ishideo

UPDATE:

2023/12/18: This script has been improved and moved to the following repository:

https://github.com/shinsenter/docker-squash

Make your Docker images smaller by reducing the number of layers

Processing JSON using jq

jq is useful to slice, filter, map and transform structured json data.

Installing jq

On Mac OS

brew install jq

Penetrating Testing/Assessment Workflow & other fun infosec stuff

https://github.com/jivoi/pentest

My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*

Reconnaissance
- Passive/Semi-Passive
  - Tools
Discover - https://github.com/leebaird/discover

nmap --top-ports <#ports> -v -oG - localhost

Top 100:

7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157

Top 1000:

	HASH	Description
	21d2ad00021d21d00021d2ad21d21df4e3c58923bbd15f0f36892ab3187607	QNAP devices
	29d29d00029d29d21c29d29d29d29de89a29da3ee50098446f31579da51a6e	Docker registries
	29d29d20d29d29d00029d29d29d29d7d36b37b24a2d9588a0b8abfe23303d7	Kubernetes masters
	29d29d15d29d29d21c29d29d29d29d7e041aa174fa2d3165f8bda79299bfea	Ubiquity/CommVault
	2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d	F5?
	3fd3fd0003fd3fd0003fd3fd3fd3fd5b4368bf786845fef915ced422fd1b09	Minio
	29d29d00029d29d21c42d43d00041db6525da0b3c6db046c54191c7bbf62aa	FSecure policy manager

	function reverseIp6 {
	echo "$1" \| awk -F: 'BEGIN {OFS=""; }{addCount = 9 - NF; for(i=1; i<=NF;i++){if(length($i) == 0){ for(j=1;j<=addCount;j++){$i = ($i "0000");} } else { $i = substr(("0000" $i), length($i)+5-4);}}; print}' \| rev \| sed -e "s/./&./g"
	}


	$(reverseIp6 "2001:db8:85a3::8a2e:370:7334")"ip6.arpa."
	#Result: 4.3.3.7.0.7.3.0.e.2.a.8.0.0.0.0.0.0.0.0.3.a.5.8.8.b.d.0.1.0.0.2.ip6.arpa.

	----------------------------------------------------------------------------------------------------
	OWASP Top Ten https://owasp.org/www-project-top-ten/
	The CWE Top 25
	https://www.sans.org/top25-software-errors/
	2022 CWE Top 25 Most Dangerous Software Weaknesses
	https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html
	OSSTMM 3 – The Open Source Security Testing Methodology Manual
	https://www.isecom.org/OSSTMM.3.pdf
	OWASP Web Security Testing Guide
	https://owasp.org/www-project-web-security-testing-guide/

	# Elasticsearch Cheatsheet - an overview of commonly used Elasticsearch API commands

	# cat paths
	/_cat/allocation
	/_cat/shards
	/_cat/shards/{index}
	/_cat/master
	/_cat/nodes
	/_cat/indices
	/_cat/indices/{index}

	# -- coding: utf-8 --
	from bs4 import BeautifulSoup
	import sys
	import urllib


	def _init():
	if len(sys.argv) == 1:
	print "usage: lastbookmark.py user_name"
	sys.exit(1)

	#!/bin/bash
	#
	# ex: ./zgrab.sh www.contoso.com 443

	echo $1 \| zgrab2 http --retry-https --port $2 \| awk '{first=substr($0,1,1);gsub(/./,"{\"port\":'"$2"',",first);end=substr($0,2);print first end}'