Skip to content

Instantly share code, notes, and snippets.

View 9b's full-sized avatar
🐗
Creating.

Brandon Dixon 9b

🐗
Creating.
View GitHub Profile
@9b
9b / unique_hash_objects.py
Created January 4, 2011 13:10
Goes through MongoDB store and checks if any object hash is duplicated
import pymongo
import json
from pymongo import Connection
def connect_to_mongo(host, port, database, collection):
connection = Connection(host, port)
db = connection[database]
collection = db[collection]
return collection
@9b
9b / uma.py
Created January 19, 2011 20:51
Take a blob of IP traffic and let me know if anything currently is in communication with a known compromised host
#!/usr/bin/python
__description__ = 'Get the MDL list and search a blob'
__author__ = 'Brandon Dixon'
__version__ = '1.0'
__date__ = '2011/19/01'
import optparse
import os
@9b
9b / VtNewFormat.py
Created March 22, 2011 03:32
Take the existing VirusTotal format and put it into a more user-friendly output
__description__ = 'Convert VT format to a user-friendly format'
__author__ = 'Brandon Dixon'
__version__ = '1.0'
__date__ = '2011/03/21'
import simplejson as json
import urllib
import urllib2
import hashlib
@9b
9b / pdf_renamer.py
Created March 22, 2011 18:46
Rename a directory of malicious PDFs with the hash.pdf.vir format
import hashlib
import optparse
import os
def get_hash_data(file, type):
if type == "md5":
output = hashlib.md5()
elif type == "sha1":
output = hashlib.sha1()
elif type == "sha256":
@9b
9b / mr_named_funcs.js
Created March 24, 2011 19:37
Unique named functions with instance and total counts
var map = function () {
this.structure.keywords.keyword.forEach(
function (z) {
emit(z.name, {count_sum: z.count, count: 1});
}
);
}
var reduce = function (key, values) {
var total = 0;
@9b
9b / mr_named_funcs_hex.js
Created March 24, 2011 19:38
Unique encoded named functions with instance and total counts
var map = function () {
this.structure.keywords.keyword.forEach(function (z) {emit(z.name, {count_hex: z.hexcodecount, count:1});});
}
var reduce = function (key, values) {
var total = 0;
var count = 0;
for (var i = 0; i < values.length; i++) {
if (values[i].count_hex > 0) {
total += values[i].count_hex;
@9b
9b / mr_component_totals.js
Created March 24, 2011 19:39
Component totals and averages for a PDF set
var map = function () {
this.structure.components.component.forEach(
function (z) {
emit(z.name, {count: 0, total: z.count, avg:0});
}
);
}
var reduce = function (key, values) {
var count = db.malware.count();
@9b
9b / mr_composite_scans.js
Created March 24, 2011 19:43
Key off anti-virus name and collect signatures, unique signature count and total detection
var map = function () {
this.scans.virustotal.report.results.scanners.forEach(
function (z) {
emit(z.antivirus, {signatures: [z.signature] , count: 1, total: 0});
}
);
}
var reduce = function (key, values) {
var count = 0;
@9b
9b / uma_bot.py
Created July 22, 2011 16:55
UMA Bot
from jabberbot import JabberBot, botcmd
import datetime
import base64
import pymongo
import traceback
import simplejson as json
import os, sys, csv, zipfile, getopt, traceback, socket, urlparse, time, urllib2, string
import StringIO
import logging
@9b
9b / magic_mappy.py
Created September 22, 2011 17:46
Generate a bunch of simple mapreduce jobs and output accordingly
import simplejson as json
from pymongo import Connection
from bson.code import Code
#cheap connection
def connect_to_mongo(host, port, database, collection):
connection = Connection(host, port)
db = connection[database]
collection = db[collection]
return collection