Code Monkey home page Code Monkey logo

awesome-censys-queries's Introduction

About Me

{
    "Name": "Aidan Holland",
    "Pronouns": ["He", "Him", "His"],
    "Ask Me About": [
        "Cyber Security",
        "Open Source Development"
    ],
    "Languages": {
        "Python": "Advanced",
        "JavaScript": "Advanced",
        "TypeScript": "Intermediate",
        "Java": "Intermediate",
        "Go": "Intermediate",
        "Bash": "Intermediate",
        "C++": "Beginner",
        "C": "Beginner",
        "Racket": "Beginner"
    },
    "Technologies": {
        "Backend": [
          "Fast API",
          "Flask", 
          "Django",
          "Sanic",
          "SQLAlchemy",
          "Express",
          "Protobufs",
          "Pyramid",
          "Jinja"
        ],
        "Frontend": [
          "Node.js",
          "React.js",
          "Redux",
          "Storybook",
          "Jest"
        ],
        "Mobile": [
          "React Native"
        ],
        "Database": [
          "MySQL",
          "PostgreSQL",
          "MongoDB",
          "ElasticSearch",
          "Oracle"
        ],
        "Serverless": [
          "AWS Lambda",
          "GCP Cloud Functions",
          "Azure Functions",
          "Heroku"
        ],
        "Dev Ops": [
          "AWS",
          "GCP",
          "Git",
          "GitHub",
          "GitLab",
          "Docker",
          "Terraform",
          "Kubernetes",
        ],
        "Cyber Security": [
          "Censys",
          "Shodan",
          "Splunk",
          "Maltego",
          "Nessus",
          "Nmap"
        ],
        "Operating Systems": [
          "macOS",
          "Linux"
        ],
        "Design": [
          "Figma",
          "Adobe XD"
        ],
        "Misc": [
          "Firebase",
          "Adobe Premiere Pro"
        ],
    },
    "Stats": {
        "Account Age": "7 years",
        "Pushed": "3078 commits",
        "Opened": "156 issues",
        "Submitted": "567 pull requests",
        "Received": "1225 stars",
        "Own": "63 repositories",
        "Contributed to": "32 public repositories",
    }
}
GitHub Stats

GitHub stats card

GitHub Trophies

GitHub Trophies

GitHub Top Langs

GitHub Top Langs

awesome-censys-queries's People

Contributors

akatiggerx04 avatar crosleyzack avatar dependabot[bot] avatar imgbotapp avatar pre-commit-ci[bot] avatar thehappydinoa avatar ycamper avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

ycamper 5l1v3r1 stefanaustin aviralverma13 soufianely crosleyzack secfb isiaon dekoder digitalarche haka110 yunusmrcoban jrandomsage ikpehlivan code-r5 orguetta tommalvoriddle chomikmarkus pcoder7 hmothera yakshavingcatherder ryuzaki0098 gastony minkione 0nepig rh65535 mokhtaralgholi manzodanzo take0versget pentestfunctions mdazim stalane okothmax termireum mdiqbalahmad f0r3ns1cat0r sultaz soumikhasan696 ticofookfook oe3gwu vvrrss zwanski2019 anonymous4717 buddhikavidra williamtaack janpauldahlke jpancrazio firefly747 iamnotyou fainlabs jrelo thechaib ylp1472 gr33n37 thec0nci3rge sleightly4 saibashoejaa rasmelo agutama stephenmiles08 maskup dkoryto chairborn t3chn3 tspannhw 0x786d wontfallo weisk ggarvanese alexthetrainer jackysun10 thebenisson kelsierluthadel verbsisthehomie hansidieter2020 npocmak c1sc0 techcrazi qxzsilver1 jevlomcn mdf-git thomasxm egida stpulleyking adelkedjour adelynx gilangrama norxciel quinog brainrape23 monarchx-xmat akatiggerx04

awesome-censys-queries's Issues

Empire C2

Description
Empire C2 Servers ( hxxps://bc-security[.]gitbook[.]io/empire-wiki/ )

Censys Search Query
Empire C2.

same_service(services.http.response.body_hash: "sha1:bc517bf173440dad15b99a051389fadc366d5df2" AND services.http.response.headers.expires: 0 and services.http.response.headers.cache_control: "*")

NimPlant C2 Detection

Description
Detect NimPlant C2 Servers - https://github.com/chvancooten/NimPlant

The body hash part of the query, while the body seems fairly generic the hits right now all match the same servers so it could prove an additional method of detection for the cases where a reverse proxy is used to hide the server header.

Censys Search Query
NimPlant C2.

services.http.response.headers.Server="NimPlant C2 Server" OR services.http.response.body_hashes="sha256:636d68bd1bc19d763de95d0a6406f4f77953f9973389857353ac445e2b6fff87"

Additional context
Reference: https://twitter.com/chvancooten/status/1629911090774589442

Nighthawk C2

Description
Detect [Nighthawk C2] (https://www.mdsec.co.uk/nighthawk/) Servers

Censys Search Query
Nighthawk C2 Servers.

same_service(services.banner="HTTP/1.1 404 Not Found\r\nDate:  <REDACTED>\r\nX-Test: 2\r\nServer: Apache\r\nContent-Length: 20\r\n" and services.http.response.body_hashes="sha256:d872e8e4176213ea84ebc76d8fb621c31b4ca116fd0a51258813e804fe110ca4")

Additional context
Reference: No longer available.

Brute Ratel C4

Description
Detection of Brute Ratel C4 Servers ( hxxps://bruteratel[.]com/ )

Censys Search Query
A query written in the Brute Ratel C4 Server.

services.http.response.body_hash="sha1:1a279f5df4103743b823ec2a6a08436fdf63fe30"

Potential Malware Hosting Sites

Description
Open Directory Listing Host with suspicious filenames in their contents.

Censys Search Query
Malware Hosting Sites.

same_service((services.http.response.html_title:"Index of /" OR services.http.response.html_title:"Directory Listing for /") AND services.http.response.body: /.*?(metasploit|cobaltstrike|sliver|covenant|brc4|bruteratel|(badger|shellcode|sc|beacon|artifact|payload|teamviewer|anydesk|mimikatz|cs)\.(exe|ps1|vbs|bin)).*/)

Additional context
Common malware frameworks and initial payloads list on an Open Directory site. The list of filenames could easily be extended to other frameworks, names, details, etc...

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.