Josh Frantz jfrantz1-r7

## view-open-ports
SELECT da.ip_address, da.host_name, dos.name AS OS, dos.version AS os_version, das.port, dp.name AS protocol, ds.name AS service, dsf.name AS service_name, dsf.version AS service_version
FROM dim_asset_service das
   JOIN dim_service ds USING (service_id)
   JOIN dim_protocol dp USING (protocol_id)
   JOIN dim_asset da USING (asset_id)
   JOIN dim_operating_system dos USING (operating_system_id)
   JOIN dim_service_fingerprint dsf USING (service_fingerprint_id)
ORDER BY da.ip_address, das.port

## gist:ff43fc8f0545f1af8621a33a8e978400
#!/bin/zsh

# This script is meant to be used with Jamf Pro and makes use of Jamf Helper.
# The idea behind this script is that it alerts the user that there are required OS
# updates that need to be installed. Rather than forcing updates to take place through the
# command line using "softwareupdate", the user is encouraged to use the GUI to update.
# In recent OS versions, Apple has done a poor job of testing command line-based workflows
# of updates and failed to account for scenarios where users may or may not be logged in.
# The update process through the GUI has not suffered from these kind of issues. The
# script will allow end users to postpone/defer updates X amount of times and then will

## orphaned_scans


1) Unlock the database

Linux:
Change all the ‘md5’ entries to ‘trust’ in the /opt/rapid7/nexpose/nsc/nxpgsql/nxpdata/pg_hba.conf file.
example: nano /opt/rapid7/nexpose/nsc/nxpgsql/nxpdata/pg_hba.conf
ctrl + w to find all instances of md5

Windows:

## regex
Email - (?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])

SSN - ^(?!(000|666|9))\d{3}-(?!00)\d{2}-(?!0000)\d{4}$|^(?!(000|666|9))\d{3}(?!00)\d{2}(?!0000)\d{4}$

Passport Number - ^(?!^0+$)[a-zA-Z0-9]{3,20}$

Date of Birth - ^((?:0[0-9])|(?:[1-2][0-9])|(?:3[0-1]))/((?:0[1-9])|(?:1[0-2]))/((?:19|20)\d{2})$

Credit Cards - ^(?:4[0-9]{12}(?:[0-9]{3})?          # Visa
 |  (?:5[1-5][0-9]{2}                # MasterCard

## public-aws.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                jfrantz1-r7
                / public-aws.md
            
            
              Last active
              September 29, 2020 19:13
            
          
    #Public resources
ECR
Lambda
Lambda Layer
Serverless Application Repository

  
## insightvm.yaml
swagger: '2.0'
info:
  description: |-
    # Overview

    This guide documents the InsightVM Application Programming Interface (API) Version 3. This API supports the
    Representation State Transfer (REST) design pattern. Unless noted otherwise this API accepts and produces the
    `application/json` media type. This API uses Hypermedia as the Engine of Application State (HATEOAS) and
    is hypermedia friendly. All API connections must be made to the security console using HTTPS.

## gist:feb9fb49603690fb391ea4cc8ff5cb20
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog


## gist:d4b44fbf86b014314e50faafdc445a76
Panic Soft
#NoFreeOnExit TRUE

define ROOT     C:\Program Files (x86)\nxlog
define CERTDIR  %ROOT%\cert
define CONFDIR  %ROOT%\conf
define LOGDIR   %ROOT%\data
define LOGFILE  %LOGDIR%\nxlog.log
LogFile %LOGFILE%

## gist:9c9e3eadbf8504229868bd8229fdc99a
<Extension _json>
    Module  xm_json
</Extension>

<Input eventlog>
    Module  im_msvistalog
    Exec    to_json();
</Input>

<Output tcp>

## ez.ps1
$RegUninstallPaths = @(
    'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall',
    'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall')
$VersionsToKeep = @('Java 8 Update 261')

Get-WmiObject Win32_Process | Where {$_.ExecutablePath -like '*Program FilesJava*'} |
    Select @{n='Name';e={$_.Name.Split('.')[0]}} | Stop-Process -Force

get-process -Name *iexplore* | Stop-Process -Force -ErrorAction SilentlyContinue
	SELECT da.ip_address, da.host_name, dos.name AS OS, dos.version AS os_version, das.port, dp.name AS protocol, ds.name AS service, dsf.name AS service_name, dsf.version AS service_version
	FROM dim_asset_service das
	JOIN dim_service ds USING (service_id)
	JOIN dim_protocol dp USING (protocol_id)
	JOIN dim_asset da USING (asset_id)
	JOIN dim_operating_system dos USING (operating_system_id)
	JOIN dim_service_fingerprint dsf USING (service_fingerprint_id)
	ORDER BY da.ip_address, das.port
	#!/bin/zsh

	# This script is meant to be used with Jamf Pro and makes use of Jamf Helper.
	# The idea behind this script is that it alerts the user that there are required OS
	# updates that need to be installed. Rather than forcing updates to take place through the
	# command line using "softwareupdate", the user is encouraged to use the GUI to update.
	# In recent OS versions, Apple has done a poor job of testing command line-based workflows
	# of updates and failed to account for scenarios where users may or may not be logged in.
	# The update process through the GUI has not suffered from these kind of issues. The
	# script will allow end users to postpone/defer updates X amount of times and then will


	1) Unlock the database

	Linux:
	Change all the ‘md5’ entries to ‘trust’ in the /opt/rapid7/nexpose/nsc/nxpgsql/nxpdata/pg_hba.conf file.
	example: nano /opt/rapid7/nexpose/nsc/nxpgsql/nxpdata/pg_hba.conf
	ctrl + w to find all instances of md5

	Windows:
	Email - (?:[a-z0-9!#$%&'+/=?^_`{\|}~-]+(?:\.[a-z0-9!#$%&'+/=?^_`{\|}~-]+)\|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]\|\\[\x01-\x09\x0b\x0c\x0e-\x7f])")@(?:(?:[a-z0-9](?:[a-z0-9-][a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-][a-z0-9])?\|\[(?:(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?\|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]\|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])

	SSN - ^(?!(000\|666\|9))\d{3}-(?!00)\d{2}-(?!0000)\d{4}$\|^(?!(000\|666\|9))\d{3}(?!00)\d{2}(?!0000)\d{4}$

	Passport Number - ^(?!^0+$)[a-zA-Z0-9]{3,20}$

	Date of Birth - ^((?:0[0-9])\|(?:[1-2][0-9])\|(?:3[0-1]))/((?:0[1-9])\|(?:1[0-2]))/((?:19\|20)\d{2})$

	Credit Cards - ^(?:4[0-9]{12}(?:[0-9]{3})? # Visa
	\| (?:5[1-5][0-9]{2} # MasterCard
	swagger: '2.0'
	info:
	description: \|-
	# Overview

	This guide documents the InsightVM Application Programming Interface (API) Version 3. This API supports the
	Representation State Transfer (REST) design pattern. Unless noted otherwise this API accepts and produces the
	`application/json` media type. This API uses Hypermedia as the Engine of Application State (HATEOAS) and
	is hypermedia friendly. All API connections must be made to the security console using HTTPS.
	## This is a sample configuration file. See the nxlog reference manual about the
	## configuration options. It should be installed locally and is also available
	## online at http://nxlog.org/docs/

	## Please set the ROOT to the folder your nxlog was installed into,
	## otherwise it will not start.

	#define ROOT C:\Program Files\nxlog
	define ROOT C:\Program Files (x86)\nxlog
	Panic Soft
	#NoFreeOnExit TRUE

	define ROOT C:\Program Files (x86)\nxlog
	define CERTDIR %ROOT%\cert
	define CONFDIR %ROOT%\conf
	define LOGDIR %ROOT%\data
	define LOGFILE %LOGDIR%\nxlog.log
	LogFile %LOGFILE%
	<Extension _json>
	Module xm_json
	</Extension>

	<Input eventlog>
	Module im_msvistalog
	Exec to_json();
	</Input>

	<Output tcp>
	$RegUninstallPaths = @(
	'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall',
	'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall')
	$VersionsToKeep = @('Java 8 Update 261')

	Get-WmiObject Win32_Process \| Where {$_.ExecutablePath -like 'Program FilesJava'} \|
	Select @{n='Name';e={$_.Name.Split('.')[0]}} \| Stop-Process -Force

	get-process -Name iexplore \| Stop-Process -Force -ErrorAction SilentlyContinue