View mitre_attack_oneliners.sh
# Requires: curl, jq | |
# Download MITRE ATT&CK data from GitHub repository | |
curl -o enterprise-attack.json https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json | |
# List all ATT&CK object types | |
jq -r '[ .objects[].type ] | unique | .[]' enterprise-attack.json | |
# List all ATT&CK technique identifiers | |
jq -r '[ .objects[] | select(.type == "attack-pattern") | .external_references[] | select(.source_name == "mitre-attack") | .external_id ] | sort | .[]' enterprise-attack.json |
View Kill-Ransomware.ps1
# Ransomware Killer v0.1 by Thomas Patzke <thomas@patzke.org> | |
# Kill all parent processes of the command that tries to run "vssadmin Delete Shadows" | |
# IMPORTANT: This must run with Administrator privileges! | |
Register-WmiEvent -Query "select * from __instancecreationevent within 0.1 where targetinstance isa 'win32_process' and targetinstance.CommandLine like '%vssadmin%Delete%Shadows%'" -Action { | |
# Kill all parent processes from detected vssadmin process | |
$p = $EventArgs.NewEvent.TargetInstance | |
while ($p) { | |
$ppid = $p.ParentProcessID | |
$pp = Get-WmiObject -Class Win32_Process -Filter "ProcessID=$ppid" | |
Write-Host $p.ProcessID |
View Burp-CSRFRandomName.py
from burp import (IBurpExtender, IBurpExtenderCallbacks, ISessionHandlingAction, IHttpListener) | |
import re | |
class BurpExtender(IBurpExtender, ISessionHandlingAction, IHttpListener): | |
def registerExtenderCallbacks(self, callbacks): | |
self.callbacks = callbacks | |
self.helpers = callbacks.getHelpers() | |
callbacks.setExtensionName("Handling of CSRF Tokens with Random Names") | |
self.callbacks.registerSessionHandlingAction(self) | |
self.callbacks.registerHttpListener(self) |
View proxy_http_connect-portscanner.sh
for (( p=0; p <= 65535; p++ )); do echo "Probing port $p"; echo -n "Port $p: " >> portscan.log; (echo CONNECT targethost:$p HTTP/1.1; echo) | nc -q 3 proxyhost proxyport | head -1 >> portscan.log; done |
View nmap-open-ports.sh
xmlstarlet sel -t -m '//port/state[@state="open"]/parent::port' -v 'ancestor::host/address/@addr' -o : -v './@portid' -n nmap-output.xml |
View create_deleter.py
#!/usr/bin/python3 | |
from sys import argv, exit | |
import re | |
hashline_re = re.compile('^SHA1\((.*?)\)= (.*)$') | |
dsthashes = dict() | |
if len(argv) < 4: |
View net-config.sh
#!/bin/bash | |
case "$1" in | |
router) | |
sysctl -w net.ipv4.ip_forward=1 | |
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
systemctl start dnsmasq.service | |
;; | |
router-stop) | |
sysctl -w net.ipv4.ip_forward=0 |
View hexdump.py
print("\n".join([" ".join(["{:02x}".format(c) for c in bin[i:i+16]]) for i in range(0, len(bin), 16)])) |
View CSRFToken.py
from burp import (IBurpExtender, IBurpExtenderCallbacks, ISessionHandlingAction, IHttpListener) | |
import re | |
class BurpExtender(IBurpExtender, ISessionHandlingAction, IHttpListener): | |
def registerExtenderCallbacks(self, callbacks): | |
self.callbacks = callbacks | |
self.helpers = callbacks.getHelpers() | |
callbacks.setExtensionName("Session CSRF Token Handling") | |
self.callbacks.registerSessionHandlingAction(self) | |
self.callbacks.registerHttpListener(self) |
View Burp-SessionHandlingActionReplaceIDInResponse.py
from burp import (IBurpExtender, ISessionHandlingAction) | |
import re | |
class BurpExtender(IBurpExtender, ISessionHandlingAction): | |
def registerExtenderCallbacks(self, callbacks): | |
self.callbacks = callbacks | |
self.helpers = callbacks.getHelpers() | |
callbacks.setExtensionName("Path Parameter Session Handling Action") | |
self.callbacks.registerSessionHandlingAction(self) | |
self.out = callbacks.getStdout() |
NewerOlder