View update_dnsbl.sh
#!/bin/bash | |
HOME=/var/named | |
ADLISTURL="https://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig;showintro=0;mimetype=plaintext" | |
MWLISTURL="http://mirror1.malwaredomains.com/files/spywaredomains.zones" | |
ADLISTFILE=/tmp/adlistfile | |
MWLISTFILE=/tmp/mwlistfile | |
# Download newest blacklists | |
curl -s -o $ADLISTFILE $ADLISTURL |
View update_aws.sh
#!/bin/bash | |
ZONE="example.com" | |
HOSTNAME="test" | |
SGROUP="my_security_group" | |
CURRENT_IP=$(dig @resolver1.opendns.com myip.opendns.com +short) | |
OLD_IP=$(dig @resolver1.opendns.com $HOSTNAME.$ZONE +short) | |
if [[ $CURRENT_IP =~ [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ ]] ; then |
View conkyrc
# .conkyrc | |
background yes | |
use_xft yes | |
xftfont Droid:normal:size=10 | |
xftalpha 1 | |
update_interval 1.0 | |
top_cpu_separate true | |
total_run_times 0 | |
own_window yes |
View dns-sniffer.sh
#!/bin/bash | |
# Note: Do not run this script as root. You know better than that. Allow the standard user under which it runs the ability to execute /usr/sbin/tcpdump. | |
# Example: setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/sbin/dumpcap | |
/usr/sbin/tcpdump -i [INTERFACE] -s0 -G 300 -w '/capture/dns_%Y-%m-%d_%H:%M:%S.pcap' 'port 53' |
View dns-analyzer.sh
#!/bin/bash | |
# Note: Do not run this script as root. Allow the standard user under which it runs the ability to execute /bin/fuser without entering credentials. | |
# Example: username ALL = (root) NOPASSWD: /bin/fuser | |
cd /capture | |
for file in dns*.pcap; | |
do | |
if ! sudo fuser -s $file; then | |
/usr/bin/tshark -n -t ad -r $file | awk '{ if ($10 !="query") print $2, $3, "ERROR: " $0; else if ($11 == "response") print $2, $3, $12, "R", $4, $6, substr($0, index($0,$13)); else print $2, $3, $11, "Q", $4, $6, $12, $13, $14 }' 1>>/var/log/dns/query.log 2>/dev/null; | |
mv $file /capture/processed/$file | |
fi |
View dns-sniffer.service
[Unit] | |
Description=DNS Sniffer | |
[Service] | |
User=[USERNAME_HERE] | |
ExecStart=/usr/local/bin/dns-sniffer.sh | |
[Install] | |
WantedBy=multi-user.target |
View ticketbleed.go
package main | |
import ( | |
"crypto/tls" | |
"fmt" | |
"log" | |
"strings" | |
"os" | |
) |
View checknet.sh
#!/bin/bash | |
# If the file that holds the flag doesn't exist, create it with default of 0 | |
if [ ! -f /tmp/checknet.tmp ] | |
then | |
echo 0 > /tmp/checknet.tmp | |
fi | |
target=TARGET_GOES_HERE |
View bashrc
# If this is an interactive shell, customize the prompt | |
if [[ $- == *i* ]]; then | |
echo | |
if [ $(id -u) -eq 0 ]; then # Root user prompt | |
PS1="\[\033[38;5;31m\][\[$(tput sgr0)\]\[\033[38;5;166m\]\u\[$(tput sgr0)\]\[\033[38;5;31m\]@\h\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;34m\]\W\[$(tput sgr0)\]\[\033[38;5;31m\]]\[$(tput sgr0)\]\[\033[38;5;15m\]\\$ \[$(tput sgr0)\]" | |
else # Normal user prompt | |
PS1="\[\033[38;5;31m\][\[$(tput sgr0)\]\[\033[38;5;99m\]\u\[$(tput sgr0)\]\[\033[38;5;31m\]@\h\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;34m\]\W\[$(tput sgr0)\]\[\033[38;5;31m\]]\[$(tput sgr0)\]\[\033[38;5;15m\]\\$ \[$(tput sgr0)\]" | |
fi | |
fi |
View iptohex.py
#!/usr/bin/python | |
import sys | |
import re | |
def DecToHex(dec_ip): | |
dec_octets = str.split(dec_ip, '.') | |
hex_octets = [] | |
if len(dec_octets) != 4: |
NewerOlder