Skip to content

Instantly share code, notes, and snippets.

View 13Cubed's full-sized avatar

Richard Davis 13Cubed

View GitHub Profile
13Cubed /
Last active March 30, 2020 09:43
Update AWS Route 53 and EC2 Security Group upon change in dynamic IP address. Roll your own dynamic DNS service, and update associated security groups by adding the new IP and cleaning up the previous IP to prevent unauthorized access to EC2 instances. Note: calls AWS CLI, and cli53 to make Route 53 changes (
CURRENT_IP=$(dig +short)
OLD_IP=$(dig $HOSTNAME.$ZONE +short)
if [[ $CURRENT_IP =~ [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ ]] ; then
13Cubed /
Last active March 2, 2017 16:20
A Bash script to parse DNS PCAPs with tshark and write space-delimited values to a log file (useful for SIEM ingestion). This script ensures a given PCAP is not in use (via fuser) prior to analyzing and moving the file.
# Note: Do not run this script as root. Allow the standard user under which it runs the ability to execute /bin/fuser without entering credentials.
# Example: username ALL = (root) NOPASSWD: /bin/fuser
cd /capture
for file in dns*.pcap;
if ! sudo fuser -s $file; then
/usr/bin/tshark -n -t ad -r $file | awk '{ if ($10 !="query") print $2, $3, "ERROR: " $0; else if ($11 == "response") print $2, $3, $12, "R", $4, $6, substr($0, index($0,$13)); else print $2, $3, $11, "Q", $4, $6, $12, $13, $14 }' 1>>/var/log/dns/query.log 2>/dev/null;
mv $file /capture/processed/$file
13Cubed /
Last active March 2, 2017 16:21
A Bash script to call tcpdump for DNS traffic capture.
# Note: Do not run this script as root. You know better than that. Allow the standard user under which it runs the ability to execute /usr/sbin/tcpdump.
# Example: setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/sbin/dumpcap
/usr/sbin/tcpdump -i [INTERFACE] -s0 -G 300 -w '/capture/dns_%Y-%m-%d_%H:%M:%S.pcap' 'port 53'
13Cubed / dns-sniffer.service
Last active March 1, 2017 20:26
A systemd service file that calls
Description=DNS Sniffer
13Cubed / ticketbleed.go
Last active February 9, 2017 14:27 — forked from FiloSottile/ticketbleed.go
Check for Ticketbleed (CVE-2016-9244) vulnerability.
package main
import (
13Cubed / conkyrc
Created October 21, 2016 02:28
A simple and clean Conky config that displays system, processors, memory, disks, and top processes.
# .conkyrc
background yes
use_xft yes
xftfont Droid:normal:size=10
xftalpha 1
update_interval 1.0
top_cpu_separate true
total_run_times 0
own_window yes
13Cubed /
Last active October 23, 2020 06:55
Download DNS adware and malware blacklists in BIND format and add them to a blacklist zone file. This is a modified version of the script from Paul's Security Weekly (
# Download newest blacklists
13Cubed /
Created February 20, 2016 04:26
Convert IPv4 decimal (base 10) addresses to hex (base 16). Useful for 6to4 tunnel configs.
import sys
import re
def DecToHex(dec_ip):
dec_octets = str.split(dec_ip, '.')
hex_octets = []
if len(dec_octets) != 4:
13Cubed /
Created February 20, 2016 04:26
Use RegEx (Regular Expressions) to search through files for specific text.
import sys
import re
def ParseLog(filename, search_string):
f = open(filename, 'rU')
except IOError:
print '\n*** I/O Error: Can\'t read file', filename, '***\n'
13Cubed / service
Created February 20, 2016 04:24
This template can be used to create a service script for Red Hat Enterprise Linux. It will enable you to use “service myservice start”, “service myservice stop”, or “service myservice status” to control a particular process.
# Replace myservice with your service name. Insert commands where noted.
# chkconfig: - 99 00
# Source function library.
. /etc/rc.d/init.d/functions
case "$1" in
echo -n "Starting myservice"