Greg Foss gfoss

## gist:70ae3df90c5a532baaf7
### Keybase proof

I hereby claim:

  * I am gfoss on github.
  * I am heinzarelli (https://keybase.io/heinzarelli) on keybase.
  * I have a public key whose fingerprint is 3DC9 DCF4 C0A3 7206 C45B  66FB C2DE DD96 D935 5D0E

To claim this, I am signing this object:

## ssh-alert-cronjob
0 */1 * * * last -5 | grep -v '[user]\|wtmp\|reboot\|shutdown' && last -10 | grep -v '[user]\|wtmp\|reboot\|shutdown' >> ~/Desktop/ALERT && wall -g [group] ~/Desktop/ALERT

## netcat heartbeat
$ while `nc -nn -vv -z -w3 [ip-address] [port] > /dev/null`; do echo "OK"; sleep 1; done; echo "DOWN"; while (true); do echo "***DOWN***"; sleep 5; done

## autopeep.sh
#!/bin/bash
#
# Utilizing LaNMaSteR53's peepingtom.py script to auto-scrape web servers and send out notifications.
# Optimized for Kali Linux
# greg.foss[at]owasp.org
#
# cronjob to run this script once a week every Sunday at Midnight
# 0 0 * * 0 /usr/share/peepingtom/autopeep.sh

# prepare storage location, remove old data, and migrate existing folders

## command injector
#!/bin/bash
#
# Command Injector v0.1
# greg.foss[at]owasp.org
# modified version of dirtshell by 'superkojiman' to exploit command injection vulnerabilities / access web shells via cli
# dirtshell.sh => http://blog.techorganic.com/2012/06/lets-kick-shell-ish-part-1-directory.html

function usage {
    echo "usage: -u URL"
    echo "eg   : -u \"http://site.com/index.php?cmd=\""

## nmap-os-detection
$ sudo nmap -F -O [IP-RANGE] | grep "scan report\|Running: " > os.txt; echo "$(cat os.txt | grep Apple | wc -l) OS X devices"; echo "$(cat os.txt | grep Linux | wc -l) Linux devices"; echo "$(cat os.txt | grep Windows | wc -l) Windows devices"

## ssh-attempts.txt
#search for invalid logon attempts, pull out IP, remove dupes, sort...
$ grep -rhi 'invalid' /var/log/auth.log* | awk '{print $10}' | uniq | sort > ~/ips.txt

#look em up
$ for i in `cat ~/ips.txt`; do @nslookup $i 2>/dev/null | grep Name | tail -n 1 | cut -d " " -f 3; done > ~/who.txt

# :-) #
$ do moar things...

## Enable-PSRemoting.ps1
function enablePSRemoting {
    Enable-PSRemoting –force
    Set-Service WinRM -StartMode Automatic
    Get-WmiObject -Class win32_service | Where-Object {$_.name -like "WinRM"}
    Set-Item WSMan:localhost\client\trustedhosts -value *
    Get-Item WSMan:\localhost\Client\TrustedHosts
}

## say.ps1
function say {
    param( [string]$comment = $_ )
    [Reflection.Assembly]::LoadWithPartialName('System.Speech') | Out-Null
    $object = New-Object System.Speech.Synthesis.SpeechSynthesizer
    $object.SelectVoiceByHints('Female')
    $object.Speak("$comment")
}

## gecko.py
#!/usr/bin/env python3

# Coingecko - trending coin monitoring and alerting
# v0.3
# March, 2021
# greg.foss[at]owasp.org

'''
	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	### Keybase proof

	I hereby claim:

	* I am gfoss on github.
	* I am heinzarelli (https://keybase.io/heinzarelli) on keybase.
	* I have a public key whose fingerprint is 3DC9 DCF4 C0A3 7206 C45B 66FB C2DE DD96 D935 5D0E

	To claim this, I am signing this object:
	#!/bin/bash
	#
	# Utilizing LaNMaSteR53's peepingtom.py script to auto-scrape web servers and send out notifications.
	# Optimized for Kali Linux
	# greg.foss[at]owasp.org
	#
	# cronjob to run this script once a week every Sunday at Midnight
	# 0 0 * * 0 /usr/share/peepingtom/autopeep.sh

	# prepare storage location, remove old data, and migrate existing folders
	#!/bin/bash
	#
	# Command Injector v0.1
	# greg.foss[at]owasp.org
	# modified version of dirtshell by 'superkojiman' to exploit command injection vulnerabilities / access web shells via cli
	# dirtshell.sh => http://blog.techorganic.com/2012/06/lets-kick-shell-ish-part-1-directory.html

	function usage {
	echo "usage: -u URL"
	echo "eg : -u \"http://site.com/index.php?cmd=\""
	#search for invalid logon attempts, pull out IP, remove dupes, sort...
	$ grep -rhi 'invalid' /var/log/auth.log* \| awk '{print $10}' \| uniq \| sort > ~/ips.txt

	#look em up
	$ for i in `cat ~/ips.txt`; do @nslookup $i 2>/dev/null \| grep Name \| tail -n 1 \| cut -d " " -f 3; done > ~/who.txt

	# :-) #
	$ do moar things...
	function enablePSRemoting {
	Enable-PSRemoting –force
	Set-Service WinRM -StartMode Automatic
	Get-WmiObject -Class win32_service \| Where-Object {$_.name -like "WinRM"}
	Set-Item WSMan:localhost\client\trustedhosts -value *
	Get-Item WSMan:\localhost\Client\TrustedHosts
	}
	function say {
	param( [string]$comment = $_ )
	[Reflection.Assembly]::LoadWithPartialName('System.Speech') \| Out-Null
	$object = New-Object System.Speech.Synthesis.SpeechSynthesizer
	$object.SelectVoiceByHints('Female')
	$object.Speak("$comment")
	}
	#!/usr/bin/env python3

	# Coingecko - trending coin monitoring and alerting
	# v0.3
	# March, 2021
	# greg.foss[at]owasp.org

	'''
	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.