Skip to content

Instantly share code, notes, and snippets.

Avatar

Greg Foss gfoss

View GitHub Profile
@gfoss
gfoss / happy-fam.py
Last active May 24, 2022
Correlate Parent and Child Process Events via the Lacework Query Language (LQL)
View happy-fam.py
#!/usr/bin/env python3
# Happy Fam
# LQL-Driven Parent and Child Process Analyzer
# Lacework Labs
# v0.1 - May 2022
# greg.foss@lacework.net
'''
Licensed under the Apache License, Version 2.0 (the "License");
@gfoss
gfoss / LQL-Runner.py
Created Feb 14, 2022
Execute LQL queries on the Lacework Platform
View LQL-Runner.py
#!/usr/bin/env python3
# LQL Runner
# Lacework Labs
# v0.1 - February 2022
# greg.foss@lacework.net
#####################################################################################
# usage: lql-runner.py [-h] [-e LW_ENV] [-q QUERY] [-t DAYS] [-c] [-j] [-o FILENAME]
#
@gfoss
gfoss / Greynoise IP Analysis
Last active Feb 12, 2022
Quickly obtain reputation information for IP Addresses from Greynoise - for both single and bulk IP's
View Greynoise IP Analysis
#!/usr/bin/env python3
# Greynoise Community Edition - IP Check
# v0.1 - February, 2022
# greg.foss@owasp.org
'''
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
@gfoss
gfoss / VirusTotal Domain Analysis
Last active Feb 5, 2022
Quickly obtain reputation information for Domains from VirusTotal - for both single and bulk Domains
View VirusTotal Domain Analysis
#!/usr/bin/env python3
# VirusTotal DNS Check
# v0.1 - February, 2022
# greg.foss@owasp.org
'''
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
@gfoss
gfoss / VirusTotal Hash Analysis
Last active Feb 3, 2022
Quickly obtain reputation information for Hashes from VirusTotal - for both single and bulk Hahes
View VirusTotal Hash Analysis
#!/usr/bin/env python3
# VirusTotal Hash Check
# v0.3 - February, 2022
# greg.foss@owasp.org
'''
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
@gfoss
gfoss / VirusTotal IP Address Analysis
Last active Feb 3, 2022
Quickly obtain reputation information for IP Addresses from VirusTotal - for both single and bulk IP addresses
View VirusTotal IP Address Analysis
#!/usr/bin/env python3
# VirusTotal IP Check
# v0.3 - February, 2022
# greg.foss@owasp.org
'''
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
@gfoss
gfoss / gecko.py
Last active Dec 29, 2021
Coingecko - trending coin monitoring and alerting
View gecko.py
#!/usr/bin/env python3
# Coingecko - trending coin monitoring and alerting
# v0.3
# March, 2021
# greg.foss[at]owasp.org
'''
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@gfoss
gfoss / Enable-PSRemoting.ps1
Last active Nov 6, 2019
quickly enable psremoting on Windows Hosts via PowerShell
View Enable-PSRemoting.ps1
function enablePSRemoting {
Enable-PSRemoting –force
Set-Service WinRM -StartMode Automatic
Get-WmiObject -Class win32_service | Where-Object {$_.name -like "WinRM"}
Set-Item WSMan:localhost\client\trustedhosts -value *
Get-Item WSMan:\localhost\Client\TrustedHosts
}
@gfoss
gfoss / auto-hydra.sh
Created Aug 3, 2017
Simple Masscan + Hydra wrapper used to perform automated scans by group (organization, unit, team, etc) and generate a report on the results.
View auto-hydra.sh
#!/bin/bash
#
# @heinzarelli
# greg . foss [at] logrhythm . com
# v0.1 - May 2017
#
function usage {
echo ""
@gfoss
gfoss / Extract-WiFi-Creds.ps1
Last active Feb 1, 2022
Simple script to extract locally-stored Wi-Fi Credentials
View Extract-WiFi-Creds.ps1
#====================================#
# Extract Wi-Fi Credentials #
# greg . foss @ owasp . org #
# v0.1 -- July, 2017 #
#====================================#
# Licensed under the MIT License
<#