Richard Davis 13Cubed
13Cubed
/ update_dnsbl.sh
Last active
October 23, 2020 06:55
Download DNS adware and malware blacklists in BIND format and add them to a blacklist zone file. This is a modified version of the script from Paul's Security Weekly (http://wiki.securityweekly.com/wiki/index.php/Episode472).
View update_dnsbl.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| HOME=/var/named | |
| ADLISTURL="https://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig;showintro=0;mimetype=plaintext" | |
| MWLISTURL="http://mirror1.malwaredomains.com/files/spywaredomains.zones" | |
| ADLISTFILE=/tmp/adlistfile | |
| MWLISTFILE=/tmp/mwlistfile | |
| # Download newest blacklists | |
| curl -s -o $ADLISTFILE $ADLISTURL |
13Cubed
/ update_aws.sh
Last active
March 30, 2020 09:43
Update AWS Route 53 and EC2 Security Group upon change in dynamic IP address. Roll your own dynamic DNS service, and update associated security groups by adding the new IP and cleaning up the previous IP to prevent unauthorized access to EC2 instances. Note: calls AWS CLI, and cli53 to make Route 53 changes (https://github.com/barnybug/cli53).
View update_aws.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ZONE="example.com" | |
| HOSTNAME="test" | |
| SGROUP="my_security_group" | |
| CURRENT_IP=$(dig @resolver1.opendns.com myip.opendns.com +short) | |
| OLD_IP=$(dig @resolver1.opendns.com $HOSTNAME.$ZONE +short) | |
| if [[ $CURRENT_IP =~ [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ ]] ; then |
View conkyrc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .conkyrc | |
| background yes | |
| use_xft yes | |
| xftfont Droid:normal:size=10 | |
| xftalpha 1 | |
| update_interval 1.0 | |
| top_cpu_separate true | |
| total_run_times 0 | |
| own_window yes |
13Cubed
/ dns-sniffer.sh
Last active
March 2, 2017 16:21
A Bash script to call tcpdump for DNS traffic capture.
View dns-sniffer.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Note: Do not run this script as root. You know better than that. Allow the standard user under which it runs the ability to execute /usr/sbin/tcpdump. | |
| # Example: setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/sbin/dumpcap | |
| /usr/sbin/tcpdump -i [INTERFACE] -s0 -G 300 -w '/capture/dns_%Y-%m-%d_%H:%M:%S.pcap' 'port 53' |
13Cubed
/ dns-analyzer.sh
Last active
March 2, 2017 16:20
A Bash script to parse DNS PCAPs with tshark and write space-delimited values to a log file (useful for SIEM ingestion). This script ensures a given PCAP is not in use (via fuser) prior to analyzing and moving the file.
View dns-analyzer.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Note: Do not run this script as root. Allow the standard user under which it runs the ability to execute /bin/fuser without entering credentials. | |
| # Example: username ALL = (root) NOPASSWD: /bin/fuser | |
| cd /capture | |
| for file in dns*.pcap; | |
| do | |
| if ! sudo fuser -s $file; then | |
| /usr/bin/tshark -n -t ad -r $file | awk '{ if ($10 !="query") print $2, $3, "ERROR: " $0; else if ($11 == "response") print $2, $3, $12, "R", $4, $6, substr($0, index($0,$13)); else print $2, $3, $11, "Q", $4, $6, $12, $13, $14 }' 1>>/var/log/dns/query.log 2>/dev/null; | |
| mv $file /capture/processed/$file | |
| fi |
13Cubed
/ dns-sniffer.service
Last active
March 1, 2017 20:26
A systemd service file that calls dns-sniffer.sh.
View dns-sniffer.service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=DNS Sniffer | |
| [Service] | |
| User=[USERNAME_HERE] | |
| ExecStart=/usr/local/bin/dns-sniffer.sh | |
| [Install] | |
| WantedBy=multi-user.target |
13Cubed
/ ticketbleed.go
Last active
February 9, 2017 14:27
— forked from FiloSottile/ticketbleed.go
Check for Ticketbleed (CVE-2016-9244) vulnerability.
View ticketbleed.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/tls" | |
| "fmt" | |
| "log" | |
| "strings" | |
| "os" | |
| ) |
13Cubed
/ checknet.sh
Last active
January 23, 2017 11:29
A simple Bash script to monitor a remote address and send an email when it goes down.
View checknet.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # If the file that holds the flag doesn't exist, create it with default of 0 | |
| if [ ! -f /tmp/checknet.tmp ] | |
| then | |
| echo 0 > /tmp/checknet.tmp | |
| fi | |
| target=TARGET_GOES_HERE |
View bashrc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # If this is an interactive shell, customize the prompt | |
| if [[ $- == *i* ]]; then | |
| echo | |
| if [ $(id -u) -eq 0 ]; then # Root user prompt | |
| PS1="\[\033[38;5;31m\][\[$(tput sgr0)\]\[\033[38;5;166m\]\u\[$(tput sgr0)\]\[\033[38;5;31m\]@\h\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;34m\]\W\[$(tput sgr0)\]\[\033[38;5;31m\]]\[$(tput sgr0)\]\[\033[38;5;15m\]\\$ \[$(tput sgr0)\]" | |
| else # Normal user prompt | |
| PS1="\[\033[38;5;31m\][\[$(tput sgr0)\]\[\033[38;5;99m\]\u\[$(tput sgr0)\]\[\033[38;5;31m\]@\h\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;34m\]\W\[$(tput sgr0)\]\[\033[38;5;31m\]]\[$(tput sgr0)\]\[\033[38;5;15m\]\\$ \[$(tput sgr0)\]" | |
| fi | |
| fi |
13Cubed
/ iptohex.py
Created
February 20, 2016 04:26
Convert IPv4 decimal (base 10) addresses to hex (base 16). Useful for 6to4 tunnel configs.
View iptohex.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys | |
| import re | |
| def DecToHex(dec_ip): | |
| dec_octets = str.split(dec_ip, '.') | |
| hex_octets = [] | |
| if len(dec_octets) != 4: |
NewerOlder