Skip to content

Instantly share code, notes, and snippets.

View seajaysec's full-sized avatar

Chris Farrell seajaysec

86 followers · 21 following
View GitHub Profile
@seajaysec
seajaysec / cypherqueries.md
Created September 24, 2019 23:06
custom bloodhound queries for the neo4j console

Cypher Queries

Cypher Queries can be entered into the neo4j console, accessible at http://localhost:7474. These often return text-based content. There's a max of 1000 displayed rows within the console, however each query result can be downloaded as a CSV for more in depth analysis. When pasting, replace all instances of "EXAMPLE.COM" with the domain name that you are operating on. These are from a wide range of sources. A lot of them came or were inspired by discussions on the Bloodhound Slack.

Basic

Generate list of all operating systems

MATCH (c:Computer)
@seajaysec
seajaysec / parseitup.sh
Created September 24, 2019 19:11
parses pypykatz's json output for plaintext and hashed creds
#!/bin/bash
# prereqs: jq, all the dumps in current working dir
# create csv file, add headers
echo "source,type,domain,username,result" >out.csv
# function: remove first and last lines:
sedfl() {
sed '1d;$d'
}
@seajaysec
seajaysec / airgeddon.sh
Created September 23, 2019 13:48
airgeddon 9.22 - light mode tmux
#!/usr/bin/env bash
#Title........: airgeddon.sh
#Description..: This is a multi-use bash script for Linux systems to audit wireless networks. Modified for light mode in tmux by seajay.
#Author.......: v1s1t0r
#Date.........: 20190908
#Version......: 9.22
#Usage........: bash airgeddon.sh
#Bash Version.: 4.2 or later
#Global shellcheck disabled warnings
@seajaysec
seajaysec / mymykat.sh
Last active January 21, 2024 00:03
super rough plaintext secret parser for pypykatz dumps
#!/bin/bash
# prereqs: pypykatz, all the dumps in current working dir
mkdir ./ppktz_tickets 2>/dev/null
ext='.dmp'
for i in *$ext; do
txtfile=${i::-3}txt
secrets=${i::-3}secrets
pypykatz lsa minidump $i -o $txtfile -k ./ppktz_tickets/;
@seajaysec
seajaysec / cloudSettings
Last active August 2, 2019 18:49
Visual Studio Code Settings Sync Gist
{"lastUpload":"2019-08-02T18:49:46.186Z","extensionVersion":"v3.4.1"}
@seajaysec
seajaysec / keybase.md
Created May 14, 2019 12:38
doing the thing

Keybase proof

I hereby claim:

  • I am chrsjhnsn on github.
  • I am seeej (https://keybase.io/seeej) on keybase.
  • I have a public key ASCLkFXaIQmXJoFbDnCP6UcumsGXYu25jiZegj_6XUU-JQo

To claim this, I am signing this object:

@seajaysec
seajaysec / spray!
Created May 7, 2019 21:06
password file from spray.sh updated for this year, with ! added
Winter2018
Winter2018!
Winter2019
Winter2019!
Winter18
Winter18!
Winter19
Winter19!
Winter12
Winter12!
@seajaysec
seajaysec / clonestarrunner.sh
Last active January 25, 2024 22:34 — forked from anonymous/gh-backup-starred.sh
Backup starred GitHub repositories
#!/bin/bash
user="CHANGEME"
pages=$(curl -I https://api.github.com/users/$user/starred | sed -nr 's/^Link:.*page=([0-9]+).*/\1/p')
cd /opt/
for page in $(seq 0 $pages); do
curl "https://api.github.com/users/$user/starred?page=$page&per_page=100" | jq -r '.[].html_url' |
while read rp; do
@seajaysec
seajaysec / aasa.sh
Last active October 26, 2020 08:46
Generates URL list from App-Site Association file
#!/bin/bash
# Requirements: httpie, jq
# Inspired by:
# https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/april/apples_app_site_association_the_new_robots_txt/
echo 'Testing URL for AASA'
full=$1/.well-known/apple-app-site-association
check=`curl -sL -w "%{http_code}\n" "$full" -o /dev/null`
@seajaysec
seajaysec / gather.sh
Last active December 29, 2023 19:09
Parses output from CrackMapExec, CrackMapExtreme, Responder, PCredz, and NTLMRelayX.py into aggregate files of hashes and plaintext output
#!/bin/bash
# This script assumes Responder is in /opt/Responder
# Error messages begone!
exec 2>/dev/null
# Hardcoded location for script output files
OUTDIR=${HOME}'/working/loot/gathered'
# Hardcoded location for ntlmrelayx's .sam file output directory
NTLMRELAY=${HOME}'/working/loot/ntlmrelay'