clandestination queencitycyber

## parse_ffufjson.sh
#!/bin/bash

# Directory path containing the JSON files
directory="."

# Print column titles
# not pretty and doesn't scale well but who cares
echo -e "URL\tStatus\tLength\tWords\tLines"

# Iterate over each JSON file in the directory

## url_to_md.py
### Turn HTML page into Markdown (.md)

import requests
import html2text

def download_html(url):
    response = requests.get(url)
    return response.text

def convert_to_markdown(html):

## exparser.py
'''
parses impacket-exchanger output to put useful results in a table
https://github.com/fortra/impacket/blob/master/examples/exchanger.py
'''

import click
from rich.console import Console
from rich.table import Table
import re

## serve.py
#!/usr/bin/python3
import argparse
import http.server
import socketserver
import sys

class ThreadedHTTPServer(socketserver.ThreadingMixIn, http.server.HTTPServer):
    pass

def main(argv):

## testpub.py
# source: https://github.com/rushter/blog_code/blob/master/ssh/check.py
import logging
import socket
import sys

import paramiko.auth_handler
import requests
import argparse


## hbh-header-abuse-test.py
# github.com/ndavison

import requests
import random
import string
from argparse import ArgumentParser


parser = ArgumentParser(description="Attempts to find hop-by-hop header abuse potential against the provided URL.")
parser.add_argument("-u", "--url", help="URL to target (without query string)")

## check_hashes.py
#!/usr/bin/env python3

#Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
#Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH:::
# ./check_hashes.py <hash_dump>

import argparse
import re

parser = argparse.ArgumentParser(description="Check user hashes against each other to find users that share passwords")

## xsscors.py
"""
A tiny Flask web server ready to shoot reflective CORS Access-Control-Allow-Origin headers to accept connections from an XSS affected victim while hosting your evil JS payload
"""
# Stolen from https://twitter.com/snovvcrash/status/1511702029403631620

from flask import Flask, send_file
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

## gitlab_enum.py
###
# Dumps GitLab's user base to CSV form.
# Source: https://www.rapid7.com/blog/post/2022/03/03/cve-2021-4191-gitlab-graphql-api-user-enumeration-fixed/
# Requires GraphqlClient: pip install python-graphql-client
###
from python_graphql_client import GraphqlClient
import json
import sys
import argparse

## randsomshit
Tired of having random notes and shit floatin around. Most of this will probably exist elsewhere in my notes, but I'd like to have it here to remember

# Console Table. Update as needed
`console.table([...document.querySelectorAll('.fatitem table .athing')].map(el => [el.textContent.trim(), el.nextSibling.textContent.trim()]).sort(([,a], [,b]) => parseInt(b) - parseInt(a)))`

# No clue. From Outlook headers
https://webshell.suite.office.com/iframe/TokenFactoryIframe?origin=https://Foutlook.office.com&shsid=[GUID]&apiver=oneshell&cshver=20220227.1&upn=[REDACTED]
	#!/bin/bash

	# Directory path containing the JSON files
	directory="."

	# Print column titles
	# not pretty and doesn't scale well but who cares
	echo -e "URL\tStatus\tLength\tWords\tLines"

	# Iterate over each JSON file in the directory
	### Turn HTML page into Markdown (.md)

	import requests
	import html2text

	def download_html(url):
	response = requests.get(url)
	return response.text

	def convert_to_markdown(html):
	'''
	parses impacket-exchanger output to put useful results in a table
	https://github.com/fortra/impacket/blob/master/examples/exchanger.py
	'''

	import click
	from rich.console import Console
	from rich.table import Table
	import re
	#!/usr/bin/python3
	import argparse
	import http.server
	import socketserver
	import sys

	class ThreadedHTTPServer(socketserver.ThreadingMixIn, http.server.HTTPServer):
	pass

	def main(argv):
	# source: https://github.com/rushter/blog_code/blob/master/ssh/check.py
	import logging
	import socket
	import sys

	import paramiko.auth_handler
	import requests
	import argparse
	#!/usr/bin/env python3

	#Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
	#Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH:::
	# ./check_hashes.py <hash_dump>

	import argparse
	import re

	parser = argparse.ArgumentParser(description="Check user hashes against each other to find users that share passwords")
	"""
	A tiny Flask web server ready to shoot reflective CORS Access-Control-Allow-Origin headers to accept connections from an XSS affected victim while hosting your evil JS payload
	"""
	# Stolen from https://twitter.com/snovvcrash/status/1511702029403631620

	from flask import Flask, send_file
	from flask_cors import CORS

	app = Flask(__name__)
	CORS(app)
	###
	# Dumps GitLab's user base to CSV form.
	# Source: https://www.rapid7.com/blog/post/2022/03/03/cve-2021-4191-gitlab-graphql-api-user-enumeration-fixed/
	# Requires GraphqlClient: pip install python-graphql-client
	###
	from python_graphql_client import GraphqlClient
	import json
	import sys
	import argparse
	Tired of having random notes and shit floatin around. Most of this will probably exist elsewhere in my notes, but I'd like to have it here to remember

	# Console Table. Update as needed
	`console.table([...document.querySelectorAll('.fatitem table .athing')].map(el => [el.textContent.trim(), el.nextSibling.textContent.trim()]).sort(([,a], [,b]) => parseInt(b) - parseInt(a)))`

	# No clue. From Outlook headers
	https://webshell.suite.office.com/iframe/TokenFactoryIframe?origin=https://Foutlook.office.com&shsid=[GUID]&apiver=oneshell&cshver=20220227.1&upn=[REDACTED]