Supports basic queries by IP which all users, community and enterprise, have access to. Easy to extend for enterprise-only APIs.
Add this to your claude_desktop_config.json file (editing as needed for paths and your API key):
{
"mcpServers": {
jose nazario paralax
Censys
AlienVault Open Threat Exchange (OTX)
Elasticsearch
paralax
/ Hhhash.java
Last active
July 10, 2023 20:24
Implementation of Hhhash in Java (HTTP Header Hashing)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.io.IOException; | |
| import java.net.MalformedURLException; | |
| import java.net.URL; | |
| import java.net.URLConnection; | |
| import java.util.ArrayList; | |
| import java.util.List; | |
| import java.util.Map; | |
| import java.security.MessageDigest; | |
| /* |
paralax
/ com.mylaptop.watchhostconfig.plist
Created
January 3, 2023 21:12
OSX plist marrying WatchPaths and Canarytokens to monitor for persistence attempts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <!-- "https://malware.news/t/20-common-tools-techniques-used-by-macos-threat-actors-malware/46801" --> | |
| <!-- "https://objective-see.org/blog/blog_0x71.html" --> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Label</key> | |
| <string>com.mylaptop.watchhostconfig</string> | |
| <key>ProgramArguments</key> | |
| <array> |
paralax
/ java-deserialization-obfuscation.yara
Created
January 27, 2022 19:40
Yara rules to tag artifacts with deserialized and obfuscated code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule JavaDeswerializePayload | |
| { | |
| meta: | |
| author = "@jnazario" | |
| date = "2022-01-27" | |
| version = 1 | |
| strings: | |
| $s1 = "java.lang.Runtime.getRuntime().exec" ascii fullword | |
| $s2 = "javaSerializedData" ascii fullword |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- MySQL dump 10.13 Distrib 8.0.26, for Linux (x86_64) | |
| -- | |
| -- Host: localhost Database: staff | |
| -- ------------------------------------------------------ | |
| -- Server version 8.0.26 | |
| -- | |
| -- Table structure for table `person` | |
| -- |
Found a request in my HTTP honeypot I couldn't explain. Investigation revealed it's been scanning widely and attempting to exploit a FreePBX command injection vulnerability and install a webshell.
77.247.108.81 - - [21/Sep/2021:18:54:34 -0400] "GET /gbr.php HTTP/1.1" 400 226 "-" "gbrmss/7.29.0" "ct:text/html"
Using this IP I spotted this link which showed me the form data: https://threatwar.com/attackers/695a2a8e-3cb6-4d74-8af8-d5058079a909
Based on the request there this appears to be an RCE injected via the "language" header. Exploit here: https://www.exploit-db.com/exploits/40434
From there I investigated the initial dropper:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| open System.Text | |
| /// https://fsharpforfunandprofit.com/posts/serializating-your-domain-model/ | |
| #I "/usr/local/share/dotnet/sdk/NuGetFallbackFolder/newtonsoft.json/9.0.1/lib/net40/" | |
| #r "/usr/local/share/dotnet/sdk/NuGetFallbackFolder/newtonsoft.json/9.0.1/lib/net40/Newtonsoft.Json.dll" | |
| module Json = | |
| open Newtonsoft.Json | |
paralax
/ wolfram_graph_transform.py
Created
April 20, 2020 16:00
playing around with networkx and wolfram's physics thinking
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import networkx as nx | |
| import matplotlib.pyplot as plt | |
| g = nx.DiGraph(((1,2), (2,3), (3,4), (2,4))) | |
| def wolfram(g): | |
| ns = [ (x, n) for x,n in g.out_degree() if n == 2 ] | |
| print(list(ns)) | |
| nns = [] | |
| for x, _ in ns: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System.IO; | |
| using System.Net; | |
| using System.Text; | |
| var api_id = Environment.GetEnvironmentVariable("CENSYS_API_ID"); | |
| var api_secret = Environment.GetEnvironmentVariable("CENSYS_API_SECRET"); | |
| var credentials = System.Convert.ToBase64String(Encoding.ASCII.GetBytes(api_id + ":" + api_secret)); | |
| var wc = new WebClient(); |
NewerOlder