Netscylla netscylla
netscylla
/ Logstash config for Bro IDS
Created
March 5, 2019 11:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| beats { | |
| port => 5001 | |
| codec => "json_lines" | |
| } | |
| } | |
| filter { | |
| #Let's get rid of those header lines; they begin with a hash |
netscylla
/ diasass.sh
Created
February 28, 2019 16:34
An old script that is still useful - semi-automated script to disassemble shell code and fingerprint its functionality
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ########################################## | |
| # | |
| # Disass.sh (c) 2014 | |
| # Leveraging other OS disassembly and AV tools to fingerprint potential malware | |
| # | |
| # License : | |
| # http://www.gnu.org/licenses/agpl-3.0.txt | |
| # | |
| # Author: Andy @ Netscylla |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "template": "brologs*", | |
| "mappings": { | |
| "capture_loss": { | |
| "properties": { | |
| "ts_delta": { | |
| "type": "double" | |
| }, | |
| "peer": { | |
| "type": "keyword" |
netscylla
/ ExtractAWSRoleBasedKeys.sh
Created
July 3, 2018 09:44
— forked from kananlanginhooper/ExtractAWSRoleBasedKeys.sh
Shell script to extract Temporary AWS keys (Access Key Id and Secret Access Key) from Role Based EC2 instance using 169.254.169.254 and dynamic role names
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ROLENAME=$(curl http://169.254.169.254/latest/meta-data/iam/security-credentials/ -s) | |
| KeyURL="http://169.254.169.254/latest/meta-data/iam/security-credentials/"$ROLENAME"/" | |
| wget $KeyURL -q -O Iam.json | |
| KEYID=$(grep -Po '.*"AccessKeyId".*' Iam.json | sed 's/ //g' | sed 's/"//g' | sed 's/,//g' | sed 's/AccessKeyId://g') | |
| SECRETKEY=$(grep -Po '.*"SecretAccessKey".*' Iam.json | sed 's/ //g' | sed 's/"//g' | sed 's/,//g' | sed 's/SecretAccessKey://g') | |
| SECURITYTOKEN=$(grep -Po '.*"Token".*' Iam.json | sed 's/ //g' | sed 's/"//g' | sed 's/,//g' | sed 's/Token://g') | |
| rm Iam.json -f |
netscylla
/ Build Nginx & Naxsi [Debian]
Last active
October 30, 2024 01:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| apt-get install -y libpcre3 libpcre3-dev libssl-dev unzip make \ | |
| libgoogle-perftools-dev google-perftools jq gcc zlib1g-dev | |
| mkdir /tmp/ngxbuild | |
| cd /tmp/ngxbuild | |
| ng_cookies=$(curl -s http://hg.nginx.org/nginx/tags|grep cookie|cut -f 2 -d '"'|tr -d '\n') | |
| latestNginx=$(curl --cookie ${ng_cookies} -s http://hg.nginx.org/nginx/tags|grep "^ *release-" | head -1 | cut -c 9-) | |
| echo "found: ${latestNginx}" | |
| latestNaxsi=$(curl -s https://api.github.com/repos/nbs-system/naxsi/releases | |
netscylla
/ oracle-set-logfile.sh
Created
June 15, 2018 13:38
Oracle TNS Listener Log File Rewrite Exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| PORT=1521; | |
| if [ $# != 2 ] && [ $# != 3 ]; then | |
| echo Sets Oracle TNS Listener log file to a new value using tnscmd.pl | |
| echo | |
| echo Usage: $0 new-log-file-name host [port] | |
| echo | |
| echo port default to $PORT |
netscylla
/ aws-logs-setup.py
Last active
June 1, 2018 08:15
aws-logs-setup.py patched to support Kali Linux
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Copyright 2014 Amazon.com, Inc. or its affiliates. All Rights Reserved. | |
| # | |
| # Licensed under the Amazon Software License (the "License"). You may not use | |
| # this file except in compliance with the License. A copy of the License is | |
| # located at http://aws.amazon.com/asl/ or in the "license" file accompanying | |
| # this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR | |
| # CONDITIONS OF ANY KIND, either express or implied. See the License for the specific | |
| # language governing permissions and limitations under the License. |
netscylla
/ Hackaday OTP 1407981609 Lambda
Created
April 27, 2018 18:25
Hackday OTP 1407981609 toolkit as a AWS Lambda function on Node JS 6.10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| exports.handler = (event, context, callback) => { | |
| console.log('Received event:', JSON.stringify(event, null, 2)); | |
| if (event.a === undefined || event.b === undefined || event.c === undefined|| event.code === undefined) { | |
| callback("400 Invalid Input"); | |
| } | |
| var res = {}; | |
| res.a = Number(event.a); | |
| res.b = Number(event.b); | |
| res.c = Number(event.c); |
netscylla
/ Build Nginx & Naxsi [Redhat]
Last active
June 17, 2018 14:14
Build script for building Nginx with Naxsi Module on Redhat
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| yum install -y pcre.x86_64 pcre-devel.x86_64 openssl-devel.x86_64 unzip make \ | |
| gperftools-devel.x86_64 gperftools.x86_64 jq.x86_64 | |
| mkdir /tmp/ngxbuild | |
| cd /tmp/ngxbuild | |
| latestNginx=$(curl -s http://hg.nginx.org/nginx/tags | | |
| grep "^ *release-" | head -1 | cut -c 9-) | |
| latestNaxsi=$(curl -s https://api.github.com/repos/nbs-system/naxsi/releases | | |
| jq -r .[].tag_name | grep -v rc | head -1) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| echo "postfix postfix/mailname string smtp.example.com" | debconf-set-selections | |
| echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections | |
| DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' -f -q -y install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-lmtpd dovecot-mysql |