maravedi
/ DecodeHex.ps1
Created
November 21, 2019 13:40
Separator for an HTTP Request with combined ASCII and Hex
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Param( | |
| [String]$Raw, | |
| $ASCIIColor = 'White', | |
| $HexColor = 'Blue' | |
| ) | |
| $Original = $Host.UI.RawUI.ForegroundColor | |
| Write-Host "=======================" | |
| $Host.UI.RawUI.ForegroundColor = $ASCIIColor |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Data = [System.Collections.ArrayList]@(); ((cat .\Scan.txt | Select -Skip 1 | Select -SkipLast 1 | %{$Row = ""|Select Host,Status,Ports,OS; $Temp = $_ -Split '\t'; If(($Temp -Join ',') -notlike "*Status:*" -And ($Temp -Join ',') -like "*OS:*"){ $Row.Host = $Temp[0]; $Row.Status = ""; $Row.Ports = $Temp[1]; $Row.OS = $Temp[3]} ElseIf(($Temp -Join ',') -notlike "*Status:*"){$Row.Host = $Temp[0]; $Row.Status = ""; $Row.Ports = $Temp[1]; $Row.OS = $Temp[2]} Else {$Row.Host = $Temp[0]; $Row.Status = $Temp[1]; $Row.Ports = $Temp[2]; $Row.OS = ""}; [Void]$Data.Add($Row)})) | |
| $Data |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a customized version of the work done by jermity: https://gist.github.com/jermity/d38da10534a7a56af32d | |
| # Examples: | |
| # To List all available algorithms: | |
| # Get-StringHash -List | |
| # | |
| # To hash the string using all available algorithms: | |
| # 'test' | Get-StringHash -All | |
| # | |
| # To do the same as above, but without using the pipeline: | |
| # Get-StringHash -String 'test' -All |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Examples: | |
| # 'dABlAHMAdAA=' | Get-Base64DecodedString | |
| # Get-Base64DecodedString 'dABlAHMAdAA=' | |
| # Get-Base64DecodedString -String 'dABlAHMAdAA=' | |
| Function Get-Base64DecodedString { | |
| [CmdletBinding()] | |
| Param( | |
| [Parameter(ValueFromPipeline = $True)] | |
| [String]$String | |
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Examples: | |
| # 'Test' | Get-Base64EncodedString | |
| # Get-Base64EncodedString 'Test' | |
| # Get-Base64EncodedString -String 'Test' | |
| Function Get-Base64EncodedString { | |
| [CmdletBinding()] | |
| Param( | |
| [Parameter(ValueFromPipeline = $True)] | |
| [String]$String | |
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Keep in mind that this will change the path for shell:personal, which may adversely affect other applications that rely on this. | |
| # Use this with caution, and make sure you remember what it was set to previously so that you can revert it if needed. | |
| $OldValue = Get-ItemProperty 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\' -Name Personal | |
| # $OldValue | |
| # Personal : C:\Users\maravedi | |
| # You'll want to use the %USERPROFILE% value instead of hardcoding it, just to be consistent with the other entries for this key | |
| $NewValue = '%USERPROFILE%\Box' |
maravedi
/ ExcelExtractUTCTime.txt
Created
January 17, 2019 16:44
Formulas to split up a UTC timestamp into date and time
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Say you have this timestamp: 2019-01-17T14:04:47.4927812 | |
| Say you want to split it up in Excel (you can't use a PowerShell ALL the time, right?), then here's what I figured out. | |
| Assumptions: | |
| The timestamp is in the first column, and has a header. For this example, it's in cell A2. | |
| To get the date: | |
| =LEFT(A2,10) |
maravedi
/ RemoveLinks.gs
Created
December 12, 2018 22:24
Remove Links From Google Doc Selected Text
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function myFunction() { | |
| var doc = DocumentApp.getActiveDocument(); | |
| var selection = doc.getSelection(); | |
| var ui = DocumentApp.getUi(); | |
| if (!selection) { | |
| ui.alert( "No current selection"); | |
| } | |
| else { | |
| var elements = selection.getSelectedElements(); | |
| for each(var element in elements) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| This script takes either a specific date or a number of days, weeks, or months to determine how many and, optionally, which AD accounts were created since that point in time. | |
| .DESCRIPTION | |
| This script has two methods of calculating a date, and it depends on which parameters are used when running it. | |
| The first method is using a relative number of, days, weeks, or months. These can be combined as well. | |
| The second method is using a specific date. If this method is used, then any of the relative date parameters are ignored. | |
| .PARAMETER DaysBack |
maravedi
/ So-Allow.ps1
Created
September 28, 2018 13:20
PowerShell Script for Security Onion to Automate so-allow from an Analyst Workstation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| A PowerShell script to automate whitelisting a device on the master Security Onion server. | |
| .DESCRIPTION | |
| If your analyst workstation is constantly changing IPs, it might be a little annoying to SSH into the master Security Onion server every time to interactively whitelist your new IP. Here's a way to cut off a couple of the steps to achieve just that, using PowerShell and Plink.exe. Make sure to modify the parameters according to your environment and analyst workstation's network interface. | |
| .PARAMETER Servers | |
| Specify as many servers as you would like this whitelist command to be run on. However, if the usernames or passwords are different across the servers, then the command will fail to authenticate. | |
| .PARAMETER InterfaceAlias | |
| Specify the network interface to extract the IP address from. This is useful when you know the interfance is always the same, but the IP address is subject to change. | |
| .PARAMETER LocalIP |