Skip to content

Instantly share code, notes, and snippets.

View colehocking's full-sized avatar

Cole Hocking colehocking

  • Colorado
View GitHub Profile
@colehocking
colehocking / extractIOCs.sh
Created May 19, 2025 16:03
Why Would you put IOCs in a PDF?
#!/bin/bash
# Extract a line-separated list of DNS and IPv4 IOCs from a pdf
# Assumes the IOCs are "fanged" and de-fangs them
# requires pdftotext application
# -- Cole Hocking
PDF_FILE="$1"
# Reference text file with same basename
FILENAME="$(basename -- "${PDF_FILE}")"
@colehocking
colehocking / basicAPIGet.py
Last active May 15, 2025 16:30
Basic API GET in Python; token-based auth; read from config.ini file
#!/usr/bin/python3
# basic API GET request
# Token based auth; get URLs/tokens from config.ini file
# -- Cole Hocking
import configparser, requests, json, os
def read_configs(filename, header, value):
@colehocking
colehocking / convertTime.py
Created May 15, 2025 14:27
Convert a Unix timestamp in Python
from datetime import datetime
def convertTime(unix_timestamp):
"""
:return datetime obj
"""
try:
date_object = datetime.strptime(unix_timestamp, '%Y-%m-%dT%H:%M:%Sz')
return date_object
@colehocking
colehocking / winlogon_types.md
Last active May 6, 2025 14:31
Windows Logon Types

Windows Logon Types

Multiple types of Windows logons add to our knowledge about successful or failed logons of a user. Logon types let us know whether a user was in front of a computer, connected remotely, unlocked a save screen, or perhaps a service rather than a person. Knowing the way a user connected gives us a tool to separate suspicious logons from benign ones.

Interactive vs Non-interactive

Interactive

@colehocking
colehocking / vuln_report_ivm.py
Created April 29, 2025 21:22
Create a vulnerability spreadsheet for a list of servers as input
#!/usr/bin/python3
# Grab vulnerability reports for a list of hosts from Rapid7 InsightIVM
# usage: ./vuln_reports.py -f <hostfile>
# -- Cole Hocking
import xlsxwriter, configparser, argparse, requests, json, os, urllib3, re
from requests.auth import HTTPBasicAuth
@colehocking
colehocking / extract_ips.sh
Created January 26, 2024 18:00
Extract a line-separated list of IPs from a pdf
#!/bin/bash
# Extract a line-separated list of IPs from a pdf
# Assumes the dots are enclosed in square brackets
# -- Cole Hocking
PDF_FILE="$1"
# Reference text file with same basename
FILENAME="$(basename -- "${PDF_FILE}")"
# file extension
@colehocking
colehocking / create_pfx.sh
Created June 30, 2022 20:04
Creates PFX and generates PFX password
#!/bin/bash
# Create PFX File given private and public key
# usage: ./create_pfx.sh <private_key> <public_key>
# ARG Input
PRIV_KEY="$1"
#echo "${PRIV_KEY}"
PUB_KEY="$2"
#echo "${PUB_KEY}"
#------------------------
@colehocking
colehocking / scan_auto.sh
Created August 18, 2021 19:04
automate port scanning from a single domain with nmap and sublist3r
#!/bin/bash
# Scan a domain, find the servers that are up, and port scan them; automated
# Requires: nmap, sublist3r
# domain to scan
DOMAIN=$1
# subdomain file
SUBD="./results/found_dns.txt"
# nmap results from ping scan
@colehocking
colehocking / extract.sh
Created August 16, 2021 17:09
timesave extract process
#!/bin/bash
extract() {
if [[ -z "$1" ]]; then
echo "Usage: extract <file>.<zip|rar|bz2|gz|tar|tbz2|tgz|Z|7z|xz|ex|tar.bz2|tar.gz|tar.xz>"
exit 1
else
if [[ -f "$1" ]]; then
case $1 in
*.7z) 7z x $1;;
@colehocking
colehocking / subProc.py
Created December 2, 2020 18:20
Run a bash subprocess in Python -- the ideal way
def run_script(script, stdin=None):
"""Returns (stdout, stderr), raises error on non-zero return code"""
import subprocess
# Note: by using a list here (['bash', ...]) you avoid quoting issues, as the
# arguments are passed in exactly this order (spaces, quotes, and newlines won't
# cause problems):
proc = subprocess.Popen(['bash', '-c', script],
stdout=subprocess.PIPE, stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
stdout, stderr = proc.communicate()