Skip to content

Instantly share code, notes, and snippets.

View seajaysec's full-sized avatar

Chris Farrell seajaysec

View GitHub Profile
seajaysec /
Created September 24, 2019 23:06
custom bloodhound queries for the neo4j console

Cypher Queries

Cypher Queries can be entered into the neo4j console, accessible at http://localhost:7474. These often return text-based content. There's a max of 1000 displayed rows within the console, however each query result can be downloaded as a CSV for more in depth analysis. When pasting, replace all instances of "EXAMPLE.COM" with the domain name that you are operating on. These are from a wide range of sources. A lot of them came or were inspired by discussions on the Bloodhound Slack.


Generate list of all operating systems

MATCH (c:Computer)
seajaysec /
Created September 24, 2019 19:11
parses pypykatz's json output for plaintext and hashed creds
# prereqs: jq, all the dumps in current working dir
# create csv file, add headers
echo "source,type,domain,username,result" >out.csv
# function: remove first and last lines:
sedfl() {
sed '1d;$d'
seajaysec /
Created September 23, 2019 13:48
airgeddon 9.22 - light mode tmux
#!/usr/bin/env bash
#Description..: This is a multi-use bash script for Linux systems to audit wireless networks. Modified for light mode in tmux by seajay.
#Author.......: v1s1t0r
#Date.........: 20190908
#Version......: 9.22
#Usage........: bash
#Bash Version.: 4.2 or later
#Global shellcheck disabled warnings
seajaysec /
Last active January 21, 2024 00:03
super rough plaintext secret parser for pypykatz dumps
# prereqs: pypykatz, all the dumps in current working dir
mkdir ./ppktz_tickets 2>/dev/null
for i in *$ext; do
pypykatz lsa minidump $i -o $txtfile -k ./ppktz_tickets/;
seajaysec / cloudSettings
Last active August 2, 2019 18:49
Visual Studio Code Settings Sync Gist
seajaysec /
Created May 14, 2019 12:38
doing the thing

Keybase proof

I hereby claim:

  • I am chrsjhnsn on github.
  • I am seeej ( on keybase.
  • I have a public key ASCLkFXaIQmXJoFbDnCP6UcumsGXYu25jiZegj_6XUU-JQo

To claim this, I am signing this object:

seajaysec / spray!
Created May 7, 2019 21:06
password file from updated for this year, with ! added
seajaysec /
Last active January 25, 2024 22:34 — forked from anonymous/
Backup starred GitHub repositories
pages=$(curl -I$user/starred | sed -nr 's/^Link:.*page=([0-9]+).*/\1/p')
cd /opt/
for page in $(seq 0 $pages); do
curl "$user/starred?page=$page&per_page=100" | jq -r '.[].html_url' |
while read rp; do
seajaysec /
Last active October 26, 2020 08:46
Generates URL list from App-Site Association file
# Requirements: httpie, jq
# Inspired by:
echo 'Testing URL for AASA'
check=`curl -sL -w "%{http_code}\n" "$full" -o /dev/null`
seajaysec /
Last active December 29, 2023 19:09
Parses output from CrackMapExec, CrackMapExtreme, Responder, PCredz, and into aggregate files of hashes and plaintext output
# This script assumes Responder is in /opt/Responder
# Error messages begone!
exec 2>/dev/null
# Hardcoded location for script output files
# Hardcoded location for ntlmrelayx's .sam file output directory