just enabled:\ntail -F /var/log/mysql/mysqld.log\nand test it with\necho 'select 1' | mysql -u root -p"
# set postgres logging and tail the file
settings_loc=$(echo /etc/postgresql/*/main | tail -n1)
log_loc=/var/log/postgresql
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ coreutils ]' -c cp $settings_loc/postgresql.conf $settings_loc/postgresql.conf.$(date --rfc-3339=seconds | sed 's/[ |+|:|-]//g').bak
echo -e "log_destination = 'stderr'\nlogging_collector = on\nlog_directory = '$log_loc'\nlog_filename = 'postgresql_%Y%m%d.log'\nlog_rotation_age = 1d\nlog_rotation_size = 2000MB\nlog_min_duration_statement = -1\nlog_connections = on\nlog_duration = on\nlog_hostname = on\nlog_line_prefix = '%t [%p] %q%d@%u, %h, %a, %l '\nlog_statement = 'all'\nlog_timezone = 'Europe/Vienna'" | tee -a $settings_loc/postgresql.conf
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ coreutils ]' -c chown postgres:postgres $settings_loc/postgresql.conf
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ systemd ]' -c systemctl restart postgresql
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ coreutils ]' -c sleep 1 && echo 'select 1' | sudo -u postgres psql >/dev/null 2>/dev/null &
nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ coreutils ]' -c tail -F $log_loc/postgresql_$(date --rfc-3339=date | sed 's/[ |+|:|-]//g').log