Skip to content

Instantly share code, notes, and snippets.

View rohan-molloy's full-sized avatar

Rohan rohan-molloy

6 followers · 4 following
View GitHub Profile
@rohan-molloy
rohan-molloy / Converting-Qcow2-to-vmdk.md
Created September 17, 2020 10:15
How to Convert Qemu images to VMWare

How to Convert Qemu images to VMWare

qemu-img convert \
         -f $INPUT_FORMAT \
         -O $OUTPUT_FORMAT \
          $INPUT_FILE $OUTPUT_FILE

For example qemu-img convert -f qcow2 -O vmdk esxi.qcow2 esxi.vmdk

@rohan-molloy
rohan-molloy / whitelist-country-iptables.sh
Last active May 4, 2020 11:07
#! /bin/bash
# Set the country code (in lower case)
cc=nz
# Create the ipset
ipset create allowed_country hash:net
# Load the country set
wget -qO- "https://iplists.firehol.org/files/geolite2_country/country_$cc.netset" | grep -v ^# | xargs -n1 ipset add allowed_country
@rohan-molloy
rohan-molloy / Replace-newline-with-slashn.md
Created April 17, 2020 06:47

Replace newline with a literal "\n"

sed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g'
@rohan-molloy
rohan-molloy / easy-self-hosted-email-using-a-vps.md
Last active April 18, 2020 02:53

Self Hosted Email using a VPS

Step 1: Register a VM

For this example, I'm using Amazon lightsail with Debian.
Ensure port 25 is open in the firewall section
Thus tutorial assumes there is a standard user named 'admin'

Step 2: Set the hostname of the instance

@rohan-molloy
rohan-molloy / postfix-main.cf
Created April 13, 2020 06:00
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
@rohan-molloy
rohan-molloy / Random-Pastebin.md
Created January 8, 2020 12:26

Pull random pastebin objects (looped)

while true; do 
  curl https://pastebin.com/raw/$(echo 'AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz' | 
  fold -w1 | shuf | head -n8 | tr -d '\n'); 
done
@rohan-molloy
rohan-molloy / sed-strip-html.md
Created December 22, 2019 10:12

Stripping HTML with Sed

Escape HTML characters

sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g; s/"/\&quot;/g; s/'"'"'/\&#39;/g'

Unescape HTML characters

sed 's/\&amp;/&/g; s/\&lt;/</g; s/&gt;/>/g; s/\&quot;/"/g;s/\&#39;/'"'"'/g'

Strip HTML tags

@rohan-molloy
rohan-molloy / ssh-auto-blacklist.md
Last active December 22, 2019 05:42

Automated Blacklisting of SSH scanners

Create iptables & ipset

ipset create scum hash:ip
iptables -t raw -A PREROUTING -j BLACKLISTING
iptables -t raw -A BLACKLISTING -m set --match-set scum src -j LOG
iptables -t raw -A BLACKLISTING -m set --match-set scum src -j DROP
@rohan-molloy
rohan-molloy / ssh-log-analysis-by-asn.sh
Last active March 29, 2020 05:35
### Prints a CSV of the AS origin of SSH intrusion attempts
### Format: as_number,bgp_prefix,country_code,rir_name,date_allocated,num_occurrences
### d7d3db009fd67083faf1276a1b69ebfa097cc5400f202f95551aa94115d7ddcd
for ip in $(journalctl -u ssh -u sshd --since -${period:-'1day'}|awk '/Failed/{print $(NF-3)}');
do dig $(tac -s.<<<"$ip.")origin.asn.cymru.com +short txt; done \
| sort --numeric-sort \
| uniq --count \
| sort --numeric-sort \
| sed 's/ | /,/g' \
| tr -d \" \
@rohan-molloy
rohan-molloy / wget-with-hash-check.md
Last active December 21, 2019 13:15

Download a file and verify its hash

Parameters: url sha256 [filename].
If unset, it gets a filename from the URL.
If verification fails, it saves to $filename.invalid

get_remote_file() {
  test -z "$1" -o -z "$2" && (echo "Usage: $0 remote_url content_sha256sum [output_filename]"; return $?);
  local file=$(test -n "$3" && echo $3 || basename $1|tr -dc '[:alnum:]\.\-\_\:\/');
  wget -O $file $1 && (sha256sum -c <(printf "%s\t%s" $2 $file) || mv $file $file.invalid);
  return $? 
}