Skip to content

Instantly share code, notes, and snippets.

View Sawaba's full-sized avatar

Adrian Sanabria Sawaba

View GitHub Profile

Keybase proof

I hereby claim:

To claim this, I am signing this object:

Sawaba / CVE2017-11937-check.cmd
Created December 9, 2017 01:08
Script to determine if Windows systems are vulnerable to CVE-2017-11937
@echo off
REM Local Windows check to ensure we're safe from CVE-2017-11937
ECHO CVE-2017-11937 Vulnerability Check version 1.0
ECHO Checking to make sure your antivirus isn't going to sell you out to cyberbaddies.
ECHO The last vulnerable version was 1.1.14306.0 - anything newer should be safe.
Sawaba / Scan-Discovery-Networks-Internal.cmd
Last active February 20, 2018 15:46
The beginning of a project to try to discover all active networks on an internal LAN. I hadn't figured out how to do the class A, so it currently looks for all RFC1918 ranges EXCEPT the largest of the bunch. Sorry :( Without access to a large LAN, it was hard to continue development.
@echo off
goto begin
| Internal Network Discovery Scan |
| |
| DESCRIPTION: This script discovers NETWORKS, not hosts. It attempts to find |
| every class C in use throughout the enterprise. Note that, on larger ranges,|
| we're sampling IPs to save time. This is a calculated time/accuracy tradeoff|
| |
# Create a CSV with the last week's worth of alerts from your Canary console
# Requires curl and jq to be in the path
# Set this variable to your API token
export token=deadbeef12345678
# Customize this variable to match your console URL
@echo off
REM Test script to generate AWS creds
REM Requires curl and jq. Customize name/path to EXEs below.
set curl=curl
set jq=jq-win64.exe
REM Grab the date and time for creating unique files
for /f "tokens=1,2,3,4 delims=/ " %%a in ('date /t') do set currdate=%%d%%c%%b
for /f "tokens=1,2,3,4 delims=.:" %%a in ("%time%") do set currtime=%%a%%b%%c
Sawaba /
Created November 8, 2019 21:29
Quick python script to delete all tokens from a Canary console
import requests
import sys
import re
def main(args):
if len(args) < 2:
print("usage: python <console_url> <api_key>")
auth = args[1]
console = args[0]
get_url = "{base}/api/v1/canarytokens/fetch?auth_token={auth}".format(
# Generate AWS Creds 0.1
# This is the "auto" version of this script. Run it unattended and it will
# automatically grab username and hostname variables from the system it is
# run on.
# python 3
# pip3 install canarytools
declare -a sshclient
curl -s -A "Someone just ran nc $args as User:$USER on Hostname:$HOSTNAME from SourceIP: ${sshclient[0]}" > /dev/null
/bin/nc "$@"
curl -s -A "smuggled message"
wget -U "smuggled message"
exec 3<>/dev/tcp/
echo -e "GET /articles/traffic/guln4qekd7zjfd4thw5sw48uh/post.jsp HTTP/1.1\r\nUser-Agent: If i trip my own token, i can pass it any useragent info i want to, effectively smuggling data in a token\r\nHost:\r\nAccept: */*\r\n\r\n">&3
Sawaba /
Created March 6, 2019 16:02
Java JDK 11 install script for Windows Subsystem for Linux (WSL)
# This script adapted from an older post on StackOverflow by user fieldju
# The script was for JDK 8.
# Due to major changes with JDK 11 (no JRE, no Derby, Unlimited Strength included), it was necessary to update the entire script.
set -ex
# UPDATE THESE URLs (this one updated as of 2019-03-06)
export JDK_URL=