Skip to content

Instantly share code, notes, and snippets.

Steve Stonebraker ssstonebraker

Block or report user

Report or block ssstonebraker

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@ssstonebraker
ssstonebraker / elasticsearch_5.6_cheatsheet.md
Last active Oct 28, 2019
ElasticSearch 5.6 Cheatsheet
View elasticsearch_5.6_cheatsheet.md

ElasticSearch 5.6 Cheatsheet

Node Decomission

If you need to decomission a node the first thing you should do is transfer all shards from it to other nodes

Start Moving all Shards off a node

This command will tell ElasticSearch to:

  1. Stop sending new shards to node 10.0.0.1
  2. Move all existing shards on node 10.0.0.1 to other nodes in the cluster
@ssstonebraker
ssstonebraker / Case-Template__MISP-EVENT.json
Created Apr 11, 2019
TheHive Case Template - MISP-EVENT
View Case-Template__MISP-EVENT.json
{"severity":2,"customFields":{},"description":"Case Created from a MISP event","tags":["misp","from-misp-event"],"name":"MISP-EVENT","tlp":2,"titlePrefix":"[MISP]","metrics":{},"pap":2,"tasks":[{"title":"Scratchpad","order":0,"group":"Scratchpad"},{"title":"Peers & Partners","order":1,"group":"Comms"},{"title":"Other","order":2,"group":"Comms"},{"title":"Detection && Identification","order":3,"group":"IR-Step2"},{"title":"Analysis && Digital Forensics","order":4,"group":"IR-Step2"},{"title":"Containment","order":5,"group":"IR-Step3"},{"title":"Eradication","order":6,"group":"IR-Step4"},{"title":"Recovery","order":7,"group":"IR-Step5"},{"title":"Lessons Learned","order":8,"group":"IR-Step6"}],"status":"Ok"}
@ssstonebraker
ssstonebraker / showdupes.sh
Last active Dec 15, 2018
Linux dedupe compare files
View showdupes.sh
#!/bin/bash
# Filename: showdupes.sh
# source: http://brakertech.com/compare-two-files-and-print-lines-that-match/
# this file takes two text files as input
# sorts them and outputs lines from
# file 2 that match file 1
if [ -f "$1" ] && [ -f "$2" ]
then
awk 'NR==FNR{arr[$0];next} $0 in arr' $1.tmp $2.tmp;
@ssstonebraker
ssstonebraker / threat_hunting_info.txt
Last active May 23, 2019
Threat Hunting Information
View threat_hunting_info.txt
https://attack.mitre.org/wiki/ATT&CK_Matrix
Convert pcapng to pcapng
tshark -F pcap -r /Users/sstonebraker/Downloads/capture_ilch1dc02p.pcapng -w /Users/sstonebraker/Downloads/capture_ilch1dc02p.pcap
recursively convert pcapng files to pcap
find . -type f -name '*.pcapng' -print0 | while IFS= read -r -d '' f; do tshark -F pcap -r "$f" -w "${f%.pcapng}.pcap"; done
@ssstonebraker
ssstonebraker / Google_dorks
Created May 4, 2018 — forked from zbetcheckin/Google_dorks
Some google dorks useful in footprinting
View Google_dorks
Replace 'X' with the domain name of your choice
# Back link
link:X -site:X
# Sub domain
site:X -site:www.X
# Url
inurl:X -site:X
@ssstonebraker
ssstonebraker / ipinfo.sh
Created Apr 26, 2018
Determine Country Code for a List of IP Addresses
View ipinfo.sh
#!/bin/bash
# Usage: ./ipinfo.sh file_containing_one_ip_per_line
filename=$1
ipAddresses=`cat $filename`
`echo "" > out.txt` #To empty the file
readonly ourPath="$(dirname $0)"
View ipextract.example
# Add this to your bash profile
ipextract () {
# example: ipextract < filename
egrep --only-matching -E '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
}
@ssstonebraker
ssstonebraker / natophon.sh
Created Feb 22, 2018 — forked from bradland/natophon.sh
NATO phonetic string converter for bash
View natophon.sh
#!/bin/bash
#########################################################################
# #
# #
# NATO String converter #
# #
# Description: converts string (first parameter given) #
# to NATO phonetics-alphabet #
# #
@ssstonebraker
ssstonebraker / ediscovery_search_exported_msg_files.ps1
Created Feb 8, 2018
Search exported ediscovery msg files from exchange compliance center for a string
View ediscovery_search_exported_msg_files.ps1
# ediscovery_search_exported_msg_files.ps1
# Search through exported .msg files from content search (exchange compliance center) and return a spreadsheet of email addresses and matched URLs
# Kill outlook
cmd.exe /c "taskkill /F /IM outlook.exe /T 2> nul"
$scriptPath = $(split-path $myinvocation.mycommand.definition)
$inputPath = "$($scriptPath)\inputMails"
# Find all .msg files recursively
@ssstonebraker
ssstonebraker / get_amis.sh
Created Jan 17, 2018
Get all ami's in use on and aws account
View get_amis.sh
#!/bin/bash
# get_amis.sh
# Return a list of all ami's in use in aws
aws ec2 describe-instances --query 'Reservations[*].Instances[*].[ImageId,Tags[*]]' | grep ami | perl -pi -e "s/,//g;" | perl -pi -e "s/\"//g;" | perl -pi -e "s/\s+/\n/g;" | grep -v "^$"
You can’t perform that action at this time.