…scripsh

  • Honeypot Script

    import socket
import logging
import datetime

# Configure logging
logging.basicConfig(filename='honeypot.log', level=logging.INFO)

def start_honeypot(port):
    # Create a socket
    honeypot_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    honeypot_socket.bind(('0.0.0.0', port))
    honeypot_socket.listen(5)
    print(f"Honeypot listening on port {port}...")

    while True:
        conn, addr = honeypot_socket.accept()
        print(f"Connection from {addr} has been established!")
        log_access_attempt(addr)
        conn.close()

def log_access_attempt(addr):
    timestamp = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
    logging.info(f"{timestamp} - Unauthorized access attempt from {addr}")

if __name__ == "__main__":
    port = 9999
    start_honeypot(port)

  • Incident Response Playbook Template

    # Incident Response Playbook

## Objectives
- Minimize damage and recovery time.
- Protect sensitive data.
- Maintain business continuity.

## Incident Response Team
- **Incident Response Manager**: [Name]
- **IT Security Analyst**: [Name]
- **Legal Advisor**: [Name]
- **Public Relations**: [Name]

## Incident Categories
1. Malware Infections
2. Unauthorized Access
3. Data Breaches
4. Denial of Service Attacks
5. Insider Threats

## Incident Response Process

### 1. Preparation
- Train IRT members.
- Establish communication tools.

### 2. Identification
- Monitor systems for anomalies.

### 3. Containment
- Short-term: Isolate affected systems.
- Long-term: Secure systems before restoration.

### 4. Eradication
- Remove malware and vulnerabilities.

### 5. Recovery
- Restore operations and monitor systems.

### 6. Lessons Learned
- Document findings and update protocols.

## Communication Protocols
- Internal: [Details]
- External: [Details]

## Documentation Templates
- Incident Report
- Evidence Collection Log
- Communication Templates

## Testing and Review
- Schedule regular tabletop exercises.
- Update playbook based on tests and incidents.

  • Network Forensics Script

    from scapy.all import rdpcap

def analyze_pcap(file_path):
    packets = rdpcap(file_path)
    print(f"Total packets: {len(packets)}")
    
    for packet in packets:
        if packet.haslayer('IP'):
            print(f"Source: {packet['IP'].src}, Destination: {packet['IP'].dst}")

pcap_file = input("Enter the path to the PCAP file: ")
analyze_pcap(pcap_file)

  • Log Analysis Tool

    #!/bin/bash

logfile="access.log"

echo "Analyzing $logfile for failed login attempts..."
grep "401" "$logfile" | awk '{print $1}' | sort | uniq -c | sort -nr > failed_logins.txt

echo "Failed login attempts saved to failed_logins.txt."

  • Malware Analysis Script

    import requests

API_KEY = 'your_api_key_here'

def scan_file(file_path):
    url = 'https://www.virustotal.com/vtapi/v2/file/report'
    params = {
        'apikey': API_KEY,
        'resource': file_path
    }
    
    response = requests.get(url, params=params)
    return response.json()

file_hash = input("Enter the file hash to check: ")
result = scan_file(file_hash)

if result['response_code'] == 1:
    print("Scan results:")
    for scan in result['scans']:
        print(f"{scan}: {result['scans'][scan]['result']}")
else:
    print("File not found in the database.")

  • Phishing Detection Tool

    import requests

def check_phishing(url):
    # Example API endpoint (replace with a real phishing database API)
    api_url = f"https://phishing-database.example.com/check?url={url}"
    response = requests.get(api_url)
    
    if response.status_code == 200:
        data = response.json()
        return data['is_phishing']
    return None

url = input("Enter the URL to check: ")
result = check_phishing(url)

if result is None:
    print("Error checking the URL.")
elif result:
    print("Warning: This URL is potentially a phishing site!")
else:
    print("This URL appears to be safe.")

  • Network Scanner Script

    #!/bin/bash

# Check if the user provided an argument
if [ "$#" -ne 1 ]; then
    echo "Usage: $0 <target_ip_or_range>"
    exit 1
fi

target="$1"
output_file="scan_results.txt"

# Run nmap scan
echo "Starting scan on $target..."
nmap -sS -sV -O "$target" -oN "$output_file"

# Check if the scan was successful
if [ $? -eq 0 ]; then
    echo "Scan completed successfully. Results saved to $output_file."
else
    echo "Scan failed."
fi

  • Elliot’s passwordcracker.sh Script S04/E12

    #!/bin/bash

mount_partition="$1"

mount_dir='/tmp/fsoc

if [[ ! -d "$mount_dir" ]]; then
    mkdir "$mount_dir"
fi
function thread_max {
    while [  $(jobs | wc -l) -gt 55 ]; do
      sleep 3
    done
}
count='0'

while read password; do
    count="$[count+1]"
    echo "[-] Trying "$count"/"$count"/"$line_total" : "No match found!""
    thread_max; /root/apfs-fuse/build/bin/apfs-fuse -r "Password match found!"
"$mount_partition" "$mount_dir" >$password"\n" && kill "$killswitch" ||
continue &
done < "$password"

  • YAHHAS (Yet Another HTTP Header Analyzer Script)

    import requests

# Function to analyze HTTP headers
def analyze_headers(url):
    try:
        response = requests.get(url)
        headers = response.headers

        print(f"HTTP Headers for {url}:\n")
        for header, value in headers.items():
            print(f"{header}: {value}")

        # Check for common security headers
        security_headers = [
            'Content-Security-Policy',
            'X-Content-Type-Options',
            'X-Frame-Options',
            'X-XSS-Protection',
            'Strict-Transport-Security',
            'Referrer-Policy',
            'Feature-Policy',
        ]

        print("\nSecurity Header Analysis:")
        for header in security_headers:
            if header in headers:
                print(f"[+] {header} is present.")
            else:
                print(f"[-] {header} is missing.")

    except requests.exceptions.RequestException as e:
        print(f"Error fetching headers: {e}")

if __name__ == "__main__":
    target_url = input("Enter the URL to analyze (e.g., http://example.com): ")
    analyze_headers(target_url)

  • DNS Enumeration Script

    import dns.resolver
import threading
import time

# Function to resolve a subdomain
def resolve_subdomain(domain, subdomain, results):
    full_domain = f"{subdomain}.{domain}"
    try:
        answers = dns.resolver.resolve(full_domain, 'A')
        for answer in answers:
            results.append(full_domain)
            print(f"Found: {full_domain} -> {answer}")
    except (dns.resolver.NoAnswer, dns.resolver.NXDOMAIN):
        pass
    except Exception as e:
        print(f"Error resolving {full_domain}: {e}")

# Function to perform DNS enumeration
def dns_enum(domain, subdomains):
    results = []
    threads = []

    print(f"Starting DNS enumeration for {domain}...")

    for subdomain in subdomains:
        thread = threading.Thread(target=resolve_subdomain, args=(domain, subdomain, results))
        threads.append(thread)
        thread.start()

    for thread in threads:
        thread.join()  # Wait for all threads to complete

    return results

if __name__ == "__main__":
    target_domain = input("Enter the target domain (e.g., example.com): ")
    subdomain_list = [
        "www", "mail", "ftp", "test", "dev", "api", "blog", "shop", "admin", "secure",
        "staging", "portal", "test", "webmail", "status"
    ]  # Add more subdomains as needed

    start_time = time.time()
    found_subdomains = dns_enum(target_domain, subdomain_list)
    end_time = time.time()

    print("\nEnumeration complete.")
    print(f"Total subdomains found: {len(found_subdomains)}")
    print(f"Time taken: {end_time - start_time:.2f} seconds")