Skip to content

Instantly share code, notes, and snippets.

View JosephGregg's full-sized avatar

Joe Gregg JosephGregg

49 followers · 66 following
View GitHub Profile
@JosephGregg
JosephGregg / 390mhz garage brute
Created April 22, 2016 20:47
In [44]: d.discover(SyncWordMatchList=[0x7fffffffffffffff])
Entering Discover mode and searching for possible SyncWords...
seeking one of: ['0x7fffffffffffffff']
(press Enter to quit)
(1461358006.235) Received: 008102000000002140000000000000000000000411028000000000000000
(1461358006.374) Received: 800000000023e3dfa0000000000000000059f3e3df800000000080000000
(1461358006.513) Received: 80010205f067c7bf7e0000000000000003f7efc7bf06fc7bf7e180000000
(1461358006.652) Received: 831e3c7bf06fc7bf7c0000000000000003e7cf8f3e0df8f7e7c180000000
(1461358006.790) Received: 810e1c39f067c7bf7e0000000000000001f3e7c79f067c7bf7e0c0000000
(1461358006.929) Received: c1871e3df833e3dfbe0000000000000001fbf7c3df037e3dfbf060000000
@JosephGregg
JosephGregg / osquery testing
Created May 8, 2016 13:13
{
"options": {
"config_plugin": "filesystem",
"debug": "true",
"host_identifier": "LAPTOP",
"log_result_events": "true",
"logger_plugin": "filesystem",
"schedule_splay_percent": "10",
"verbose_debug": "true",
"verbose": "true",
@JosephGregg
JosephGregg / gist:c31a4b0148240547d54ddaea19bf8d35
Last active August 12, 2016 21:41
apt-get install gcc make autoconf git python-pip python-dev build-essential libffi-dev libssl-dev libjpeg-dev libxml2-dev libxslt1-dev python-dev tcpdump libpcap-dev vim postgresql libpq-dev -y --force-yes
pip install --upgrade pip
pip install --upgrade virtualenv
git clone https://github.com/sensepost/snoopy-ng.git
virtualenv ./snoopy-ng/venv
source ./snoopy-ng/venv/bin/activate
cd ~/snoopy-ng/
sed -i 's/.*from gps import.*/from gps3 import gps3/' ./plugins/gpsd.py
sed -i 's/from libmproxy/from mitmproxy/' ./includes/mitm.py
@JosephGregg
JosephGregg / golang socks test
Created May 31, 2016 15:51
package main
import (
"fmt"
"h12.me/socks"
"strconv"
)
const (
PROXY_ADDR = "127.0.0.1:9050"
@JosephGregg
JosephGregg / gist:202709184255879680d2bd1d86e81b3d
Last active January 24, 2017 11:42
regular expressions
Vehicle Identification Numbers - '[A-H,J-N,P,R-Z0-9]{17}'
Street Address - (([0-9a-z-A-Z]+){1}+((\s+[a-zA-Z.,]+|\s+[a-zA-Z,.]+\s){2,10})?(\#[0-9a-z-\-]+|\#\s+[0-9\-]+|[0-9\-]+))
@JosephGregg
JosephGregg / client probe request demo
Last active August 8, 2016 23:15
#1 ./tshark -I -i mon0 -T fields -e frame.time -t ad -e wlan.sa -e radiotap.channel.freq -e radiotap.dbm_antsignal -e wlan_mgt.ssid -a duration:500 -l subtype probe-req
#2 tshark -S -l -i mon0 -a duration:120 -Y 'wlan.fc.type_subtype eq 4 and wlan_mgt.ssid != xfinitywifi and wlan_mgt.ssid != "" ' -T fields -e wlan.ta -e frame.len -e wlan_mgt.ssid -e radiotap.channel.freq -e radiotap.dbm_antsignal
@JosephGregg
JosephGregg / yara sha384.tt
Created August 9, 2016 15:36
rule SHA384_Constants {
meta:
author = "Joe Gregg"
description = "Search for SHA384 constants"
date = "2016-08-09"
version = "1"
strings:
$c0 = { CBBB9D5DC1059ED8 }
$c1 = { 629A292A367CD507 }
$c2 = { 9159015A3070DD17 }
@JosephGregg
JosephGregg / esp8266 report in snippets
Last active October 6, 2016 00:16
print(crypto.toHex(crypto.hash("sha256",node.chipid())))
print(node.chipid())
> http.get("http://XXXXXX/test.php?value="..node.chipid())
> http.get("http://XXXXXX/test.php?value="..crypto.hash("md5",node.chipid()))
> http.get("http://XXXXXX/test.php?value="..crypto.toHex(crypto.hash("md5",node.chipid())))
@JosephGregg
JosephGregg / onionskin sha1 image hack
Created October 8, 2016 07:15
// need to hack this in to onionscan
package main
import (
"log"
"encoding/hex"
"fmt"
"net/http"
"crypto/sha1"
@JosephGregg
JosephGregg / esp8266-snoopy.ino
Created November 8, 2016 12:39
incomplete snoopy for esp8266
#include <ESP8266HTTPClient.h>
#include <ESP8266WiFi.h>
#define STRAP_URL = "http://snip/bootstrap.php";
#define RECV_URL = "http://snip/droneinput.php";
#define OTAU_URL = "http://snip/update_fw_ota.php";
void setup() {
Serial.begin(115200);