Skip to content

Instantly share code, notes, and snippets.

View seajaysec's full-sized avatar

seajay seajaysec

92 followers · 25 following
View GitHub Profile
@seajaysec
seajaysec / customqueries.json
Last active December 11, 2025 21:08
bloodhound custom queries
{
"queries": [{
"name": "List all owned users",
"queryList": [{
"final": true,
"query": "MATCH (m:User) WHERE m.owned=TRUE RETURN m"
}]
},
{
"name": "List all owned computers",
@seajaysec
seajaysec / WaT_Audio.md
Last active October 14, 2024 23:00
Wind & Truth Previews - Audiobook Links
@seajaysec
seajaysec / ΡSЧBiΞՈך.•✦∑UΡի💫RiΔ.csv
Created July 9, 2024 05:13
Track name Artist name Album
Night Out - D. Batistatos Remix Zero Cult Art of Harmony
Dancing with the Dead Hedflux Kin
Deceptive Metropolis The Enigma Tng Hybrid Fantasy
Atlantis City En Voice Inclination for Composure
Peace Of Mind Vibrasphere Namaskar
Sapiente Libra John Spanos End of Time
When Shall I be Free? Shpongle Nothing Lasts...But Nothing Is Lost
Haunting of Mars Solindro & Switch Haunting of Mars
Shift M-Seven Imaginary Being
@seajaysec
seajaysec / cypherqueries.md
Created September 24, 2019 23:06
custom bloodhound queries for the neo4j console

Cypher Queries

Cypher Queries can be entered into the neo4j console, accessible at http://localhost:7474. These often return text-based content. There's a max of 1000 displayed rows within the console, however each query result can be downloaded as a CSV for more in depth analysis. When pasting, replace all instances of "EXAMPLE.COM" with the domain name that you are operating on. These are from a wide range of sources. A lot of them came or were inspired by discussions on the Bloodhound Slack.

Basic

Generate list of all operating systems

MATCH (c:Computer)
@seajaysec
seajaysec / gather.sh
Last active April 29, 2024 16:53
Parses output from CrackMapExec, CrackMapExtreme, Responder, PCredz, and NTLMRelayX.py into aggregate files of hashes and plaintext output
#!/bin/bash
# This script assumes Responder is in /opt/Responder
# Error messages begone!
exec 2>/dev/null
# Hardcoded location for script output files
OUTDIR=${HOME}'/working/loot/gathered'
# Hardcoded location for ntlmrelayx's .sam file output directory
NTLMRELAY=${HOME}'/working/loot/ntlmrelay'
@seajaysec
seajaysec / clonestarrunner.sh
Last active January 25, 2024 22:34 — forked from anonymous/gh-backup-starred.sh
Backup starred GitHub repositories
#!/bin/bash
user="CHANGEME"
pages=$(curl -I https://api.github.com/users/$user/starred | sed -nr 's/^Link:.*page=([0-9]+).*/\1/p')
cd /opt/
for page in $(seq 0 $pages); do
curl "https://api.github.com/users/$user/starred?page=$page&per_page=100" | jq -r '.[].html_url' |
while read rp; do
@seajaysec
seajaysec / mymykat.sh
Last active January 21, 2024 00:03
super rough plaintext secret parser for pypykatz dumps
#!/bin/bash
# prereqs: pypykatz, all the dumps in current working dir
mkdir ./ppktz_tickets 2>/dev/null
ext='.dmp'
for i in *$ext; do
txtfile=${i::-3}txt
secrets=${i::-3}secrets
pypykatz lsa minidump $i -o $txtfile -k ./ppktz_tickets/;
@seajaysec
seajaysec / spray!
Created May 7, 2019 21:06
password file from spray.sh updated for this year, with ! added
Winter2018
Winter2018!
Winter2019
Winter2019!
Winter18
Winter18!
Winter19
Winter19!
Winter12
Winter12!
@seajaysec
seajaysec / aasa.sh
Last active October 26, 2020 08:46
Generates URL list from App-Site Association file
#!/bin/bash
# Requirements: httpie, jq
# Inspired by:
# https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/april/apples_app_site_association_the_new_robots_txt/
echo 'Testing URL for AASA'
full=$1/.well-known/apple-app-site-association
check=`curl -sL -w "%{http_code}\n" "$full" -o /dev/null`
@seajaysec
seajaysec / parseitup.sh
Created September 24, 2019 19:11
parses pypykatz's json output for plaintext and hashed creds
#!/bin/bash
# prereqs: jq, all the dumps in current working dir
# create csv file, add headers
echo "source,type,domain,username,result" >out.csv
# function: remove first and last lines:
sedfl() {
sed '1d;$d'
}