Skip to content

Instantly share code, notes, and snippets.

@gfoss
gfoss / ssh-attempts.txt
Last active Dec 30, 2018
grep IP addresses from auth logs to see attempted ssh attempts into your box w/ invalid creds {ubuntu}
View ssh-attempts.txt
#search for invalid logon attempts, pull out IP, remove dupes, sort...
$ grep -rhi 'invalid' /var/log/auth.log* | awk '{print $10}' | uniq | sort > ~/ips.txt
#look em up
$ for i in `cat ~/ips.txt`; do @nslookup $i 2>/dev/null | grep Name | tail -n 1 | cut -d " " -f 3; done > ~/who.txt
# :-) #
$ do moar things...
@gfoss
gfoss / ssh-alert-cronjob
Last active Dec 12, 2015
simple cronjob to alert on 'unknown/unexpected' access to a system.
View ssh-alert-cronjob
0 */1 * * * last -5 | grep -v '[user]\|wtmp\|reboot\|shutdown' && last -10 | grep -v '[user]\|wtmp\|reboot\|shutdown' >> ~/Desktop/ALERT && wall -g [group] ~/Desktop/ALERT
@gfoss
gfoss / netcat heartbeat
Last active May 30, 2016
NetCat based heartbeat one-liner, great for pentesting to let you know if the service you are testing has crashed.
View netcat heartbeat
$ while `nc -nn -vv -z -w3 [ip-address] [port] > /dev/null`; do echo "OK"; sleep 1; done; echo "DOWN"; while (true); do echo "***DOWN***"; sleep 5; done
@gfoss
gfoss / nslookup loops
Last active Nov 3, 2019
Basic nslookup loops for Windows and Linux
View nslookup loops
*****WINDOWS*****
//nslookup - subnet range
c:\>for /L %i in (1,1,255) do @nslookup 10.10.10.%i [server to resolve from] 2>nul | find "Name" && echo 10.10.10.%i && @echo [ctrl+g]
//nslookup - file of ip's
NAME c:\>for /F %i in ([file.txt]) do @nslookup %i [server to resolve from] 2>nul | find "Name" && echo %i
ADDRESS c:\>for /F %i in ([file.txt]) do @nslookup %i [server to resolve from] 2>nul | find "Address" && echo %i
Or just run c:\>nslookup and paste in the list
You can’t perform that action at this time.