Skip to content

Instantly share code, notes, and snippets.

Netscylla netscylla

Block or report user

Report or block netscylla

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@netscylla
netscylla / .htaccess
Created Sep 23, 2019
Anti-Anti-Phishing htaccess - Prevent crawlers and known AV researchers
View .htaccess
Options All -Indexes
RewriteEngine on
RewriteCond %{HTTP_REFERER} google\.com [NC,OR]
RewriteCond %{HTTP_REFERER} google\.com
RewriteCond %{HTTP_REFERER} paypal\.com
RewriteCond %{HTTP_REFERER} firefox\.com
# Block Bad Bots & Scrapers
SetEnvIfNoCase User-Agent "Aboundex" bad_bot
SetEnvIfNoCase User-Agent "80legs" bad_bot
SetEnvIfNoCase User-Agent "360Spider" bad_bot
View Logstash config for Bro IDS
input {
beats {
port => 5001
codec => "json_lines"
}
}
filter {
#Let's get rid of those header lines; they begin with a hash
@netscylla
netscylla / diasass.sh
Created Feb 28, 2019
An old script that is still useful - semi-automated script to disassemble shell code and fingerprint its functionality
View diasass.sh
#!/bin/bash
##########################################
#
# Disass.sh (c) 2014
# Leveraging other OS disassembly and AV tools to fingerprint potential malware
#
# License :
# http://www.gnu.org/licenses/agpl-3.0.txt
#
# Author: Andy @ Netscylla
View JSON template for Bro IDS within Logstash
{
"template": "brologs*",
"mappings": {
"capture_loss": {
"properties": {
"ts_delta": {
"type": "double"
},
"peer": {
"type": "keyword"
@netscylla
netscylla / ExtractAWSRoleBasedKeys.sh
Created Jul 3, 2018 — forked from kananlanginhooper/ExtractAWSRoleBasedKeys.sh
Shell script to extract Temporary AWS keys (Access Key Id and Secret Access Key) from Role Based EC2 instance using 169.254.169.254 and dynamic role names
View ExtractAWSRoleBasedKeys.sh
#!/bin/sh
ROLENAME=$(curl http://169.254.169.254/latest/meta-data/iam/security-credentials/ -s)
KeyURL="http://169.254.169.254/latest/meta-data/iam/security-credentials/"$ROLENAME"/"
wget $KeyURL -q -O Iam.json
KEYID=$(grep -Po '.*"AccessKeyId".*' Iam.json | sed 's/ //g' | sed 's/"//g' | sed 's/,//g' | sed 's/AccessKeyId://g')
SECRETKEY=$(grep -Po '.*"SecretAccessKey".*' Iam.json | sed 's/ //g' | sed 's/"//g' | sed 's/,//g' | sed 's/SecretAccessKey://g')
SECURITYTOKEN=$(grep -Po '.*"Token".*' Iam.json | sed 's/ //g' | sed 's/"//g' | sed 's/,//g' | sed 's/Token://g')
rm Iam.json -f
View Build Nginx & Naxsi [Debian]
#!/usr/bin/env bash
apt-get install -y libpcre3 libpcre3-dev libssl-dev unzip make \
libgoogle-perftools-dev google-perftools jq gcc zlib1g-dev
mkdir /tmp/ngxbuild
cd /tmp/ngxbuild
ng_cookies=$(curl -s http://hg.nginx.org/nginx/tags|grep cookie|cut -f 2 -d '"'|tr -d '\n')
latestNginx=$(curl --cookie ${ng_cookies} -s http://hg.nginx.org/nginx/tags|grep "^ *release-" | head -1 | cut -c 9-)
echo "found: ${latestNginx}"
latestNaxsi=$(curl -s https://api.github.com/repos/nbs-system/naxsi/releases |
@netscylla
netscylla / oracle-set-logfile.sh
Created Jun 15, 2018
Oracle TNS Listener Log File Rewrite Exploit
View oracle-set-logfile.sh
#!/bin/sh
PORT=1521;
if [ $# != 2 ] && [ $# != 3 ]; then
echo Sets Oracle TNS Listener log file to a new value using tnscmd.pl
echo
echo Usage: $0 new-log-file-name host [port]
echo
echo port default to $PORT
@netscylla
netscylla / aws-logs-setup.py
Last active Jun 1, 2018
aws-logs-setup.py patched to support Kali Linux
View aws-logs-setup.py
#!/usr/bin/python
# Copyright 2014 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Amazon Software License (the "License"). You may not use
# this file except in compliance with the License. A copy of the License is
# located at http://aws.amazon.com/asl/ or in the "license" file accompanying
# this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
# CONDITIONS OF ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
@netscylla
netscylla / Hackaday OTP 1407981609 Lambda
Created Apr 27, 2018
Hackday OTP 1407981609 toolkit as a AWS Lambda function on Node JS 6.10
View Hackaday OTP 1407981609 Lambda
exports.handler = (event, context, callback) => {
console.log('Received event:', JSON.stringify(event, null, 2));
if (event.a === undefined || event.b === undefined || event.c === undefined|| event.code === undefined) {
callback("400 Invalid Input");
}
var res = {};
res.a = Number(event.a);
res.b = Number(event.b);
res.c = Number(event.c);
@netscylla
netscylla / Build Nginx & Naxsi [Redhat]
Last active Jun 17, 2018
Build script for building Nginx with Naxsi Module on Redhat
View Build Nginx & Naxsi [Redhat]
#!/usr/bin/env bash
yum install -y pcre.x86_64 pcre-devel.x86_64 openssl-devel.x86_64 unzip make \
gperftools-devel.x86_64 gperftools.x86_64 jq.x86_64
mkdir /tmp/ngxbuild
cd /tmp/ngxbuild
latestNginx=$(curl -s http://hg.nginx.org/nginx/tags |
grep "^ *release-" | head -1 | cut -c 9-)
latestNaxsi=$(curl -s https://api.github.com/repos/nbs-system/naxsi/releases |
jq -r .[].tag_name | grep -v rc | head -1)
You can’t perform that action at this time.