Josh Frantz jfrantz1-r7

Chansey is objectively the best Pokemon

jfrantz1-r7 / check-for-npm

Created November 27, 2018 14:17

	SELECT da.ip_address, da.host_name, ds.vendor, ds.name as software_name, ds.family, ds.version
	FROM dim_asset_software das
	JOIN dim_software ds using (software_id)
	JOIN dim_asset da on da.asset_id = das.asset_id
	WHERE ds.name like'%event-stream%'

jfrantz1-r7 / view-open-ports

Created November 27, 2018 14:41

	SELECT da.ip_address, da.host_name, dos.name AS OS, dos.version AS os_version, das.port, dp.name AS protocol, ds.name AS service, dsf.name AS service_name, dsf.version AS service_version
	FROM dim_asset_service das
	JOIN dim_service ds USING (service_id)
	JOIN dim_protocol dp USING (protocol_id)
	JOIN dim_asset da USING (asset_id)
	JOIN dim_operating_system dos USING (operating_system_id)
	JOIN dim_service_fingerprint dsf USING (service_fingerprint_id)
	ORDER BY da.ip_address, das.port

jfrantz1-r7 / proof of specific remediation

Created November 27, 2018 14:43

	SELECT dsi.NAME AS site,
	da.ip_address,
	da.host_name,
	dos.description AS operating_system,
	favi.date AS scan_finished,
	Proofastext(ds.fix) AS remediation,
	Proofastext(favi.proof)
	FROM fact_asset_vulnerability_instance favi
	JOIN dim_vulnerability_solution dvs using (vulnerability_id)
	JOIN dim_asset da using (asset_id)

jfrantz1-r7 / unauthenticated assets

Created November 27, 2018 14:44

	SELECT dsite."name" AS "Site",
	da.ip_address,
	da.host_name,
	dos.description AS "OS",
	os.certainty_max
	FROM fact_asset AS fa
	JOIN dim_asset da
	ON da.asset_id = fa.asset_id
	JOIN (SELECT asset_id,
	Max(certainty) AS certainty_max

jfrantz1-r7 / gpo_install_agent.bat

Last active November 30, 2018 15:20

	IF NOT EXIST "C:\Program Files\Rapid7\" (
	mkdir c:\InsightAgent
	robocopy \\<server>\<share>\insight_agent\ c:\InsightAgent
	cd /d c:\InsightAgent
	msiexec /i agentInstaller-x86_64.msi /quiet /qn
	)

jfrantz1-r7 / critical assets.sql

Created December 4, 2018 14:57

	SELECT
	dv.title AS "Vulnerability Title",
	Htmltotext(dv.description) AS "Description",
	dv.cvss_score AS "CVSSv3 Score",
	dv.exploits AS "Exploit Count",
	dv.malware_kits AS "Malware Kit Count",
	da.host_name AS "Instances"
	FROM
	dim_vulnerability dv
	JOIN fact_asset_vulnerability_instance favi USING(vulnerability_id)

jfrantz1-r7 / duplicate assets

Created December 6, 2018 15:19

	SELECT
	da.host_name, da.ip_address, COUNT(*)
	FROM
	dim_asset da
	GROUP BY
	da.host_name, da.ip_address
	HAVING
	COUNT(*) > 1

jfrantz1-r7 / gist:c8e8e6a7d5c530ea4ef9dca08126cf21

Created December 8, 2018 19:33

	/*
	The code below shows how to encrypt and then decrypt some plaintext into a cyphertext using
	KMS's Encrypt/Decrypt functions and secretbox (https://godoc.org/golang.org/x/crypto/nacl/secretbox).

	The plaintext message is sealed into a secretbox using a key that is generated by kmsClient.GenerateDataKey().
	Note that this procedure reuquires that a master key would already exist in KMS and that its arn/alias is specified.
	The aws library assumes that the proper credentials can be found in the shared file (~/.aws/credentials)
	and opts for the 'default' role.

	Once sealed, the cyphertext is then unboxed, again by first getting the key from kms (kmsClient.Decrypt),

jfrantz1-r7 / gist:11c5537244455b069741af849cb5bc7e

Created December 11, 2018 15:13

jfrantz1-r7 / gist:30219b019758e11a04b82a6d8bd8bcd0

Created January 22, 2019 16:04