Skip to content

Instantly share code, notes, and snippets.

🐗
Creating.

Brandon Dixon 9b

🐗
Creating.
Block or report user

Report or block 9b

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@9b
9b / unique_hash_objects.py
Created Jan 4, 2011
Goes through MongoDB store and checks if any object hash is duplicated
View unique_hash_objects.py
import pymongo
import json
from pymongo import Connection
def connect_to_mongo(host, port, database, collection):
connection = Connection(host, port)
db = connection[database]
collection = db[collection]
return collection
@9b
9b / uma.py
Created Jan 19, 2011
Take a blob of IP traffic and let me know if anything currently is in communication with a known compromised host
View uma.py
#!/usr/bin/python
__description__ = 'Get the MDL list and search a blob'
__author__ = 'Brandon Dixon'
__version__ = '1.0'
__date__ = '2011/19/01'
import optparse
import os
@9b
9b / VtNewFormat.py
Created Mar 22, 2011
Take the existing VirusTotal format and put it into a more user-friendly output
View VtNewFormat.py
__description__ = 'Convert VT format to a user-friendly format'
__author__ = 'Brandon Dixon'
__version__ = '1.0'
__date__ = '2011/03/21'
import simplejson as json
import urllib
import urllib2
import hashlib
@9b
9b / pdf_renamer.py
Created Mar 22, 2011
Rename a directory of malicious PDFs with the hash.pdf.vir format
View pdf_renamer.py
import hashlib
import optparse
import os
def get_hash_data(file, type):
if type == "md5":
output = hashlib.md5()
elif type == "sha1":
output = hashlib.sha1()
elif type == "sha256":
@9b
9b / mr_named_funcs.js
Created Mar 24, 2011
Unique named functions with instance and total counts
View mr_named_funcs.js
var map = function () {
this.structure.keywords.keyword.forEach(
function (z) {
emit(z.name, {count_sum: z.count, count: 1});
}
);
}
var reduce = function (key, values) {
var total = 0;
@9b
9b / mr_named_funcs_hex.js
Created Mar 24, 2011
Unique encoded named functions with instance and total counts
View mr_named_funcs_hex.js
var map = function () {
this.structure.keywords.keyword.forEach(function (z) {emit(z.name, {count_hex: z.hexcodecount, count:1});});
}
var reduce = function (key, values) {
var total = 0;
var count = 0;
for (var i = 0; i < values.length; i++) {
if (values[i].count_hex > 0) {
total += values[i].count_hex;
@9b
9b / mr_component_totals.js
Created Mar 24, 2011
Component totals and averages for a PDF set
View mr_component_totals.js
var map = function () {
this.structure.components.component.forEach(
function (z) {
emit(z.name, {count: 0, total: z.count, avg:0});
}
);
}
var reduce = function (key, values) {
var count = db.malware.count();
@9b
9b / mr_composite_scans.js
Created Mar 24, 2011
Key off anti-virus name and collect signatures, unique signature count and total detection
View mr_composite_scans.js
var map = function () {
this.scans.virustotal.report.results.scanners.forEach(
function (z) {
emit(z.antivirus, {signatures: [z.signature] , count: 1, total: 0});
}
);
}
var reduce = function (key, values) {
var count = 0;
View uma_bot.py
from jabberbot import JabberBot, botcmd
import datetime
import base64
import pymongo
import traceback
import simplejson as json
import os, sys, csv, zipfile, getopt, traceback, socket, urlparse, time, urllib2, string
import StringIO
import logging
@9b
9b / magic_mappy.py
Created Sep 22, 2011
Generate a bunch of simple mapreduce jobs and output accordingly
View magic_mappy.py
import simplejson as json
from pymongo import Connection
from bson.code import Code
#cheap connection
def connect_to_mongo(host, port, database, collection):
connection = Connection(host, port)
db = connection[database]
collection = db[collection]
return collection
You can’t perform that action at this time.