Skip to content

Instantly share code, notes, and snippets.

Avatar

Scott Stout skout23

View GitHub Profile
@skout23
skout23 / google_calendar_events_quick_scanner.py
Created Oct 13, 2020
A very quick/dirty scanner to look for secrets in calendar events
View google_calendar_events_quick_scanner.py
# Futures
from __future__ import print_function
# Built-in/Generic Imports
import datetime
import pickle
import os.path
import re
# Libs
@skout23
skout23 / logs_insights_queries.txt
Created Feb 11, 2019
Scratch Pad ideas for Cloudtrail queries using AWS Cloudwatch Logs Insights
View logs_insights_queries.txt
```
filter eventName="ConsoleLogin"
| stats count(*) as eventCount by userIdentity.userName, sourceIPAddress
| sort eventCount desc
filter not sourceIPAddress =~ /^(?i)123.123.123.123/ and userIdentity.userName =~/^(?i)\w/
| stats count(*) as eventCount by eventName, userIdentity.userName, sourceIPAddress
| sort eventCount desc
filter eventName="ConsoleLogin"
@skout23
skout23 / s3_bucket_sizes.sh
Created Feb 1, 2019
Get the latest size in bytes of all s3 buckets given a list of profiles
View s3_bucket_sizes.sh
#!/bin/bash
aws_profile=("default" "otherprofile");
region="us-east-1"
# setting the expected date() format BSD style (macos)
start_time="$(date -v-2d '+%Y-%m-%d')"
end_time="$(date '+%Y-%m-%d')"
#loop AWS profiles array incase we provide more than 1 profile
for profile in "${aws_profile[@]}"; do
@skout23
skout23 / buffer_overflow.c
Last active Apr 26, 2018
simple buffer_overflow for testing afl
View buffer_overflow.c
/*
Compile with:
afl-gcc -fno-stack-protector -z execstack buffer_overflow.c -o buffer_overflow
gcc -fno-stack-protector -z execstack buffer_overflow.c -o buffer_overflow
*/
#include <stdio.h>
#include <string.h>
View pyenv + virtualenv all the things
# should pick up pyenv as dep
brew install pyenv-virtualenv
# add to your .bash_profile or other .profile
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"
# List available pythons versions
$ pyenv install -l
@skout23
skout23 / too short.txt
Created Oct 4, 2015
Fixing suricata on 12.04 ubuntu
View too short.txt
aptitude install suricata
...
sudo modprobe nfnetlink_queue
View GeoIP Product Id's
ProductID Database
106 GeoIP.dat
111 GeoIPOrg.dat
112/115 GeoIPRegion.dat
117 GeoIPASNum.dat
119 GeoIPUserType.dat
121/122 GeoIPISP.dat
132/133 GeoIPCity.dat
135 GeoIPAreaCode.dat
137 GeoIPDMACode.dat
@skout23
skout23 / mario.rb
Created Aug 7, 2015
quick poc to print out the mario half pyramid
View mario.rb
#!/usr/bin/env ruby
#
# quick poc to print out the mario half pyramid
#
#
def pymid(base)
1.upto(base) do |row|
str = "#" * row
@skout23
skout23 / codewatcher.rb
Created Oct 29, 2014
simple-ish rss atom feed watcher to alert when a code change has taken place
View codewatcher.rb
# script to watch production code commit log and send a diff of if any changes for PCI regulation needs
require 'rss'
require 'openssl'
DEBUG = false
# set the local store for marshalled data
$prod_code_last_reported_date = '/home/someuser/bin/watch_rss/data/last_reported.yml'
@skout23
skout23 / gimmetime.rb
Created Oct 7, 2014
stupid import thing
View gimmetime.rb
#!/usr/bin/env ruby
require 'time'
$output = File.open("tstamp.csv",'w')
$input = File.open("dork.in",'r')
def gimmetime(str)
d1 = Time.parse(str)
rm1 = Random.new
You can’t perform that action at this time.