Skip to content

Instantly share code, notes, and snippets.

@BeanBagKing
BeanBagKing / sus_commands.py
Last active April 2, 2023 05:54
Returns an English letter frequency score for command line logs.
#!/usr/bin/python3
# Article reference: https://nullsec.us/finding-unusual-powershell-with-frequency-analysis/
import urllib
import httplib2
from xml.dom import minidom
import math
baseurl = 'https://<domain>.splunkcloud.com:8089'
@BeanBagKing
BeanBagKing / 1105.csv
Created March 9, 2021 17:20
1105 Media Inc. Pi-Hole Blacklist
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
# 1105 MEDIA INC. Blacklist
0.0.0.0 05agency.com
0.0.0.0 05group.com
0.0.0.0 101com.com
0.0.0.0 101com.xyz
0.0.0.0 101communications.com
0.0.0.0 101communications.online
0.0.0.0 101direct.com
0.0.0.0 101m3.com
apt install cowsay fortune lolcat
while true; do fortune | cowsay -f `find /usr/share/cowsay/cows/ -type f | sort -R | head -n1` | lolcat -a -s 75; sleep 2; done
Kali version:
clear; while true; do /usr/games/fortune | /usr/games/cowsay -f `find /usr/share/cowsay/cows/ -type f | sort -R | head -n1` | /usr/games/lolcat -a -s 75; sleep 2; clear; done
Credit @jeffmcjunkin
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
[ -z "$PS1" ] && return
# don't put duplicate lines in the history. See bash(1) for more options
# ... or force ignoredups and ignorespace
HISTCONTROL=ignoredups:ignorespace
@BeanBagKing
BeanBagKing / diffi.sh
Created January 20, 2017 03:17
diffi - Better diff output script
#!/bin/bash
# diffi - Better diff output script
# BeanBagKing - https://gist.github.com/BeanBagKing
# If both arguments aren't given, print help text
if [ -z $1 ] || [ -z $2 ]; then
echo "Usage: `basename $0` [OLD] [NEW]"
exit 1
fi
@BeanBagKing
BeanBagKing / john_help.txt
Created November 8, 2016 18:53
John Help Documentation
root@kali:~# john -h
John the Ripper password cracker, version 1.8.0.6-jumbo-1-bleeding [linux-x86-64-avx]
Copyright (c) 1996-2015 by Solar Designer and others
Homepage: http://www.openwall.com/john/
Usage: john [OPTIONS] [PASSWORD-FILES]
--single[=SECTION] "single crack" mode
--wordlist[=FILE] --stdin wordlist mode, read words from FILE or stdin
--pipe like --stdin, but bulk reads, and allows rules
--loopback[=FILE] like --wordlist, but fetch words from a .pot file
@BeanBagKing
BeanBagKing / hashcat_help.txt
Created November 8, 2016 18:52
Hashcat Help Documentation
hashcat64.exe -a 0 -w 0 -m 1000 -r rules/lmNTLM.rule hashes/ntlm.txt lists/lab.txt
hashcat64.exe -a 0 -w 1 -m 1800 hashes/unixmd5.txt lists/rockyou.txt
hashcat64.exe -a 3 -w 1 -m 1800 --increment ?a?a?a?a?a hashes/unixmd5.txt
C:\hashcat-3.10>hashcat64.exe -h
hashcat, advanced password recovery
Usage: hashcat [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...
@BeanBagKing
BeanBagKing / streams.py
Created October 28, 2016 15:52
Combines multiple pcaps, extracts and decodes TCP streams.
#!/usr/bin/python
# Takes multiple pcap files (packet*.pcap) and...
### Combines them into one pcap (combined.pcap)
### Detects the number of TCP streams
### For each stream, converts it to ascii and stores them in order in a file (encoded_streams.txt)
### Converts URL (percent encoded) values to plaintext equivalent (decoded_streams.txt)
# Run this in the same directory as your packet*.pcap files
@BeanBagKing
BeanBagKing / urldecode.py
Created October 20, 2016 15:26
Takes a URL encoded file (such as a TCP stream) and decodes it.
#!/usr/bin/python
import urllib
fin = open("urlencoded.txt")
fout = open("urldecoded.txt", "wt")
for line in fin:
fout.write(urllib.unquote(line))
fin.close()
fout.close()
@BeanBagKing
BeanBagKing / hunting.sh
Last active April 24, 2021 16:42
Hunting One Liners
# Linux - Look for attempts to hide files (note the spaces)
find / \( -name '. ' -o -name '.. ' -o -name '...' -o -name ' ' \)
# Linux - Find last 20 modified files
### Excluded directoreis for /proc, /sys
### Excludes /tmp/sort* as these are used by this process
##### Exclude directory - find . -type d \( -path dir1 -o -path dir2 -o -path dir3 \) -prune -o -print
find / -type d \( -path /proc -o -path /sys \) -prune -o -print -type f ! -wholename "/tmp/sort*" -exec stat --format '%Y :%y %n' "{}" \; | sort -nr | cut -d: -f2- | head
# Find 20 largest files