Skip to content

Instantly share code, notes, and snippets.

DiabloHorn DiabloHorn

Block or report user

Report or block DiabloHorn

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View xprotect-brute-js.user.js
// ==UserScript==
// @name xprotect-brute-js
// @namespace ns-xprotect-brute-js
// @description Brute force Milestone XProtect Web Client
// @include http://localhost:8081/index.html
// @version 1
// @grant none
// ==/UserScript==
//DiabloHorn - https://diablohorn.com
var foundcreds = 0;
View xprotect-brute.py
#!/usr/bin/env python
"""
DiabloHorn - https://diablohorn.com
Brute force the Milestone XProtect Web Client interface
python xprotect-brute.py http://127.0.0.1:8081/XProtectMobile/Communication --userlist u.txt --pwdlist p.txt --httpproxy http://127.0.0.1:9090
"""
import sys
import base64
import argparse
@DiabloHorn
DiabloHorn / poc_server.py
Created Apr 9, 2017
Server part of IP whitelist bypass POC
View poc_server.py
#!/usr/bin/env python
"""
DiabloHorn - https://diablohorn.com
POC server to inject packets towards 'infected' machine
intended to bypass IP whitelisting
"""
import time
import socket
from scapy.all import *
@DiabloHorn
DiabloHorn / poc_client.py
Created Apr 9, 2017
Client part of IP whitelist bypass POC
View poc_client.py
#!/usr/bin/env python
"""
DiabloHorn - https://diablohorn.com
POC client on 'infected' machines to receive injected packets
intended to bypass IP whitelisting
"""
import sys
import time
import socket
from threading import Thread
@DiabloHorn
DiabloHorn / pyrawcap.py
Created Mar 9, 2017
Python sniffer using only raw sockets
View pyrawcap.py
#!/usr/bin/env python
#DiabloHorn https://diablohorn.com
#raw python pcap creater
#based on
# http://askldjd.com/2014/01/15/a-reasonably-fast-python-ip-sniffer/
#additional references
# http://www.kanadas.com/program-e/2014/08/raw_socket_communication_on_li.html
import sys
import time
You can’t perform that action at this time.