Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

View gfoss's full-sized avatar

Greg Foss gfoss

290 followers · 142 following
View GitHub Profile
@gfoss
gfoss / happy-fam.py
Last active May 24, 2022 14:40
Correlate Parent and Child Process Events via the Lacework Query Language (LQL)
#!/usr/bin/env python3
# Happy Fam
# LQL-Driven Parent and Child Process Analyzer
# Lacework Labs
# v0.1 - May 2022
# greg.foss@lacework.net
'''
Licensed under the Apache License, Version 2.0 (the "License");
@gfoss
gfoss / LQL-Runner.py
Created February 14, 2022 22:00
Execute LQL queries on the Lacework Platform
#!/usr/bin/env python3
# LQL Runner
# Lacework Labs
# v0.1 - February 2022
# greg.foss@lacework.net
#####################################################################################
# usage: lql-runner.py [-h] [-e LW_ENV] [-q QUERY] [-t DAYS] [-c] [-j] [-o FILENAME]
#
@gfoss
gfoss / Greynoise IP Analysis
Last active February 12, 2022 00:18
Quickly obtain reputation information for IP Addresses from Greynoise - for both single and bulk IP's
#!/usr/bin/env python3
# Greynoise Community Edition - IP Check
# v0.1 - February, 2022
# greg.foss@owasp.org
'''
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
@gfoss
gfoss / VirusTotal Domain Analysis
Last active February 5, 2022 02:11
Quickly obtain reputation information for Domains from VirusTotal - for both single and bulk Domains
#!/usr/bin/env python3
# VirusTotal DNS Check
# v0.1 - February, 2022
# greg.foss@owasp.org
'''
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
@gfoss
gfoss / VirusTotal Hash Analysis
Last active February 3, 2022 20:55
Quickly obtain reputation information for Hashes from VirusTotal - for both single and bulk Hahes
#!/usr/bin/env python3
# VirusTotal Hash Check
# v0.3 - February, 2022
# greg.foss@owasp.org
'''
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
@gfoss
gfoss / VirusTotal IP Address Analysis
Last active February 3, 2022 18:01
Quickly obtain reputation information for IP Addresses from VirusTotal - for both single and bulk IP addresses
#!/usr/bin/env python3
# VirusTotal IP Check
# v0.3 - February, 2022
# greg.foss@owasp.org
'''
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
@gfoss
gfoss / gecko.py
Last active December 29, 2021 15:23
Coingecko - trending coin monitoring and alerting
#!/usr/bin/env python3
# Coingecko - trending coin monitoring and alerting
# v0.3
# March, 2021
# greg.foss[at]owasp.org
'''
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@gfoss
gfoss / Enable-PSRemoting.ps1
Last active November 6, 2019 18:17
quickly enable psremoting on Windows Hosts via PowerShell
function enablePSRemoting {
Enable-PSRemoting –force
Set-Service WinRM -StartMode Automatic
Get-WmiObject -Class win32_service | Where-Object {$_.name -like "WinRM"}
Set-Item WSMan:localhost\client\trustedhosts -value *
Get-Item WSMan:\localhost\Client\TrustedHosts
}
@gfoss
gfoss / auto-hydra.sh
Created August 3, 2017 03:16
Simple Masscan + Hydra wrapper used to perform automated scans by group (organization, unit, team, etc) and generate a report on the results.
#!/bin/bash
#
# @heinzarelli
# greg . foss [at] logrhythm . com
# v0.1 - May 2017
#
function usage {
echo ""
@gfoss
gfoss / Extract-WiFi-Creds.ps1
Last active February 1, 2022 13:06
Simple script to extract locally-stored Wi-Fi Credentials
#====================================#
# Extract Wi-Fi Credentials #
# greg . foss @ owasp . org #
# v0.1 -- July, 2017 #
#====================================#
# Licensed under the MIT License
<#