Skip to content

Instantly share code, notes, and snippets.

Keith Lee milo2012

Block or report user

Report or block milo2012

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@milo2012
milo2012 / extractHTTPfromNmap.py
Last active Sep 17, 2019
This script parses nmap XML file and extract HTTP/HTTPs servers. The problem with Nmap scanning is that it doesn't correctly identify all hosts running HTTP/HTTPS services. This script attempts to fix this issue
View extractHTTPfromNmap.py
from libnmap.parser import NmapParser
import requests, optparse, os, sys, glob, multiprocessing
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
requests.packages.urllib3.disable_warnings()
timeout=1.0
numOfThreads=2
#This script parses nmap XML file and extract HTTP/HTTPs servers.
#The problem with Nmap scanning is that it doesn't correctly identify all hosts running HTTP/HTTPS services.
View gist:96ab77e05714915ea22f8c214f838aac
$ sudo python msfHelper1.py nmap__190723_132536.xml
[*] Launching Metasploit msfrpcd
[*] Reading from msfHelper.db
[*] Loaded 474 URI paths from msfHelper.db
[*] Loaded 2982 modules from Metasploit
[List of Unique Service Banners]
-------- ----------------------------------------------------------------------------
21/tcp vsftpd version: 2.3.4 ostype: Unix
@milo2012
milo2012 / checkSSHCiphers.py
Created May 22, 2019
Check SSH Ciphers (works with IPv6)
View checkSSHCiphers.py
import paramiko, sys, logging, optparse, os
sys.tracebacklimit = 0
logging.raiseExceptions=False
acceptedCipherList=[]
acceptedMacList=[]
acceptedKeyList=[]
acceptedKexList=[]
cipherList = (
"aes128-ctr",
@milo2012
milo2012 / checkScopeWithNmap.py
Created May 10, 2019
for segmentation tests - compare nmap xml files with scope and check which scopes were accessible and which weren't
View checkScopeWithNmap.py
#!/usr/bin/python -tt
# -*- coding: utf-8 -*-
import sys, glob, optparse
reload(sys);
from netaddr import IPNetwork
from libnmap.parser import NmapParser
ipDict={}
scopeDict={}
accessibleList=[]
@milo2012
milo2012 / exploit_notes_Exploit Notes: CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002.txt
Last active Feb 22, 2019
Exploit Notes: CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002
View exploit_notes_Exploit Notes: CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002.txt
Exploit Notes: CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002
#Install vulnerable docker version of Jenkins
$ docker run -p 8080:8080 -p 50000:50000 jenkins/jenkins:2.121.2
- Go to http://127.0.0.1:8080
- Install suggested plugins
- Create a user account (admin|admin)
- Click "New Item"
- Under Item Name, enter 'Helloworld', choose 'Pipeline' and click 'OK'
- Under 'Pipeline', untick 'Use Groovy Sandbox' and click 'Save'
@milo2012
milo2012 / sniffCert.py
Created Sep 27, 2018
Sniff and extract server SSL certificate of wireless access point (EAP)
View sniffCert.py
#!/usr/bin/python
'''
$ python sniffCert.py -h
Usage: sniffCert.py [options]
Options:
-h, --help show this help message and exit
-i INTERFACENO Interface to sniff
$ python sniffCert.py -i en0
@milo2012
milo2012 / pentesting_ios_apps_on_electra.txt
Last active Nov 4, 2019
Pentesting IOS Applications on Electra 11.1.2
View pentesting_ios_apps_on_electra.txt
#Burp SSL Certificate on IOS 11
On iOS 11 you can't just install your MITM root cert, you also need to explicitly trust it.
You can do this by:
Settings -> General -> About -> Certificate Trust Settings -> Flip the switch on your cert
----------------------------------------------------------------------------------------------------------------
#GDB on IOS 11
Source: https://shmoo419.github.io/
gdb
ps -ax | grep -i appName
attach [processNo]
View Backdoor Notes
#Creating signed and customized backdoored macOS applications by abusing Apple Developer tools
https://medium.com/@adam.toscher/creating-signed-and-customized-backdoored-macos-applications-by-abusing-apple-developer-tools-b4cbf1a98187
Notes:
Include 1) 1Password 7.app (Gatekeeper Approved) 2) StuffIt Expander.app/Backdoor (Not Approved) in /tmp/apps. You will be allowed to run both 1) and 2) (Gatekeeper bypass)
Alternative one liner:
$ pkgbuild --root /tmp/apps --identifier com.microsoft --install-location /Applications mypackage.pkg
View scada_password_recovery_list.csv
We can make this file beautiful and searchable if this error is corrected: It looks like row 8 should actually have 1 column, instead of 8. in line 7.
Yokogawa;CENTUM CS 3000 DCS;CENTUM:CENTUM
Yokogawa;EJX910A Multivariable Transmitter HART Communication Type;YOKOGAWA. (to release the Write Protect mode)
Yokogawa;WT 3000 Driver;anonymous:blank (Ethernet access)
Yokogawa;DX1000/DX1000N/DX2000 Advanced;Administrator 1:Admin1 etc./ User 1:User01 etc.
Yokogawa;YFGW410 gateway;admin:!admin
Wonderware;System Platform/Archestra;administrator:blank
Wonderware;Intouch;Administrator:Wonderware
Wonderware;Historian;SQL Server Login: aadbo:pwddbo, wwdbo:pwddbo, aaAdmin:pwAdmin, wwAdmin:wwAdmin, aaPower:pwPower, wwPower:wwPower, aaUser:pwUser, wwUser:wwUser
Westermo;TDW 33;no password, just return, Hardcoded password: n3Y9kA6otYZu8, (?? TD-36)
Westermo;MRD-305-DIN/MRD-310/MRD-315/MRD-330/MRD-355/MRD-350/MRD-455;admin:westermo
@milo2012
milo2012 / checkDomainForCDN.py
Created Apr 25, 2018
Check if any domains in Alexa top 1 million list is under any CDN and if so, which one is it
View checkDomainForCDN.py
package main
import (
"sync"
//"strconv"
"io"
"net/http"
"archive/zip"
"path/filepath"
"bufio"
You can’t perform that action at this time.