Thomas Patzke thomaspatzke
thomaspatzke
/ gist:7445851
Created
November 13, 2013 08:54
Create HTML with links to all HTTP servers from nmap scan results.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| xmlstarlet sel -T -t -m '//port/service[@name="http"]' -v 'concat(ancestor::host/address/@addr, ":", ../@portid, " <a href=http://", ancestor::host/address/@addr, ":", ../@portid, ">HTTP</a> <a href=https://", ancestor::host/address/@addr, ":", ../@portid, ">HTTPS</a><br />")' -n file.xml |
thomaspatzke
/ gist:7481047
Created
November 15, 2013 08:35
Create "host;name;port;service;product" CSV from nmap scan XML.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| xmlstarlet sel -t -m '//port/state[@state="open"]' -v 'concat(ancestor::host/address/@addr,";",ancestor::host/hostnames/hostname[position()=1]/@name,";",../@portid,";",../service/@name,";",../service/@product)' -n file.xml |
thomaspatzke
/ net-config.sh
Created
January 19, 2016 22:46
Shell script to quickly switch between real Internet connection (NAT) and simulated (INetSim)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| case "$1" in | |
| router) | |
| sysctl -w net.ipv4.ip_forward=1 | |
| iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
| systemctl start dnsmasq.service | |
| ;; | |
| router-stop) | |
| sysctl -w net.ipv4.ip_forward=0 |
thomaspatzke
/ create_deleter.py
Created
January 30, 2016 22:29
Create file deletion script from two 'openssl sha1' outputs. Deletions are done in files referenced in source hash file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| from sys import argv, exit | |
| import re | |
| hashline_re = re.compile('^SHA1\((.*?)\)= (.*)$') | |
| dsthashes = dict() | |
| if len(argv) < 4: |
thomaspatzke
/ CSRFToken.py
Created
February 3, 2015 14:01
Burp extension: extract CSRF tokens from responses of selected Burp tools and update them with a custom session handling rule.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import (IBurpExtender, IBurpExtenderCallbacks, ISessionHandlingAction, IHttpListener) | |
| import re | |
| class BurpExtender(IBurpExtender, ISessionHandlingAction, IHttpListener): | |
| def registerExtenderCallbacks(self, callbacks): | |
| self.callbacks = callbacks | |
| self.helpers = callbacks.getHelpers() | |
| callbacks.setExtensionName("Session CSRF Token Handling") | |
| self.callbacks.registerSessionHandlingAction(self) | |
| self.callbacks.registerHttpListener(self) |
thomaspatzke
/ Burp-CSRFRandomName.py
Created
February 15, 2017 09:09
Burp Session Handling Extension: CSRF tokens with random parameter names
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import (IBurpExtender, IBurpExtenderCallbacks, ISessionHandlingAction, IHttpListener) | |
| import re | |
| class BurpExtender(IBurpExtender, ISessionHandlingAction, IHttpListener): | |
| def registerExtenderCallbacks(self, callbacks): | |
| self.callbacks = callbacks | |
| self.helpers = callbacks.getHelpers() | |
| callbacks.setExtensionName("Handling of CSRF Tokens with Random Names") | |
| self.callbacks.registerSessionHandlingAction(self) | |
| self.callbacks.registerHttpListener(self) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set nocompatible | |
| set rtp+=~/.vim/bundle/Vundle.vim | |
| call vundle#begin() | |
| Plugin 'gmarik/Vundle.vim' | |
| Plugin 'tpope/vim-fugitive' | |
| Plugin 'davidhalter/jedi-vim' | |
| Plugin 'vim-latex/vim-latex' | |
| Plugin 'vim-syntastic/syntastic' | |
| Plugin 'scrooloose/nerdtree' |
thomaspatzke
/ gist:8919230
Created
February 10, 2014 16:32
Search all memory sections from a core dump for a particular string
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| readelf -l core | perl -ne 'if (/^\s*LOAD\s+\S+\s+(\S+)\s+\S+\s+(\S+)/) { print "printf \"=== $1 ===\\n\"\nfind $1, +$2, \"Search\"\n" }' > searchmem.gdb | |
| gdb executable core < searchmem.gdb |
thomaspatzke
/ proxy_http_connect-portscanner.sh
Created
September 1, 2016 13:28
Simple HTTP CONNECT Proxy Portscanner
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for (( p=0; p <= 65535; p++ )); do echo "Probing port $p"; echo -n "Port $p: " >> portscan.log; (echo CONNECT targethost:$p HTTP/1.1; echo) | nc -q 3 proxyhost proxyport | head -1 >> portscan.log; done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ransomware Killer v0.1 by Thomas Patzke <thomas@patzke.org> | |
| # Kill all parent processes of the command that tries to run "vssadmin Delete Shadows" | |
| # IMPORTANT: This must run with Administrator privileges! | |
| Register-WmiEvent -Query "select * from __instancecreationevent within 0.1 where targetinstance isa 'win32_process' and targetinstance.CommandLine like '%vssadmin%Delete%Shadows%'" -Action { | |
| # Kill all parent processes from detected vssadmin process | |
| $p = $EventArgs.NewEvent.TargetInstance | |
| while ($p) { | |
| $ppid = $p.ParentProcessID | |
| $pp = Get-WmiObject -Class Win32_Process -Filter "ProcessID=$ppid" | |
| Write-Host $p.ProcessID |