Skip to content

Instantly share code, notes, and snippets.

View hillar's full-sized avatar

Hillar hillar

39 followers · 7 following
View GitHub Profile
@hillar
hillar / async waterfall & map
Created February 7, 2014 15:52
var async = require('async.js');
var data = {}
data.time = 12345678;
data.tags = [1,2,3];
function post (data) {
var results = {};
results.start = new Date().getTime();
var updateSession = function(callback) {
console.log('updateSession')
results.saved = true;
@hillar
hillar / doExec.js
Created February 27, 2014 16:04
var LOG_LEVEL = 7; // 7 debug; 6 info; 5 notice; 4 error;
var ADMIN = "admin@localhost";
var NodeSyslogLoggerSimple = require('node-syslog-logger-simple');
var logger = new NodeSyslogLoggerSimple({'level':LOG_LEVEL});
logger.debug('logger=ok');
var exec = require('child_process').exec;
var EXEC_OPTIONS = { encoding: 'utf8',
timeout: 5000,
@hillar
hillar / dump2jsonbot.py
Last active August 29, 2015 13:58
dumps last {window_time} events in room on every {purge_time} to json file (used for anonymous vsroom demo)
import idiokit
from abusehelper.core import bot, taskfarm
# please move Roombot from contrib to core
class RoomBot(bot.ServiceBot):
def __init__(self, *args, **keys):
bot.ServiceBot.__init__(self, *args, **keys)
self.room_handlers = taskfarm.TaskFarm(self._handle_room)
@hillar
hillar / emhi.py
Created April 15, 2014 08:05
# please see http://www.emhi.ee/index.php?ide=1,359,737,1207
import idiokit
from abusehelper.core import utils, bot, events
import xml.etree.cElementTree as etree
from xml.etree.ElementTree import ElementTree
from sys import exc_type as ParseError
#Elemtree throws different exception in python2.7
@hillar
hillar / gist:70919fb45bc3cf89e1ae
Created June 16, 2014 07:55
nfsen
apt-get -y install apache2 libapache2-mod-php5 php5-common
apt-get -y install rrdtool libmailtools-perl librrds-perl libio-socket-ssl-perl
cd /tmp/
wget http://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz
tar zxvf nfsen-1.3.6p1.tar.gz
mv nfsen-1.3.6p1 nfsen
cp nfsen/etc/nfsen-dist.conf /etc/nfsen.conf
useradd www
useradd netflow
usermod -a -G www netflow
@hillar
hillar / dm.txt
Last active August 29, 2015 14:04
====== All you need to know before building a CSIRT ======
===== CERTs and similar entities around the world =====
* 1 CERT was created in 1988 in response to the Morris worm incident.
* FIRST is the Forum of Incident Response and Security Teams http://first.org/members
* national CSIRTs http://www.cert.org/incident-management/national-csirts/meeting/
* Africa http://www.africacert.org/home/countries/
@hillar
hillar / output.txt
Created September 16, 2014 11:10
lua script to pump flow data from suricata to elasticsearch
{
"start": "09/12/2014-09:56:41.642074",
"ipver": 6,
"ipproto": 6,
"srcip": "2002:0010:0001:0009:0000:0000:0000:0011",
"sp": 42126,
"dstip": "2002:0010:0001:0000:0000:0000:0000:0003",
"dp": 80,
"tscnt": 10,
"tsbytes": 946,
@hillar
hillar / influxdb_output.go
Created November 21, 2014 11:01
metrix output for influxdb
package main
import (
"fmt"
"time"
influxClient "github.com/influxdb/influxdb/client"
)
@hillar
hillar / suricata-dump-counters.go
Last active August 29, 2015 14:10
dump counters from suricata command socket
package main
import "fmt"
import "net"
import "io"
import "encoding/json"
import "errors"
type Response struct {
ReturnCode string `json:"return"`
@hillar
hillar / disco-influxdb.js
Created November 28, 2014 14:58
small disco for influxdb database
var influx = require('influx');
var async = require('async');
// helper funcs
// get list of fields for serie
var getFields = function(serie,callback){
client.query('SELECT * FROM ' + serie+ ' LIMIT 1;', function(err,res){
var ret = {};
ret[res[0].name] = res[0].columns;