Skip to content

Instantly share code, notes, and snippets.

View byt3bl33d3r's full-sized avatar
This shit ain't nothing to me man

Marcello byt3bl33d3r

This shit ain't nothing to me man
View GitHub Profile
byt3bl33d3r /
Created December 1, 2022 01:08 — forked from ustayready/
Generate phishing lures that exploit open-redirects from using Google Docs
from __future__ import print_function
import pickle
import os.path
from googleapiclient.discovery import build
from google_auth_oauthlib.flow import InstalledAppFlow
from google.auth.transport.requests import Request
from apiclient import errors
import re
from bs4 import BeautifulSoup as Soup
byt3bl33d3r /
Created September 5, 2022 13:02 — forked from gteissier/
Pythonic tcpdump: copy, paste, and enjoy
#!/usr/bin/env python
It has been tested with either py2 or py3.
Beware ancient versions of Linux kernel which may not support SOCK_NONBLOCK
or the memory mapped ring buffer.
BPF filter listed below is compiled form of "not port 22"
if you want to change it, do something like
import { Hono } from "hono";
const app = new Hono()
app.get('/', async (c) => {
const bad_user_agent_array = ['curl', 'httpie']
const user_agent = c.req.header('User-Agent')
const ip = c.req.header("CF-Connecting-IP")
byt3bl33d3r / sccmdecryptpoc.cs
Created July 4, 2022 14:45 — forked from xpn/sccmdecryptpoc.cs
SCCM Account Password Decryption POC
// Twitter thread: (was a bit bored ;)
// Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work.
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
namespace SCCMDecryptPOC
internal class Program
byt3bl33d3r /
Last active March 15, 2023 23:46
Structured logging and event capture
from logger import capturer
from typing import Optional
from fastapi import FastAPI
app = FastAPI()
async def get_logs(event_name: Optional[str] = None):
if not event_name:
byt3bl33d3r /
Created December 10, 2021 06:02
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (
#! /usr/bin/env python3
Needs Requests (pip3 install requests)
Author: Marcello Salvati, Twitter: @byt3bl33d3r
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License)
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021.
byt3bl33d3r / manager-config.yml
Created November 14, 2021 19:05
Nebula configuraton files for docker swarm manager and worker nodes
# !! Remember to replace LIGHTHOUSE_IP with your actual Nebula lighthouse external IP Address
# See the example config file to know what all of these options do
ca: /etc/nebula/ca.crt
cert: /etc/nebula/host.crt
key: /etc/nebula/host.key
"": ["<LIGHTHOUSE_IP>:4242"]
byt3bl33d3r /
Created October 17, 2021 09:36 — forked from bontchev/
Curated list of links describing the leaked Equation Group tools for Windows

Links describing the leaked EQ Group tools for Windows

Repositories and ports

Installation and usage guides

byt3bl33d3r / mainc.c
Created October 2, 2021 21:22 — forked from jackullrich/mainc.c
Single Step Encryption/Decryption
#include <Windows.h>
LONG SingleStepEncryptDecrypt(EXCEPTION_POINTERS* ExceptionInfo);
typedef VOID(__stdcall* Shellcode)();
LPBYTE ShellcodeBuffer;
ULONG_PTR PreviousOffset;
ULONG_PTR CurrentOffset;
ULONGLONG InstructionCount;
DWORD dwOld;
byt3bl33d3r / Caddyfile
Last active October 6, 2023 23:38
Caddyfile reverse proxy example for C2 platforms
# This instructs Caddy to hit the LetsEncrypt staging endpoint, in production you should remove this.
(proxy_upstream) {
# Enable access logging to STDOUT
# This is our list of naughty client User Agents that we don't want accessing our C2