Skip to content

Instantly share code, notes, and snippets.

View jasonadsit's full-sized avatar

Jason Adsit jasonadsit

40 followers · 30 following
View GitHub Profile
@jasonadsit
jasonadsit / Get-OregonCensysData.ps1
Created March 31, 2021 18:10
Get-OregonCensysData.ps1
$ApiId = '<API ID>'
$Secret = '<API SECRET>'
$AsciiBytes = [System.Text.Encoding]::ASCII.GetBytes("$ApiId`:$Secret")
$Base64String = [convert]::ToBase64String($AsciiBytes)
$Authorization = "Basic $Base64String"
$Header = @{Authorization = $Authorization}
$Query = 'autonomous_system.asn: 1798 OR 443.https.tls.certificate.parsed.names: (oregon.gov OR state.or.us)'
$Body = @"
{
"query":"$Query",
@jasonadsit
jasonadsit / DomainEnumeration.bat
Created March 31, 2021 13:57 — forked from KyleHanslovan/DomainEnumeration.bat
Post-exploitation host/domain survey using native Windows commands.
whoami & hostname & ipconfig /all & net user /domain 2>&1 & net group /domain 2>&1 & net group "domain admins" /domain 2>&1 & net group "Exchange Trusted Subsystem" /domain 2>&1 & net accounts /domain 2>&1 & net user 2>&1 & net localgroup administrators 2>&1 & netstat -an 2>&1 & tasklist 2>&1 & sc query 2>&1 & systeminfo 2>&1 & reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" 2>&1
@jasonadsit
jasonadsit / Get-ScheduledTaskCommand.ps1
Last active March 24, 2021 15:04
Get-ScheduledTaskCommand.ps1
Get-ScheduledTask | ForEach-Object {
$TaskName = $_.TaskName
$Command = $_ | ForEach-Object { $_.Actions.Execute + " " + $_.Actions.Arguments }
New-Object -TypeName psobject -Property @{
TaskName = $TaskName
Command = $Command
}
} | Where-Object { $_.Command.Length -gt 1 }
@jasonadsit
jasonadsit / .htaccess
Created March 23, 2021 14:02 — forked from curi0usJack/.htaccess
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
#
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
#
# Note this version requires Apache 2.4+
#
# Save this file into something like /etc/apache2/redirect.rules.
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
#
# Include /etc/apache2/redirect.rules
#
@jasonadsit
jasonadsit / Get-DhcpServerAuditLog.ps1
Created February 17, 2021 19:08
Get-DhcpServerAuditLog.ps1
function Get-DhcpServerAuditLog {
<#
.SYNOPSIS
Parses DHCP server audit logs and outputs PowerShell objects.
.DESCRIPTION
Parses DHCP server audit logs and outputs PowerShell objects.
.PARAMETER ComputerName
The hostname(s) of the DHCP server(s) to retrieve logs from.
.PARAMETER ThreeLetterDayofWeek
First three letters of the weekday to retrieve logs from.
@jasonadsit
jasonadsit / clips.md
Last active June 25, 2021 16:47
clips.md
@jasonadsit
jasonadsit / filestuff.ps1
Created January 25, 2021 19:38
filestuff.ps1
$Days = (Get-Date).AddDays(-7)
Get-ChildItem -Path \\some\path,\\some\other\path -Recurse -ErrorAction SilentlyContinue |
Where-Object { $_.LastWriteTime -ge $Days } |
Select-Object -Property @{n='LastWriteTime';e={[string]$_.LastWriteTime.GetDateTimeFormats('s')}},FullName |
ForEach-Object { "$($_.LastWriteTime)|$($_.FullName)" } |
Tee-Object -FilePath "$HOME\Downloads\$(Get-Date -Format yyyyMMdd)-Files.txt" -Append
@jasonadsit
jasonadsit / ParseWindowsComplianceChecks.ps1
Last active January 14, 2021 22:32
ParseWindowsComplianceChecks.ps1
$PluginID = '21156'
Get-ChildItem -Filter *.nessus |
Select-Xml -XPath //NessusClientData_v2/Report/ReportHost |
Select-Object -ExpandProperty Node |
Where-Object { $_.ReportItem.GetAttribute('pluginID') -eq $PluginID } | ForEach-Object {
$Tags = $_.HostProperties.tag | Group-Object -Property name -AsHashTable
$ReportItems = $_.ReportItem | Group-Object -Property pluginID -AsHashTable
$ReportItems[$PluginID] | ForEach-Object {
$Reference = $(($_.'compliance-reference' -split ',') -join "`r`n")
$Reference = "$Reference`r`n"
@jasonadsit
jasonadsit / ZeekConnLogToObjects.ps1
Created January 11, 2021 23:20
ZeekConnLogToObjects.ps1
Get-ChildItem -Filter conn.log*.log |
Get-Content |
Where-Object { $_ -notmatch '#' } |
ConvertFrom-Csv -Delimiter "`t" -Header 'ts','uid','id.orig_h','id.orig_p','id.resp_h',
'id.resp_p','proto','service','duration','orig_bytes',
'resp_bytes','conn_state','local_orig','local_resp',
'missed_bytes','history','orig_pkts','orig_ip_bytes',
'resp_pkts','resp_ip_bytes','tunnel_parents'
@jasonadsit
jasonadsit / PrettyFileAccess.ps1
Created January 7, 2021 17:31
PrettyFileAccess.ps1
Get-ChildItem -Path <file path> -Recurse -Force -Directory -ErrorAction SilentlyContinue |
Select-Object -Property @{n='LastWriteTime';e={[string]$_.LastWriteTime.GetDateTimeFormats('s')}},
@{n='Length';e={$_.Length}},
@{n='Owner';e={[string]($_.GetAccessControl()).Owner}},
@{n='Access';e={
[string]((($_.GetAccessControl()).Access | ForEach-Object {
[string]"$($_.IdentityReference)|$($_.FileSystemRights)"
}) -join "`r`n")
}},
@{n='FullName';e={[string]$_.FullName}},