I hereby claim:
- I am grigorescu on github.
- I am vladg (https://keybase.io/vladg) on keybase.
- I have a public key whose fingerprint is BE8A E1D9 A108 4DBC 1BF0 28F6 C115 8FAB 632E 5272
To claim this, I am signing this object:
Vlad Grigorescu grigorescu
grigorescu
/ finger.bro
Last active
February 17, 2020 16:37
Bro script to analyze the Finger protocol.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##! Analyzes the Finger protocol | |
| module Finger; | |
| export { | |
| redef enum Log::ID += { LOG }; | |
| ## The record type which contains the column fields of the DHCP log. | |
| type Info: record { | |
| ## The earliest time a finger request or response was seen. |
grigorescu
/ march-madness.bro
Last active
February 17, 2020 16:40
Bro script to measure March Madness video streaming.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Calculates metrics on March Madness video streaming, including | |
| # unique IPs, total HTTP requests, and total bytes downloaded. | |
| # Sample output: | |
| # | |
| # fields ts ts_delta app uniq_hosts hits bytes | |
| # types time interval string count count count | |
| # 1395331457.824587 900.000000 march-madness 4 569 164589761 | |
| # 1395332324.854514 900.000000 march-madness 17 1917 704801124 | |
| @load misc/app-stats |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @load base/utils/exec | |
| module Blackhole; | |
| export { | |
| redef enum Log::ID += { LOG }; | |
| type Info: record { | |
| ## The time at which the query was observed | |
| ts: time &log; |
grigorescu
/ dsls.py
Last active
August 29, 2015 14:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # From: https://bitbucket.org/birkenfeld/pygments-main/src/863c453b293e2db0d63b52d517d4ca994725e364/pygments/lexers/dsls.py?at=default | |
| class BroLexer(RegexLexer): | |
| """ | |
| For `Bro <http://bro-ids.org/>`_ scripts. | |
| .. versionadded:: 1.5 | |
| """ | |
| name = 'Bro' | |
| aliases = ['bro'] |
grigorescu
/ http_extraction.bro
Last active
February 17, 2020 16:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @load base/frameworks/files | |
| module ExtractHTTP; | |
| ## This module extracts file seen over HTTP, according to a flexible redef-able policy. | |
| export { | |
| type Policy: record { | |
| ## MIME types to extract | |
| mime_types: set[string] &optional; |
grigorescu
/ x_requested_with.bro
Created
February 3, 2015 22:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##! Add support for X-Requested-With | |
| @load base/protocols/http | |
| @load base/frameworks/software | |
| @load policy/protocols/http/software-browser-plugins | |
| module HTTP; | |
| export { | |
| redef record HTTP::Info += { | |
| ## X-REQUESTED_WITH value, if set |
grigorescu
/ dpd_to_pcap.py
Last active
November 6, 2020 02:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| ## | |
| ## This script takes a line from the dpd.log generated with the | |
| ## policy/frameworks/dpd/packet-segment-logging.bro script, and | |
| ## outputs a PCAP to stdout | |
| ## | |
| ## Vlad Grigorescu | |
| ## [email protected] | |
| ## |
grigorescu
/ keybase.md
Created
February 24, 2015 20:14
grigorescu
/ syslog_main.bro
Last active
February 17, 2020 03:29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##! Core script support for logging syslog messages. This script represents | |
| ##! one syslog message as one logged record. | |
| ##! | |
| ##! Note: This was slightly simplified for demo purposes | |
| @load ./consts | |
| module Syslog; | |
| export { |
grigorescu
/ split_http.bro
Created
April 13, 2015 11:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @load base/utils/site | |
| event bro_init() | |
| { | |
| # First remove the default filter. | |
| Log::remove_default_filter(HTTP::LOG); | |
| # Add the filter to direct logs to the appropriate file name. | |
| Log::add_filter(HTTP::LOG, [$name = "http-directions", | |
| $path_func(id: Log::ID, path: string, rec: HTTP::Info) = { |