Skip to content

Instantly share code, notes, and snippets.

View seajaysec's full-sized avatar

Chris Farrell seajaysec

90 followers · 24 following
View GitHub Profile
@3xocyte
3xocyte / create_machine_account.py
Last active February 21, 2023 03:50
simple script for experimenting with machine account creation
#!/usr/bin/env python
import argparse
import sys
import string
import random
# https://support.microsoft.com/en-au/help/243327/default-limit-to-number-of-workstations-a-user-can-join-to-the-domain
# create machine account utility by @3xocyte
# with thanks to Kevin Robertson for https://github.com/Kevin-Robertson/Powermad/blob/master/Powermad.ps1
@NotMedic
NotMedic / markvulnerable.py
Last active July 11, 2019 02:11
Script to mark hosts as vulnerable in Bloodhound.
#!/usr/bin/python
import sys, json, urllib, urllib2
#Define the Bloodhound Database
url = 'http://bloodhound-server:7474/db/data/cypher/'
#Define the Bloodhound Credentials
#echo neo4j:bloodhound | base64
base64auth = 'bmVvNGo6Ymxvb2Rob3VuZA=='
request = urllib2.Request(url)
@filipesam
filipesam / lowhanging.md
Created January 22, 2019 22:09 — forked from 7MinSec/lowhanging.md
Low-hanging hacker fruit (and how to remove it)

Low Hanging Hacker Fruit

This gist focuses on (relatively) free and (relatively) easy things organizations can do to better protect their networks without buying yet another black box with blinking lights.

Got some ideas of your own that should be on this list? Please leave a comment below!

Implementing a stronger AD password policy

Microsoft has a great paper on the topic that gives some nice high level recommendations:

  • Use a unique password per site
  • Enable complexity
@3xocyte
3xocyte / adidns_records.py
Last active November 1, 2024 18:47
get /etc/hosts entries from ADIDNS
#!/usr/bin/env python
import argparse
import sys
import binascii
import socket
import re
from ldap3 import Server, Connection, NTLM, ALL, SUBTREE, ALL_ATTRIBUTES
# get /etc/hosts entries for domain-joined computers from A and AAAA records (via LDAP/ADIDNS) (@3xocyte)
@nullenc0de
nullenc0de / params.txt
Created March 29, 2019 00:57
List of parameters for content discovery
0
1
11
12
13
14
15
16
17
2
@tg12
tg12 / ftp_check.py
Last active August 27, 2019 19:51
Fast Multi-threaded FTP Scanner
from datetime import datetime
import time
import threading
###########################
from multiprocessing import Process
import random
###########################
import dns.resolver
import dns.reversename
import ftplib
@nullenc0de
nullenc0de / content_discovery_nullenc0de.txt
Last active April 2, 2025 06:37
content_discovery_nullenc0de.txt
This file has been truncated, but you can view the full file.
/
$$$lang-translate.service.js.aspx
$367-Million-Merger-Blocked.html
$defaultnav
${idfwbonavigation}.xml
$_news.php
$search2
£º
.0
/0
@avuko
avuko / ldapsearch.py
Last active July 29, 2019 09:38
ldap search queries in python (with NTLM + SSL)
#!/usr/bin/env python3
import secrets
import sys
from ldap3 import Server, Connection, ALL, NTLM
try:
username = sys.argv[1]
except IndexError:
exit('please provide a username: {} <name>'.format(sys.argv[0]))
@ColonelBuendia
ColonelBuendia / pre-ripgrep.md
Last active February 8, 2024 18:56
Ripgrep preprocessing flow to search through: pdf, ebook, and most of the ms office file types for excel, word, and powerpoint.

Ripgrep is a very fast way to search your text based files. The pre flag is a significantly slower way to search a bunch of your other files as well.

The scripts below have been superseded by rgpipe.

TL;DR

Good: rg --pre somescripthere yoursearchtermhere

Better: rg ---pre-glob '*.{comma,seperated,extensions,to,preprocess}' --pre somescripthere yoursearchtermhere

@Viss
Viss / gist:e7c735ed389c8d055e6f31e845f25516
Created April 18, 2019 00:16
bash one liner for extracting shodan results for weblogic.
#!/bin/bash
# this script was written by viss as a challenge from @random_robbie
# This one-liner replaces a fairly lengthy python script
# if you want to be walked through it, sign up for square cash, send $viss 20 dollars. Otherwise, flex your google fu!
# oh, ps: you need to pip install shodan, and then configure the shodan cli client by giving it your api key.
# then you're off to the races.
shodan search --fields ip_str --limit 1000 'product:"Oracle Weblogic" port:"7001" country:"US"' | sort -u | nmap -sT -Pn -n -oG - -iL - -p 7001 | grep open | awk '{print $2}' | xargs -I % -n 1 -P 30 bash -c 'RESULT=`curl -s -I -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko0100101 Firefox/54.0" -H "Connection":"close" -H "Accept-Language":"en-US -H en;q=0.5" -H "Accept":"text/html -H application/xhtml+xml -H application/xml;q=0.9 -H */*;q=0.8" -H "Upgrade-Insecure-Requests":"1" %:7001/ws_utc/config.do | egrep HTTP`; echo "%: $RESULT";'