Random script I needed at least once for investigations or tests. Mostly python 3 compliant but maybe not. Old and new, useless and useful. If you like that, you may like Harpoon or pe.
Feel free to open issues if you have any question.
clamav_to_yara.py
: Convert ClamAV signature to Yara (from the Malware Analyst's Cookbook)cloudcidrs.py
: check if an IP is part of a Cloud provider range (for now, only Google Cloud and Amazon AWS, inspired from cloudcidrs)disassemble.py
: disassemble a binary file using Capstone (mostly for shellcode)csv_extract.py
: extract a column from a csv filehostnametoips.py
: resolve a list of hostnames in a text files and return list of uniq IPsinfect.sh
: classic script to create an encrypted zip of a file with password infected (password used to share malware)mqtt-get.py
: basic script to do get requests to an MQTT serviceparsejpeg.py
: Analyze JPEG headers of a fileparsepng.py
: Analyze a PNG file looking for weird thingsscrdec18.c
: An old code still useful to decode .jse files (MS Jscript encoded), by MrBrownStone (website archive, source code)
- android : Android stuff (surprising !)
- bitly : bit.ly tools
bitly.py
: basic tool to request the bit.ly API
- censys : scripts using the censys.io API
censyscerts.py
: Search for certificatescensysip.py
: Search in censys IP databasecensysipentries.py
: Display information on an IPv4censyslib.py
a file to reuse the function to get the API key from~/.censys
- certs : scripts to deal with certificates and CT dbs
listcerts.py
list certificates from a domain in crt.sh using pycrtsh
- email : scripts to handle emails
- forensic : forensic related scripts
filetimeline.py
: get a list of files in a folder with their change time, modification time and birth time using stat (which does not give the creation time even if the file system has it)mactime.py
: convert this list of files into a csv timeline
- format : convert files in different formats
csv2md.py
: convert a csv file to a markdown tableextract_ttld.py
: extract the TLDs from a list of domainspunycode.py
: convert a punycode domain to its encoded form
- ghidra_scripts : scripts for ghidra
- goo.gl : playing with the now deprecated goo.gl API
api.py
: API and CLI tool to query Google URL shortener goo.gl (soon deprecated by Google)
- harpoon-extra : some scripts expanding Harpoon features
- web : Web stuff (mostly outdated)
- macos : Mac OSX related scripts
- misp : some scripts helping using MISP servers
- network : network related scripts
- ooni : OONI API scripts
- osint : open source intelligence scripts
- pe : PE scripts (most of them moved to PE)
- pt : scripts using Passive Total API
- resources : interesting infosec resources
- shodan : shodan.io scripts
- threats : threat intelligence scripts
- twilio : scripts related to Twilio
- twitter : Twitter stuff
- visualization : nice graphs everywhere
- vt : scripts related to Virus Total