Night Hour

Reading under a cool night sky ... 宁静沉思的夜晚 ...
Ideas lightbulbs

Projects

Here are some of the mini projects, code and scripts that I have put up on Github. They are either public domain or under opensource licenses. Feel free to use these if you find them useful. You can reach me via the contact form if you have any queries.

The code commits are all digitally signed. You can obtain a copy of my public key here. The key fingerprint is

D6CF A4C1 A583 9EE9 4B35 FA5C 6630 4AB6 B513 02D4

Instructions on how to verify the digital signature of the git commit is available here.

这是一些我所开发的代码项目,每个都是使用开源许可证, 您可随意使用。 这里的软件项目都有数字签名。 您可用上述的 gpg key 来确认。

A Simple Json Parser

https://github.com/ngchianglin/SimpleJsonParser

This is a java based json parser that I have coded while learning more about how parsing and parsers work. It is based on the json format description at https://json.org/ . My intention is to use this for a java web application project without relying on external third party libraries. It is a basic parser that does only JSON parsing, it doesn't support serialization or deserialization of objects, hence avoiding JSON deserialization attacks. Its simplicity reduces the attack surface.

这是个 java json 解析器程序, 是我在学习解析器的功能时所开发的。 这程序是依照 https://json.org 的 json 格式开发的。 Java 应用程序可使用这 Json 解析器, 不需要依赖其他第三方应用程序。 这解析器很简略, 只处理 JSON 解析, 也没有对象序列化,反序列化的功能。 这减少了攻击面, 使运用时更安全。

Perl scripts to manage Postfix/Dovecot email accounts

https://github.com/ngchianglin/Postfix_Dovecot_VPS_Scripts

The perl scripts here may be useful to system administrators, devops engineers or anyone who manage a Postfix/dovecot mail server setup using flat files (without sql). I am using these to manage email accounts for nighthour.sg domain. The entire Postfix/dovecot mail server is hosted in a DigitalOcean droplet.

这里的 perl 脚本对系统管理员, Devops 工程师, 或则任何使用 Postfix/dovecot 邮件服务器者都可能有所帮助。 Postfix/dovecot 邮件服务器是用平面文件, 没有 sql 的设置。 我本身用这些 perl 脚本来管理 nighthour.sg 的电子邮件帐户。 整个 Postfix/dovecot 主机运用 DigitalOcean droplet.

A Finite state based Php Rate Limiter

https://github.com/ngchianglin/PhpRateLimiter

A simple Php rate limiter that can be used to defend against automated bot spamming or limit access to web resources. Refer to this article Creating a Finite State Php Rate Limiter for details on how this can be used. Rate limiting can be a useful tool for web security.

使用有限状态的 Php 速率限制软件. 它依靠 mariadb 资料库来存储使用时的资料。 这软件可用来防止 BOT 滥发和过度使用网络资源。 速率限制是一个有用的网络安全工具。

Protostar Exploit Exercise - Stack Smashing

https://github.com/ngchianglin/ProtostarExercises

C programs to exploit the buffer/stack overflow of exploit exercise protostar stack0, stack3, stack4, stack5. There is also a nasm shellcode and a perl utility to extract out intel machine code output by objdump. This code is provided and to be used for educational purpose only. Computer misuse is a serious crime in Singapore and other countries, punishable by law. Refer to this article Exploring Buffer Overflow and Stack Smashing for details.

C 软件, 可用来学习, 练习 Protostar‘s 缓冲区溢出的练习题。 滥用计算机是违法的。 这软件和上述文章只用于学习,请勿滥用。

UDP Token Bucket Rate Limit Server

https://github.com/ngchianglin/UDPTokenBucketServer

A UDP server implemented in C that uses Token Bucket Algorithm to serve out rate limiting "tokens" to clients such as web application or script. This is an improvement over an earlier Php rate limiter that relies on Mariadb database. It uses in memory storage much like Redis or Memcache. This improves performance, furthermore it is a simple custom application that has only one purpose, hence reducing overheads. Refer to this article Building a UDP Token Bucket Rate Limit Server for more details.

令牌桶算法 C UDP 服务器软件, 可用于速率限制。 这是对之前的 Php 速率限制软件的改进。 这 C UDP 服务器软件使用在内存中存储就像 Redis 或 Memcache, 能提供更快的服务。 而且它只有单一的功能,就是速率限制。 这可以减少不必要的开销。

Farmer Wolf Cabbage Sheep River Crossing Puzzle

https://github.com/ngchianglin/FarmerWolfSheepCabbageRiverCrossing

A simple java program that solves the Farmer, Wolf, Cabbage, Sheep river crossing puzzle. It utilizes both breadth first and iterative depth first graph search. Refer to this article Farmer Wolf Cabbage Sheep River Crossing Puzzle for more details.

一个简单的 java app, 用来解决 农夫,狼,白菜和羊, 过河的问题。程序使用广度优先图搜索和迭代深度优先图搜索的方式。

Nginx Response Body Filter Module

https://github.com/ngchianglin/NginxHtmlHeadFilter

An nginx module that filter HTTP responses containing html text. The filter insert a text string after <head> tag. For example, adding a monitoring script to a website without having to change the source code. Refer to this article Writing an Nginx Response Body Filter Module for more details.

Nginx的滤波器模块, 模块可在 Html HTTP response <head> 标记后, 增添一个文本。 这可增添一个监控脚本而不需要更改网站的程序。

A Client-Side Javascript and Google App Engine Application to Monitor Web Changes

https://github.com/ngchianglin/WebMonitor

This is a simple monitoring application that can detect web changes for static content. It can be useful for detecting website defacements or unauthorized content changes. The monitoring makes use of client-side javascript that is embedded into the content to be monitored. The script communicates with an App Engine application which will send out email alerts if changes are detected. The application can also instruct the client-side script to redirect the browser to a specific error page if changes are detected. This application help to improve web security. Refer to this article Detecting Web Defacements using Javascript and Google App Engine for more details.

这是个网络监控,网络保安软件。 它使用客户端的 JavaScript 与在谷歌应用引擎 (Google App Engine)运行的 JSP/Servlet 应用软件,来监控网页。 一旦网页有未经授权的更改,软件就会发出提醒邮件。 客户端的 JavaScript 也能重定向到特定的错误页面。 这可以防止网页涂改, 加强网络安全。

Nginx Content Filter Module that can block sensitive data

https://github.com/ngchianglin/NginxContentFilter

This is an Nginx filter module that uses pcre regular expression to scan HTTP response body. The regular expressions are specified through Nginx configuration directive. Regex expression that match for sensitive data like Singapore NRIC numbers, mobile numbers, email addresses etc... can be configured together with a threshold for the number of matches. When matches are detected, the filter module can send a blank page instead of the original content. Alert messages are also sent to the Nginx log. Refer to the github page for more information on the installation and setup.

This module is based on a fork of Weibin Yao , Nginx substitution module. Weibin Yao's module is available at this https://github.com/yaoweibin/ngx_http_substitutions_filter_module

这是个 Nginx 滤波器模块, 使用 pcre 正则表达式匹配来过滤 HTTP 响应体. 一旦有匹配被发现, 它可以阻挡原始的 HTTP 内容, 另外发出空白页. 模块也会发出 Nginx 警报日志. 正则表达式可用来匹配敏感数据, 例如新加坡身份证号码,手机号码, 电子邮件地址等等.. 正则表达式与匹配数字门槛可以通过 Nginx 配置指令输入. 您可浏览上述的 github 网址. 这模块代码的基础是从 Weibin Yao’s Nginx substitution module 分叉来的。 模块可以帮助加强应用程序安全.

Vulnerable Mama Shop

https://github.com/ngchianglin/VulnerableMamaShop

Vulnerable Mama Shop is a simple web store running on LAMP stack that contains a SQL injection vulnerable. It can be built and run as a Docker container. The vulnerable application can be used to learn and practice SQL injection. Refer to the article Learning SQL Injection using Vulnerable Mama Shop. Knowing offensive techniques can help IT defenders protect critical web assets.

易受攻击的妈妈商店, 这是个有SQL注入漏洞的应用程序。 它使用 linux, apache2 httpd, php 和 mariaDB(LAMP stack). 用 Docker container 来包装运行。 这个应用程序 可用来学习SQL注入。 了解SQL注入漏洞可以帮助 IT 保卫者来保护重要网络系统。

Replacing and Updating Html files using BeautifulSoup

https://github.com/ngchianglin/BeautifulSoupHTMLReplace

Simple python3 scripts that use BeautifulSoup library to parse and replace a specific text in html files. There is also a python3 script that can check for broken html links. Refer to the article Replacing and Updating Html files using BeautifulSoup.

一些简单的 python3 脚本。 脚本使用BeautifulSoup软件库来分析html。 它们可替换 html 文件里的具体文字。 另一个脚本可检查 html 文件, 找到终断的 html 链接。

Developing an Nginx URL Whitelisting Module

https://github.com/ngchianglin/ngx_http_uri_whitelist_module

A simple nginx module that block access to URL unless it is explicitly whitelisted. This is useful for protecting web applications and websites. For instance, it can be used to block access to administrative urls, it can block access to files that are accidentally uploaded. Refer to the article Developing an Nginx URL Whitelisting Module.

简单的 nginx 网址白名单模块, 它可阻止随意访问网站网址。 网址必须先加入白名单后才可以被用户连接或访问。 这可防止管理接口随意被用户访问,或访问意外上传的文件 。这模块可以增加网站的安全。