This is a cheatsheet I use for Ghidra scripting.
NOTE: Some of these functions use each other 😄
def get_bytes(address, size):
c3rb3ru5d3d53c
/ mitmpcap
Created
June 19, 2022 11:06
MITMPcap - A Script that allows you to capture pcaps with TLS secrets for later analysis in Wireshark
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| DARKGREEN=$'\e[00;32m' | |
| GREEN=$'\e[01;32m' | |
| TEAL=$'\e[00;36m' | |
| DARKGREY=$'\e[01;30m' | |
| CYAN=$'\e[01;36m' | |
| LIGHTGREY=$'\e[00;37m' | |
| RED=$'\e[00;31m' | |
| PINK=$'\e[01;31m' |
c3rb3ru5d3d53c
/ mitmhttp
Last active
October 21, 2024 01:04
mitmhttp - a simple mitmproxy http redirector tool
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| DARKGREEN=$'\e[00;32m' | |
| GREEN=$'\e[01;32m' | |
| TEAL=$'\e[00;36m' | |
| DARKGREY=$'\e[01;30m' | |
| CYAN=$'\e[01;36m' | |
| LIGHTGREY=$'\e[00;37m' | |
| RED=$'\e[00;31m' | |
| PINK=$'\e[01;31m' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| import struct | |
| try: | |
| import pefile | |
| except ImportError or ModuleNotFoundError: | |
| print('missing pefile module', file=sys.stderr) | |
| sys.exit(1) | |
| import pickle |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // LNK Data Structures | |
| // https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-showwindow | |
| enum SHOWCOMMAND : u16 { | |
| SW_HIDE = 0x0000, | |
| SW_SHOWNORMAL = 0x0001, | |
| SW_SHOWMINIMIZED = 0x0002, | |
| SW_SHOWMAXIMIZED = 0x0003, | |
| SW_SHOWNOACTIVATE = 0x0004, | |
| SW_SHOW = 0x0005, |
c3rb3ru5d3d53c
/ get_ghidra_manuals.py
Created
August 27, 2022 19:21
— forked from alexmaloteaux/get_ghidra_manuals.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python3 | |
| import os, sys | |
| #import requests | |
| from urllib import request | |
| import traceback | |
| from shutil import copyfile | |
| from hashlib import md5 | |
| import binascii |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule pikabot_0 { | |
| meta: | |
| author = "@c3rb3ru5d3d53c" | |
| description = "Detects PikaBot" | |
| created = "2023-03-02" | |
| tlp = "white" | |
| rev = 1 | |
| strings: | |
| $trait_0 = { | |
| 8d 85 ?? ?? ?? ?? 89 b5 ?? ?? ?? ?? 50 8d 85 ?? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # pip install malduck | |
| import re | |
| import argparse | |
| from malduck import lznt1, rc4 | |
| __version__ = '1.0.0' | |
| __author__ = '@c3rb3ru5d3d53c' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Find YARA Matches | |
| #@author @c3rb3ru5d3d53c | |
| #@category YARA | |
| #@keybinding | |
| #@menupath | |
| #@toolbar | |
| import yara | |
| from dataclasses import dataclass |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # AI Helper powered by ollama AI and piper TTS | |
| # Author: @c3rb3ru5d3d53c | |
| # Requires: ffplay, ollama and piper | |
| # ollama: https://github.com/jmorganca/ollama | |
| # piper : https://github.com/rhasspy/piper | |
| # start ollama first with ollama serve | |
| # Global Variable Configuration |