James Hovious JamesHovious

## Pentest-Tools-Install.sh
#/bin/bash

# This script sets up two directories. One in ~/tools/ which contains tools that I often use on pentests.
# The other directory is in /var/www/html/ that contains tools/scripts that I often pull down from
# and run on victim machines.

toollist=(
'https://github.com/ilneill/Py-CiscoT7.git'
'https://github.com/rsmudge/cortana-scripts.git'
'https://github.com/CoreSecurity/impacket.git'

## JulianDate.ps1
#Calculate today's julian date
$Year = get-date -format yy
$JulianYear = $Year.Substring(1)
$DayOfYear = (Get-Date).DayofYear
$JulianDate = $JulianYear + "{0:D3}" -f $DayOfYear
Write-Host $JulianDate

## hancitor_extractor.go
package hancitor

// References:
// https://hub.gke2.mybinder.org/user/oalabs-lab-notes-4vubrm7f/notebooks/Hancitor/hancitor.ipynb
// https://www.youtube.com/watch?v=OQuRwpUTBpQ
// https://www.binarydefense.com/analysis-of-hancitor-when-boring-begets-beacon/
// https://github.com/kevoreilly/CAPEv2/blob/master/modules/processing/parsers/mwcp/Hancitor.py

import (
	"bytes"

## error_example_syntax.go
if val, ok := data[“key”]; ok {
  // the key/value in the map exists
}

if gz, err := zlib.NewReader(base64decoder); err != nil {
  return err
}

if err := decoder.Decode(&t); err != nil {
  return err

## prt_to_bytes.go
size := unsafe.Sizeof(ptr)
eip := make([]byte, size)
switch size {
	case 4: binary.LittleEndian.PutUint32(eip, uint32(ptr))
	case 8: binary.LittleEndian.PutUint64(eip, uint64(ptr))
	default: panic(fmt.Sprintf(“unknown uintptr size: %v”, size))
}

## JulianDate.java
private String jd(){
        GregorianCalendar gc = new GregorianCalendar();
        String year = new Integer(gc.get(GregorianCalendar.YEAR)).toString();
        String jdPrefix = year.substring(3);
        int jdSuffixInt = gc.get(GregorianCalendar.DAY_OF_YEAR);
        String jdSuffix = String.format("%03d", jdSuffixInt);
        String jd = jdPrefix + jdSuffix;
        return jd;
	}

## Android SQLite.java
package com.e3h.usmcknowledge.database;

import android.content.ContentValues;
import android.content.Context;
import android.database.Cursor;
import android.database.sqlite.SQLiteDatabase;
import android.database.sqlite.SQLiteOpenHelper;

public class DatabaseHelper {

## aws_parse.py
#/bin/python3
import urllib.request
import json

aws_url = "https://ip-ranges.amazonaws.com/ip-ranges.json"
aws_ips = []
with urllib.request.urlopen(aws_url) as response:
    obj = json.loads(response.readall().decode('utf-8'))
    for k, v in obj.items(): #  type dictionary
        if isinstance(v, list): # filtering on 'prefixes' which is type list

## commands.ps1
function encode_base64($string)
{
    $string_bytes = [System.Text.Encoding]::Unicode.GetBytes($string)
    return [System.Convert]::ToBase64String($string_bytes)
}

function decode_base64($base64)
{
	$base_bytes = [System.Convert]::FromBase64String($base64)
	return [System.Text.Encoding]::Unicode.GetString([char[]]$base_bytes)

## Brython Rest API.py
<table class="table table-striped table-bordered">
    <thead>
    <tr>
        <th>First Name</th>
        <th>Last Name</th>
        <th>Date</th>
    </tr>
    </thead>
    <tbody>
    <tr>
	#/bin/bash

	# This script sets up two directories. One in ~/tools/ which contains tools that I often use on pentests.
	# The other directory is in /var/www/html/ that contains tools/scripts that I often pull down from
	# and run on victim machines.

	toollist=(
	'https://github.com/ilneill/Py-CiscoT7.git'
	'https://github.com/rsmudge/cortana-scripts.git'
	'https://github.com/CoreSecurity/impacket.git'
	#Calculate today's julian date
	$Year = get-date -format yy
	$JulianYear = $Year.Substring(1)
	$DayOfYear = (Get-Date).DayofYear
	$JulianDate = $JulianYear + "{0:D3}" -f $DayOfYear
	Write-Host $JulianDate
	package hancitor

	// References:
	// https://hub.gke2.mybinder.org/user/oalabs-lab-notes-4vubrm7f/notebooks/Hancitor/hancitor.ipynb
	// https://www.youtube.com/watch?v=OQuRwpUTBpQ
	// https://www.binarydefense.com/analysis-of-hancitor-when-boring-begets-beacon/
	// https://github.com/kevoreilly/CAPEv2/blob/master/modules/processing/parsers/mwcp/Hancitor.py

	import (
	"bytes"
	if val, ok := data[“key”]; ok {
	// the key/value in the map exists
	}

	if gz, err := zlib.NewReader(base64decoder); err != nil {
	return err
	}

	if err := decoder.Decode(&t); err != nil {
	return err
	size := unsafe.Sizeof(ptr)
	eip := make([]byte, size)
	switch size {
	case 4: binary.LittleEndian.PutUint32(eip, uint32(ptr))
	case 8: binary.LittleEndian.PutUint64(eip, uint64(ptr))
	default: panic(fmt.Sprintf(“unknown uintptr size: %v”, size))
	}
	private String jd(){
	GregorianCalendar gc = new GregorianCalendar();
	String year = new Integer(gc.get(GregorianCalendar.YEAR)).toString();
	String jdPrefix = year.substring(3);
	int jdSuffixInt = gc.get(GregorianCalendar.DAY_OF_YEAR);
	String jdSuffix = String.format("%03d", jdSuffixInt);
	String jd = jdPrefix + jdSuffix;
	return jd;
	}
	package com.e3h.usmcknowledge.database;

	import android.content.ContentValues;
	import android.content.Context;
	import android.database.Cursor;
	import android.database.sqlite.SQLiteDatabase;
	import android.database.sqlite.SQLiteOpenHelper;

	public class DatabaseHelper {
	#/bin/python3
	import urllib.request
	import json

	aws_url = "https://ip-ranges.amazonaws.com/ip-ranges.json"
	aws_ips = []
	with urllib.request.urlopen(aws_url) as response:
	obj = json.loads(response.readall().decode('utf-8'))
	for k, v in obj.items(): # type dictionary
	if isinstance(v, list): # filtering on 'prefixes' which is type list
	function encode_base64($string)
	{
	$string_bytes = [System.Text.Encoding]::Unicode.GetBytes($string)
	return [System.Convert]::ToBase64String($string_bytes)
	}

	function decode_base64($base64)
	{
	$base_bytes = [System.Convert]::FromBase64String($base64)
	return [System.Text.Encoding]::Unicode.GetString([char[]]$base_bytes)
	<table class="table table-striped table-bordered">
	<thead>
	<tr>
	<th>First Name</th>
	<th>Last Name</th>
	<th>Date</th>
	</tr>
	</thead>
	<tbody>
	<tr>