Skip to content

Instantly share code, notes, and snippets.

Richard Davis 13Cubed

Block or report user

Report or block 13Cubed

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@13Cubed
13Cubed / audit-tool.py
Created Jan 27, 2016
A simple file comparison utility written in Python.
View audit-tool.py
#!/usr/bin/python
# audit-tool.py 2.0 - A simple file comparison utility.
# Copyright 2014 13Cubed. All rights reserved. Written by: Richard Davis
import sys
def compareFiles(filename1, filename2, ignorecase, bidirectional):
"""
Given two filenames and an ignorecase booelean, compares filename1
against filename2 and returns list of the differences and a count of
@13Cubed
13Cubed / ossec-installer.sh
Last active Jan 27, 2016
OSSEC HIDS agent installation script for RHEL/CentOS.
View ossec-installer.sh
#!/bin/bash
# This script simplifies the installation of the OSSEC HIDS Agent for RHEL/CentOS boxes.
# Are we running is root?
if [ $(id -u) -ne 0 ]; then
echo
echo "This script must be run as root!"
echo
exit;
fi
@13Cubed
13Cubed / service
Created Feb 20, 2016
This template can be used to create a service script for Red Hat Enterprise Linux. It will enable you to use “service myservice start”, “service myservice stop”, or “service myservice status” to control a particular process.
View service
#!/bin/bash
# Replace myservice with your service name. Insert commands where noted.
# chkconfig: - 99 00
# Source function library.
. /etc/rc.d/init.d/functions
case "$1" in
start)
echo -n "Starting myservice"
@13Cubed
13Cubed / checklog.py
Created Feb 20, 2016
Use RegEx (Regular Expressions) to search through files for specific text.
View checklog.py
#!/usr/bin/python
import sys
import re
def ParseLog(filename, search_string):
try:
f = open(filename, 'rU')
except IOError:
print '\n*** I/O Error: Can\'t read file', filename, '***\n'
@13Cubed
13Cubed / iptohex.py
Created Feb 20, 2016
Convert IPv4 decimal (base 10) addresses to hex (base 16). Useful for 6to4 tunnel configs.
View iptohex.py
#!/usr/bin/python
import sys
import re
def DecToHex(dec_ip):
dec_octets = str.split(dec_ip, '.')
hex_octets = []
if len(dec_octets) != 4:
@13Cubed
13Cubed / bashrc
Last active Feb 26, 2016
Custom bash prompt. Can be placed in /etc/bashrc (or /etc/bash.bashrc).
View bashrc
# If this is an interactive shell, customize the prompt
if [[ $- == *i* ]]; then
echo
if [ $(id -u) -eq 0 ]; then # Root user prompt
PS1="\[\033[38;5;31m\][\[$(tput sgr0)\]\[\033[38;5;166m\]\u\[$(tput sgr0)\]\[\033[38;5;31m\]@\h\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;34m\]\W\[$(tput sgr0)\]\[\033[38;5;31m\]]\[$(tput sgr0)\]\[\033[38;5;15m\]\\$ \[$(tput sgr0)\]"
else # Normal user prompt
PS1="\[\033[38;5;31m\][\[$(tput sgr0)\]\[\033[38;5;99m\]\u\[$(tput sgr0)\]\[\033[38;5;31m\]@\h\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;34m\]\W\[$(tput sgr0)\]\[\033[38;5;31m\]]\[$(tput sgr0)\]\[\033[38;5;15m\]\\$ \[$(tput sgr0)\]"
fi
fi
@13Cubed
13Cubed / checknet.sh
Last active Jan 23, 2017
A simple Bash script to monitor a remote address and send an email when it goes down.
View checknet.sh
#!/bin/bash
# If the file that holds the flag doesn't exist, create it with default of 0
if [ ! -f /tmp/checknet.tmp ]
then
echo 0 > /tmp/checknet.tmp
fi
target=TARGET_GOES_HERE
@13Cubed
13Cubed / ticketbleed.go
Last active Feb 9, 2017 — forked from FiloSottile/ticketbleed.go
Check for Ticketbleed (CVE-2016-9244) vulnerability.
View ticketbleed.go
package main
import (
"crypto/tls"
"fmt"
"log"
"strings"
"os"
)
@13Cubed
13Cubed / dns-sniffer.service
Last active Mar 1, 2017
A systemd service file that calls dns-sniffer.sh.
View dns-sniffer.service
[Unit]
Description=DNS Sniffer
[Service]
User=[USERNAME_HERE]
ExecStart=/usr/local/bin/dns-sniffer.sh
[Install]
WantedBy=multi-user.target
@13Cubed
13Cubed / dns-analyzer.sh
Last active Mar 2, 2017
A Bash script to parse DNS PCAPs with tshark and write space-delimited values to a log file (useful for SIEM ingestion). This script ensures a given PCAP is not in use (via fuser) prior to analyzing and moving the file.
View dns-analyzer.sh
#!/bin/bash
# Note: Do not run this script as root. Allow the standard user under which it runs the ability to execute /bin/fuser without entering credentials.
# Example: username ALL = (root) NOPASSWD: /bin/fuser
cd /capture
for file in dns*.pcap;
do
if ! sudo fuser -s $file; then
/usr/bin/tshark -n -t ad -r $file | awk '{ if ($10 !="query") print $2, $3, "ERROR: " $0; else if ($11 == "response") print $2, $3, $12, "R", $4, $6, substr($0, index($0,$13)); else print $2, $3, $11, "Q", $4, $6, $12, $13, $14 }' 1>>/var/log/dns/query.log 2>/dev/null;
mv $file /capture/processed/$file
fi
You can’t perform that action at this time.