apt-get install libpcap-dev
apt-get install automake
apt-get install automake-1.15
João Marcelo Ceron joaoceron
joaoceron
/ gist:e29990cd8404f1cf8fb38baaf5638d37
Created
June 5, 2018 11:30
search strings in dataframe
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pandas as pd | |
| import numpy as np | |
| def search(df, *words): #1 | |
| """ | |
| Return a sub-DataFrame of those rows whose Name column match all the words. | |
| """ | |
| return df[np.logical_and.reduce([df['Name'].str.contains(word) for word in words])] # 2 | |
| df = pd.DataFrame({'Name':['Virginia Google Governor', |
joaoceron
/ gist:52432baa9cdc3ca903ba196424b6ac51
Last active
November 6, 2018 08:44
RIPE Atlas: find all the probes for a list of countries
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from ripe.atlas.cousteau import ProbeRequest | |
| # find all the probes for a list of countries | |
| filters = {"country_code__in":"AU,BR,CH,DE,ES,FR,IT,JP,NL,RU,SE,GB,US,ZA"} | |
| probes = ProbeRequest(**filters) | |
| result = [] | |
| # get the dualstack probes only | |
| for probe in probes: | |
| if (probe["address_v4"] and probe["address_v6"]): |
joaoceron
/ influxdb-insert.py
Last active
May 24, 2019 13:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # insert pandas Dataframe into InfluxDB | |
| import sys | |
| from influxdb import InfluxDBClient | |
| dbname = "test" | |
| user = "admin" | |
| pwd = "admin" | |
| host = "localhost" | |
| port = 8086 |
joaoceron
/ mirai.bpf.pcap
Created
May 24, 2019 14:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # mirai signature | |
| "tcp[4:4] == ip[16:4]" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bacnet Gets various information from a BACnet device. | |
| s7 Communicate using the S7 protocol and grab the device identifications. | |
| iec-61850 MMS protocol | |
| codesys Grab a banner for Codesys daemons | |
| dnp3 A dump of data from a DNP3 outstation | |
| fox Grabs a banner for proprietary FOX protocol by Tridium | |
| secure-fox Grabs a banner for proprietary FOX protocol by Tridium | |
| ethernetip Grab information from a device supporting EtherNet/IP over TCP | |
| ethernetip-udp Grab information from a device supporting EtherNet/IP over UDP | |
| general-electric-srtp Check whether the GE SRTP service is active on the device. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # create database | |
| mongo admin --host localhost -u admin -p admin --eval "db.getSiblingDB('mydb');" | |
| use mydb | |
| db.createUser( { user: "user1", pwd: "pass", roles: [ "readWrite", "dbAdmin" ], passwordDigestor:"server" } ) | |
| db.createCollection("log", { capped : true, size : 5242880, max : 5000 } ) |
joaoceron
/ colab geopandas
Created
September 13, 2019 15:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !apt install proj-bin libproj-dev libgeos-dev | |
| !pip install --upgrade plotly | |
| !pip install --upgrade geopandas | |
| !pip install --upgrade pyshp | |
| !pip install --upgrade shapely | |
| !pip install --upgrade geoplot | |
| !pip3 install maxminddb-geolite2 --user |
joaoceron
/ gist:43d150b9cac415eae2bfc963760511ea
Created
September 16, 2019 08:51
pandas IPv4 address anon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| df_flows.dst_ip.replace({r'(\d+)\.(\d+)\.(\d+)\.(\d+)': r'\1.X.X.\4'}, regex=True) |
joaoceron
/ yaf-notes.MD
Last active
March 18, 2020 15:54
— forked from adulau/yaf-notes.MD
yaf notes
joaoceron
/ tshark and wireshark tips
Created
March 24, 2020 23:12
— forked from Tony3-sec/tshark and wireshark tips
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| tshark -r input_file.pcap -2R "< Wireshark Filter >" -T fields -e < Wireshark Field > -e <Wireshark Field> | |
| ## By using combination of "-T fields" and "-e" options, tshark will only print the fields you're interested in. | |
| ip.src | |
| ip.dst | |
| tcp.srcport (udp.srcport) | |
| tcp.dstport (udp.dstport) | |
| ## I want to check the number of TCP streams in the packet. |
OlderNewer