averagesecurityguy’s gists

averagesecurityguy / gist:b1da5a63a75a4aed3804

Created December 12, 2014 17:25

Odd DNS Behavior

	When I do a dig for googleusercontent.com I don't get an answer. If I specify the DNS server IP address I do get an answer. Not sure what is happening but curl and Python cannot resolve the address while the browser can. Any ideas?

	$ dig googleusercontent.com

	; <<>> DiG 9.8.3-P1 <<>> googleusercontent.com
	;; global options: +cmd
	;; Got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23113
	;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

averagesecurityguy / Makefile

Last active January 15, 2023 09:44

Cython Shell Example

	CC=gcc
	INCLUDE=/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7
	LINK=python2.7
	FILE=shell

	$(FILE): $(FILE).c
	$(CC) $(FILE).c -I$(INCLUDE) -l$(LINK) -o $(FILE)

	$(FILE).c:
	cython --embed $(FILE).pyx

averagesecurityguy / ec2_masscan_conf.py

Created February 4, 2015 00:37

Generate a masscan configuration file for the EC2 IP address ranges.

	import requests

	resp = requests.get('https://ip-ranges.amazonaws.com/ip-ranges.json')
	ranges = resp.json()

	sync = ranges['syncToken']
	ec2 = [r['ip_prefix'] for r in ranges['prefixes'] if r['service'] == 'EC2']

	with open('ec2.conf', 'wb') as f:
	f.write('EC2 Masscan Configuration.\n'.encode('utf-8'))

averagesecurityguy / gist:1fb34475ff0c89f937f4

Created March 10, 2015 16:00

SecurityCenter File Upload Example

averagesecurityguy / bust.sh

Last active August 29, 2015 14:22

Gobuster and Fuzzdb

	#!/bin/sh

	if [ "$#" -ne 1 ]; then
	echo "Usage: bust.sh URL"
	exit 1
	fi


	APPTEST_DIR="/Users/shaywood/apptest"
	DISC="$APPTEST_DIR/fuzzdb/discovery/PredictableRes"

averagesecurityguy / send.py

Created October 7, 2015 03:45

Scapy Issue

	from scapy.all import *

	http = IP(dst="10.0.2.15)/TCP(dport=80)/"GET /index.html HTTP/1.0\r\n\r\n"
	send(http)
	sendp(http, iface="eth0")

averagesecurityguy / csrf.py

Created October 14, 2015 20:33

Burp Extension to Extract CSRF Token from Response and Insert it into Next Request

	# I was testing a web app recently where each POST request updated the session cookie
	# and generated a new CSRF token in a hidden input field in the body of the response.
	# By default, Burp's Session handling rules will only use the cookie jar for Spider
	# and Scanner. I modified the rules to use the cookie jar for Intruder and Repeater
	# as well. In addition, Burp will only update the cookie jar from Proxy and Scanner
	# so I had to allow Repeater, Spider, and Intruder to update the cookie jar as well.
	# This allowed me to use a fresh cookie with each request as required by the app.
	#
	# To get a fresh CSRF token with each request I had to write an extension. The
	# extension processes any responses that it receives from any tool except Proxy and

averagesecurityguy / handshake.py

Last active October 19, 2015 03:37

Scapy WTF???

	# The goal of this script is to complete a three-way handshake with a netcat listener on port 8888. Tcpdump
	# shows the SYN packet being sent but I'm getting a RST/ACK instead of a SYN/ACK packet from netcat. I've
	# configured Iptables to drop any RST packets where the source and destination are the same as the server's
	# IP address, but the output from iptables -L -nv shows the rule is not being hit. Any ideas what is going on?
	#
	# I think I've decided that scapy is good for processing pcaps or gathering stats while sniffing traffic but
	# for actually sending packets, it sucks. I know I can create the socket with Python and use the stream with
	# Scapy but I really don't want to do that.

	# Suppress Scapy IPv6 warning

averagesecurityguy / html_structure_hash.py

Created November 2, 2015 17:44

Calculate Hashes for HTML Structure

averagesecurityguy / axfr.py

Created January 28, 2016 21:43

Simple Python script to do an AXFR against every name server in a domain.

Stephen Haywood averagesecurityguy