John Carroll yosignals
yosignals
/ HeadHunter.sh
Created
September 20, 2023 08:47
Head(er) Hunter script - part of the Data-Bouncing post
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Pre-flight check to verify and install necessary utilities | |
| for utility in curl parallel bc; do | |
| if ! command -v $utility &> /dev/null; then | |
| read -p "$utility is not installed. Would you like to install it? (y/N) " yn | |
| case $yn in | |
| [Yy]* ) | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "Please run this script as root or use sudo to install $utility." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import csv | |
| api_endpoint = 'https://api.dehashed.com/search?query={}' | |
| credentials = ('[email protected]', 'APIKEY') | |
| headers = {'Accept': 'application/json'} | |
| # Step 1: Read the IP addresses from a text file | |
| with open('ip_addresses.txt', 'r') as file: | |
| ip_addresses = [line.strip() for line in file] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import urllib.request as urllib2 | |
| import re | |
| from collections import Counter | |
| import csv | |
| def ParseIEEEOui(url="http://standards.ieee.org/develop/regauth/oui/oui.txt"): | |
| headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0'} | |
| req = urllib2.Request(url, headers=headers) | |
| res = urllib2.urlopen(req) | |
| data = res.read().decode() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import re | |
| # Directory path where the txt files are stored | |
| folder_path = '.' | |
| # Adjusted regular expressions to match the given line format | |
| email_pattern = re.compile(r'Email: ([\w\.-]+@[\w\.-]+)') | |
| screen_name_pattern = re.compile(r'ScreenName: (\S+)') |
yosignals
/ YoinClient.go
Last active
August 12, 2023 18:48
this listens at the webroot and collects incommng requests, for /filename.ext/chunk_of_base64, until the sha1 in the first request is met
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/sha1" | |
| "encoding/base64" | |
| "encoding/hex" | |
| "fmt" | |
| "io/ioutil" | |
| "log" | |
| "net/http" |
yosignals
/ Ex-Machina.py
Last active
August 7, 2023 09:11
a script that takes an IP or Email address as a parental starting point and pulls out child data, if this IP was used by bad, what emails have been liked to it in breach data more on that here https://thecontractor.io/breachdatareachdata/ to use this script you'll need a rehashed.com api key and email address (for credentials) and find your swee…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import time | |
| import json | |
| import sys | |
| api_endpoint = 'https://api.dehashed.com/search?query={}' | |
| credentials = ('YOUREMAIL', 'YOURAPI') | |
| headers = {'Accept': 'application/json'} | |
| checked_items = {} |
yosignals
/ fake ditty.py sample
Created
June 16, 2023 13:13
https://github.com/yosignals/ditty output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/yosignals/ditty/blob/main/fake.ditty.py | |
| gchq.local\rffpfosm:881723:a34e5a428ee058321df4d8da9abc4760:5d6dc7a7f094201c15fe39e3885bb45e::: | |
| gchq.local\keuqfzsq:849930:a34e5a428ee058321df4d8da9abc4760:a3d19bcf76a2fed12ba9b7d9a7f6c49d::: | |
| gchq.local\lyddkuyw:655741:a34e5a428ee058321df4d8da9abc4760:20314ac20f2d59988aab796ee782e464::: | |
| gchq.local\lyddkuyw:655741:a34e5a428ee058321df4d8da9abc4760:20314ac20f2d59988aab796ee782e464::: | |
| gchq.local\lyddkuyw:655741:a34e5a428ee058321df4d8da9abc4760:20314ac20f2d59988aab796ee782e464::: | |
| gchq.local\lyddkuyw:655741:a34e5a428ee058321df4d8da9abc4760:20314ac20f2d59988aab796ee782e464::: | |
| gchq.local\lyddkuyw:655741:a34e5a428ee058321df4d8da9abc4760:20314ac20f2d59988aab796ee782e464::: | |
| gchq.local\lyddkuyw:655741:a34e5a428ee058321df4d8da9abc4760:20314ac20f2d59988aab796ee782e464::: |
yosignals
/ Publicker.py
Last active
June 12, 2023 13:40
Publicker - A little script that takes your cracked passwords and cross references them against the SecList Passwords folder, exporting results to an external file citing the password and the location of the public wordlist it was seen in - more on this at https://thecontractor.io/publicker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import requests | |
| import chardet | |
| import sys | |
| GITHUB_API = 'https://api.github.com' | |
| OWNER = 'danielmiessler' | |
| REPO = 'SecLists' | |
| BRANCH = 'master' | |
| DIR_PATH = 'Passwords' |
yosignals
/ Ditty.py
Last active
June 9, 2023 11:29
Fake Domain dump generator and duplicate hash analyser reasons here > https://thecontractor.io/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import random | |
| import string | |
| import hashlib | |
| def generate_fake_extract(): | |
| domain = 'gchq.local' | |
| user_count = 1000 # Number of fake user accounts to generate | |
| fake_extract = [] |
yosignals
/ MontyPortSniffingtonSlacksworthy.py
Last active
May 1, 2023 11:50
something hits your port, you get a slack notification IP/NSLookup *added whois + time stuff + write out to local sqlite
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import sys | |
| import subprocess | |
| import requests | |
| import json | |
| import time | |
| import sqlite3 | |
| import select | |
| # Check for required packages and install them if needed |