https://docs.python.org/2/library/email.html http://blog.magiksys.net/parsing-email-using-python-content http://nerderati.com/2017/06/09/mime-encoded-words-in-email-headers/ http://nerderati.com/2016/11/04/hello-my-name-is-joel/ https://seancoates.com/blogs/utf-wtf/ buriy/python-readability#42 https://sendgrid.com/blog/fingerprinting-email-infrastructure-companies/ http://learning-python.com/cgi/showcode.py?name=class/Extras/Code/pp3e/mailtools.py http://blog.magiksys.net/sites/default/files/attachments/parsemail.py_0.txt
Alexander Hanel alexander-hanel
😶
alexander-hanel
/ seclznt1.py
Created
November 16, 2017 23:23
extract pe sections and attempts to decompress them with lznt1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # extract PE sections using pefile by name and decompress them using lznt1 via Rekall | |
| # author: alexander hanel | |
| # Rekall Memory Forensics | |
| # Copyright 2014 Google Inc. All Rights Reserved. | |
| # | |
| # Author: Michael Cohen scudette@google.com. | |
| # | |
| # This program is free software; you can redistribute it and/or modify | |
| # it under the terms of the GNU General Public License as published by |
alexander-hanel
/ nuclear_bot_decoder.py
Created
November 20, 2017 15:52
IDAPython string decrytor for variants of Nuclear Bot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idautils | |
| from cStringIO import StringIO | |
| from collections import Counter | |
| from itertools import cycle | |
| from itertools import product | |
| MAX_INSTR = 8 | |
| """ | |
| Example |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import struct | |
| def ipconver(addr_long): | |
| return socket.inet_ntoa(struct.pack("<L", addr_long)) |
alexander-hanel
/ struct_creator.py
Last active
August 13, 2018 10:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| __author__ = 'Alexander Hanel' | |
| __date__ = '2018/02/28' | |
| __version__ = "2.0" | |
| __title__ = "struct creator" | |
| import re | |
| """ | |
| Example: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; English forum: http://purebasic.myforums.net/viewtopic.php?t=8957&highlight= | |
| ; Author: Wayne Diamond | |
| ; Date: 01. January 2004 | |
| ; CRC32 - A relatively fast algorithm that creates a 32-bit checksum. | |
| ; CRC32 is the most commonly-used 32-bit checksum algorithm. | |
| Procedure.l CRC32(Buffer.l, BufLen.l) | |
| Result.l = 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| INPUT=$1 | |
| name=${INPUT%.*} | |
| ncmd=$(printf "nasm -f elf64 %s" "$INPUT") | |
| eval $ncmd | |
| ll=$(printf "ld %s.o -o %s" "$name" "$name") | |
| eval $ll | |
| tt=$(printf "chmod +x %s" "$name") | |
| xx=$(printf "./%s" "$name") | |
| eval $xx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import sys | |
| import re | |
| import gzip | |
| import StringIO | |
| import hexdump as h | |
| from capstone import * | |
| # old code from https://bitbucket.org/snippets/Alexander_Hanel/onboA/p0wnedshell-shellcode-extractor |
from PyQt5 import QtWidgets, QtGui
class ListViewDemoDialog(QtWidgets.QDialog):
def __init__(self):
super(ListViewDemoDialog, self).__init__()
# create a layout to place controllers (called widgets) on
layout = QtWidgets.QVBoxLayout()
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pefile | |
| import sys | |
| import datetime | |
| import zlib | |
| """ | |
| Author: Alexander Hanel | |
| Summary: Most common pefile usage examples | |
| Date: 20181226 | |
| """ |
OlderNewer