This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Privacy Enhanced Mail (PEM) Extraction Script for Ghidra | |
#PEM is a common format for storing cryptographic material as ASCII | |
#@category BeginnerGhidraClass | |
from re import findall | |
counter = 0 | |
filename = currentProgram.getExecutablePath(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import base64 | |
import datetime | |
import requests | |
import urllib | |
class Session(object): | |
__instance = None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from socket import * | |
from struct import unpack | |
import sys | |
INTERFACE = "eth0" | |
TARGET = "8.8.8.8" | |
if __name__ == "__main__": | |
sock = socket(AF_PACKET, SOCK_DGRAM, 0x0800) | |
sock.bind((INTERFACE, 0x0800)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Imports necessary python libraries for working with XML | |
from xml.etree.ElementTree import XML, fromstring | |
from xml.etree import ElementTree | |
#This is the base string text of your XML files. """ """ in python denotes a multiline literal string | |
item_text = """<id-02227> | |
<avail type="string">9R</avail> | |
<cost type="string">15,000¥</cost> | |
<description type="formattedtext"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import csv | |
directory = "/path/to/csv_folder/" | |
headers = [] | |
merged_file_data = [] | |
for file_name in os.listdir(directory): | |
index = 0 | |
file_path = os.path.join(directory, file_name) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Converts millisecond epoch format to datetime - https://www.epochconverter.com/ | |
1351108441165 = 10/24/2012 19:54:01 | |
=(A1/ 86400000) + DATE(1970,1,1) | |
Google Sheets combine date and time into timestamp | |
=B2+C2 | |
Format as datetime | |
Time Diff between events |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Export-Events ($events, $outputPath) { | |
$formattedEvents = $events | ForEach-Object { | |
$_ | ForEach-Object { | |
New-Object PSObject -Property ([ordered]@{Action = $_.Action; AttachmentName = $_.AttachmentName; Date = $_.Date; Division = $_.Division; Recipient = $_.Recipient; SamAccountName = $_.SamAccountName; Sender = $_.Sender; Subject = $_.Subject;}) | |
} | |
} | |
$formattedEvents | Export-Csv $outputPath -NoTypeInformation | |
$gui.LogTextBox.Dispatcher.Invoke('Normal', [action]{$gui.LogTextBox.AppendText("$(Get-Date) - Data has been exported to $outputPath`r`n")}) | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
\b(http:\/\/www\.|https:\/\/www\.|http:\/\/|https:\/\/)?[a-z0-9:@]+([\-\.]{1}[a-z0-9:@]+)*\.(aaa|aarp|abarth|abb|abbott|abbvie|abc|able|abogado|abudhabi|ac|academy|accenture|accountant|accountants|aco|active|actor|ad|adac|ads|adult|ae|aeg|aero|aetna|af|afamilycompany|afl|africa|ag|agakhan|agency|ai|aig|aigo|airbus|airforce|airtel|akdn|al|alfaromeo|alibaba|alipay|allfinanz|allstate|ally|alsace|alstom|am|americanexpress|americanfamily|amex|amfam|amica|amsterdam|analytics|android|anquan|anz|ao|aol|apartments|app|apple|aq|aquarelle|ar|arab|aramco|archi|army|arpa|art|arte|as|asda|asia|associates|at|athleta|attorney|au|auction|audi|audible|audio|auspost|author|auto|autos|avianca|aw|aws|ax|axa|az|azure|ba|baby|baidu|banamex|bananarepublic|band|bank|bar|barcelona|barclaycard|barclays|barefoot|bargains|baseball|basketball|bauhaus|bayern|bb|bbc|bbt|bbva|bcg|bcn|bd|be|beats|beauty|beer|bentley|berlin|best|bestbuy|bet|bf|bg|bh|bharti|bi|bible|bid|bike|bing|bingo|bio|biz|bj|black|blackfriday|blanco|blockbuster|blog|bloomb |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#PowerShell Triage Script | |
$suspicious_ip = '' | |
$ip_address = '' | |
$hostname = '' | |
$endpoint_information = @{ | |
remote_powershell_version = '' | |
os_version = '' | |
network_connections = '' | |
running_processes = '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3.6 | |
''' | |
Requirements: | |
sudo apt-get install python3 | |
sudo apt-get install pip3 | |
pip3 install python-twitter | |
pip3 install beautifulsoup4 | |
Compile script into binary: | |
pyinstaller --onefile osint-collector.py |
NewerOlder