Skip to content

Instantly share code, notes, and snippets.

View arall's full-sized avatar

Gerard Arall arall

73 followers · 72 following
View GitHub Profile
@arall
arall / import.py
Last active April 26, 2022 13:57
TruffleHog import to MySQL
#!/usr/bin/env python3
"""
First intall the pip modules:
pip3 install peewee
pip3 install pymysql
Then run TruffleHog:
docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github file:///repo-dir --json > output.json
docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --org=org-name --token=token --json > output.json
@arall
arall / check.sh
Created April 1, 2022 07:46
spring4shell check
PAYLOAD="?class.module.classLoader.URLs%5B0%5D=0"
while read site; do
normalResponse=$(curl --write-out '%{http_code}' -L --silent --insecure --output /dev/null "$site")
pocResponse=$(curl --write-out '%{http_code}' -L --silent --insecure --output /dev/null "$site$PAYLOAD")
if [ $pocResponse == "400" ] && [ $normalResponse != $pocResponse ]; then
echo "$pocResponse - $site$PAYLOAD"
fi
done <$1
@arall
arall / log4j_rce_check.py
Last active December 13, 2021 11:40 — forked from byt3bl33d3r/log4j_rce_check.py
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/)
#! /usr/bin/env python3
'''
Needs Requests (pip3 install requests)
Author: Marcello Salvati, Twitter: @byt3bl33d3r
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License)
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021.
@arall
arall / scan.py
Created January 10, 2020 09:51
Python WiFi Probe scanner using tcpdump
#!/usr/bin/env python2.7
# Based on :https://gist.github.com/LoranKloeze/6b713022619c2b32b32c6400a55a8433
import subprocess
import re
import time
monitor_dev = "wlan1mon"
while True:
@arall
arall / scan.py
Created January 10, 2020 09:45
Python BT LE device scanner with RSSI using btmgmt
import subprocess
import re
devices = []
subprocess.Popen('btmgmt le on', stdout=subprocess.PIPE, shell=True)
proc = subprocess.Popen('sudo btmgmt find', stdout=subprocess.PIPE, shell=True)
output = proc.communicate()
for line in str(output).split('\\n')[:-1]:
if 'hci0 dev_found' in line:
@arall
arall / setup.sh
Last active July 26, 2023 06:43
Raspberry 3 Kali Oros42/IMSI-catcher
# Install gr-gsm
sudo apt-get update && \
sudo apt-get install -y \
cmake \
autoconf \
libtool \
pkg-config \
build-essential \
python-docutils \
libcppunit-dev \
@arall
arall / crawler.js
Last active July 8, 2019 20:20
NodeJS Headless Chrome Crawler Traffic Interceptor
const HCCrawler = require('headless-chrome-crawler');
const url = require('url');
const args = process.argv.slice(2);
var requests = [];
if(args[0] === undefined || args[1] === undefined){
console.log('node crawler.js <url> <depth>');
process.exit();
}
@arall
arall / secHeaders.sh
Created November 13, 2018 07:44
Checks Missing Security Headers
#!/bin/bash
headers=$(curl -s -I -L "https://"$1)
echo "$headers"
declare -a checks=(
'Strict-Transport-Security'
'X-Frame-Options'
'X-XSS-Protection'
'X-Content-Type-Options'
@arall
arall / run.py
Last active October 23, 2019 07:50
TP
import requests
import json
import random
import string
import sys
import re
session = requests.Session()
session.headers.update({'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:59.0)'})
@arall
arall / custom.cs
Created October 10, 2018 07:04
Slack Dark Theme custom CSS
:root {
/* Modify these to change your theme colors: */
--primary: #61AFEF;
--text: #ABB2BF;
--background: #282C34;
--background-elevated: #3B4048;
/* These should be less important: */
--background-hover: lighten(#3B4048, 10%);
--background-light: #AAA;