Skip to content

Instantly share code, notes, and snippets.

View BLTSEC's full-sized avatar

Brennan Lee Turner BLTSEC

View GitHub Profile
#!/usr/bin/env python3
from scapy.all import *
from netfilterqueue import NetfilterQueue
import os
def modify(packet):
domain = b'bltsec'
pkt = IP(packet.get_payload()) #converts the raw packet to a scapy compatible string
@BLTSEC
BLTSEC / wordpress-cfsolutions-keylogger-check.py
Last active December 8, 2017 19:55
Checks for sites containing the malicious script loaded from the "cloudflare.solutions" domain. https://www.bleepingcomputer.com/news/security/keylogger-found-on-nearly-5-500-infected-wordpress-sites/
#!/usr/bin/env python3
# pip3 install beautifulsoup4
# pip3 install lxml
# pip install --upgrade certifi #SSL: CERTIFICATE_VERIFY_FAILED
# SELECT path FROM blogs WHERE deleted = 0 AND archived = 0;
# used https://github.com/Anorov/cloudflare-scrape to bypass Cloudflare's anti-bot page
from bs4 import BeautifulSoup as bs
import argparse
import cfscrape
import sys
package main
import (
"fmt"
"os/exec"
"path/filepath"
"strings"
)
func main() {
@BLTSEC
BLTSEC / bind_destroyer.py
Last active September 28, 2017 18:01
bind_destroyer - Python listening port scanner and destroyer
#!/usr/bin/python3
#
# bind_destroyer - Python listening port scanner and destroyer
#
# Written by: Brennan Turner (@BLTSEC)
#
# Usage: python bind_destroyer.py
# Usage: python3 bind_destroyer.py
#
#

Keybase proof

I hereby claim:

  • I am bltsec on github.
  • I am bltsec (https://keybase.io/bltsec) on keybase.
  • I have a public key whose fingerprint is 2260 3A23 DAA7 E826 3098 5171 FC04 2705 5373 A7D2

To claim this, I am signing this object: