irt/gists
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Reorganise gists folder

Browse Source
This commit is contained in:
TKE
2022-05-13 12:49:21 +02:00
parent ecd3c7fe2f
commit acd8d616dc
98 changed files with 63 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
config/bash_aliases Normal file
View File

@@ -0,0 +1,9 @@
PS1='\[\033[44;37m\]'$(printf '_%.0s' $(seq 1 $(tput cols)))'\[\033[1;0m\]\r\n\t \w :\n\$ '
alias mv="mv -vi"
alias cp="cp -vi"
alias '+'='pushd .'
alias -- '-'='popd'
[[ -f ~/.shell_aliases ]] && . ~/.shell_aliases
[[ -f ~/.config/z.sh ]] && . ~/.config/z.sh
HISTTIMEFORMAT="%F %T "
shopt -s autocd

15
config/inputrc Normal file
View File

@@ -0,0 +1,15 @@
#include all default settings (otherwise ignored)
$include /etc/inputrc
#ctrl + backspace delete word left of cursor
"\C-h": backward-kill-word
#ctrl + del delete word right of cursor
"\e[3;5~": kill-word
#ctrl + up complete line from history
"\e[1;5A": history-search-backward
#ctrl +
"\e[1;5B": history-search-forward
#show list of possible matches if ambiguous
set show-all-if-ambiguous on
#tab complete even if case is wrong <3
set completion-ignore-case on

45
config/shell_aliases Normal file
View File

@@ -0,0 +1,45 @@
alias cp="cp -vi"
alias sless='less -S -R'
#alias dmcreate='docker-machine create --driver google --google-project crypto-galaxy-182614 --google-zone us-west1-a --google-machine-type f1-micro vm01 ; eval $(docker-machine env vm01)'
alias dockerstatus="docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock moncho/dry"
alias dockerip="docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'"
alias drit='docker run -i -t --rm '
alias dritn='docker run -i -t --rm --network=none'
alias dritpw='docker run -i -t --rm -v "$(mktemp -d):/output" -v "$(pwd)":/data'
alias dritpwro='docker run -i -t --rm -v "$(mktemp -d):/output" -v "$(pwd)":/data:ro'
alias dritpwn='docker run -i -t --rm --network=none -v "$(mktemp -d):/output" -v "$(pwd)":/data'
alias dritpwron='docker run -i -t --rm --network=none -v "$(mktemp -d):/output" -v "$(pwd)":/data:ro'
alias kali='docker run --rm -it -v ${workdir-`pwd`}:/root/workdir kalilinux/kali-rolling'
alias lazydocker="docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock -v /opt/lazydocker:/.config/jesseduffield/lazydocker lazyteam/lazydocker"
alias mv="mv -vi"
alias ntfsmount='sudo mount -o ro,show_sys_files,streams_interface=windows'
alias powershell='docker run --rm -it -v ${workdir-`pwd`}:/data mcr.microsoft.com/powershell pwsh'
alias ppxml="xmllin --format -"
alias ppxml="xmlstarlet format --indent-tab"
alias pwsh=powershell
alias remnux_crits_start='sudo docker run --rm --name critsy -it -v ${workdir-`pwd`}:/home/nonroot/workdir -p 8443:8443 remnux/crits'
alias remnux_crits_stop="sudo docker stop critsy"
alias remnux_jsdetox_start="sudo docker run --rm --name jsdetoxy --rm -p 3000:3000 remnux/jsdetox"
alias remnux_jsdetox_stop="sudo docker stop jsdetoxy"
alias remnux_mastiff='sudo docker run --rm -it -v ${workdir-`pwd`}:/home/nonroot/workdir remnux/mastiff'
alias remnux_msf='docker run --rm -it -p 443:443 -v ~/.msf4:/root/.msf4 -v /tmp/msf:/tmp/data remnux/metasploit'
alias remnux_pescanner='docker run --rm -it --dns=192.168.130.1 -v ${workdir-`pwd`}:/home/nonroot/workdir remnux/pescanner bash'
alias remnux_rekall='docker run --rm -it -p 8000:8000 --dns=192.168.130.1 -v ${workdir-`pwd`}:/home/nonroot/files remnux/rekall bash'
alias remnux_thug='sudo docker run --rm -it --dns=192.168.130.1 -v /var/log/docker/thug_logs:/home/thug/logs remnux/thug ./thug.py -F '
alias remnux_viper='docker run --rm -it --dns=192.168.130.1 -v ${workdir-`pwd`}:/home/nonroot/workdir remnux/viper bash'
alias remnux_vol='docker run --rm -it -v ${workdir-`pwd`}:/home/nonroot/memdumps remnux/volatility bash'
alias locate='locate -i -A'
alias mc='source /usr/lib/mc/mc-wrapper.sh'
alias evtvd='vd -f csv --skip 5'
alias rot13='tr "abcdefghijklmnopqrstuvwxyz" "nopqrstuvwxyzabcdefghijklm"'
alias uniq2='awk '"'"'{a[$0]++; if (a[$0]==1) print $0 }'"'"
alias pip='pip3'
alias python='python3'
function bindiff() { cmp -l "${1}" "${2}" | gawk '{printf "%s,%02X,%02X\n",$1,strtonum(0$2),strtonum(0$3) }' ; }
function avscan(){ av="${1:-kaspersky}" ; if [ "${av}" == "update" ] ; then ( docker pull tabledevil/kaspersky ; docker pull tabledevil/sep ; docker pull tabledevil/clamav) ; elif [[ $# -eq 2 ]] ; then dritpwro "tabledevil/${av}" "${2}" ; else dritpwro --network=none "tabledevil/${av}" scan ; fi ; }
function dockerfa() { [[ $# -eq 0 ]] && wpd=$(readlink -f . ) || wpd=$(readlink -f "${1}"); docker run -it --rm -v "${wpd}":/data tabledevil/file-analysis;}
function docker_killall() { docker rm $(docker stop $(docker ps -a -q --filter ancestor="${1}" --format="{{.ID}}")) ; }
function dockertags() { tags=`wget -q https://registry.hub.docker.com/v1/repositories/${1}/tags -O - | sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}'`; if [ -n "$2" ] ; then tags=` echo "${tags}" | grep "$2" `; fi ; echo "${tags}" ; }
alias pip='pip3'
alias python='python3'
alias usbb="usbguard list-devices -b"

259
config/visidatarc Normal file
View File

@@ -0,0 +1,259 @@
# copy or link this file to ~/.visidatarc
options.disp_date_fmt="%Y-%m-%dT%H:%M:%S"
from datetime import datetime
import functools
import json
def what(item):
return f"{type(item)}:{str(item)}"
def avgdiff(values):
L = sorted(values)
a = L[1:]
b = L[:-1]
c = sum([abs(x[0]-x[1]) for x in zip(a,b)])
return c/len(a)
aggregator('avgdiff', avgdiff)
def distinct_list(values):
return [x for x in set(values)]
aggregator('distinct_list', distinct_list)
def logtime(val):
a=str(val)
a=a.strip()
a=a.split(" ")
d=a[0].split("/")
t=a[1].split(":")
if (a[2] == "PM") and (t[0] != "12"):
t[0]=str(int(t[0])+12)
if (a[2] == "AM") and (t[0] == "12"):
t[0]="0"
return datetime(int(d[2]),int(d[0]),int(d[1]),int(t[0]),int(t[1]),int(t[2])).timestamp()
def tsfromtime(val, format):
import time
from calendar import timegm
utc_time = time.strptime(str(val).strip(), format)
return timegm(utc_time)
def timefromts(val):
try:
return datetime.utcfromtimestamp(float(val))
except ValueError:
pass
try:
return datetime.utcfromtimestamp(float(val)/1000)
except ValueError:
pass
try:
return datetime.utcfromtimestamp(float(val)/1000000)
except ValueError:
pass
# sym-ts = hexNcoded NT-Timestamp = Nanoseconds since 01.01.1601
def sym_time(val):
a = int(val, 16) # decode hex
# convert to seconds and subtract offset to 01.01.1970
b = (a / 10000000) - 11644473600
return datetime.fromtimestamp(b)
@functools.lru_cache()
def vendor(mac):
try:
from mac_vendor_lookup import InvalidMacError, MacLookup as mlu
try:
return mlu().lookup(mac.strip())
except InvalidMacError:
return f"not a MAC {str(mac).strip()} of type {type(mac)}"
except ModuleNotFoundError:
return "module not available"
@functools.lru_cache(maxsize=1000)
def _get_vt():
try:
from virus_total_apis import PublicApi as VirusTotalPublicApi
with open('~/.virustotal_api_key') as af:
API_KEY = af.readline()
vt = VirusTotalPublicApi(API_KEY)
return vt
except:
return None
@functools.lru_cache()
def vt_ip(ip):
vt = _get_vt()
if vt is None:
return "VT-Error"
response = vt.get_ip_report(ip)
return response
@functools.lru_cache()
def vt_file(hash):
vt = _get_vt()
if vt is None:
return "VT-Error"
response = vt.get_file_report(hash)
return response
@functools.lru_cache(maxsize=1000)
def dns_lookup(domain, record='A'):
if len(domain.split(",")) > 1:
return ",".join([dns_lookup(x, record) for x in domain.split(",")])
try:
import dns
import dns.resolver as rs
result = rs.query(domain, record)
return ",".join([x.to_text() for x in result])
except dns.resolver.NoAnswer as e:
return ""
except dns.exception.DNSException as e:
# return e.msg
return ""
except ModuleNotFoundError:
return "module not available"
@functools.lru_cache()
def _asn(ip):
from bs4 import BeautifulSoup
import requests
data = { 'q': ip,'query': 'Query'}
response = requests.post('https://asnip.net/ip2asn.php', data=data)
soup=BeautifulSoup(response.text,features='lxml')
table=soup.find_all('table')[1]
row=table.find_all('tr')[1]
cols = [ele.text.strip() for ele in row.find_all('td') ]
res = { 'asn' : cols[0] }
res['ip'] = cols[1]
res['name'] = cols[2]
res['country'] = ""
if "," in res['name']:
name_split=res['name'].split(",")
res['country']=name_split[-1].strip()
res['name']=" ".join(name_split[:-1])
return res
@functools.lru_cache()
def asn(ip, type="asn"):
if len(ip.split(",")) > 1:
return ",".join([_asn(x, type) for x in ip.split(",")])
try:
return _asn(ip)[type]
except:
return ""
@functools.lru_cache(maxsize=1000)
def _ipinfo(ip):
try:
import requests
import json
r = requests.get(url='http://ipinfo.io/{}/json'.format(ip))
return r.json()
except json.JSONDecodeError as e:
return None
except ModuleNotFoundError:
return None
@functools.lru_cache()
def ipinfo(ip, type="country"):
if len(ip.split(",")) > 1:
return ",".join([ipinfo(x, type) for x in ip.split(",")])
try:
return _ipinfo(ip)[type]
except:
return ""
@functools.lru_cache()
def mx_lookup(domain):
domain = domain.lstrip("www.")
try:
mxs = dns_lookup(domain, 'MX').split(",")
mxt = [x.split(" ")[1] for x in mxs if len(x.split(" ")) == 2]
return ",".join(mxt)
except Exception as e:
return str(e)
@functools.lru_cache(maxsize=1000)
def grab_banner(ip, port=25):
if len(ip.split(",")) > 1:
return ",".join([grab_banner(x, port) for x in ip.split(",")])
try:
import socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # TCP
sock.settimeout(2)
sock.connect((ip, port))
ret = sock.recv(1024)
return str(ret.strip().decode())
except:
return ""
def sym_id(val):
event_ids = {
"2": "Scan Stopped",
"3": "Scan Started",
"4": "Definition File Sent To Server",
"5": "Virus Found",
"6": "Scan Omission",
"7": "Definition File Loaded",
"10": "Checksum",
"11": "Auto-Protect",
"12": "Configuration Changed",
"13": "Symantec AntiVirus Shutdown",
"14": "Symantec AntiVirus Startup",
"16": "Definition File Download",
"17": "Scan Action Auto-Changed",
"18": "Sent To Quarantine Server",
"19": "Delivered To Symantec Security Response",
"20": "Backup Restore Error",
"21": "Scan Aborted",
"22": "Load Error",
"23": "Symantec AntiVirus Auto-Protect Loaded",
"24": "Symantec AntiVirus Auto-Protect Unloaded",
"26": "Scan Delayed",
"27": "Scan Re-started",
"34": "Log Forwarding Error",
"39": "Definitions Rollback",
"40": "Definitions Unprotected",
"41": "Auto-Protect Error",
"42": "Configuration Error",
"45": "SymProtect Action",
"46": "Detection Start",
"47": "Detection Action",
"48": "Pending Remediation Action",
"49": "Failed Remediation Action",
"50": "Successful Remediation Action",
"51": "Detection Finish",
"65": "Scan Stopped",
"66": "Scan Started",
"71": "Threat Now Whitelisted",
"72": "Interesting Process Found Start",
"73": "SONAR engine load error",
"74": "SONAR definitions load error",
"75": "Interesting Process Found Finish",
"76": "SONAR operating system not supported",
"77": "SONAR Detected Threat Now Known",
"78": "SONAR engine is disabled",
"79": "SONAR engine is enabled",
"80": "Definition load failed",
"81": "Cache server error",
"82": "Reputation check timed out"}
return event_ids[val]
# convert 4-byte integer to IP-String
def int2ip(zahl):
return ".".join([str(c) for c in zahl.to_bytes(4,'big')])
# convert IP-String to Integer
def ip2int(ip):
return int.from_bytes(b"".join([int(c).to_bytes(1,'big') for c in b.split('.')]),'big')

251
config/z.sh Normal file
View File

@@ -0,0 +1,251 @@
# Copyright (c) 2009 rupa deadwyler. Licensed under the WTFPL license, Version 2
# maintains a jump-list of the directories you actually use
#
# INSTALL:
# * put something like this in your .bashrc/.zshrc:
# . /path/to/z.sh
# * cd around for a while to build up the db
# * PROFIT!!
# * optionally:
# set $_Z_CMD in .bashrc/.zshrc to change the command (default z).
# set $_Z_DATA in .bashrc/.zshrc to change the datafile (default ~/.z).
# set $_Z_NO_RESOLVE_SYMLINKS to prevent symlink resolution.
# set $_Z_NO_PROMPT_COMMAND if you're handling PROMPT_COMMAND yourself.
# set $_Z_EXCLUDE_DIRS to an array of directories to exclude.
# set $_Z_OWNER to your username if you want use z while sudo with $HOME kept
#
# USE:
# * z foo # cd to most frecent dir matching foo
# * z foo bar # cd to most frecent dir matching foo and bar
# * z -r foo # cd to highest ranked dir matching foo
# * z -t foo # cd to most recently accessed dir matching foo
# * z -l foo # list matches instead of cd
# * z -c foo # restrict matches to subdirs of $PWD
[ -d "${_Z_DATA:-$HOME/.z}" ] && {
echo "ERROR: z.sh's datafile (${_Z_DATA:-$HOME/.z}) is a directory."
}
_z() {
local datafile="${_Z_DATA:-$HOME/.z}"
# if symlink, dereference
[ -h "$datafile" ] && datafile=$(readlink "$datafile")
# bail if we don't own ~/.z and $_Z_OWNER not set
[ -z "$_Z_OWNER" -a -f "$datafile" -a ! -O "$datafile" ] && return
_z_dirs () {
local line
while read line; do
# only count directories
[ -d "${line%%\|*}" ] && echo "$line"
done < "$datafile"
return 0
}
# add entries
if [ "$1" = "--add" ]; then
shift
# $HOME isn't worth matching
[ "$*" = "$HOME" ] && return
# don't track excluded directory trees
local exclude
for exclude in "${_Z_EXCLUDE_DIRS[@]}"; do
case "$*" in "$exclude*") return;; esac
done
# maintain the data file
local tempfile="$datafile.$RANDOM"
_z_dirs | awk -v path="$*" -v now="$(date +%s)" -F"|" '
BEGIN {
rank[path] = 1
time[path] = now
}
$2 >= 1 {
# drop ranks below 1
if( $1 == path ) {
rank[$1] = $2 + 1
time[$1] = now
} else {
rank[$1] = $2
time[$1] = $3
}
count += $2
}
END {
if( count > 9000 ) {
# aging
for( x in rank ) print x "|" 0.99*rank[x] "|" time[x]
} else for( x in rank ) print x "|" rank[x] "|" time[x]
}
' 2>/dev/null >| "$tempfile"
# do our best to avoid clobbering the datafile in a race condition.
if [ $? -ne 0 -a -f "$datafile" ]; then
env rm -f "$tempfile"
else
[ "$_Z_OWNER" ] && chown $_Z_OWNER:$(id -ng $_Z_OWNER) "$tempfile"
env mv -f "$tempfile" "$datafile" || env rm -f "$tempfile"
fi
# tab completion
elif [ "$1" = "--complete" -a -s "$datafile" ]; then
_z_dirs | awk -v q="$2" -F"|" '
BEGIN {
q = substr(q, 3)
if( q == tolower(q) ) imatch = 1
gsub(/ /, ".*", q)
}
{
if( imatch ) {
if( tolower($1) ~ q ) print $1
} else if( $1 ~ q ) print $1
}
' 2>/dev/null
else
# list/go
while [ "$1" ]; do case "$1" in
--) while [ "$1" ]; do shift; local fnd="$fnd${fnd:+ }$1";done;;
-*) local opt=${1:1}; while [ "$opt" ]; do case ${opt:0:1} in
c) local fnd="^$PWD $fnd";;
e) local echo=echo;;
h) echo "${_Z_CMD:-z} [-cehlrtx] args" >&2; return;;
l) local list=1;;
r) local typ="rank";;
t) local typ="recent";;
x) sed -i -e "\:^${PWD}|.*:d" "$datafile";;
esac; opt=${opt:1}; done;;
*) local fnd="$fnd${fnd:+ }$1";;
esac; local last=$1; [ "$#" -gt 0 ] && shift; done
[ "$fnd" -a "$fnd" != "^$PWD " ] || local list=1
# if we hit enter on a completion just go there
case "$last" in
# completions will always start with /
/*) [ -z "$list" -a -d "$last" ] && builtin cd "$last" && return;;
esac
# no file yet
[ -f "$datafile" ] || return
local cd
cd="$( < <( _z_dirs ) awk -v t="$(date +%s)" -v list="$list" -v typ="$typ" -v q="$fnd" -F"|" '
function frecent(rank, time) {
# relate frequency and time
dx = t - time
if( dx < 3600 ) return rank * 4
if( dx < 86400 ) return rank * 2
if( dx < 604800 ) return rank / 2
return rank / 4
}
function output(matches, best_match, common) {
# list or return the desired directory
if( list ) {
cmd = "sort -n >&2"
for( x in matches ) {
if( matches[x] ) {
printf "%-10s %s\n", matches[x], x | cmd
}
}
if( common ) {
printf "%-10s %s\n", "common:", common > "/dev/stderr"
}
} else {
if( common ) best_match = common
print best_match
}
}
function common(matches) {
# find the common root of a list of matches, if it exists
for( x in matches ) {
if( matches[x] && (!short || length(x) < length(short)) ) {
short = x
}
}
if( short == "/" ) return
for( x in matches ) if( matches[x] && index(x, short) != 1 ) {
return
}
return short
}
BEGIN {
gsub(" ", ".*", q)
hi_rank = ihi_rank = -9999999999
}
{
if( typ == "rank" ) {
rank = $2
} else if( typ == "recent" ) {
rank = $3 - t
} else rank = frecent($2, $3)
if( $1 ~ q ) {
matches[$1] = rank
} else if( tolower($1) ~ tolower(q) ) imatches[$1] = rank
if( matches[$1] && matches[$1] > hi_rank ) {
best_match = $1
hi_rank = matches[$1]
} else if( imatches[$1] && imatches[$1] > ihi_rank ) {
ibest_match = $1
ihi_rank = imatches[$1]
}
}
END {
# prefer case sensitive
if( best_match ) {
output(matches, best_match, common(matches))
} else if( ibest_match ) {
output(imatches, ibest_match, common(imatches))
}
}
')"
[ $? -eq 0 ] && [ "$cd" ] && {
if [ "$echo" ]; then echo "$cd"; else builtin cd "$cd"; fi
}
fi
}
alias ${_Z_CMD:-z}='_z 2>&1'
[ "$_Z_NO_RESOLVE_SYMLINKS" ] || _Z_RESOLVE_SYMLINKS="-P"
if type compctl >/dev/null 2>&1; then
# zsh
[ "$_Z_NO_PROMPT_COMMAND" ] || {
# populate directory list, avoid clobbering any other precmds.
if [ "$_Z_NO_RESOLVE_SYMLINKS" ]; then
_z_precmd() {
(_z --add "${PWD:a}" &)
}
else
_z_precmd() {
(_z --add "${PWD:A}" &)
}
fi
[[ -n "${precmd_functions[(r)_z_precmd]}" ]] || {
precmd_functions[$(($#precmd_functions+1))]=_z_precmd
}
}
_z_zsh_tab_completion() {
# tab completion
local compl
read -l compl
reply=(${(f)"$(_z --complete "$compl")"})
}
compctl -U -K _z_zsh_tab_completion _z
elif type complete >/dev/null 2>&1; then
# bash
# tab completion
complete -o filenames -C '_z --complete "$COMP_LINE"' ${_Z_CMD:-z}
[ "$_Z_NO_PROMPT_COMMAND" ] || {
# populate directory list. avoid clobbering other PROMPT_COMMANDs.
grep "_z --add" <<< "$PROMPT_COMMAND" >/dev/null || {
PROMPT_COMMAND="$PROMPT_COMMAND"$'\n''(_z --add "$(command pwd '$_Z_RESOLVE_SYMLINKS' 2>/dev/null)" 2>/dev/null &);'
}
}
fi

16
config/zupdate.sh Normal file
View File

@@ -0,0 +1,16 @@
#!/usr/bin/env bash
[[ -s /home/tke/.bashrc ]] && source /home/tke/.bashrc
[[ -f ~/.config/z.sh ]] && . ~/.config/z.sh
echo $$ >> /tmp/zupdate.log
env >> /tmp/zupdate.log
id >> /tmp/zupdate.log
cd
echo $(pwd) >> /tmp/zupdate.log
while true ;
do
newfolder=$(inotifywait -e create /media/data/cases/ | awk '{print $1 $3}')
echo "$$ Detected ${newfolder}" >> /tmp/zupdate.log
z --add "${newfolder}"
done