| # Discovery | |
| ## masscan | |
| ### Top 100 ports TCP/UDP | |
| masscan -p7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157,U:2-3,U:7,U:9,U:13,U:17,U:19-23,U:37-38,U:42,U:49,U:53,U:67-69,U:80,U:88,U:111-113,U:120,U:123,U:135-139,U:158,U:161-162,U:177,U:192,U:199,U:207,U:217,U:363,U:389,U:402,U:407,U:427,U:434,U:443,U:445,U:464,U:497,U:500,U:502,U:512-515,U:517-518,U:520,U:539,U:559,U:593,U:623,U:626,U:631,U:639,U:643,U:657,U:664,U:682-689,U:764,U:767,U:772-776,U:780-782,U:786,U:789,U:800,U:814,U:826,U:829,U:838,U:902-903,U:944,U:959,U:965,U:983,U:989-990,U:996-1001,U:1007-1008,U:1012-1014,U:1019-1051,U:1053-1060,U:1064-1070,U:1072,U:1080-1081,U:1087-1088,U:1090,U:1100-1101,U:1105, |
If you need to decomission a node the first thing you should do is transfer all shards from it to other nodes
This command will tell ElasticSearch to:
| {"severity":2,"customFields":{},"description":"Case Created from a MISP event","tags":["misp","from-misp-event"],"name":"MISP-EVENT","tlp":2,"titlePrefix":"[MISP]","metrics":{},"pap":2,"tasks":[{"title":"Scratchpad","order":0,"group":"Scratchpad"},{"title":"Peers & Partners","order":1,"group":"Comms"},{"title":"Other","order":2,"group":"Comms"},{"title":"Detection && Identification","order":3,"group":"IR-Step2"},{"title":"Analysis && Digital Forensics","order":4,"group":"IR-Step2"},{"title":"Containment","order":5,"group":"IR-Step3"},{"title":"Eradication","order":6,"group":"IR-Step4"},{"title":"Recovery","order":7,"group":"IR-Step5"},{"title":"Lessons Learned","order":8,"group":"IR-Step6"}],"status":"Ok"} |
| #!/bin/bash | |
| # Filename: showdupes.sh | |
| # source: http://brakertech.com/compare-two-files-and-print-lines-that-match/ | |
| # this file takes two text files as input | |
| # sorts them and outputs lines from | |
| # file 2 that match file 1 | |
| if [ -f "$1" ] && [ -f "$2" ] | |
| then | |
| awk 'NR==FNR{arr[$0];next} $0 in arr' $1.tmp $2.tmp; |
| https://attack.mitre.org/wiki/ATT&CK_Matrix | |
| Convert pcapng to pcapng | |
| tshark -F pcap -r /Users/sstonebraker/Downloads/capture_ilch1dc02p.pcapng -w /Users/sstonebraker/Downloads/capture_ilch1dc02p.pcap | |
| recursively convert pcapng files to pcap | |
| find . -type f -name '*.pcapng' -print0 | while IFS= read -r -d '' f; do tshark -F pcap -r "$f" -w "${f%.pcapng}.pcap"; done |
| Replace 'X' with the domain name of your choice | |
| # Back link | |
| link:X -site:X | |
| # Sub domain | |
| site:X -site:www.X | |
| # Url | |
| inurl:X -site:X |
| #!/bin/bash | |
| # Usage: ./ipinfo.sh file_containing_one_ip_per_line | |
| filename=$1 | |
| ipAddresses=`cat $filename` | |
| `echo "" > out.txt` #To empty the file | |
| readonly ourPath="$(dirname $0)" |
| # Add this to your bash profile | |
| ipextract () { | |
| # example: ipextract < filename | |
| egrep --only-matching -E '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' | |
| } |
| #!/bin/bash | |
| ######################################################################### | |
| # # | |
| # # | |
| # NATO String converter # | |
| # # | |
| # Description: converts string (first parameter given) # | |
| # to NATO phonetics-alphabet # | |
| # # |
| # ediscovery_search_exported_msg_files.ps1 | |
| # Search through exported .msg files from content search (exchange compliance center) and return a spreadsheet of email addresses and matched URLs | |
| # Kill outlook | |
| cmd.exe /c "taskkill /F /IM outlook.exe /T 2> nul" | |
| $scriptPath = $(split-path $myinvocation.mycommand.definition) | |
| $inputPath = "$($scriptPath)\inputMails" | |
| # Find all .msg files recursively |