Skip to content

Instantly share code, notes, and snippets.

View colehocking's full-sized avatar

Cole Hocking colehocking

30 followers · 26 following
  • Colorado
View GitHub Profile
@colehocking
colehocking / transparentpng.sh
Created April 14, 2026 22:27
Turn a jpg to png and make the background transparent
#!/bin/bash
# Turn a jpg to png & make the background transparent
# Can also be png to png
# -- Cole Hocking
# -----------------------------------------------------------------------------
# Verify Homebrew installation for package management
# Docs: https://brew.sh/
@colehocking
colehocking / monochrome.sh
Created April 3, 2026 23:10
Convert an image to monochrome
#!/bin/bash
# Turn any image to monochrome
# -- Cole Hocking
# -----------------------------------------------------------------------------
# Verify Homebrew installation for package management
# Docs: https://brew.sh/
go_brew() {
echo "Checking for Homebrew package management tool..."
@colehocking
colehocking / pcapture.sh
Created February 4, 2026 15:46
Capture packets from host via tcpdump if Nmap shows certain ports are open
#!/bin/bash
# grab pcaps from nmap results with specific ports open
# Current example is TCP/21-23
# Ports can be modified in bad_ports() array
# usage: ./pcapture.sh <nmap_result_file.txt>
# input from nmap scans
HOSTFILE="$1"
# name pcap file same as input, but .pcap
@colehocking
colehocking / extractIOCs.sh
Created May 19, 2025 16:03
Why Would you put IOCs in a PDF?
#!/bin/bash
# Extract a line-separated list of DNS and IPv4 IOCs from a pdf
# Assumes the IOCs are "fanged" and de-fangs them
# requires pdftotext application
# -- Cole Hocking
PDF_FILE="$1"
# Reference text file with same basename
FILENAME="$(basename -- "${PDF_FILE}")"
@colehocking
colehocking / basicAPIGet.py
Last active May 15, 2025 16:30
Basic API GET in Python; token-based auth; read from config.ini file
#!/usr/bin/python3
# basic API GET request
# Token based auth; get URLs/tokens from config.ini file
# -- Cole Hocking
import configparser, requests, json, os
def read_configs(filename, header, value):
@colehocking
colehocking / convertTime.py
Created May 15, 2025 14:27
Convert a Unix timestamp in Python
from datetime import datetime
def convertTime(unix_timestamp):
"""
:return datetime obj
"""
try:
date_object = datetime.strptime(unix_timestamp, '%Y-%m-%dT%H:%M:%Sz')
return date_object
@colehocking
colehocking / winlogon_types.md
Last active January 29, 2026 00:49
Windows Logon Types

Windows Logon Types

Multiple types of Windows logons add to our knowledge about successful or failed logons of a user. Logon types let us know whether a user was in front of a computer, connected remotely, unlocked a save screen, or perhaps a service rather than a person. Knowing the way a user connected gives us a tool to separate suspicious logons from benign ones.

Interactive vs Non-interactive

Interactive

@colehocking
colehocking / vuln_report_ivm.py
Created April 29, 2025 21:22
Create a vulnerability spreadsheet for a list of servers as input
#!/usr/bin/python3
# Grab vulnerability reports for a list of hosts from Rapid7 InsightIVM
# usage: ./vuln_reports.py -f <hostfile>
# -- Cole Hocking
import xlsxwriter, configparser, argparse, requests, json, os, urllib3, re
from requests.auth import HTTPBasicAuth
@colehocking
colehocking / extract_ips.sh
Created January 26, 2024 18:00
Extract a line-separated list of IPs from a pdf
#!/bin/bash
# Extract a line-separated list of IPs from a pdf
# Assumes the dots are enclosed in square brackets
# -- Cole Hocking
PDF_FILE="$1"
# Reference text file with same basename
FILENAME="$(basename -- "${PDF_FILE}")"
# file extension
@colehocking
colehocking / create_pfx.sh
Created June 30, 2022 20:04
Creates PFX and generates PFX password
#!/bin/bash
# Create PFX File given private and public key
# usage: ./create_pfx.sh <private_key> <public_key>
# ARG Input
PRIV_KEY="$1"
#echo "${PRIV_KEY}"
PUB_KEY="$2"
#echo "${PUB_KEY}"
#------------------------