John Carroll yosignals
yosignals
/ gist:3657b1cbcec2597b4249497fea75bcf1
Last active
December 23, 2022 14:32
(Go) Hash Counter, If you're dumping NTDS.dit hashes and you want to see what are worth focusing on the most (time pressure) this will list the duplicates with the top 40 offenders in highest volume - go run hashhosh.go it will need hashes.txt in the same folder
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bufio" | |
| "fmt" | |
| "os" | |
| "sort" | |
| ) | |
| func main() { |
yosignals
/ gist:80db7d8d06f8060abd0eecde933c9c68
Created
December 22, 2022 18:59
Useful for separating a mix of hashes, my use case was historical breach data where uncracked passwords where varying in Hash type, this aims to try and sort through them into files you can throw at hashcat or JtR
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| def sort_hashes(filename): | |
| # Create a list of hash types | |
| hash_types = [ | |
| 'md5', | |
| 'sha1', | |
| 'sha224', | |
| 'sha256', | |
| 'sha384', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get the current date and time | |
| $date = Get-Date | |
| # Get a list of all open TCP connections | |
| $tcpConnections = Get-NetTCPConnection | |
| # Create a table to display the results | |
| $table = New-Object System.Data.DataTable | |
| $table.Columns.Add("Local Address") | |
| $table.Columns.Add("Local Port") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bufio" | |
| "fmt" | |
| "os" | |
| "os/exec" | |
| "regexp" | |
| "sort" | |
| ) |
yosignals
/ Dynamic Subdomain C2 and or Exfil
Created
January 3, 2023 21:49
Dynamic Subdomain C2 Exfil detection - Splunk Query
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Select events from all indexes | |
| index=* | |
| # Extract the subdomain from the domain field and add a new field called "subdomain" | |
| | eval subdomain=split(domain, ".")[0] | |
| # Format the time field into a more human-readable format and add a new field called "time" | |
| | eval time=strftime(_time, "%Y-%m-%d %H:%M:%S") | |
| # Bin the time field into 2 minute intervals and add a new field called "bin_time" |
yosignals
/ gist:db1c2667fe072d125f840f18dc8ab181
Created
February 19, 2023 22:49
CS TS Prop Builder
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bufio" | |
| "fmt" | |
| "os" | |
| "fyne.io/fyne/v2" | |
| "fyne.io/fyne/v2/app" | |
| "fyne.io/fyne/v2/container" |
yosignals
/ gist:c426aeabbf3727140b9d88f567b38eb4
Created
February 20, 2023 10:25
Subslplit.py | some (excellent) pen testing tools have a hard time outside of /24 and smaller networks, this little script tries to address that by fragmenting large networks into palatable lists
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ipaddress | |
| import os | |
| # Get the IP address range from the user | |
| ip_range = input("Enter IP address range (CIDR notation): ") | |
| # Convert the IP address range to an object of type ipaddress.IPv4Network | |
| ip_net = ipaddress.IPv4Network(ip_range) | |
| # Get the number of target files from the user |
yosignals
/ HashCounter.go
Created
March 22, 2023 21:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bufio" | |
| "flag" | |
| "fmt" | |
| "os" | |
| "sort" | |
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bufio" | |
| "encoding/hex" | |
| "fmt" | |
| "os" | |
| "regexp" | |
| "strings" | |
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "flag" | |
| "fmt" | |
| "math/rand" | |
| "strings" | |
| "time" | |
| ) |
OlderNewer