This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from sys import argv | |
from datetime import datetime, timezone | |
from secrets import choice | |
from string import ascii_letters, digits | |
from hashlib import sha256 | |
from json import dumps | |
from http.client import HTTPSConnection | |
''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Retrieves alerts from Cortex XDR. | |
# PARAMETERS: | |
# - $1: First item (start) | |
# - $2: Number of items at each round (must be <= 100) | |
# - $3: Number of pages desired (number of rounds) | |
# REQUIRES: | |
# - API key and its ID from Cortex XDR | |
# - Standard Authentication for the API key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# In SOC, when an external IP address is involved in an incident, | |
# we check it to try to identify the owner and if there is any | |
# incident related to that address. A few sites in internet | |
# offer this service, such as AbuseIPDB (https://www.abuseipdb.com/), | |
# Greynoise (https://www.greynoise.io/), and | |
# VirusTotal (https://www.virustotal.com/). | |
# | |
# Author.: José Lopes <lopes.id> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/env python3 | |
''' | |
Finds Indicators of Compromise (IoCs) in text files. | |
Usage: | |
$ iocfinder.py file.txt | |
Based on: | |
1. https://github.com/stephenbrannon/IOCextractor | |
2. https://github.com/PaloAltoNetworks/ioc-parser | |
Todo: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#/bin/sh | |
#bookepr.sh | |
# | |
# Packs and unpacks sensitive data in a more secure fashion. | |
# Read $HELP for usage tips. | |
# | |
# Author: José Lopes <lopes.id> | |
# License: MIT | |
# Date: 2021-09-28 | |
## |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/local/bin/python3 | |
''' | |
Monitors some log files and send new entries to syslog. | |
This script requires a config file to import paths to the files. | |
The main concept is that there are a repository with log files | |
(which I call 'source files') and an auxiliary repository of | |
files ('working files'). | |
The idea here is to create a copy of source files in the work | |
directory, then calculating the diff between the source files |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# | |
# Reads a Brazilian "Nota Fiscal Eletrônica" in PDF format, | |
# figures out what is it competence (the reference in time | |
# for that document), and then renames the file using this | |
# data, like: %Y%m[-COUNT].pdf. | |
# | |
# Note: the regex may differ according the format used in | |
# the PDF file (data disposition), so it should be | |
# adjusted accordingly. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# | |
# Simple examples on using different block cipher modes | |
# of operation (NIST SP 800-38A) with AES. | |
# | |
# Warning: this script is just an example! You must be | |
# very confident on your work (or insane) to implement | |
# this kind of code in production, because it's safer | |
# to use wide tested frameworks like PyNaCl. | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import re | |
import logging | |
from imaplib import IMAP4_SSL | |
from email import message_from_bytes | |
from email.parser import HeaderParser | |
from email.header import decode_header, make_header | |
from email.utils import parsedate_to_datetime, localtime |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
'''Squid Cleaner | |
This script takes a file with a list of domains in Squid format | |
separated by "comma-space" and outputs a new list without | |
duplicates, shadows (.domain.com and domain.com <-removes this), | |
and overlaps (.domain.com, sub.domain.com <-removes this). | |
It can also check is domains are responsive, but of course this |
NewerOlder