Skip to content

Instantly share code, notes, and snippets.

View Te-k's full-sized avatar

Tek Te-k

772 followers · 147 following
View GitHub Profile
@Te-k
Te-k / shoGrey_ip.py
Created August 30, 2018 14:28 — forked from n0x08/shoGrey_ip.py
Lookup IP address against greynoise.io and shodan
# !/usr/bin/env python
# shoGrey_ip.py
#
# Stupid simple IP lookup against Greynoise.io
# Also looks up against Shodan and returns ports, tags, vulns
# requires json, requests, shodan
#
# Also requires Shodan API key
#
# Example: python3 shoGrey_ip.py 1.2.3.4
@Te-k
Te-k / aes_decrypt.py
Created July 7, 2018 22:08
Python script decrypting openssl encrypted files
from Crypto.Cipher import AES
import hashlib
def get_key_and_iv(password, salt, klen=32, ilen=16, msgdgst='md5'):
mdf = getattr(__import__('hashlib', fromlist=[msgdgst]), msgdgst)
password = password.encode('ascii','ignore') # convert to ASCII
try:
maxlen = klen + ilen
keyiv = mdf(password + salt).digest()
@Te-k
Te-k / ait_ips.txt
Created April 23, 2018 16:53
Ampere Innovation technologies scan IPs https://ampereinnotech.com/scanning.html
45.79.187.249
172.104.129.213
138.197.135.147
138.197.144.85
138.197.145.152
138.197.145.162
45.79.168.40
45.79.217.96
142.167.57.203
@Te-k
Te-k / irp_ips.txt
Created April 23, 2018 16:34
List of Internet Research Project IPs
208.100.26.233
208.100.26.230
208.100.26.237
208.100.26.232
208.100.26.231
208.100.26.235
208.100.26.228
208.100.26.236
@Te-k
Te-k / internet-census.csv
Created December 20, 2017 14:19
List of IPs scanning IPv4 addresses with zmap and belonging to an unknown internet census project
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
198.143.133.154;AS32475;SingleHop;Linux 3.11+;server1.phx.internet-census.org
107.6.171.130;AS32475;SingleHop;Linux 3.11+;server2.ams.internet-census.org
45.33.66.232;AS63949;Linode;Linux 3.11+;li-new-us-gp1-wk101.internet-census.org
69.175.97.170;AS32475;SingleHop;Linux 3.11+;server1.chi3.internet-census.org
173.255.213.43;AS63949;Linode;Linux 3.11+;li-cal-us-gp1-wk102.internet-census.org
198.20.103.242;AS32475;SingleHop;Linux 3.11+;server1.ams.internet-census.org
45.33.2.193;AS63949;Linode;Linux 3.11+;li-dal-us-gp2-wk101.internet-census.org
107.6.169.250;AS32475;SingleHop;Linux 3.11+;server3.ams.internet-census.org
184.154.189.90;AS32475;SingleHop;Linux 3.11+;server4.chi3.internet-census.org
184.154.47.2;AS32475;SingleHop;Linux 3.11+;server2.chi3.internet-census.org
@Te-k
Te-k / crt2csv.py
Created November 23, 2017 23:12
Parse a certificates and print data as csv
import argparse
import OpenSSL
from dateutil.parser import parse
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Process some certs')
parser.add_argument('CERT', help="Cert file to parse")
args = parser.parse_args()
with open(args.CERT, 'r') as f:
@Te-k
Te-k / sslyze_cert_info.py
Created June 26, 2017 20:11
How to use sslyze as a library to get certificate information (python 3)
from sslyze.server_connectivity import ServerConnectivityInfo, ServerConnectivityError
from sslyze.ssl_settings import HttpConnectTunnelingSettings, TlsWrappedProtocolEnum
from sslyze.plugins.certificate_info_plugin import CertificateInfoScanCommand
from sslyze.synchronous_scanner import SynchronousScanner
from cryptography.hazmat.backends.openssl import x509
from cryptography.hazmat.primitives.serialization import Encoding
from cryptography.x509 import DNSName, ExtensionNotFound, ExtensionOID, NameOID
from enum import Enum
import os
import json
@Te-k
Te-k / APT32_ActiveMime_Lure.yar
Created May 15, 2017 14:50
APT32 ACtiveMime Lure yara rule by FireEye
rule APT32_ActiveMime_Lure {
meta:
filetype="MIME entity"
author="Ian Ahl (@TekDefense) and Nick Carr (@ItsReallyNick)"
date="2017-03-02"
description="Developed to detect APT32 (OceanLotus group) phishing lures used to target FireEye customers in 2016 and 2017"
strings:
$a1= "office_text" wide ascii
$a2= "schtasks /create /tn" wide ascii
@Te-k
Te-k / flexispy_binaries.txt
Created April 22, 2017 15:57
List of FlexiSpy binaries published by Flexidie
d46af65cb7bd12ce77b4d88bbdd4a005 5000_1.1.4.sisx https://www.virustotal.com/en/file/ce6bdf3374777757a36b8c3ad5e6cc8b6aced6f5083efdd286e6cb8f6837057f/analysis/
39be87178c84d4afd07a80323a1d4b91 5002_2.24.3_green.APK https://www.virustotal.com/en/file/263219f185aa2a847bcb4ca981ec4a7c7eff8ded2d3b49d6fb2b4a578b43af60/analysis/
a5b589f4edac1aea9952d3faff261817 5002_-2.25.1_green.APK https://www.virustotal.com/en/file/2a1e5a7dafa54a23fe9050f1fdd1286d3bdfb75a80a90cafebfdbbc451f4f9a4/analysis/
306adab7cfcb0d9a13956ca9e9dbd59a 5003_1.4.2.jad https://www.virustotal.com/en/file/cbd70044cdb54fcad29592a0c89d6b8aa9bf6af7fa825faa8447df134124dd5c/analysis/
eb295fe2e40f12014cdb05de07edcae2 5006_-1.0.12.exe https://www.virustotal.com/en/file/c134e6f40de54e2c5635ea2e25d7ea5b8c36528849c6ef7dd4d3b860af5fb521/analysis/
8f6a42defdc8632c1baf961d7d9c3e5b 5006_1.0.13.exe https://www.virustotal.com/en/file/530c80602f72df99a4ed6c609db16f76d6260c984852c4a3f9a2dd03180b180b/analysis/
fa26d3c6fe253a35
@Te-k
Te-k / shadowbrokers-tools-process-names.txt
Last active April 16, 2017 03:33
ShadowBrokers attack tool process names
clocksvc.exe|*** PATROLWAGON ***|SAFE
help16.exe|*** SOMETHING YOU UPLOADED??? ***|SAFE
iexplorer.exe|*** UNITEDRAKE INSTALLER *** or RapidBlaster Virus|SAFE
msalgmon.exe|*** VALIDATOR ***|SAFE
mscache32.exe|*** FRIENDLY TOOL - Seek Help ***|SAFE
mscfg32.exe|*** UNITEDRAKE ***|SAFE
msdnsche.exe|*** FRIENDLY TOOL - Seek Help ***|SAFE
msmmc32.exe|*** FRIENDLY TOOL - Seek Help ***|SAFE
msntfs.exe|*** FRIENDLY TOOL - Seek Help ***|SAFE
msregstr.exe|*** VALIDATOR ***|SAFE