Skip to content

Instantly share code, notes, and snippets.

bonsaiviking /
Created April 25, 2012 15:34
Request a new identity from Tor via web request (suggest to make a bookmark)
use strict;
use warnings;
use HTTP::Daemon;
use IO::Socket;
my $torport=9051;
my $password="footor";
my $good = HTTP::Response->new(
bonsaiviking / mcafee-epo-agent.nse
Created June 5, 2012 12:34
McAfee ePO Agent detection (Nmap NSE script)
-- mcafee-epo-agent.nse V0.0.2, checks if ePO agent is running
-- Developed by Didier Stevens and Daniel Miller
-- Use at your own risk
-- History:
-- 2012/05/31: Start
-- 2012/06/01: extracting data from XML; tested with ePO 4.5 and 4.6
-- 2012/06/05: V0.0.2 convertion to version script by Daniel Miller
-- 2012/06/20: new portrule by Daniel Miller
bonsaiviking / gist:3077294
Created July 9, 2012 15:53
Nmap's dns-zone-transfer meets
$ nmap --script dns-zone-transfer --script-args -p 53 -Pn $(dig +short NS | head -1)
Starting Nmap 6.02 ( ) at 2012-07-09 10:50 CDT
Nmap scan report for (
Host is up (0.033s latency).
rDNS record for
53/tcp open domain
| dns-zone-transfer:
bonsaiviking / slammer.nse
Created July 16, 2012 20:38
Nmap script launcher for SQL Slammer worm
local nmap = require "nmap"
local shortport = require "shortport"
local bin = require "bin"
description = [[Sends the SQL Slammer worm to a host.
If vulnerable, it will attempt to propagate to other IP addresses.
DO NOT RUN THIS SCRIPT ON THE INTERNET. For use in closed environments
for educational purpose only.]]
license = "Same as Nmap--See"
bonsaiviking /
Created July 17, 2012 16:12
Rate TLS ciphers similar to's ranking system
use strict;
use warnings;
use 5.012;
my %kex_scores = (
NULL => 0,
anon => 0,
EXPORT => 40,
bonsaiviking / printbomb.nse
Created October 5, 2012 18:49
NSE script for printing crap to PJL printers. Don't run this, please. Lots of improvements possible, too.
description = [[
Print a bunch of pages.
author = "Daniel Miller"
license = "Same as Nmap--See"
categories = {"intrusive", "dos"}
bonsaiviking /
Created January 31, 2013 12:52
Finding headless shells
#!/usr/bin/perl -an
# One-liner version:
# lsof -d txt,0,1,2 | perl -anE'push@g,$F[1]if$F[4]eq"CHR"and$F[8]=~/^.dev.[pt]t[sy]/;$t{$F[1]}=$_ if$F[3]eq"txt"and$F[8]=~/^.(usr.)?bin.((b|d)?a|z|k|c|tc)*sh/;END{delete$t{$_}for@g;say values%t}'
# store the PID of processes that use a PTY/TTY for STDIN, STDOUT, or STDERR
push @g, $F[1] if $F[4] eq "CHR" and $F[8]=~/^.dev.[pt]t[sy]/;
# Store the whole line if the txt file descriptor is a shell
$t{$F[1]}=$_ if $F[3] eq "txt" and $F[8]=~/^.(usr.)?bin.((b|d)?a|z|k|c|tc)*sh/;
bonsaiviking / test.nse
Created February 1, 2013 17:22
Minimal test script for Nmap's NSE script testing. Can be run simply with `nmap --script=test.nse` and no further arguments.
description = [[Minimal framework for testing NSE scripts. Modify as needed.]]
author = "Daniel Miller"
license = "Same as Nmap--See"
categories = {"testing"}
prerule = function() return true end
bonsaiviking /
Last active May 7, 2024 13:17
A simple/simplistic implementation of AES in pure Python.
#My AES implementation
# By Daniel Miller
def xor(s1, s2):
return tuple(a^b for a,b in zip(s1, s2))
class AES(object):
class __metaclass__(type):
def __init__(cls, name, bases, classdict):
cls.Gmul = {}
bonsaiviking /
Created May 23, 2013 20:10
SHA1 implementation in pure Python
#!/usr/bin/env python
import struct
def leftrotate(i, n):
return ((i << n) & 0xffffffff) | (i >> (32 - n))
class SHA1(object):
def __init__(self, data=""):
self.h = [