Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
Hack the 🌎!

Derek Ditch dcode

💭
Hack the 🌎!
  • Elastic
  • Texas
  • Twitter @dcode
View GitHub Profile
View gist:f879a62574e94a2265ae
object Download extends Controller {
import org.apache.commons.logging.Log
import org.apache.hadoop.conf.Configuration
import org.apache.hadoop.fs._
import java.io.InputStream
import java.net.URI
import java.net.URLDecoder
def download(filename: String) = {
@dcode
dcode / gist:d7f19f519bfe9ff8ce5d
Last active Aug 29, 2015
Shell snippet. Takes output from bro2json.py and creates an array of JSON objects grouped by uid and id fields
View gist:d7f19f519bfe9ff8ce5d
# This more or less just shows the format of the log data on input.
zcat bro2jsondata.json.gz| sed 's/id\./id_/g' | ./json -g | jq '[ map(select(.uid and .uid != "-" )) | group_by(.uid) | .[0] ]'
[
[
{
"type": "conn",
"id_orig_h": "10.10.10.17",
"resp_ip_bytes": "0",
"ts": "1384833674.270877",
@dcode
dcode / gist:66343a641c0f3caf122d
Created Aug 10, 2014
Download the Java 8 64-bit RPM using curl (which more commonly installed over wget)
View gist:66343a641c0f3caf122d
curl --location --remote-name --remote-header-name --cookie "oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u11-b12/jre-8u11-linux-x64.rpm
View Attempt at File Extraction Policy
global ext_map: table[string] of string = {
["application/x-dosexec"] = "exe",
["text/plain"] = "txt",
["image/jpeg"] = "jpg",
["image/png"] = "png",
["text/html"] = "html",
} &default ="";
event file_new(f: fa_file)
{
View brocolor.sh
#!/bin/bash
cat $1 | sed 's/#fields\t\|#types\t//g' | grep -v "^#" | awk 'BEGIN {FS="\t"; OFS=FS};{for(i=1;i<=NF;i++) printf("\x1b[%sm%s\x1b[0m%s",(i%7)+31,$i,OFS); print ""}'
@dcode
dcode / bro.rb
Last active Aug 29, 2015
Bro filter for LogStash
View bro.rb
# encoding: utf-8 # *NOTE*: I have no idea what I'm doing and this is untested. Use at your own risk
# (though I welcome assistance)
require "logstash/filters/base"
require "logstash/namespace"
require "csv"
require "bigdecimal"
# The Bro filter takes an event field containing Bro log data, parses it,
@dcode
dcode / gist:afb3f21c0dd5801ad540
Created Oct 29, 2014
bro log to pipe separated values (PSV) w/ camelcase headers
View gist:afb3f21c0dd5801ad540
bro-cut -uc -F'|' | grep -E '^#fields|^2014' | sed 's/^#fields|//' | sed -e '1s/\./_/g' -e '1s/_\([a-z]\)/\u\1/g'
@dcode
dcode / bro2rt.awk
Last active Aug 29, 2015
bro2rt.awk
View bro2rt.awk
$1 ~ /#fields.*/ { print $0 "\tend"; next };
$1 ~ /#types/ { print $0 "\ttime"; next };
$1 ~ /^#.*/ { print $0; next};
$1 ~ /^[^#]/ { OFMT="%.16g"; print $0, $1+$9 }
@dcode
dcode / kibana
Created Mar 26, 2015
Kibana init script defaults (goes in /etc/default/kibana)
View kibana
user="root"
group="root"
chroot="/"
chdir="/"
nice=""
@dcode
dcode / README
Created Mar 30, 2015
rpm2cpio shell script
View README
You just need to save that to rpm2cpio.sh, make it executable, and then
run
rpm2cpio rpm-4.1.1-1.7x.src.rpm | cpio -idv
Source: http://www.redhat.com/archives/rpm-list/2003-June/msg00367.html