This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import base64 | |
from datetime import datetime | |
from hashlib import md5 | |
from math import ceil | |
import os | |
import web | |
from jinja2 import Environment, BaseLoader | |
# Tool is not designed for security, but might as disable this unless needed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apt-get update | |
apt-get install \ | |
apt-transport-https \ | |
ca-certificates \ | |
curl \ | |
gnupg-agent \ | |
software-properties-common | |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/python | |
# Requries at least Python 3.6 | |
# Reads from stdin or file ( -i / --input-file), writes to stdout or file ( -o / --output-file) | |
# Supports XORing with provided key (-x / --xor) | |
# Supports output formats of C, C#, Java, VB, and B64 string ( -f / --format) | |
# Change shellcode output variable name with -n / --name | |
# Examples: | |
# Read shellcode from stdin, XOR with key 'secret!', format in C byte array, and write to file "sc.txt": |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# based on https://github.com/rvrsh3ll/FindFrontableDomains by Steve Borosh (rvrsh3ll) | |
# no subdomain enumeration functionality. | |
import argparse | |
import dns.resolver | |
resolver = dns.resolver.default_resolver = dns.resolver.Resolver(configure=False) | |
resolver.nameservers = ['8.8.8.8'] | |
frontable = {'cloudfront': 'Cloudfront', | |
'appspot.com': 'Google', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# reconcile.py | |
"""Given an all-capital password (from a cracked LM hash) and an NTLM hash, | |
identify the correct capitalization.""" | |
import argparse | |
import hashlib | |
import itertools | |
def all_cases(password): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
'''Pipe output of host command into this script when performing reverse lookups to get a more friendly output: | |
while read i; do host $i | ./friendly-reverse.py; done < list.txt ''' | |
import sys | |
for lookup in sys.stdin: | |
ip = lookup.split('.', 4)[:4] | |
domain = lookup.rsplit(' ', 1)[1] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tcpdump -r <filename>.pcap 'ip' -n | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' -o | sort -u |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import argparse | |
def lengthen(url): | |
if not url.lower().startswith(("http://", "https://")): | |
url = "http://" + url | |
http_req = requests.get(url) | |
return http_req.url | |
def main(): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from apiclient.discovery import build | |
from apiclient import errors | |
from httplib2 import Http | |
from oauth2client import file, client, tools | |
from email.mime.text import MIMEText | |
from base64 import urlsafe_b64encode | |
SENDER = <sender> | |
RECIPIENT = <recipient> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import argparse | |
from subprocess import call | |
# Useful for Bluetooth device discovery when Bluetooth device addresses may be one off from wireless MAC addresses | |
# See, for example, "Hacking Exposed: Wireless", 3rd edition, by Joshua Wright and Johnny Cache, pages 211-214. | |
# To generate the list of addresses and test using hcitool (or another command line tool): | |
# python3 off-by-one.py -l macs.lst | while read -r line; do hcitool name "$line"; done | |
def off_by_one(mac_list, flag): |
NewerOlder