Skip to content

Instantly share code, notes, and snippets.

View Yeeb1's full-sized avatar
💀

Yeeb Yeeb1

💀
66 followers · 49 following
View GitHub Profile
@Yeeb1
Yeeb1 / CrowsStrikeTempFix.bat
Created July 19, 2024 07:53
Deletes the faulty channel file which causes Windows devices running CrowsStrike to BSOD
@echo off
setlocal enabledelayedexpansion
set targetDirectory=C:\Windows\System32\drivers\CrowdStrike
set filePattern=C-00000291*.sys
set timestamp=%date% %time%
echo [%timestamp%] Script started
@Yeeb1
Yeeb1 / CertipyPermPase.py
Last active July 18, 2024 17:30
Parse Certipy JSON output for anomalies in ACLs to help hunt for possible targets.
import json
import argparse
import csv
def load_json(file_path):
with open(file_path, 'r') as file:
data = json.load(file)
return data
def search_permissions(data, additional_exclusions, active_only):
@Yeeb1
Yeeb1 / cortex.txt
Last active June 25, 2024 18:31
XDR Network Requirements
||*.xdr.*.paloaltonetworks.com^
||*.traps.paloaltonetworks.com^
||distributions.traps.paloaltonetworks.com^
||*.paloaltonetworks.com^
||panw-xdr-installers-prod-us.storage.googleapis.com^
||panw-xdr-payloads-prod-us.storage.googleapis.com^
||global-content-profiles-policy.storage.googleapis.com^
||panw-xdr-evr-prod-*.storage.googleapis.com^
||panw-xdr-installers-prod-fr.storage.googleapis.com^
||panw-xdr-payloads-prod-fr.storage.googleapis.com^
@Yeeb1
Yeeb1 / hosts.py
Last active April 23, 2024 18:24
Quickly manipulate /etc/hosts
#!/usr/bin/python3
import argparse
import sys
def read_hosts_file():
with open("/etc/hosts", "r") as file:
lines = file.readlines()
return [line for line in lines if line.strip() and not line.startswith('#')]
def write_hosts_file(lines):
@Yeeb1
Yeeb1 / subb.py
Last active April 21, 2024 14:15
Quick and dirty V-Host enumeration based on guesses.
#!/usr/bin/python3
import requests
import argparse
import subprocess
from colorama import Fore, Style, init
init(autoreset=True)
def fetch_url(url, headers=None, max_redirects=3):
@Yeeb1
Yeeb1 / adminer.sh
Created March 30, 2024 18:18
Wrapper for AD-Miner
#!/bin/bash
show_help() {
echo "Usage: adminer <domain>"
echo "Run the AD-miner tool with a specified domain and secure password input."
echo
echo "Arguments:"
echo " <domain> The domain or cache prefix to use with the AD-miner tool."
}
@Yeeb1
Yeeb1 / nodered_decrypt.py
Created March 28, 2024 21:12
Decrypt Node-RED Credentials
import sys
import json
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, serialization
import base64
def decrypt_creds(key, cipher_data):
flows = cipher_data["$"]
init_vector = bytes.fromhex(flows[:32])
@Yeeb1
Yeeb1 / fuzz_characters.txt
Created March 19, 2024 08:30
List of different characters to fuzz for input validation errors.
\n
\r
\t
\0
!
@
#
$
%
^
@Yeeb1
Yeeb1 / ratelimit_check.py
Created March 14, 2024 10:49
ratelimit_check.py
import argparse
import json
import time
from collections import Counter
import requests
parser = argparse.ArgumentParser(description='Test (API) rate limiting by sending POST requests.')
parser.add_argument('url', type=str, help='The URL to send the POST requests to.')
parser.add_argument('data', type=str, help='Data to send as the body of the POST request. Can be a JSON array or form data.')
parser.add_argument('--content-type', type=str, choices=['json', 'form'], default='json', help='The content type of the data being sent (json or form). Default is json.')
@Yeeb1
Yeeb1 / ASP.NET_Identity2hashcat.py
Last active March 5, 2024 11:47
Converts ASP.NET Identity (PBKDF2+HMAC-SHA256 and PBKDF2+HMAC-SHA1) to Hashcat format
import argparse
import base64
from binascii import unhexlify, hexlify
def decode_input(input_string):
decoded_data = base64.b64decode(input_string)
kind = hexlify(decoded_data[0:1]).decode()
if kind == '01':
iter_bytes = decoded_data[1:5]