Skip to content

Instantly share code, notes, and snippets.

It's complicated


It's complicated
View GitHub Profile
WJDigby /
Created Sep 19, 2021
Simple insecure webserver for transferring text and files between hosts
import base64
from datetime import datetime
from hashlib import md5
from math import ceil
import os
import web
from jinja2 import Environment, BaseLoader
# Tool is not designed for security, but might as disable this unless needed
apt-get update
apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
curl -fsSL | sudo apt-key add -
#! /usr/bin/python
# Requries at least Python 3.6
# Reads from stdin or file ( -i / --input-file), writes to stdout or file ( -o / --output-file)
# Supports XORing with provided key (-x / --xor)
# Supports output formats of C, C#, Java, VB, and B64 string ( -f / --format)
# Change shellcode output variable name with -n / --name
# Examples:
# Read shellcode from stdin, XOR with key 'secret!', format in C byte array, and write to file "sc.txt":
WJDigby /
Created Apr 2, 2019
Check domains for frontability
# based on by Steve Borosh (rvrsh3ll)
# no subdomain enumeration functionality.
import argparse
import dns.resolver
resolver = dns.resolver.default_resolver = dns.resolver.Resolver(configure=False)
resolver.nameservers = ['']
frontable = {'cloudfront': 'Cloudfront',
'': 'Google',
WJDigby /
Last active Jan 3, 2019
Identify correct casing of password given all-caps LM password and NTLM hash
"""Given an all-capital password (from a cracked LM hash) and an NTLM hash,
identify the correct capitalization."""
import argparse
import hashlib
import itertools
def all_cases(password):
WJDigby /
Created Oct 2, 2018
Make reverse DNS output of host command more friendly.
'''Pipe output of host command into this script when performing reverse lookups to get a more friendly output:
while read i; do host $i | ./; done < list.txt '''
import sys
for lookup in sys.stdin:
ip = lookup.split('.', 4)[:4]
domain = lookup.rsplit(' ', 1)[1]
WJDigby / ip extractor
Created Jul 30, 2018
Extract IP addresses from a packet capture
View ip extractor
tcpdump -r <filename>.pcap 'ip' -n | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' -o | sort -u
import requests
import argparse
def lengthen(url):
if not url.lower().startswith(("http://", "https://")):
url = "http://" + url
http_req = requests.get(url)
return http_req.url
def main():
WJDigby /
Last active Apr 5, 2022
python3 send email via gmail API
from apiclient.discovery import build
from apiclient import errors
from httplib2 import Http
from oauth2client import file, client, tools
from email.mime.text import MIMEText
from base64 import urlsafe_b64encode
SENDER = <sender>
RECIPIENT = <recipient>
import argparse
from subprocess import call
# Useful for Bluetooth device discovery when Bluetooth device addresses may be one off from wireless MAC addresses
# See, for example, "Hacking Exposed: Wireless", 3rd edition, by Joshua Wright and Johnny Cache, pages 211-214.
# To generate the list of addresses and test using hcitool (or another command line tool):
# python3 -l macs.lst | while read -r line; do hcitool name "$line"; done
def off_by_one(mac_list, flag):