Skip to content

Instantly share code, notes, and snippets.

View goncalor's full-sized avatar

Gonçalo Ribeiro goncalor

55 followers · 46 following
View GitHub Profile
@goncalor
goncalor / cron-like-systemd.md
Last active July 7, 2024 00:16
cron-like systemd unit notes

cron-like systemd unit

  1. Create myunit.service. Only [Service] is needed, with an ExecStart=

  2. Create myunit.timer. It needs [Timer] with an OnCalendar= or similar. It needs [Install] with WantedBy=timers.target

  3. Enable both units. The .service unit will issue a warning due to missing [Install]. This is not a problem

     systemctl --user enable $PWD/myunit.service
 systemctl --user enable $PWD/myunit.timer
@goncalor
goncalor / Cargo.toml
Last active April 5, 2024 22:38
Sequoia symmetric encryption example
[package]
name = "sequoia-test"
version = "0.1.0"
edition = "2021"
[[bin]]
name = "sequoia-test"
path = "main.rs"
[dependencies]
@goncalor
goncalor / README.md
Last active April 22, 2024 15:02
MSMQ Nmap service probe

MSMQ Nmap service probe

⚠️ Disclaimer: testing of this probe is limited and the MSMQ protocol is proprietary and undocumented. Use this probe at your own risk. ⚠️

Nmap currently has no way to detect whether the service running on TCP port 1801 is [Microsoft Message Queuing (MSMQ)][wikipedia_msmq]. The file msmq-service-probe here has been developed to give Nmap the capability to detect MSMQ. The objective is to help identify assets with MSMQ exposed, that may be vulnerable to [CVE-2023-21554][nist_cve_2023_21554], aka QueueJumper.

This works by sending a MSMQ packet to port 1801 and checking if the response matches an expected fingerprint.

You can run this probe as follows:

@goncalor
goncalor / collapse-nets.py
Created May 16, 2022 10:42
Collapses subnets and/or IPs into the smallest possible set of subnets
#!/usr/bin/env python3
# Collapses subnets and/or IPs into the smallest possible set of subnets
import sys
import ipaddress
if len(sys.argv) != 2:
print("Usage: {} <file>".format(sys.argv[0]))
sys.exit(-1)
with open(sys.argv[1]) as f:
@goncalor
goncalor / test.txt
Created March 30, 2022 21:58
just a test
[email protected]
don't send mail
@goncalor
goncalor / go-aquatone.Dockerfile
Created February 23, 2022 13:21
FROM alpine
RUN apk --no-cache add go chromium
RUN go get github.com/shelld3v/aquatone
#RUN useradd -m -d /app user
WORKDIR /app
#USER user
@goncalor
goncalor / hydra.Dockerfile
Last active March 30, 2022 09:08
FROM kalilinux/kali-rolling
RUN apt update
RUN apt -y install git build-essential libssh-dev #libsmbclient-dev #freerdp2-dev
WORKDIR /app
RUN git clone --depth=1 https://github.com/vanhauser-thc/thc-hydra .
RUN ./configure
RUN make
@goncalor
goncalor / convert.awk
Created December 19, 2021 16:48
Scripts to resolve domains to IPs
/NXDOMAIN/ {print $2, "?"; next}
/SERVFAIL/ {print $2, "?"; next}
/mail is handled by/ {next}
/is an alias for/ {doms[$6]=$1; next}
{
if ($1"." in doms)
print doms[$1"."], $4
else if (match($0, "has IPv6 address"))
@goncalor
goncalor / testssl.Dockerfile
Last active November 28, 2021 11:56
FROM alpine:3.13
RUN apk add --no-cache bash procps drill git coreutils curl
RUN addgroup testssl
RUN adduser -G testssl -g "testssl user" -s /bin/bash -D testssl
RUN ln -s /home/testssl/testssl.sh /usr/local/bin/
USER testssl
@goncalor
goncalor / masscan.markdown
Last active October 30, 2022 09:12
Notes on masscan

Masscan notes

NTP

For NTP, masscan (1.3.1) sends by default "monlist" packets. We only get responses from IPs that have this feature enabled (which is great for NTP amplification DDoS attacks). Since we get no response we miss open NTPs that don't have this feature.

$ masscan -pU:123 <ip>