Justin JustinAzoff
JustinAzoff
/ post_library.so.c
Created
December 5, 2015 19:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| american fuzzy lop - postprocessor library example | |
| -------------------------------------------------- | |
| Written and maintained by Michal Zalewski <lcamtuf@google.com> | |
| Copyright 2015 Google Inc. All rights reserved. | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. |
JustinAzoff
/ tardiff.py
Last active
September 17, 2015 15:16
Diff a tar file with the current contents on the filesystem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import difflib | |
| import sys | |
| import tarfile | |
| def read(fn): | |
| with open(fn) as f: | |
| return f.readlines() |
JustinAzoff
/ dns_test.bro
Last active
August 29, 2015 14:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| redef exit_only_after_terminate = T; | |
| event test() | |
| { | |
| local src = 1.2.3.4; | |
| local dst = 8.8.8.8; | |
| local output = ""; | |
| if ( T ) | |
| { | |
| when ( local src_name = lookup_addr(src) ) |
JustinAzoff
/ terminate-connection.bro
Created
May 28, 2015 15:35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module TerminateConnection; | |
| export { | |
| redef enum Notice::Type += { | |
| TerminatingConnection, # connection will be terminated | |
| TerminatingConnectionIgnored, # connection terminated disabled | |
| }; | |
| # Whether we're allowed (and/or are capable) to terminate connections | |
| # using "rst". |
JustinAzoff
/ InterfaceSetup.py
Last active
January 15, 2016 20:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # A plugin to setup capture interfaces | |
| # The plugin is off by default. To enable it, add "interfacesetup.enabled=1" to broctl.cfg. | |
| # | |
| import BroControl.plugin | |
| class InterfaceSetupPlugin(BroControl.plugin.Plugin): | |
| def __init__(self): | |
| super(InterfaceSetupPlugin, self).__init__(apiversion=1) |
JustinAzoff
/ gen_certs.py
Created
December 12, 2014 17:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import os | |
| import sys | |
| BRO_CERT_TEMPLATE = """#auto generated | |
| redef SSL::root_certs += { | |
| ["%(subject)s"] = "%(cert)s" | |
| }; | |
| """ |
JustinAzoff
/ is_file_growing.py
Last active
August 29, 2015 14:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import os | |
| import sys | |
| import time | |
| SIZE_TIMEOUT = 10 | |
| def get_size(f): | |
| for x in range(SIZE_TIMEOUT): | |
| try: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/sysconfig/modules/pfring.modules | |
| if [ ! -e /proc/net/pfring ] ; then | |
| exec /sbin/modprobe pf_ring enable_tx_capture=0 min_num_slots=32768 >/dev/null 2>&1 | |
| fi |
JustinAzoff
/ conn-peer.bro
Created
August 1, 2014 15:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##! Add the peer to the connection logs. | |
| module Conn; | |
| export { | |
| redef record Conn::Info += { | |
| peer: string &optional &log; | |
| }; | |
| } |
JustinAzoff
/ tm_query_notices.bro
Last active
August 29, 2015 14:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module Notice; | |
| export { | |
| redef enum Action += { | |
| ACTION_TM_QUERY, | |
| }; | |
| const tm_query_types: set[Type] = {} &redef; | |
| } |