Skip to content

Instantly share code, notes, and snippets.


Jay Swan jayswan

View GitHub Profile
from collections import Counter
from csv import DictReader
import gzip
from pprint import pprint
from sys import argv
FIELDNAMES = ['ts', 'uid', 'id.orig_h', 'id.orig_p', 'id.resp_h', 'id.resp_p', 'proto', 'trans_id', 'query', 'qclass', 'qclass_name', 'qtype', 'qtype_name', 'rcode', 'rcode_name', 'AA', 'TC', 'RD', 'RA', 'Z', 'answersTTLs', 'rejected']
def ingest(files, delim='\t', qchar='"'):
from collections import namedtuple
def d2n(name,d):
""" convert dict to namedtuple """
NewClass = namedtuple(name,d.keys())
return NewClass(*d.values())
import hashlib
def hash(s,a='md5'):
""" One-stop hex-digest of a string. Allows any algorithm supported by hashlib. """
f = getattr(hashlib,a)
return f(s).hexdigest()
def fhash(fn,a='md5'):
""" Hash a file as a string. Not memory considerate. """
with open(fn) as f:
jayswan /
Created Nov 25, 2014
Count Plixer log entries
from collections import defaultdict
from operator import itemgetter
import sys
FILENAME = sys.argv[1]
class SimpleCounter(defaultdict):
""" Scrutinizer ships with Python 2.6 and doesn't have the Counter object
from collections. This is a simple version of it.
View gist:c04eee5287cc7cbc5ea1
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
"term": {
"EventID": 4728
View gist:3a7621d909b15c832cfb
In [142]: d
Out[142]: {'TargetUserName.raw': 'Domain Admins'}
In [143]: tt = Search(using=es,index=i)\
View gist:d4ddd71a35bb5f1ad86f
In [144]: tt = Search(using=es,index=i)\
.filter('term',TargetUserName.raw='Domain Admins')\
File "<ipython-input-144-1b746eb83e6f>", line 1
tt = Search(using=es,index=i)\
.filter('term',TargetUserName.raw='Domain Admins')\
SyntaxError: keyword can't be an expression
jayswan /
Created Dec 21, 2011
Python Script to find duplicate Cisco interface configs
import os
def print_dup_info(s):
#split config on ! characters
blocks = s.split('!')
stanza_list = []
interface_dict = {}
for block in blocks:
#get rid of blank lines and split each stanza into a list of lines
jayswan /
Created Feb 19, 2016
Convert AWS IP Prefixes to SiLK IP Set
curl -s | \
jq --raw-output '.prefixes | map(.ip_prefix) | .[]' > prefixes.txt
rwsetbuild prefixes.txt aws.ipset