Ankur Tyagi 7h3rAm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| def hexdump(src, length=16, sep='.'): | |
| """ | |
| >>> print(hexdump('\x01\x02\x03\x04AAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBB')) | |
| 00000000: 01 02 03 04 41 41 41 41 41 41 41 41 41 41 41 41 |....AAAAAAAAAAAA| | |
| 00000010: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 42 42 |AAAAAAAAAAAAAABB| | |
| 00000020: 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 |BBBBBBBBBBBBBBBB| | |
| 00000030: 42 42 42 42 42 42 42 42 |BBBBBBBB| | |
| >>> |
7h3rAm
/ shell.c
Created
September 1, 2013 19:39
— forked from parse/shell.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Compile with: g++ -Wall –Werror -o shell shell.c */ | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <ctype.h> | |
| #include <unistd.h> | |
| #include <sys/types.h> | |
| #include <sys/wait.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| import re | |
| import datetime, time | |
| import argparse | |
| import nids | |
| end_states = (nids.NIDS_CLOSE, nids.NIDS_TIMEOUT, nids.NIDS_RESET) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [defaults] | |
| search = dos | |
| pgtpath = /home/ankur/toolbox/PCAP-Generation-Tools/pgt.py | |
| shellstormpath = /home/ankur/scripts/shell-storm-api.py | |
| exploitdbpath = | |
| metasploitpath = | |
| emuprofilesize = 10240 |
7h3rAm
/ gist:350463abeeb1edc85ee2
Created
October 4, 2014 17:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Verifying that +7h3ram is my Bitcoin username. You can send me #bitcoin here: https://onename.io/7h3ram |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import datetime, re, difflib | |
| def k10(stack): | |
| if len(stack) <= 1: | |
| return | |
| checkHashes, checkDuplicates, checkDelta, checkName = True, True, True, True | |
| score, dCount, fCount, deltaScore, fnameScore, chainAverage = 65, 0, 0, 0, 0, 0 | |
| duplicates, dChain, fChain, features = [], [], [], [ 'valid_filenames' ] |
7h3rAm
/ dga.py
Last active
August 29, 2015 14:21
— forked from baderj/dga.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| generate domains according to: | |
| - https://www.endgame.com/blog/malware-with-a-personal-touch.html | |
| - http://www.rsaconference.com/writable/presentations/file_upload/br-r01-end-to-end-analysis-of-a-domain-generating-algorithm-malware-family.pdf | |
| requires words1.txt and words2.txt | |
| """ | |
| import time | |
| from datetime import datetime | |
| import argparse |
7h3rAm
/ dga_symmi.py
Last active
August 29, 2015 14:21
— forked from baderj/dga_symmi.py
DGA of symmi - http://johannesbader.ch/2015/01/the-dga-of-symmi/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| from datetime import datetime | |
| seed_const = 42 | |
| days_period = 16 | |
| nr_of_domains = 64 | |
| third_lvl_min_len = 8 | |
| third_lvl_max_len = 15 | |
| class Rand: |
7h3rAm
/ dga_shiz.py
Last active
August 29, 2015 14:21
— forked from baderj/dga_shiz.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| def get_domains(nr, how_many): | |
| bases = { | |
| 1: { | |
| 'length': 7, | |
| 'tld': 'com', | |
| 'key': '1676d5775e05c50b46baa5579d4fc7', | |
| 'base': 0x45AE94B2 | |
| }, |
7h3rAm
/ dga_newGOZ.py
Created
May 19, 2015 09:16
DGA of Zeus Gameover Variant - newGOZ - http://www.johannesbader.ch/2014/12/the-dga-of-newgoz/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| from datetime import datetime, timedelta | |
| import struct | |
| import argparse | |
| def get_seed(seq_nr, date): | |
| key = "\x01\x05\x19\x35" | |
| seq_nr = struct.pack('<I', seq_nr) | |
| year = struct.pack('<H', date.year) | |
| month = struct.pack('<H', date.month) |
OlderNewer