Skip to content

Instantly share code, notes, and snippets.

View ret2src's full-sized avatar
🧉
Probably drinking Mate or Guayusa

ret2src ret2src

🧉
Probably drinking Mate or Guayusa
3 followers · 4 following
View GitHub Profile
@mgeeky
mgeeky / smtpAudit.py
Last active April 2, 2024 09:47
SMTP Black-Box configuration audit / penetration testing tool - able to parse SPF/DKIM/Banner, test for Open-Relaying, test SSL/TLS enforcement and verify other common misconfigurations.
#!/usr/bin/python3
#
# SMTP Server configuration black-box testing/audit tool, capable of auditing
# SPF/Accepted Domains, DKIM, DMARC, SSL/TLS, SMTP services, banner, Authentication (AUTH, X-EXPS)
# user enumerations (VRFY, EXPN, RCPT TO), and others.
#
# Currently supported tests:
# 01) 'spf' - SPF DNS record test
# - 'spf-version' - Checks whether SPF record version is valid
# - 'all-mechanism-usage' - Checks whether 'all' mechanism is used correctly
@atoponce
atoponce / gist:07d8d4c833873be2f68c34f9afc5a78a
Last active September 7, 2024 18:11 — forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from