Skip to content

Instantly share code, notes, and snippets.

### Keybase proof
I hereby claim:
* I am gfoss on github.
* I am heinzarelli (https://keybase.io/heinzarelli) on keybase.
* I have a public key whose fingerprint is 3DC9 DCF4 C0A3 7206 C45B 66FB C2DE DD96 D935 5D0E
To claim this, I am signing this object:
@gfoss
gfoss / ssh-alert-cronjob
Last active December 12, 2015 02:38
simple cronjob to alert on 'unknown/unexpected' access to a system.
0 */1 * * * last -5 | grep -v '[user]\|wtmp\|reboot\|shutdown' && last -10 | grep -v '[user]\|wtmp\|reboot\|shutdown' >> ~/Desktop/ALERT && wall -g [group] ~/Desktop/ALERT
@gfoss
gfoss / netcat heartbeat
Last active May 30, 2016 06:27
NetCat based heartbeat one-liner, great for pentesting to let you know if the service you are testing has crashed.
$ while `nc -nn -vv -z -w3 [ip-address] [port] > /dev/null`; do echo "OK"; sleep 1; done; echo "DOWN"; while (true); do echo "***DOWN***"; sleep 5; done
@gfoss
gfoss / autopeep.sh
Last active July 20, 2016 05:41
Simple script used to set peepingtom.py to run automatically via bash script + cronjob, serve up the content and send out e-mail notifications.
#!/bin/bash
#
# Utilizing LaNMaSteR53's peepingtom.py script to auto-scrape web servers and send out notifications.
# Optimized for Kali Linux
# greg.foss[at]owasp.org
#
# cronjob to run this script once a week every Sunday at Midnight
# 0 0 * * 0 /usr/share/peepingtom/autopeep.sh
# prepare storage location, remove old data, and migrate existing folders
@gfoss
gfoss / command injector
Created September 10, 2014 07:01
script to assist in exploiting command injection vulns / interacting with simple webshells
#!/bin/bash
#
# Command Injector v0.1
# greg.foss[at]owasp.org
# modified version of dirtshell by 'superkojiman' to exploit command injection vulnerabilities / access web shells via cli
# dirtshell.sh => http://blog.techorganic.com/2012/06/lets-kick-shell-ish-part-1-directory.html
function usage {
echo "usage: -u URL"
echo "eg : -u \"http://site.com/index.php?cmd=\""
@gfoss
gfoss / nmap-os-detection
Created August 28, 2013 19:52
OS-detection. Run this nmap command to count OS's and view the os.txt output file to see the results per-system.
$ sudo nmap -F -O [IP-RANGE] | grep "scan report\|Running: " > os.txt; echo "$(cat os.txt | grep Apple | wc -l) OS X devices"; echo "$(cat os.txt | grep Linux | wc -l) Linux devices"; echo "$(cat os.txt | grep Windows | wc -l) Windows devices"
@gfoss
gfoss / ssh-attempts.txt
Last active December 30, 2018 11:02
grep IP addresses from auth logs to see attempted ssh attempts into your box w/ invalid creds {ubuntu}
#search for invalid logon attempts, pull out IP, remove dupes, sort...
$ grep -rhi 'invalid' /var/log/auth.log* | awk '{print $10}' | uniq | sort > ~/ips.txt
#look em up
$ for i in `cat ~/ips.txt`; do @nslookup $i 2>/dev/null | grep Name | tail -n 1 | cut -d " " -f 3; done > ~/who.txt
# :-) #
$ do moar things...
@gfoss
gfoss / Enable-PSRemoting.ps1
Last active November 6, 2019 18:17
quickly enable psremoting on Windows Hosts via PowerShell
function enablePSRemoting {
Enable-PSRemoting –force
Set-Service WinRM -StartMode Automatic
Get-WmiObject -Class win32_service | Where-Object {$_.name -like "WinRM"}
Set-Item WSMan:localhost\client\trustedhosts -value *
Get-Item WSMan:\localhost\Client\TrustedHosts
}
@gfoss
gfoss / say.ps1
Created May 25, 2017 04:48
PowerShell Say
function say {
param( [string]$comment = $_ )
[Reflection.Assembly]::LoadWithPartialName('System.Speech') | Out-Null
$object = New-Object System.Speech.Synthesis.SpeechSynthesizer
$object.SelectVoiceByHints('Female')
$object.Speak("$comment")
}
@gfoss
gfoss / gecko.py
Last active December 29, 2021 15:23
Coingecko - trending coin monitoring and alerting
#!/usr/bin/env python3
# Coingecko - trending coin monitoring and alerting
# v0.3
# March, 2021
# greg.foss[at]owasp.org
'''
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.