Skip to content

Instantly share code, notes, and snippets.

View felmoltor's full-sized avatar
🍊
Is this real life?

Felipe Molina felmoltor

🍊
Is this real life?
View GitHub Profile
@felmoltor
felmoltor / gist:617feed1e12e5c53aa5d
Last active August 29, 2015 14:05
unificarangos.sh
#!/bin/bash
if [[ ! -f $1 || $# -ne 2 ]];then
echo "Usage: $0 <file> <resultfile>"
else
resultfile=$2
echo -n "" > $resultfile
for line in `cat $1`; do
line=$(echo $line | tr -d ' ')
if [[ $(echo $line | grep "-"| wc -l) > 0 ]];then
@felmoltor
felmoltor / gist:01e732dd1375f96114ed
Created August 14, 2014 16:10
Automatic malware download from malwaredomainlists.com and upload to virustotal.com and totalhash.com
# With this two lines of bash you will donwload the last malware samples extracted from the public lists of www.malwaredomainlist.com
# and you'll submit automatically the alive samples (check if the response was an executable or not) to totalhash.com (contribute to
# the community) and obtain the detection rate of the sample # from Virus Total (virustotal.com).
# As a result you'll get a bunch of executable files and their detection rate in the log "output.virustotal.txt"
# Download all the samples detected and listed in the public CSV of mdl.com
$ curl -s http://www.malwaredomainlist.com/mdlcsv.php | awk 'BEGIN {FS="\",\""} {print $2}' | strings -n 3 | grep -E "\.exe$|\.so$|\.bin$|\.src$|\.pdf$|\.docx$|\.vb$|\.sh$" | xargs -I% bash -c 'echo "Downloading: %" && curl -s -O %' | tee $(date +%Y%m%d_%H%M)_malware_download.log
# Upload the downloaded samples to totalhash.com and query virustotal.com with it MD5 checksum to obtain the detection ratio
$ ls *_malware_download.log -ltr | tail -n1 | cat $(awk '{pr
####################################################
# List all the files recursively under a directory #
####################################################
def ls_r_files(path)
path.gsub!(/\/+$/,"")
if path[-2,2] != "/." and path[-2,3] != "/.."
if File.directory?(path)
fentries = []
entries = Dir.entries(path)
@felmoltor
felmoltor / gist:092b76182cc58a331b1f
Created September 10, 2014 18:10
Top domains in 5M gmail dump
Top domains leaked in 5M password dump of Gmail accounts. Mainly gmail.com and yandex.ru, another similar domains that seems like bug in the phishing or keylogger program:
4800946 gmail.com
123213 yandex.ru
608 gmail.com777
338 gmail.com.vn
256 gmail.com.br
238 gmail.com.au
188 gmail.com7777
174 gmail.com.com
@felmoltor
felmoltor / Gmail 5M accounts dumped analysis
Created September 16, 2014 16:23
Gmail 5M accounts dumped. Statistical Analysis
--------------------
---- 1º Million ----
--------------------
Analyzing a file with user, passwords and separator ':'
Loading the whole dump file. Be patient...
Spliting the dump information...
Analycing the password frecuency...
Analycing the domains frecuency...
Analycing passwords complexity...
@felmoltor
felmoltor / Gmail 5M accounts dumped analysis (2)
Created September 17, 2014 11:29
Gmail 5M accounts dumped analysis (2)
--------------
- 1º Million -
--------------
________________ __________ ____ _______
\_ _____/ _ \\______ \ ___ _/_ | \ _ \
| __)/ /_\ \| ___/ \ \/ /| | / /_\ \
| | / | \ | \ / | | \ \_/ \
\__ | \____|__ /____| \_/ |___| /\ \_____ /
\/ \/ \/ \/
@felmoltor
felmoltor / CGI scripts being scanned
Created December 16, 2014 16:47
CGI scripts being scanned in the wild. Maybe shellshock vulnerable?
/admin.cgi
/administrator.cgi
/agora.cgi
/aktivate/cgi-bin/catgy.cgi
/analyse.cgi
/apps/web/vs_diag.cgi
/axis-cgi/buffer/command.cgi
/bandwidth/index.cgi
/bigconf.cgi
/cartcart.cgi
@felmoltor
felmoltor / keybase.md
Last active August 29, 2015 14:13
keybase.md

Keybase proof

I hereby claim:

  • I am felmoltor on github.
  • I am felmoltor (https://keybase.io/felmoltor) on keybase.
  • I have a public key whose fingerprint is 1485 9C64 36C5 CA4F 236B C04A 990A 3B4D BB7C FB45

To claim this, I am signing this object:

@felmoltor
felmoltor / estadisticas.sh
Last active September 24, 2020 09:34
Kippo statistic extraction script
#!/bin/bash
TOPIP=15
TOPUP=30
TOPU=30
TOPP=30
TOPLU=15
TOPLP=15
GEOLITEDB="/home/<username>/maxmind/GeoIPCountryWhois.db" # Use the sqlite3 db created with http://pastebin.com/9WxCy5ks
@felmoltor
felmoltor / checkbinaries.sh
Last active August 29, 2015 14:13
Kippo - new malware dropped alert
#!/bin/bash
# Author: Felipe Molina (@felmoltor)
# Date: January 2015
# Purpose: This scripts checks for new binaries captured by kippo and send an email when an attacker drops a new one
#############################
LASTLS='lastls.txt'
CURRENTLS='currentls.txt'