Pinned Repositories
PullSigmaFields
Generates a list of field names for manually mapping Sigma rule fields to your specific field names. Then update sigmac rule generator config file.
convert-to-bidirectional-flow
Converts Uni-directional SILK netflow to bi-directional netflow for easier analysis. See file's help for information on input and usage.
DemoPS-RS
Reverse shell for use in packet analysis demo
Testing
VT_API_URL
Current as of: 20190509 Use VT_API_URL to bulk scan domains to speed up analysis Scripts take a CSV of domains. Deduplicate the list to be nice to Virustotal(VT) Run Scanner_VT_API_URL.py first to make sure all URLs are submitted to VT Run Report_VT_API_URL.py second to pull results. This will also display only domains with a "positives" score greater than one. Results for all domains will be saved in json format for later use. Results for positive hits will be saved in ReportResults.log
VT_Hash_Check
Takes a list of hashes and pulls reports from VirusTotal. Will only display results with 1 or more positives.
Web_String_Decoder
Tries to take a BULK list of content that contains pre cut strings from URI's for decoding. Mainly uploaded for future reference, no longer operational.
ESDaman's Repositories
ESDaman/Testing
ESDaman/DemoPS-RS
Reverse shell for use in packet analysis demo
ESDaman/convert-to-bidirectional-flow
Converts Uni-directional SILK netflow to bi-directional netflow for easier analysis. See file's help for information on input and usage.
ESDaman/PullSigmaFields
Generates a list of field names for manually mapping Sigma rule fields to your specific field names. Then update sigmac rule generator config file.
ESDaman/VT_API_URL
Current as of: 20190509 Use VT_API_URL to bulk scan domains to speed up analysis Scripts take a CSV of domains. Deduplicate the list to be nice to Virustotal(VT) Run Scanner_VT_API_URL.py first to make sure all URLs are submitted to VT Run Report_VT_API_URL.py second to pull results. This will also display only domains with a "positives" score greater than one. Results for all domains will be saved in json format for later use. Results for positive hits will be saved in ReportResults.log
ESDaman/Web_String_Decoder
Tries to take a BULK list of content that contains pre cut strings from URI's for decoding. Mainly uploaded for future reference, no longer operational.
ESDaman/VT_Hash_Check
Takes a list of hashes and pulls reports from VirusTotal. Will only display results with 1 or more positives.