Thomas Patzke thomaspatzke
View mitre_attack_oneliners.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Requires: curl, jq | |
| # Download MITRE ATT&CK data from GitHub repository | |
| curl -o enterprise-attack.json https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json | |
| # List all ATT&CK object types | |
| jq -r '[ .objects[].type ] | unique | .[]' enterprise-attack.json | |
| # List all ATT&CK technique identifiers | |
| jq -r '[ .objects[] | select(.type == "attack-pattern") | .external_references[] | select(.source_name == "mitre-attack") | .external_id ] | sort | .[]' enterprise-attack.json |
View Kill-Ransomware.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ransomware Killer v0.1 by Thomas Patzke <thomas@patzke.org> | |
| # Kill all parent processes of the command that tries to run "vssadmin Delete Shadows" | |
| # IMPORTANT: This must run with Administrator privileges! | |
| Register-WmiEvent -Query "select * from __instancecreationevent within 0.1 where targetinstance isa 'win32_process' and targetinstance.CommandLine like '%vssadmin%Delete%Shadows%'" -Action { | |
| # Kill all parent processes from detected vssadmin process | |
| $p = $EventArgs.NewEvent.TargetInstance | |
| while ($p) { | |
| $ppid = $p.ParentProcessID | |
| $pp = Get-WmiObject -Class Win32_Process -Filter "ProcessID=$ppid" | |
| Write-Host $p.ProcessID |
thomaspatzke
/ Burp-CSRFRandomName.py
Created Feb 15, 2017
Burp Session Handling Extension: CSRF tokens with random parameter names
View Burp-CSRFRandomName.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import (IBurpExtender, IBurpExtenderCallbacks, ISessionHandlingAction, IHttpListener) | |
| import re | |
| class BurpExtender(IBurpExtender, ISessionHandlingAction, IHttpListener): | |
| def registerExtenderCallbacks(self, callbacks): | |
| self.callbacks = callbacks | |
| self.helpers = callbacks.getHelpers() | |
| callbacks.setExtensionName("Handling of CSRF Tokens with Random Names") | |
| self.callbacks.registerSessionHandlingAction(self) | |
| self.callbacks.registerHttpListener(self) |
thomaspatzke
/ proxy_http_connect-portscanner.sh
Created Sep 1, 2016
Simple HTTP CONNECT Proxy Portscanner
View proxy_http_connect-portscanner.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for (( p=0; p <= 65535; p++ )); do echo "Probing port $p"; echo -n "Port $p: " >> portscan.log; (echo CONNECT targethost:$p HTTP/1.1; echo) | nc -q 3 proxyhost proxyport | head -1 >> portscan.log; done |
thomaspatzke
/ nmap-open-ports.sh
Last active Nov 6, 2019
Extract all open ports in Host:Port format from nmap XML output
View nmap-open-ports.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| xmlstarlet sel -t -m '//port/state[@state="open"]/parent::port' -v 'ancestor::host/address/@addr' -o : -v './@portid' -n nmap-output.xml |
thomaspatzke
/ create_deleter.py
Created Jan 30, 2016
Create file deletion script from two 'openssl sha1' outputs. Deletions are done in files referenced in source hash file.
View create_deleter.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| from sys import argv, exit | |
| import re | |
| hashline_re = re.compile('^SHA1\((.*?)\)= (.*)$') | |
| dsthashes = dict() | |
| if len(argv) < 4: |
thomaspatzke
/ net-config.sh
Created Jan 19, 2016
Shell script to quickly switch between real Internet connection (NAT) and simulated (INetSim)
View net-config.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| case "$1" in | |
| router) | |
| sysctl -w net.ipv4.ip_forward=1 | |
| iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
| systemctl start dnsmasq.service | |
| ;; | |
| router-stop) | |
| sysctl -w net.ipv4.ip_forward=0 |
View hexdump.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| print("\n".join([" ".join(["{:02x}".format(c) for c in bin[i:i+16]]) for i in range(0, len(bin), 16)])) |
thomaspatzke
/ CSRFToken.py
Created Feb 3, 2015
Burp extension: extract CSRF tokens from responses of selected Burp tools and update them with a custom session handling rule.
View CSRFToken.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import (IBurpExtender, IBurpExtenderCallbacks, ISessionHandlingAction, IHttpListener) | |
| import re | |
| class BurpExtender(IBurpExtender, ISessionHandlingAction, IHttpListener): | |
| def registerExtenderCallbacks(self, callbacks): | |
| self.callbacks = callbacks | |
| self.helpers = callbacks.getHelpers() | |
| callbacks.setExtensionName("Session CSRF Token Handling") | |
| self.callbacks.registerSessionHandlingAction(self) | |
| self.callbacks.registerHttpListener(self) |
thomaspatzke
/ Burp-SessionHandlingActionReplaceIDInResponse.py
Created Feb 2, 2015
This is a template for a Burp extension that can be used as session handling macro action. It pulls an identifier (here: last part of location header from redirection response) from the first macro response and puts it in the given place of the current request (here: last URL path component). Adapt as needed at the places marked with "CONFIG" co…
View Burp-SessionHandlingActionReplaceIDInResponse.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import (IBurpExtender, ISessionHandlingAction) | |
| import re | |
| class BurpExtender(IBurpExtender, ISessionHandlingAction): | |
| def registerExtenderCallbacks(self, callbacks): | |
| self.callbacks = callbacks | |
| self.helpers = callbacks.getHelpers() | |
| callbacks.setExtensionName("Path Parameter Session Handling Action") | |
| self.callbacks.registerSessionHandlingAction(self) | |
| self.out = callbacks.getStdout() |
NewerOlder