Older Entries »

How to scan top 100 ports with masscan

Steve Stonebraker posted this in Discovery, Pentesting on February 24th, 2020

If you have ever wanted to scan the top 100 ports with masscan here are the instructions:

masscan -p7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157 10.11.1.0/24 –rate=1000 -e tun0 –router-ip 10.11.0.1

You will need to replace the following:

tun0 with your interface router-ip with the router of the subnet you are scanning 10.11.1.0/24 with the subnet you are scanning

I obtain . . . → Read More: How to scan top 100 ports with masscan

Leave a comment   Discovery, Pentesting  

Parse fully qualified domain names from file

Steve Stonebraker posted this in bash on February 17th, 2020

I ran in to a situation where i needed to parse all fully qualified domain names (FQDN) from bunch of files in the same directory.

Here is how to do that:

grep -R -h -Eo ‘(http|https)://[^/”]+’ . | awk -F’/’ ‘{ print $3 }’ | sort | uniq

Leave a comment   bash  

CrowdStrike SIEM Connector Grok Rules

Steve Stonebraker posted this in Uncategorized on October 8th, 2019

I couldn’t find a good set of Grok rules for the CrowdStrike SIEM connector so I wrote my own.

You need two rule sets.

Set1:

%{IPV4:source_collector_ip} CEF: 0\|CrowdStrike\|FalconHost\|1.0\|%{WORD:event_type}\|%{GREEDYDATA:event_subtype}\|%{INT:event_tactic}\|externalId=%{HOSTNAME:externalID} cn2Label=%{WORD:cn2Label} cn2=%{WORD:cn2} cn1Label=%{WORD:cn1Label} cn1=%{WORD:cn1} dhost=%{HOSTNAME:dhost} duser=%{DATA:duser} msg=%{GREEDYDATA:msg} fname=%{DATA:fname} filePath=%{GREEDYDATA:filepath} cs5Label=%{DATA:cs5Label} cs5=%{GREEDYDATA:cs5} fileHash=%{DATA:fileHash} dntdom=%{DATA:dntdom} cs6Label=%{DATA: cs6Label} cs6=%{GREEDYDATA:cs6} cn3Label=%{DATA: cs3Label} cn3=%{DATA:cn3} rt=%{DATA:rt} src=%{IP:src} smac=%{MAC:smac} cat=%{GREEDYDATA:cat} act=%{GREEDYDATA:act} reason=%{GREEDYDATA:reason} outcome=%{DATA:outcome} CSMTRPatternDisposition=%{GREEDYDATA:CSMTRPatternDisposition} . . . → Read More: CrowdStrike SIEM Connector Grok Rules

Leave a comment   Uncategorized  

Automating Setting up Tenable.io AWS Connector Role

Steve Stonebraker posted this in AWS on October 2nd, 2019

I recently had to set up quite a few AWS Connectors in Tenable.io for various AWS accounts.

This can become quite a cumbersome task so I decided to automate it.

Prerequisites ~/.aws/config with multiple profiles trustpolicy.json (shown below) trustpolicy.json

This will be used by our script for the initial role creation. The account # referenced . . . → Read More: Automating Setting up Tenable.io AWS Connector Role

Leave a comment   AWS  

Bulk Lookup Owner of IP Address

Steve Stonebraker posted this in bash on September 18th, 2019

To perform a bulk whois lookup of a list of IP addresses use the following script:

Bulk whois lookup while read ip; do if [ ! -z “$ip” ]; then echo -n “$ip – ” && whois $ip 2>/dev/null grep “Organization” -m 1; fi; done < ip_list.txt Example input (ip_list.txt) 172.217.8.206 172.217.8.203 172.217.8.266 151.101.65.67 Output . . . → Read More: Bulk Lookup Owner of IP Address

One comment   bash  

List All Subnets Across Multiple AWS accounts/profiles

Steve Stonebraker posted this in AWS on September 10th, 2019

Recently I needed to generate a list of all subnets across every AWS account in an organization.

I’ve documented an easy way to achieve this

Prerequisites

Set up your aws config for multiple profiles (one for each account)

[default] region=us-east-1 output=json [profile account1] role_arn = arn:aws:iam::XXXXXXXXXXXX:role/OrganizationAccountAccessRole source_profile = default region=us-east-1 output=json [profile account2] role_arn = . . . → Read More: List All Subnets Across Multiple AWS accounts/profiles

Leave a comment   AWS  

Limiting S3 Sync Bandwidth

Steve Stonebraker posted this in AWS on September 10th, 2019

Out of the box the aws s3 application is suppose to limit bandwidth by setting the “s3.max_bandwidth” option.

Example:

aws configure set default.s3.max_bandwidth 5MB/s Problem

aws s3 sync is using more bandwidth than the ~/.aws/config file has specified.

Replication Steps

Run the following command to set a max bandwidth limit for the s3 application

aws . . . → Read More: Limiting S3 Sync Bandwidth

Leave a comment   AWS  

Testing Amazon S3 Bucket for Public Write Permissions

Steve Stonebraker posted this in AWS on September 9th, 2019

Recently I needed to confirm if an s3 bucket was indeed publicly writable (by trying to write to it from a different account). I decided to document how to confirm this for your organization.

Prerequisites AWS CLI installed Two AWS accounts Account A – Has a bucket you suspect may be publicly writable Account B . . . → Read More: Testing Amazon S3 Bucket for Public Write Permissions

Leave a comment   AWS  

Install Telnet Client from Command Prompt Windows 10

Steve Stonebraker posted this in Windows on August 20th, 2019

This post covers how to install the telnet client from the command prompt on Windows 10.

Run the following command:

pkgmgr /iu:”TelnetClient”

Leave a comment   Windows  

Jenkins Cleanup Old Builds

Steve Stonebraker posted this in Other on August 5th, 2019

I wrote a quick shell script to cleanup old Jenkins builds. This will delete any build older than 30 days.

#!/bin/bash # jenkins_delete_old_builds.sh # Author: Steve Stonebraker # Date: 8/5/2019 # Description: Deletes any build older than 30 days # Place in crontab # @daily /bin/bash -x /root/scripts/jenkins_cleanup.sh > /root/scripts/jenkins_cleanup.log find /var/lib/jenkins/jobs/*/builds/ -maxdepth 1 -mindepth . . . → Read More: Jenkins Cleanup Old Builds

Leave a comment   Other  
 
  Older Entries »