I hereby claim:
- I am peasead on github.
- I am variable (https://keybase.io/variable) on keybase.
- I have a public key ASB24PAieecv2Kzl2W9jTJFFT7kgmjKOL7qL5QWGERc59go
To claim this, I am signing this object:
peasead
/ gist:e9c06979cb3c2dfef383da05abd89bf9
Created
October 6, 2020 14:48
PCAP Through Packetbeat
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Update packetbeat.shutdown_timeout=20s to fit your time requirements | |
| /usr/local/bin/packetbeat -I file.pcap -t -E packetbeat.shutdown_timeout=20s |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Run from the parent directory with all of your git folders below | |
| # find . searches the current directory | |
| # -type d to find directories, not files | |
| # -depth 1 for a maximum depth of one sub-directory | |
| # -exec {} \; runs a custom command for every find | |
| # git --git-dir={}/.git --work-tree=$PWD/{} pull git pulls the individual directories | |
| find . -type d -depth 1 -exec git --git-dir={}/.git --work-tree=$PWD/{} pull origin master \; |
peasead
/ quick-zeek-container
Last active
May 20, 2020 21:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| If you want to run a pcap through Zeek, but don't have ROCK or don't need "all the things". | |
| # Fire up the Docker container, mapping the directory with your pcap | |
| ## If pcap in your current directory | |
| docker run -it -v $(pwd):/pcap broplatform/bro:3.0.0 /bin/bash | |
| ## If pcap is somewhere else | |
| docker run -it -v [directory where your pcap is]:/pcap broplatform/bro:3.0.0 /bin/bash | |
| # If you have to build your own for some reason | |
| # This can be skipped if the `docker run...` worked above |
peasead
/ pull multiple Docker images
Created
April 11, 2020 01:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| make a file called "images" with all of the docker images listed, 1 per line | |
| while read i; do sudo docker pull "$i"; done < images |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # For creating NSM data from targeted pcaps, trying to get minimal noise | |
| # This is for VirtualBox, but would likely work elsewhere | |
| # startup.sh | |
| #!/bin/bash | |
| sudo -u suricata suricata-update | |
| sudo ip link set dev [mon-int] mtu 16110 | |
| sudo ifup [mon-interface] | |
| sleep 5 |
peasead
/ keybase.md
Last active
November 27, 2019 05:47
peasead
/ nginx Proxy Redirect
Created
April 9, 2017 16:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/nginx/conf.d/webapp.conf | |
| server { | |
| listen 80; | |
| server_tokens off; | |
| add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; | |
| add_header X-Frame-Options DENY; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| add_header X-Content-Type-Options nosniff; |
peasead
/ Bash Profile
Last active
February 12, 2018 17:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export PS1="\[\033[36m\]\u\[\033[m\]@\[\033[32m\]\h:\[\033[33;1m\]\w\[\033[m\]\$ " | |
| export CLICOLOR=1 | |
| export LSCOLORS=exFxBxDxCxegedabagacad | |
| alias ls='ls -lGFh' | |
| alias whois='whois -h 199.7.50.74' | |
| alias usbtoserial=/dev/cu.usbserial | |
| # Transfer.sh Profile Additions | |
| transfer() { if [ $# -eq 0 ]; then echo "No arguments specified. Usage:\necho transfer /tmp/test.md\ncat /tmp/test.md | transfer test.md"; return 1; fi | |
| tmpfile=$( mktemp -t transferXXX ); if tty -s; then basefile=$(basename "$1" | sed -e 's/[^a-zA-Z0-9._-]/-/g'); curl --progress-bar --upload-file "$1" "https://transfer.sh/$basefile" >> $tmpfile; else curl --progress-bar --upload-file "-" "https://transfer.sh/$1" >> $tmpfile ; fi; cat $tmpfile; rm -f $tmpfile; } |
peasead
/ clean_tcpdump_output
Created
October 28, 2015 05:05
This will take a pcap file and output it cleanly, with IP, hex, and ASCII, via tcpdump
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| tcpdump -qns 0 -X -r <pcap>.pcap |
peasead
/ fast_resolver.sh
Last active
July 22, 2016 21:03
Simple script to loop through a list of IP addresses and output their resolutions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| cat ips.txt | while read ip | |
| do | |
| echo $ip " " & host $ip | cut -f 5 -d " " | |
| done |
NewerOlder