Christian Heinrich cmlh

## ri20min.rb
#!/usr/bin/env ruby

class MegaGreeter
  attr_accessor :names

  # Create the object
  def initialize(names = "World")
    @names = names
  end

## shodan_ips.pl
#!/usr/bin/env perl
#
# shodan_ips.pl
# Search SHODAN and print a list of IPs matching the query
#
# Author: achillean

use Shodan::WebAPI;

use strict;

## burp_with_sqlmap_plugin.sh
# http://blog.buguroo.com/?p=2471&lang=en
# http://code.google.com/p/gason/downloads/list

# Applicable for versions v1.5 and below of Burp Suite Pro
java -classpath gason-0.9.5.jar:"burpsuite_pro_v1.5.jar" burp.StartBurp

# Appicable for version v1.5.07 and onwards
# http://www.smeegesec.com/2013/02/sqlmap-plugin-for-burp-extender.html

## git_config-osx.sh
#!/bin/sh
git config --global user.name "Christian Heinrich"
git config --global user.email christian.heinrich@cmlh.id.au

git config --global color.ui true

# OSX
git config --global core.autocrlf input

## SHODAN-theprez98-cisco_last-modified_www-authenticate.txt
cisco last-modified www-authenticate

## git_clone-OWASP-Top-10.txt
cmlh$ git clone git@github.com:OWASP/OWASP-Top-10.git
Cloning into 'OWASP-Top-10'...
remote: Counting objects: 201, done.
remote: Compressing objects: 100% (144/144), done.
remote: Total 201 (delta 56), reused 191 (delta 46)
Receiving objects: 100% (201/201), 46.58 MiB | 179 KiB/s, done.
Resolving deltas: 100% (56/56), done.
github.com cmlh$ cd OWASP-Top-10
OWASP-Top-10 cmlh$ git submodule init
Submodule '2013/Documents/Comparison_to_Prior_Releases' (git@github.com:cmlh/OWASP-Top-Ten-2013.git) registered for path '2013/Documents/Comparison_to_Prior_Releases'

## Using_Libwhisker-Example_1.pl
use LW2;

%request = ();
%response = ();
LW2::http_init_request(\%request);
$request{'whisker'}->{'host'} = "www.victim.com";

## HTTPie_Commands_for_VirusTotal_API_v2.0.txt
These https://httpie.org/ commands are applicable to both [Public and Private] API of VirusTotal.  However, only the &allinfo=1 parameter is applicable to the VirusTotal Private API v2.

File Report
  http "https://www.virustotal.com/vtapi/v2/file/report?apikey=-YOUR API KEY HERE-&resource=7657fcb7d772448a6d8504e4b20168b8"

URL Report
  http POST "https://www.virustotal.com/vtapi/v2/url/report?apikey=-YOUR API KEY HERE-&resource=http://www.virustotal.com?scan=1&allinfo=1"

IP Address Report
  http "https://www.virustotal.com/vtapi/v2/ip-address/report?apikey=-YOUR API KEY HERE-&ip=90.156.201.27"

## getFBProfilePhoto.py
#!/usr/env/python
# -*- coding: utf-8 -*-
# Hack to allow us to load icon images in Maltego by following
#  the redirect and serving up the actual image.

from flask import Flask, send_file
import requests
app = Flask(__name__)

@app.route('/fb/pic/<id>')

## CVE-2018-0296-CVSSv3.txt
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H https://nvd.nist.gov/vuln/detail/CVE-2018-0296
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd

Diff is Scope CVSSv3 Base Vector
CVSSv3 Base Score calculated higher by vendor (Cisco) at 8.6 than independent authority (NIST) at 7.5
Both CVSSv3 Base Scores are within the HIGH range (7.0-8.9)
	#!/usr/bin/env ruby

	class MegaGreeter
	attr_accessor :names

	# Create the object
	def initialize(names = "World")
	@names = names
	end
	#!/usr/bin/env perl
	#
	# shodan_ips.pl
	# Search SHODAN and print a list of IPs matching the query
	#
	# Author: achillean

	use Shodan::WebAPI;

	use strict;
	# http://blog.buguroo.com/?p=2471&lang=en
	# http://code.google.com/p/gason/downloads/list

	# Applicable for versions v1.5 and below of Burp Suite Pro
	java -classpath gason-0.9.5.jar:"burpsuite_pro_v1.5.jar" burp.StartBurp

	# Appicable for version v1.5.07 and onwards
	# http://www.smeegesec.com/2013/02/sqlmap-plugin-for-burp-extender.html
	#!/bin/sh
	git config --global user.name "Christian Heinrich"
	git config --global user.email christian.heinrich@cmlh.id.au

	git config --global color.ui true

	# OSX
	git config --global core.autocrlf input
	cmlh$ git clone git@github.com:OWASP/OWASP-Top-10.git
	Cloning into 'OWASP-Top-10'...
	remote: Counting objects: 201, done.
	remote: Compressing objects: 100% (144/144), done.
	remote: Total 201 (delta 56), reused 191 (delta 46)
	Receiving objects: 100% (201/201), 46.58 MiB \| 179 KiB/s, done.
	Resolving deltas: 100% (56/56), done.
	github.com cmlh$ cd OWASP-Top-10
	OWASP-Top-10 cmlh$ git submodule init
	Submodule '2013/Documents/Comparison_to_Prior_Releases' (git@github.com:cmlh/OWASP-Top-Ten-2013.git) registered for path '2013/Documents/Comparison_to_Prior_Releases'
	use LW2;

	%request = ();
	%response = ();
	LW2::http_init_request(\%request);
	$request{'whisker'}->{'host'} = "www.victim.com";
	These https://httpie.org/ commands are applicable to both [Public and Private] API of VirusTotal. However, only the &allinfo=1 parameter is applicable to the VirusTotal Private API v2.

	File Report
	http "https://www.virustotal.com/vtapi/v2/file/report?apikey=-YOUR API KEY HERE-&resource=7657fcb7d772448a6d8504e4b20168b8"

	URL Report
	http POST "https://www.virustotal.com/vtapi/v2/url/report?apikey=-YOUR API KEY HERE-&resource=http://www.virustotal.com?scan=1&allinfo=1"

	IP Address Report
	http "https://www.virustotal.com/vtapi/v2/ip-address/report?apikey=-YOUR API KEY HERE-&ip=90.156.201.27"
	#!/usr/env/python
	# -- coding: utf-8 --
	# Hack to allow us to load icon images in Maltego by following
	# the redirect and serving up the actual image.

	from flask import Flask, send_file
	import requests
	app = Flask(__name__)

	@app.route('/fb/pic/<id>')
	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H https://nvd.nist.gov/vuln/detail/CVE-2018-0296
	AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd

	Diff is Scope CVSSv3 Base Vector
	CVSSv3 Base Score calculated higher by vendor (Cisco) at 8.6 than independent authority (NIST) at 7.5
	Both CVSSv3 Base Scores are within the HIGH range (7.0-8.9)