Skip to content

Instantly share code, notes, and snippets.

Netscylla netscylla

Block or report user

Report or block netscylla

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
netscylla / .htaccess
Created Sep 23, 2019
Anti-Anti-Phishing htaccess - Prevent crawlers and known AV researchers
View .htaccess
Options All -Indexes
RewriteEngine on
RewriteCond %{HTTP_REFERER} google\.com [NC,OR]
RewriteCond %{HTTP_REFERER} google\.com
RewriteCond %{HTTP_REFERER} paypal\.com
RewriteCond %{HTTP_REFERER} firefox\.com
# Block Bad Bots & Scrapers
SetEnvIfNoCase User-Agent "Aboundex" bad_bot
SetEnvIfNoCase User-Agent "80legs" bad_bot
SetEnvIfNoCase User-Agent "360Spider" bad_bot
View Logstash config for Bro IDS
input {
beats {
port => 5001
codec => "json_lines"
filter {
#Let's get rid of those header lines; they begin with a hash
netscylla /
Created Feb 28, 2019
An old script that is still useful - semi-automated script to disassemble shell code and fingerprint its functionality
# (c) 2014
# Leveraging other OS disassembly and AV tools to fingerprint potential malware
# License :
# Author: Andy @ Netscylla
View JSON template for Bro IDS within Logstash
"template": "brologs*",
"mappings": {
"capture_loss": {
"properties": {
"ts_delta": {
"type": "double"
"peer": {
"type": "keyword"
netscylla /
Created Jul 3, 2018 — forked from kananlanginhooper/
Shell script to extract Temporary AWS keys (Access Key Id and Secret Access Key) from Role Based EC2 instance using and dynamic role names
ROLENAME=$(curl -s)
wget $KeyURL -q -O Iam.json
KEYID=$(grep -Po '.*"AccessKeyId".*' Iam.json | sed 's/ //g' | sed 's/"//g' | sed 's/,//g' | sed 's/AccessKeyId://g')
SECRETKEY=$(grep -Po '.*"SecretAccessKey".*' Iam.json | sed 's/ //g' | sed 's/"//g' | sed 's/,//g' | sed 's/SecretAccessKey://g')
SECURITYTOKEN=$(grep -Po '.*"Token".*' Iam.json | sed 's/ //g' | sed 's/"//g' | sed 's/,//g' | sed 's/Token://g')
rm Iam.json -f
View Build Nginx & Naxsi [Debian]
#!/usr/bin/env bash
apt-get install -y libpcre3 libpcre3-dev libssl-dev unzip make \
libgoogle-perftools-dev google-perftools jq gcc zlib1g-dev
mkdir /tmp/ngxbuild
cd /tmp/ngxbuild
ng_cookies=$(curl -s|grep cookie|cut -f 2 -d '"'|tr -d '\n')
latestNginx=$(curl --cookie ${ng_cookies} -s|grep "^ *release-" | head -1 | cut -c 9-)
echo "found: ${latestNginx}"
latestNaxsi=$(curl -s |
netscylla /
Created Jun 15, 2018
Oracle TNS Listener Log File Rewrite Exploit
if [ $# != 2 ] && [ $# != 3 ]; then
echo Sets Oracle TNS Listener log file to a new value using
echo Usage: $0 new-log-file-name host [port]
echo port default to $PORT
netscylla /
Last active Jun 1, 2018 patched to support Kali Linux
# Copyright 2014, Inc. or its affiliates. All Rights Reserved.
# Licensed under the Amazon Software License (the "License"). You may not use
# this file except in compliance with the License. A copy of the License is
# located at or in the "license" file accompanying
# this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
# CONDITIONS OF ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
netscylla / Hackaday OTP 1407981609 Lambda
Created Apr 27, 2018
Hackday OTP 1407981609 toolkit as a AWS Lambda function on Node JS 6.10
View Hackaday OTP 1407981609 Lambda
exports.handler = (event, context, callback) => {
console.log('Received event:', JSON.stringify(event, null, 2));
if (event.a === undefined || event.b === undefined || event.c === undefined|| event.code === undefined) {
callback("400 Invalid Input");
var res = {};
res.a = Number(event.a);
res.b = Number(event.b);
res.c = Number(event.c);
netscylla / Build Nginx & Naxsi [Redhat]
Last active Jun 17, 2018
Build script for building Nginx with Naxsi Module on Redhat
View Build Nginx & Naxsi [Redhat]
#!/usr/bin/env bash
yum install -y pcre.x86_64 pcre-devel.x86_64 openssl-devel.x86_64 unzip make \
gperftools-devel.x86_64 gperftools.x86_64 jq.x86_64
mkdir /tmp/ngxbuild
cd /tmp/ngxbuild
latestNginx=$(curl -s |
grep "^ *release-" | head -1 | cut -c 9-)
latestNaxsi=$(curl -s |
jq -r .[].tag_name | grep -v rc | head -1)
You can’t perform that action at this time.