Skip to content

Instantly share code, notes, and snippets.


Brandon Dixon 9b

Block or report user

Report or block 9b

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
import requests, json, logging, sys
class PassiveTotal:
def __init__(self, apikey):
self.__apikey = apikey
self.__classifications = [ 'targeted', 'crime', 'benign', 'multiple' ]
self.__actions = [ 'add', 'remove' ]
Last active Aug 6, 2019
Small script to request WHOIS information from RiskIQ
Modify the script to include your username and API key.
Create a virtualenv to keep your space clean:
$ virtualenv -p python3 venv3
Activate it:
$ source venv3/bin/activate
9b /
Created Aug 26, 2017
Simple tool to use WhatRuns API to get technologies used on a page. Doesn't submit the page if it's not in the database.
import ast
import datetime
import json
import sys
import requests
import urllib
from tabulate import tabulate
url = ""
data = {"data": {"hostname": sys.argv[1], "url": sys.argv[1],
9b /
Created Jun 16, 2012
import base64
import sys
def main():
if len(sys.argv) < 3:
sys.exit('Usage (2 arguments): %s "%s" %s' % (sys.argv[0],"malicious file","outfile"))
f = open(sys.argv[1],"rb")
con =
9b /
Created May 19, 2013
Uses the Google Drive API to upload a file, convert it to a file format, download it locally and delete it from Drive.
def poorMansConvert(di, inPath, outType, outPath):
from apiclient.http import MediaFileUpload
valid_output = [
9b /
Created Jan 4, 2011
Goes through MongoDB store and checks if any object hash is duplicated
import pymongo
import json
from pymongo import Connection
def connect_to_mongo(host, port, database, collection):
connection = Connection(host, port)
db = connection[database]
collection = db[collection]
return collection
View log-review.txt
'statistics': {
'noise': 264,
'ips_processed': 283,
'duplicate_entries': 4609,
'money_saved': '$179.17',
'duplicate_ratio': 94.0,
'noise_ratio': 93.0,
'time_saved': '8:48:00',
'interest': 19,

Keybase proof

I hereby claim:

  • I am 9b on github.
  • I am 9bplus ( on keybase.
  • I have a public key ASDXArDVDZslzdQphHwNk0YbXgJapLZ9yFgrrWCGcK-7Ago

To claim this, I am signing this object:

9b / apt32.js
Last active Jun 27, 2018
Latest observed JS payload used for APT32 profiling.
View apt32.js
!function(e) {
function t(i) {
if (n[i])
return n[i].exports;
var o = n[i] = {
"i": i,
"l": !1,
"exports": {}
return e[i].call(o.exports, o, o.exports, t),
9b / false.json
Last active Jun 1, 2018
Sample policy generated from a rule builder meant to be evaluated.
View false.json
"condition": "AND",
"rules": [
"id": "monitor_category",
"field": "monitor_category",
"type": "string",
"input": "select",
"operator": "equal",
"value": "Competition",
You can’t perform that action at this time.