This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# !/usr/bin/env python | |
# shoGrey_ip.py | |
# | |
# Stupid simple IP lookup against Greynoise.io | |
# Also looks up against Shodan and returns ports, tags, vulns | |
# requires json, requests, shodan | |
# | |
# Also requires Shodan API key | |
# | |
# Example: python3 shoGrey_ip.py 1.2.3.4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from Crypto.Cipher import AES | |
import hashlib | |
def get_key_and_iv(password, salt, klen=32, ilen=16, msgdgst='md5'): | |
mdf = getattr(__import__('hashlib', fromlist=[msgdgst]), msgdgst) | |
password = password.encode('ascii','ignore') # convert to ASCII | |
try: | |
maxlen = klen + ilen | |
keyiv = mdf(password + salt).digest() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
45.79.187.249 | |
172.104.129.213 | |
138.197.135.147 | |
138.197.144.85 | |
138.197.145.152 | |
138.197.145.162 | |
45.79.168.40 | |
45.79.217.96 | |
142.167.57.203 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
208.100.26.233 | |
208.100.26.230 | |
208.100.26.237 | |
208.100.26.232 | |
208.100.26.231 | |
208.100.26.235 | |
208.100.26.228 | |
208.100.26.236 |
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
198.143.133.154;AS32475;SingleHop;Linux 3.11+;server1.phx.internet-census.org | |
107.6.171.130;AS32475;SingleHop;Linux 3.11+;server2.ams.internet-census.org | |
45.33.66.232;AS63949;Linode;Linux 3.11+;li-new-us-gp1-wk101.internet-census.org | |
69.175.97.170;AS32475;SingleHop;Linux 3.11+;server1.chi3.internet-census.org | |
173.255.213.43;AS63949;Linode;Linux 3.11+;li-cal-us-gp1-wk102.internet-census.org | |
198.20.103.242;AS32475;SingleHop;Linux 3.11+;server1.ams.internet-census.org | |
45.33.2.193;AS63949;Linode;Linux 3.11+;li-dal-us-gp2-wk101.internet-census.org | |
107.6.169.250;AS32475;SingleHop;Linux 3.11+;server3.ams.internet-census.org | |
184.154.189.90;AS32475;SingleHop;Linux 3.11+;server4.chi3.internet-census.org | |
184.154.47.2;AS32475;SingleHop;Linux 3.11+;server2.chi3.internet-census.org |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import argparse | |
import OpenSSL | |
from dateutil.parser import parse | |
if __name__ == '__main__': | |
parser = argparse.ArgumentParser(description='Process some certs') | |
parser.add_argument('CERT', help="Cert file to parse") | |
args = parser.parse_args() | |
with open(args.CERT, 'r') as f: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from sslyze.server_connectivity import ServerConnectivityInfo, ServerConnectivityError | |
from sslyze.ssl_settings import HttpConnectTunnelingSettings, TlsWrappedProtocolEnum | |
from sslyze.plugins.certificate_info_plugin import CertificateInfoScanCommand | |
from sslyze.synchronous_scanner import SynchronousScanner | |
from cryptography.hazmat.backends.openssl import x509 | |
from cryptography.hazmat.primitives.serialization import Encoding | |
from cryptography.x509 import DNSName, ExtensionNotFound, ExtensionOID, NameOID | |
from enum import Enum | |
import os | |
import json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rule APT32_ActiveMime_Lure { | |
meta: | |
filetype="MIME entity" | |
author="Ian Ahl (@TekDefense) and Nick Carr (@ItsReallyNick)" | |
date="2017-03-02" | |
description="Developed to detect APT32 (OceanLotus group) phishing lures used to target FireEye customers in 2016 and 2017" | |
strings: | |
$a1= "office_text" wide ascii | |
$a2= "schtasks /create /tn" wide ascii |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
d46af65cb7bd12ce77b4d88bbdd4a005 5000_1.1.4.sisx https://www.virustotal.com/en/file/ce6bdf3374777757a36b8c3ad5e6cc8b6aced6f5083efdd286e6cb8f6837057f/analysis/ | |
39be87178c84d4afd07a80323a1d4b91 5002_2.24.3_green.APK https://www.virustotal.com/en/file/263219f185aa2a847bcb4ca981ec4a7c7eff8ded2d3b49d6fb2b4a578b43af60/analysis/ | |
a5b589f4edac1aea9952d3faff261817 5002_-2.25.1_green.APK https://www.virustotal.com/en/file/2a1e5a7dafa54a23fe9050f1fdd1286d3bdfb75a80a90cafebfdbbc451f4f9a4/analysis/ | |
306adab7cfcb0d9a13956ca9e9dbd59a 5003_1.4.2.jad https://www.virustotal.com/en/file/cbd70044cdb54fcad29592a0c89d6b8aa9bf6af7fa825faa8447df134124dd5c/analysis/ | |
eb295fe2e40f12014cdb05de07edcae2 5006_-1.0.12.exe https://www.virustotal.com/en/file/c134e6f40de54e2c5635ea2e25d7ea5b8c36528849c6ef7dd4d3b860af5fb521/analysis/ | |
8f6a42defdc8632c1baf961d7d9c3e5b 5006_1.0.13.exe https://www.virustotal.com/en/file/530c80602f72df99a4ed6c609db16f76d6260c984852c4a3f9a2dd03180b180b/analysis/ | |
fa26d3c6fe253a35 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
clocksvc.exe|*** PATROLWAGON ***|SAFE | |
help16.exe|*** SOMETHING YOU UPLOADED??? ***|SAFE | |
iexplorer.exe|*** UNITEDRAKE INSTALLER *** or RapidBlaster Virus|SAFE | |
msalgmon.exe|*** VALIDATOR ***|SAFE | |
mscache32.exe|*** FRIENDLY TOOL - Seek Help ***|SAFE | |
mscfg32.exe|*** UNITEDRAKE ***|SAFE | |
msdnsche.exe|*** FRIENDLY TOOL - Seek Help ***|SAFE | |
msmmc32.exe|*** FRIENDLY TOOL - Seek Help ***|SAFE | |
msntfs.exe|*** FRIENDLY TOOL - Seek Help ***|SAFE | |
msregstr.exe|*** VALIDATOR ***|SAFE |