jonaslejon’s gists

jonaslejon / healthchecks.py

Last active March 28, 2025 14:04

Rapberry Pi sensor IDS healthchecks for tcpdump, zeek, suricata and disk space

	#!/usr/bin/python
	""" Runs on the Rapberry Pi sensor IDS and alerts if the disk space is low or if the tcpdump process is not running """
	import os
	import shutil
	import requests
	import psutil
	from dotenv import load_dotenv
	from retry import retry
	import argparse

jonaslejon / twitter_monitor.py

Last active December 25, 2024 10:07

Monitors an X (twitter) account. Run from crontab every 15 minutes: */15

	#!/usr/bin/python3
	"""
	Twitter Account Monitor Script
	===================================
	This script monitors a specified Twitter account for new tweets and sends notifications
	via Pushover and Mailgun (EU). It is intended to be run as a cron job for periodic execution.

	Usage:
	------
	Run from crontab with a 15-minute interval like this:

jonaslejon / burp_log_parser.py

Last active October 24, 2024 13:53

Burp Suite CSV Log Parser

	#!/usr/bin/env python3
	"""
	Burp Suite CSV Log Parser

	This script parses a Burp Suite CSV log file, decodes base64-encoded HTTP requests and responses,
	and prints them in a human-readable format with colored output for better readability.

	Usage:
	python burp_log_parser.py <input_file> --status_code <status_code> --filter_response <filter_response> --negative_filter_response <negative_filter_response> --response_only --json_output

jonaslejon / esni-check.py

Created October 18, 2024 17:11

Check Encrypted SNI statistics by reading Zeek logs

	import os
	import gzip
	import orjson
	import argparse
	from colorama import init, Fore, Style

	# Initialize colorama for cross-platform color support
	init(autoreset=True)

	# Initialize counters for statistics

jonaslejon / postnord.txt

Created March 7, 2022 18:11

.com domains starting with postnord

	$ zgrep ^postnord 2022-02-07-com.zone.gz\|awk '{print $1}'\|sort -u
	postnord-22.com.
	postnord-delivery.com.
	postnord-dk-post.com.
	postnord-dk.com.
	postnord-epostal.com.
	postnord-logistics.com.
	postnord-nestle.com.
	postnord-no.com.
	postnord-norway.com.

jonaslejon / wpsec.php

Created February 24, 2022 18:31

WPSec.com PHP API

	<?php
	// Fetches a temporary access_token Bearer
	// Replace the client_secret and client_id below

	$curl = curl_init();

	curl_setopt_array($curl, array(
	CURLOPT_URL => 'https://api.wpsec.com/oauth/token',
	CURLOPT_RETURNTRANSFER => true,
	CURLOPT_ENCODING => '',

jonaslejon / find.sh

Created November 3, 2021 07:14

Find Trojan Source unicode characters (CVE-2021-42694 and CVE-2021-42574.)

	#/bin/sh
	# Usage instructions: sh find.sh php\|tr '\n' '; '
	# Then copy and paste the output and execute it
	ext=$1
	C="\u200E \u200F \u202A \u202B \u202C \u202D \u202E \u2066 \u2067 \u2068 \u2069 \u202C"
	for a in $C; do echo find . -type f -name \"*.$ext\" -exec grep -H \$\'$a\' {} \\\; ; done

jonaslejon / wp-config-sample.php

Created March 24, 2020 08:02

WordPress with Phpsploit backdoor

	<?php
	/**
	* The base configuration for WordPress
	*
	* The wp-config.php creation script uses this file during the
	* installation. You don't have to use the web site, you can
	* copy this file to "wp-config.php" and fill in the values.
	*
	* This file contains the following configurations:
	*

jonaslejon / custom.list.chroot

Last active February 21, 2023 14:13

My custom Kali Linux package list for building the live ISO

jonaslejon / xenxxe.py

Last active September 9, 2021 06:07

Citrix XenMobile XXE Exploit

	#!/usr/bin/python3
	##
	## PoC test for the XXE security vulnerability CVE-2018-10653 in XenMobile Server 10.8 before RP2 and 10.7 before RP3
	##
	## This PoC was written by Jonas Lejon 2019-11-28 <[email protected]> https://triop.se
	## Reported to Citrix 2017-10, patch released 2018-05
	##

	import requests
	import sys

Jonas Lejon jonaslejon