Andrew Pease peasead

## clean_tcpdump_output
tcpdump -qns 0 -X -r <pcap>.pcap

## fast_resolver.sh
#!/bin/sh
cat ips.txt | while read ip
do
  echo $ip " " & host $ip | cut -f 5 -d " "
done

## nginx Proxy Redirect
#/etc/nginx/conf.d/webapp.conf
server {
       listen         80;

       server_tokens off;
       add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
       add_header X-Frame-Options DENY;
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Content-Type-Options nosniff;

## Bash Profile
export PS1="\[\033[36m\]\u\[\033[m\]@\[\033[32m\]\h:\[\033[33;1m\]\w\[\033[m\]\$ "
export CLICOLOR=1
export LSCOLORS=exFxBxDxCxegedabagacad
alias ls='ls -lGFh'
alias whois='whois -h 199.7.50.74'
alias usbtoserial=/dev/cu.usbserial

# Transfer.sh Profile Additions
transfer() { if [ $# -eq 0 ]; then echo "No arguments specified. Usage:\necho transfer /tmp/test.md\ncat /tmp/test.md | transfer test.md"; return 1; fi
tmpfile=$( mktemp -t transferXXX ); if tty -s; then basefile=$(basename "$1" | sed -e 's/[^a-zA-Z0-9._-]/-/g'); curl --progress-bar --upload-file "$1" "https://transfer.sh/$basefile" >> $tmpfile; else curl --progress-bar --upload-file "-" "https://transfer.sh/$1" >> $tmpfile ; fi; cat $tmpfile; rm -f $tmpfile; }

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                peasead
                / keybase.md
            
            
              Last active
              November 27, 2019 05:47
            
          
    Keybase proof

I hereby claim:

I am peasead on github.
I am variable (https://keybase.io/variable) on keybase.
I have a public key ASB24PAieecv2Kzl2W9jTJFFT7kgmjKOL7qL5QWGERc59go

To claim this, I am signing this object:

  
## startup-stop.sh
# For creating NSM data from targeted pcaps, trying to get minimal noise
# This is for VirtualBox, but would likely work elsewhere

# startup.sh
#!/bin/bash

sudo -u suricata suricata-update
sudo ip link set dev [mon-int] mtu 16110
sudo ifup [mon-interface]
sleep 5

## pull multiple Docker images
make a file called "images" with all of the docker images listed, 1 per line
while read i; do sudo docker pull "$i"; done < images

## quick-zeek-container
If you want to run a pcap through Zeek, but don't have ROCK or don't need "all the things".

# Fire up the Docker container, mapping the directory with your pcap
## If pcap in your current directory
docker run -it -v $(pwd):/pcap broplatform/bro:3.0.0 /bin/bash
## If pcap is somewhere else
docker run -it -v [directory where your pcap is]:/pcap broplatform/bro:3.0.0 /bin/bash

# If you have to build your own for some reason
# This can be skipped if the `docker run...` worked above

## git-update.sh
#!/bin/bash
# Run from the parent directory with all of your git folders below
# find . searches the current directory
# -type d to find directories, not files
# -depth 1 for a maximum depth of one sub-directory
# -exec {} \; runs a custom command for every find
# git --git-dir={}/.git --work-tree=$PWD/{} pull git pulls the individual directories
find . -type d -depth 1 -exec git --git-dir={}/.git --work-tree=$PWD/{} pull origin master \;

## gist:e9c06979cb3c2dfef383da05abd89bf9
# Update packetbeat.shutdown_timeout=20s to fit your time requirements
/usr/local/bin/packetbeat -I file.pcap -t -E packetbeat.shutdown_timeout=20s
	#!/bin/sh
	cat ips.txt \| while read ip
	do
	echo $ip " " & host $ip \| cut -f 5 -d " "
	done
	#/etc/nginx/conf.d/webapp.conf
	server {
	listen 80;

	server_tokens off;
	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
	add_header X-Frame-Options DENY;
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Content-Type-Options nosniff;
	export PS1="\[\033[36m\]\u\[\033[m\]@\[\033[32m\]\h:\[\033[33;1m\]\w\[\033[m\]\$ "
	export CLICOLOR=1
	export LSCOLORS=exFxBxDxCxegedabagacad
	alias ls='ls -lGFh'
	alias whois='whois -h 199.7.50.74'
	alias usbtoserial=/dev/cu.usbserial

	# Transfer.sh Profile Additions
	transfer() { if [ $# -eq 0 ]; then echo "No arguments specified. Usage:\necho transfer /tmp/test.md\ncat /tmp/test.md \| transfer test.md"; return 1; fi
	tmpfile=$( mktemp -t transferXXX ); if tty -s; then basefile=$(basename "$1" \| sed -e 's/[^a-zA-Z0-9._-]/-/g'); curl --progress-bar --upload-file "$1" "https://transfer.sh/$basefile" >> $tmpfile; else curl --progress-bar --upload-file "-" "https://transfer.sh/$1" >> $tmpfile ; fi; cat $tmpfile; rm -f $tmpfile; }
	# For creating NSM data from targeted pcaps, trying to get minimal noise
	# This is for VirtualBox, but would likely work elsewhere

	# startup.sh
	#!/bin/bash

	sudo -u suricata suricata-update
	sudo ip link set dev [mon-int] mtu 16110
	sudo ifup [mon-interface]
	sleep 5
	make a file called "images" with all of the docker images listed, 1 per line
	while read i; do sudo docker pull "$i"; done < images
	If you want to run a pcap through Zeek, but don't have ROCK or don't need "all the things".

	# Fire up the Docker container, mapping the directory with your pcap
	## If pcap in your current directory
	docker run -it -v $(pwd):/pcap broplatform/bro:3.0.0 /bin/bash
	## If pcap is somewhere else
	docker run -it -v [directory where your pcap is]:/pcap broplatform/bro:3.0.0 /bin/bash

	# If you have to build your own for some reason
	# This can be skipped if the `docker run...` worked above
	#!/bin/bash
	# Run from the parent directory with all of your git folders below
	# find . searches the current directory
	# -type d to find directories, not files
	# -depth 1 for a maximum depth of one sub-directory
	# -exec {} \; runs a custom command for every find
	# git --git-dir={}/.git --work-tree=$PWD/{} pull git pulls the individual directories
	find . -type d -depth 1 -exec git --git-dir={}/.git --work-tree=$PWD/{} pull origin master \;
	# Update packetbeat.shutdown_timeout=20s to fit your time requirements
	/usr/local/bin/packetbeat -I file.pcap -t -E packetbeat.shutdown_timeout=20s