manasmbellani’s gists

manasmbellani / get_hibp_breach_details.sh

Last active October 15, 2021 03:30

Scripts get details of breaches and breached accounts using 'Have I Been Pwned' API

	#!/bin/bash
	DELIM="\|"
	OUT_FILE="out-hibp-breach-details.txt"
	USER_AGENT="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36"
	HIBP_ENDPOINT="https://haveibeenpwned.com/api/v3"
	SLEEP_INTERVAL=3
	CURL_TIMEOUT=6
	USAGE="[-]
	Syntax:
	$0 <breaches_list/breaches_file> [hibp_api_key=$HIBP_KEY] [sleep_interval=$SLEEP_INTERVAL] [out_file=$OUT_FILE]

manasmbellani / .cent.yaml

Last active June 22, 2024 18:44

My cent nuclei templates file

	# Directories to exclude
	exclude-dirs:
	- SOMETHING

	# Files to exclude
	exclude-files:
	- README.md
	- .gitignore
	- .pre-commit-config.yaml
	- LICENSE

manasmbellani / scan_url_in_urlscan_io.sh

Last active October 20, 2021 01:42

scan_url_in_urlscan_io.sh - Scan URL via urlscan.io and open it in default browser

	VISIBILITY="public"
	SLEEP_TIMEOUT=10
	USAGE="[-]
	Usage:
	$0 <url> <apikey> [visibility=]

	Summary:
	Scan URL in urlscan.io and open it with default browser

	Args:

manasmbellani / detect_azure_omi_servers.sh

Last active September 16, 2021 07:40

detect_azure_omi_servers.sh - Uses nmap to detect potential Azure servers running OMI

	#!/bin/bash
	OMI_PORT=5986
	SERVICE_REGEX=".http.Microsoft HTTPAPI"
	IP_REGEX="^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$"
	USAGE="
	[-] $0 <host>

	Summary:
	Detect possible OMI service which runs on Azure instances

manasmbellani / pdf_to_text.py

Last active July 6, 2021 07:50

pdf_to_text.py - Converts pdf to text via pdftotext library in python and prints out the output. See for more details: https://github.com/jalan/pdftotext

	import argparse
	import sys

	import pdftotext

	def main():
	parser = argparse.ArgumentParser("Converts PDF to text")
	parser.add_argument("-f", "--file", required=True, help="File path")
	parser.add_argument("-p", "--password", default='', help="Password for pdf")
	args = parser.parse_args()

manasmbellani / get_favicon_hash.py

Created June 29, 2021 15:30

get_favicon_hash.py - Get Favicon hash from website

	#!/usr/bin/python3

	import mmh3
	import requests
	import codecs
	import argparse

	parser = argparse.ArgumentParser(description='Calculate the favicon hash from a domain')
	parser.add_argument('-d', '--domain', required=True, help='Path under which favicon.ico sits e.g. www.google.com OR www.google.com/path/to/favicon')
	parser.add_argument('-p', '--protocol', default='https', help='HTTP Protocol')

manasmbellani / !sysmon-scripts

Last active August 8, 2021 14:24

sysmon-scripts - Windows batch scripts for enable sysmon logging

	This folder contains Windows batch scripts for enable sysmon logging.
	These scripts should be run as Admin user.

	To clone these scripts, run the command:
	git clone https://gist.github.com/manasmbellani/57b5090f471e22c4276efffb169fb1c5 sysmon-scripts

manasmbellani / invoke_kiterunner.sh

Last active May 7, 2021 12:32

invoke_kiterunner.sh - Run kiterunner from Assetnote with large wordlists

	#!/bin/bash

	# Directory where the kiterunner wordlist files should be written
	WORDLISTS_DIR="/opt/wordlists"
	KITERUNNER_PATH="/opt/kiterunner/kiterunner"
	KITERUNNER_WORDLIST_ZIP="routes-large.kite.tar.gz"
	KITERUNNER_WORDLIST="$WORDLISTS_DIR/routes-large.kite"

	USAGE="
	[-] <...hosts...> \| $0 run

manasmbellani / invoke_vncserver.sh

Last active April 19, 2021 08:18

Start the Tight VNC server

	#!/bin/bash
	/usr/bin/vncserver :0 -geometry 1280x800 -depth 16 -pixelformat rgb565

manasmbellani / set_vnc_user_pass.sh

Last active April 19, 2021 06:13

set_vnc_user_pass.sh - Used to set the password for vnc server. Taken from: https://askubuntu.com/a/848821

	#!/bin/sh

	if [ $# -lt 1 ]; then
	echo "[-] $0 <mypass>"
	exit 1
	fi
	mypass="$1"

	/usr/bin/expect <<EOF
	spawn /usr/bin/vncpasswd

Manas Bellani manasmbellani