Given an input PCAP and a location in a Bro script, this script will filter the PCAP into a new file, which contains only the connections that visited that script location. This script can help filter a large PCAP to narrow down problematic connections, such as protocol violations, weirds, etc.
Aaron Eppert aeppert
aeppert
/ SimpleAuthServer.py
Created
September 26, 2019 14:03
— forked from fxsjy/SimpleAuthServer.py
SimpleAuthServer: A SimpleHTTPServer with authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import BaseHTTPServer | |
| from SimpleHTTPServer import SimpleHTTPRequestHandler | |
| import sys | |
| import base64 | |
| key = "" | |
| class AuthHandler(SimpleHTTPRequestHandler): | |
| ''' Main class to present webpages and authentication. ''' | |
| def do_HEAD(self): |
aeppert
/ af_packet_rx_ring.c
Created
September 19, 2017 17:37
— forked from pavel-odintsov/af_packet_rx_ring.c
af_packet_rx_ring_habrahabr.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| #include <iostream> | |
| #include <unistd.h> | |
| #include <boost/thread.hpp> | |
| #include <sys/mman.h> | |
| #include <poll.h> | |
| #include <arpa/inet.h> |
aeppert
/ hl7sniff.rb
Created
February 16, 2017 15:22
— forked from sween/hl7sniff.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ron Sweeney | |
| # Dev Arboretum | |
| # Original Post: http://www.clubpacswestmi.net/articles/2007/4/1/a-ruby-hl7-sniffer | |
| require 'pcap' | |
| require 'Ethernet' | |
| require 'rubygems' | |
| require 'ruby-hl7' | |
aeppert
/ README.md
Created
February 10, 2017 15:55
— forked from grigorescu/README.md
breakpoint_to_pcap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "os" | |
| ) | |
| func main() { | |
| err := os.Rename("/dir1/file1", "/dir2/file2") |
aeppert
/ SSHwithgit2go.go
Created
September 12, 2016 04:18
— forked from zchee/SSHwithgit2go.go
Working example with SSH and libgit2/git2go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| git "github.com/libgit2/git2go" | |
| "log" | |
| ) | |
| func credentialsCallback(url string, username string, allowedTypes git.CredType) (git.ErrorCode, *git.Cred) { | |
| ret, cred := git.NewCredSshKey("git", "/home/vagrant/.ssh/id_rsa.pub", "/home/vagrant/.ssh/id_rsa", "") | |
| return git.ErrorCode(ret), &cred |
aeppert
/ bug_free_buddha_comment.py
Created
June 20, 2016 19:24
— forked from rsvp/bug_free_buddha_comment.py
Special comment to minimize bugs in any Python or shell code -- Buddhist ASCII Art
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # To minimize bugs, include this comment: | |
| # | |
| # | |
| # _oo0oo_ | |
| # o8888888o | |
| # 88" . "88 | |
| # (| -_- |) | |
| # 0\ = /0 | |
| # ___/`---'\___ | |
| # .' \| |// '. |
aeppert
/ stash_slack_integration.md
Created
May 24, 2016 17:52
— forked from molaschi/stash_slack_integration.md
Integrate Stash with Slack using webhooks
This is a short article on how we integrate stash and slack in openmind
First of all i assume you have:
- a working stash installation
- a repository you to notify slack on pushes
- stash user with administration priviledges
- full access to the server (linux) where stash is installed on
- a team configured on slack
- slack user with administration priviledges
aeppert
/ extract_smtp_stream.bro
Created
February 29, 2016 19:52
— forked from dcode/extract_smtp_stream.bro
Extracts SMTP stream going both directions using Bro. Similar to "Follow TCP Stream" in Wireshark.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| event protocol_confirmation (c: connection, atype: Analyzer::Tag, aid: count) | |
| { | |
| if ( atype == Analyzer::ANALYZER_SMTP ) | |
| { | |
| local both_file = generate_extraction_filename(Conn::extraction_prefix, c, "both.dat"); | |
| local both_f = open(both_file); | |
| set_contents_file(c$id, CONTENTS_BOTH, both_f); | |
| } | |
| } |
aeppert
/ log_lag.py
Created
January 20, 2016 18:42
— forked from JustinAzoff/log_lag.py
Bro log lag
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import os | |
| import sys | |
| import time | |
| DEFAULT_LOG = "/bro/logs/current/conn.log" | |
| def config(): | |
| print """ | |
| graph_category network |
NewerOlder