Created
August 15, 2014 17:51
-
-
Save Aenigma/5e590c7dbc08dc045be0 to your computer and use it in GitHub Desktop.
Scripts!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| setlocal EnableDelayedExpansion | |
| set blacklistdir=blacklists | |
| set reportsdir=reports | |
| set blacklists= | |
| for %%f in (%blacklistdir%/*) do ( | |
| echo Searching %blacklistdir%/%%f ... | |
| set blacklists=%%blacklists %blacklistdir%/%%f | |
| ) | |
| echo %blacklists% | |
| findstr /L /G:%blacklistdir%/%%f |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -AssemblyName System.Core | |
| $reportsPath = "reports" | |
| $blacklistsPath = "blacklists" | |
| $subjectRegex = "subject" | |
| $attachmentRegex = "attachment\.csv" | |
| $blacklists = (Get-ChildItem -Path $blacklistsPath) | | |
| Foreach-Object {$_.FullName} | |
| $reports = (Get-ChildItem -Path $reportsPath) | | |
| Foreach-Object {$_.FullName} | |
| function New-Blacklist($url) { | |
| <# | |
| #> | |
| $wb = New-Object Net.WebClient | |
| $str = $wb.DownloadString($url) | |
| $strarr = $str -split '[\r\n]' |? {$_} | |
| $ips = New-Object System.Collections.ArrayList | |
| foreach($line in $strarr) { | |
| if($line -match "^((\d+)\.(\d+)\.(\d+)\.(\d+))") { | |
| #Write-Host $matches[2] $matches[3] $matches[4] $matches[5] | |
| $bytearr = [byte[]]([Byte]::Parse($matches[2]), | |
| [Byte]::Parse($matches[3]), | |
| [Byte]::Parse($matches[4]), | |
| [Byte]::Parse($matches[5]) | |
| ) | |
| $ip = (New-Object System.Net.IPAddress (,$bytearr)).ToString() | |
| $ips.Add($ip) | Out-Null | |
| } | |
| } | |
| return $ips | |
| } | |
| function New-PreconfiguredBlacklistSet() { | |
| $urls = ( | |
| "http://www.dshield.org/ipsascii.html", | |
| "http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt", | |
| "https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist" | |
| ) | |
| $ips = new-object 'System.Collections.Generic.HashSet[String]' | |
| foreach($url in $urls) { | |
| New-Blacklist($url) | foreach { | |
| $ips.add($_) | Out-Null | |
| } | |
| } | |
| return $ips | |
| } | |
| function New-BlacklistReport { | |
| function findMatchesFile([String[]]$reports, [String[]]$blacklists) { | |
| foreach ($report in $reports) { | |
| $results = findstr /L /G:$report $blacklists | |
| if ($results) { | |
| Write-Host "Found matches in $report :" | |
| foreach($line in $results) { | |
| Write-Host "`t$line" | |
| } | |
| } | |
| } | |
| } | |
| function findMatches([String[]]$reports, [System.Collections.Generic.HashSet[string]]$blacklists) { | |
| [String[]]$results = @() | |
| foreach ($report in $reports) { | |
| Import-Csv $report | ForEach-Object { | |
| #$ip = [System.Net.IPAddress]::Parse($_."Dest IP") | |
| $ip = $_."Dest IP" | |
| if($blacklists.Contains($ip)) { | |
| Write-Host "$($report):$($_."Dest IP")" | |
| $results = $results + "$($report):$($_."Dest IP")" | |
| } | |
| } | |
| } | |
| return $results | |
| } | |
| function Get-OutlookLogs() { | |
| $outlook = New-Object -ComObject outlook.application | |
| $mapi = $outlook.getNamespace("MAPI") | |
| $folder = $mapi.PickFolder() | |
| Write-Debug "Going into Outlook Folder: $($folder.name)" | |
| foreach($mail in $folder.items) { | |
| if($mail.Subject -match $subjectRegex) { | |
| Write-Debug "Looking at email with subject: $($mail.Subject)@$($mail.ReceivedTime)" | |
| foreach($attachment in $mail.Attachments) { | |
| if($attachment.filename -match $attachmentRegex) { | |
| Write-Debug "Saving attachment as $($reportsPath)\$(timeStamp $mail.ReceivedTime).csv" | |
| $attachment.SaveAsFile("$($reportsPath)\$(timeStamp $mail.ReceivedTime).csv") | |
| } | |
| } | |
| } | |
| } | |
| } | |
| function timeStamp([DateTime]$d) { | |
| $d = $d.ToUniversalTime() | |
| return "$($d.Year.ToString("D4"))-$($d.Month.ToString("D2"))-$($d.Day.ToString("D2"))T$($d.Hour.ToString("D2"))$($d.Minute.ToString("D2"))$($d.Second.ToString("D2"))Z" | |
| } | |
| function buildBlackListSetFiles([String[]]$blacklists) { | |
| $hs = new-object 'System.Collections.Generic.HashSet[string]' | |
| foreach ($blacklist in $blacklists) { | |
| Import-Csv -Header ("IP") $blacklist | ForEach-Object { | |
| [void]($hs.Add($_.IP)) | Out-Null | |
| } | |
| } | |
| $hs.remove($null) | Out-Null | |
| return [System.Collections.Generic.HashSet[string]]$hs | |
| } | |
| Get-OutlookLogs | |
| $hs = New-PreconfiguredBlacklistSet | |
| findMatches $reports $hs | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $file = "dnsreport.csv" | |
| $lines = @() | |
| #$lines = New-Object System.Collections.ArrayList\ | |
| Import-Csv $file | ForEach-Object { | |
| $domain = "" | |
| $obj = "" | |
| Try { | |
| $domain = [System.Net.Dns]::GetHostByAddress($_."Dest IP") | |
| } Catch { | |
| } Finally { | |
| New-Object PSObject -Property @{"Attempts" = $_.Attempts; "Src IP" = $_."Src IP"; "Dest IP" = $_."Dest IP"; "Dest Port" = $_."Dest Port"; "Protocol" = $_."Protocol"; "Domain" = $domain.HostName} | |
| } | |
| } | Export-Csv "dnsreport2.csv" -NoTypeInformation | |
| Write-Host "Done" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT [CVE],[DNSName],[NetBIOSName],[IP],[OS] | |
| FROM [Test_VUL].[dbo].[SIHMainTable] | |
| WHERE [CVE] IN | |
| (SELECT [CVE] | |
| FROM [Test_VUL].[dbo].[SIHMainTable] | |
| GROUP BY [CVE] | |
| HAVING COUNT(*) < 500) | |
| AND NOT LOWER([Description]) LIKE '%java%' | |
| AND [DateAdded] >= '2014-07-04' | |
| AND [CVSSBaseScore] >= 10 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Read-CVE() { | |
| $file = "data.csv" | |
| Import-Csv $file | ForEach-Object { | |
| Write-Host "OR [CVE]='$($_."CVE #")'" | |
| } | |
| } | |
| function ReDo-Dates() { | |
| $file = "results.csv" | |
| Import-Csv $file | ForEach-Object { | |
| $d = [DateTime]::Parse($_.DateAdded) | |
| $date = "$($d.Month.ToString("D2"))/$($d.Day.ToString("D2"))/$($d.Year.ToString("D4"))" | |
| New-Object PSObject -Property @{"CVE" = $_.CVE; "DNSName" = $_.DNSNAME; "NetBIOSName" = $_.NetBIOSName; "IP" = $_.IP; "OS" = $_.OS; "DateAdded" = $date} | |
| } | Export-Csv "results2.csv" -NoTypeInformation | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Send-OutlookMessage { | |
| <# | |
| .SYNOPSIS | |
| Send an email using Outlook | |
| .EXAMPLE | |
| Send-OutlookMessage -Subject "Test Subject" -Body "Hello, friend!" -To "[email protected]" | |
| #> | |
| param([string]$Subject, [string]$Body, [string]$To) | |
| $o = New-Object -com Outlook.Application | |
| $mail = $o.CreateItem(0) | |
| $mail.subject = $Subject | |
| $mail.body = $Body | |
| $mail.To = $To | |
| $mail.Send() | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment