initial commit via gitinitshit

This commit is contained in:
2025-08-02 12:42:31 -06:00
commit f3b8d793a7
63 changed files with 2173 additions and 0 deletions
+9
View File
@@ -0,0 +1,9 @@
* text eol=lf
*.txt text eol=lf
*.sh text eol=lf
*.ini text eol=lf
*.yml text eol=lf
*.md text eol=
.env text eol=lf
*.ps1 text eol=crlf
*.bat text eol=crlf
+218
View File
@@ -0,0 +1,218 @@
---
- name: 'Configure Remote Servers'
hosts: remoteservers
vars_files:
- './variables.yml'
tasks:
# packages
- name: 'Updating apt cache'
apt:
force_apt_get: True
update_cache: True
- name: 'Upgrading all apt packages'
apt:
force_apt_get: True
upgrade: full
become: yes
- name: 'Selected packages to install:'
debug:
msg: "{{ item }}"
loop: "{{ list_of_packages }}"
- name: "Installing packages"
apt:
force_apt_get: True
name: "{{ list_of_packages }}"
state: present
- name: 'Remove useless packages from the cache'
apt:
force_apt_get: True
autoclean: yes
- name: 'Run the equivalent of apt-get clean'
apt:
force_apt_get: True
clean: yes
# add and configure the user
- name: "Add the user {{ new_username }}"
user:
name: "{{ new_username }}"
shell: "{{ login_shell }}"
# password: "{{ user_password }}"
groups: 'sudo,www-data'
append: yes
- name: "Set authorized key for {{ new_username }}"
ansible.posix.authorized_key:
user: "{{ new_username }}"
key: "{{ ssh_key_auth }}"
state: present
# zsh
- name: 'Setting up zsh'
blockinfile:
path: "/home/{{ new_username }}/.zshrc"
block: |
# Set up the prompt
autoload -Uz promptinit
promptinit
prompt adam1
setopt histignorealldups sharehistory
# Use emacs keybindings even if our EDITOR is set to vi
bindkey -e
# Keep 1000 lines of history within the shell and save it to ~/.zsh_history:
HISTSIZE=1000
SAVEHIST=1000
HISTFILE=~/.zsh_history
# Use modern completion system
autoload -Uz compinit
compinit
zstyle ':completion:*' auto-description 'specify: %d'
zstyle ':completion:*' completer _expand _complete _correct _approximate
zstyle ':completion:*' format 'Completing %d'
zstyle ':completion:*' group-name ''
zstyle ':completion:*' menu select=2
eval "$(dircolors -b)"
zstyle ':completion:*:default' list-colors ${(s.:.)LS_COLORS}
zstyle ':completion:*' list-colors ''
zstyle ':completion:*' list-prompt %SAt %p: Hit TAB for more, or the character to insert%s
zstyle ':completion:*' matcher-list '' 'm:{a-z}={A-Z}' 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=* l:|=*'
zstyle ':completion:*' menu select=long
zstyle ':completion:*' select-prompt %SScrolling active: current selection at %p%s
zstyle ':completion:*' use-compctl false
zstyle ':completion:*' verbose true
zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#)*=0=01;31'
zstyle ':completion:*:kill:*' command 'ps -u $USER -o pid,%cpu,tty,cputime,cmd'
eval $(thefuck --alias fuck)
PATH=~/.local/bin/:$PATH
mode: '0744'
owner: "{{ new_username }}"
group: "{{ new_username }}"
state: present
create: True
# ufw
- name: 'UFW default allow everything outgoing'
community.general.ufw:
default: allow
direction: 'outgoing'
- name: 'UFW default deny everything incoming'
community.general.ufw:
default: deny # reject to throw error instead of drop quietly
direction: 'incoming'
- name: 'UFW enable logging'
community.general.ufw:
logging: 'on'
- name: 'UFW selected rules:'
debug:
msg: "{{item.name}}/{{item.proto}}"
loop: "{{ open_services }}"
- name: 'UFW setting rules'
community.general.ufw:
rule: allow
port: "{{ item.name }}"
proto: "{{ item.proto }}"
loop: "{{ open_services }}"
- name: 'UFW enable'
community.general.ufw:
state: enabled
become: yes
# unattended upgrades
- name: 'Unattended upgrades initial dpkg reconfigure'
command:
cmd: 'dpkg-reconfigure -f noninteractive unattended-upgrades'
become: yes
- name: 'Unattended upgrades configure 20auto-upgrades'
blockinfile:
dest: '/etc/apt/apt.conf.d/20auto-upgrades'
block: |
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
mode: '0644'
owner: 'root'
group: 'root'
state: present
insertafter: EOF
become: yes
- name: 'Unattended upgrades configure 50unattended-upgrades'
blockinfile:
dest: '/etc/apt/apt.conf.d/50unattended-upgrades'
block: |
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "{{ reboot_time }}";
create: True
insertafter: EOF
mode: '0644'
owner: 'root'
group: 'root'
become: yes
- name: 'Unattended upgrades configure daily timer'
lineinfile:
path: '/lib/systemd/system/apt-daily-upgrade.timer'
regexp: '^OnCalendar'
line: "OnCalendar=*-*-* {{ install_time }}"
state: present
become: yes
- name: 'Unattended upgrades configure reboot offset'
lineinfile:
path: '/lib/systemd/system/apt-daily-upgrade.timer'
regexp: '^RandomizedDelaySec'
line: "RandomizedDelaySec={{ reboot_offset }}"
state: present
become: yes
- name: 'Unattended upgrades last dpkg reconfigure'
command:
cmd: 'dpkg-reconfigure -f noninteractive unattended-upgrades'
become: yes
# customscripts
- name: 'Customscripts download'
git:
repo: "{{ custom_scripts_repo }}"
dest: '/tmp/cscripts'
- name: "Create directory {{ custom_scripts_dir }}"
file:
path: "{{ custom_scripts_dir }}"
state: directory
mode: '0755'
owner: 'root'
group: 'root'
become: yes
- name: 'Customscripts installing'
command:
cmd: "cp /tmp/cscripts/customscripts/{{ item }} {{ custom_scripts_dir }}"
loop: "{{ custom_scripts }}"
become: yes
- name: 'Customscripts activating'
command:
cmd: "chmod 755 {{ custom_scripts_dir }}/{{ item }}"
loop: "{{ custom_scripts }}"
become: yes
# crontabs
- name: 'Crontab chkrootkit'
cron:
name: 'chkrootkit'
minute: '0'
hour: '8'
user: 'root'
job: 'chkrootkit -q'
state: present
become: yes
- name: 'Crontab lynis'
cron:
name: 'lynis'
minute: '0'
hour: '11'
user: 'root'
job: 'lynis -q'
state: present
become: yes
# enable services
- name: 'enable/restart nginx'
service:
name: 'nginx'
enabled: True
state: 'restarted'
become: yes
- name: 'enable/restart ssh'
service:
name: 'ssh'
enabled: True
state: 'restarted'
become: yes
+2
View File
@@ -0,0 +1,2 @@
[remoteservers]
someserver ansible_user=root ansible_host=1.1.1.1
+10
View File
@@ -0,0 +1,10 @@
cd ~ && mkdir ansible-playbook && cd ansible-playbook
ansible-playbook ansible-playbook.yml -i inventory.ini
ansible remoteservers -m ping
# errata
ssh root@ip
passwd princesspi
sudo nano /etc/ssh/sshd_config
sudo ufw allow 8888
sudo bash /usr/share/customscripts/crowdsec.sh
+230
View File
@@ -0,0 +1,230 @@
- name: "Install python3"
apt:
name: python3
state: present
- name: "Install python3-pip"
apt:
name: python3-pip
state: present
- name: "Install python3-virtualenv"
apt:
name: python3-virtualenv
state: present
- name: "Install thefuck"
apt:
name: thefuck
state: present
- name: "Install python3-setuptools"
apt:
name: python3-setuptools
state: present
- name: "Install nginx"
apt:
name: nginx
state: present
- name: "Install wget"
apt:
name: wget
state: present
- name: "Install htop"
apt:
name: htop
state: present
- name: "Install btop"
apt:
name: btop
state: present
- name: "Install lynx"
apt:
name: lynx
state: present
- name: "Install neovim"
apt:
name: neovim
state: present
- name: "Install docker.io"
apt:
name: docker.io
state: present
- name: "Install docker-compose"
apt:
name: docker-compose
state: present
- name: "Install screen"
apt:
name: screen
state: present
- name: "Install byobu"
apt:
name: byobu
state: present
- name: "Install zsh"
apt:
name: zsh
state: present
- name: "Install nmap"
apt:
name: nmap
state: present
- name: "Install iptraf"
apt:
name: iptraf
state: present
- name: "Install iotop"
apt:
name: iotop
state: present
- name: "Install zip"
apt:
name: zip
state: present
- name: "Install unzip"
apt:
name: unzip
state: present
- name: "Install net-tools"
apt:
name: net-tools
state: present
- name: "Install git"
apt:
name: git
state: present
- name: "Install chkrootkit"
apt:
name: chkrootkit
state: present
- name: "Install fail2ban"
apt:
name: fail2ban
state: present
- name: "Install lynis"
apt:
name: lynis
state: present
# thefuck
- name: "thefuck append to .zshrc"
lineinfile:
path: "/home/{{ username }}/.zshrc"
line: 'eval $(thefuck --alias fuck)'
insertafter: EOF
mode: '0744'
owner: "{{ username }}"
group: "{{ username }}"
state: present
create: True
# PATH
- name: ".zshrc PATH adding ~/.local/bin"
lineinfile:
path: "/home/{{ username }}/.zshrc"
line: 'PATH=~/.local/bin/:$PATH'
state: present
insertafter: EOF
mode: "0744"
owner: "{{ username }}"
group: "{{ username }}"
create: True
become: True
become_method: su
become_user: "{{ username }}"
# ssh
- name: "SSH allow {{ username }} only"
lineinfile:
path: '/etc/ssh/sshd_config'
line: "AllowUsers {{ username }}"
state: present
insertafter: EOF
mode: "0644"
owner: root
group: root
- name: 'SSH disable password auth'
lineinfile:
path: '/etc/ssh/sshd_config'
regexp: '^PermitRootLogin'
line: 'PermitRootLogin no'
state: present
insertafter: EOF
mode: "0644"
owner: root
group: root
- name: "UFW allow ssh"
community.general.ufw:
rule: allow
port: ssh
proto: tcp
delete: true
- name: "UFW allow http"
community.general.ufw:
rule: allow
port: http
proto: any
delete: true
- name: "UFW allow https"
community.general.ufw:
rule: allow
port: https
proto: any
delete: true
- name: 'Customscripts download'
command:
cmd: 'git clone https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup.git /tmp/cscripts'
become: yes
- name: "Create directory {{ custom_scripts_dir }}"
file:
path: "{{ custom_scripts_dir }}"
state: directory
mode: '0755'
owner: 'root'
group: 'root'
become: yes
- name: 'Customscripts copy add_user_ssh.sh'
copy:
remote_src: False
src: '/tmp/cscripts/customscripts/add_user_ssh.sh'
dest: "{{ custom_scripts_dir }}/add_user_ssh.sh"
mode: '0744'
owner: 'root'
group: 'root'
become: yes
- name: "Customscripts copy crowdsec.sh"
copy:
remote_src: False
src: '/tmp/cscripts/customscripts/crowdsec.sh'
dest: "{{ custom_scripts_dir }}/crowdsec.sh"
mode: '0744'
owner: 'root'
group: 'root'
become: yes
- name: "Customscripts copy fix_permissions.sh"
copy:
remote_src: False
src: '/tmp/cscripts/customscripts/fix_permissions.sh'
dest: "{{ custom_scripts_dir }}/fix_permissions.sh"
mode: '0744'
owner: 'root'
group: 'root'
become: yes
# crowdsec
- name: 'Crowdsec'
command:
cmd: "bash {{ custom_scripts_dir }}/crowdsec.sh"
become: yes
- name: 'enable/restart crowdsec'
service:
name: 'crowdsec'
enabled: True
state: 'restarted'
+48
View File
@@ -0,0 +1,48 @@
new_username: 'princesspi'
install_time: '02:00'
reboot_time: '03:00'
reboot_offset: '20m'
login_shell: '/usr/bin/zsh' # which zsh
custom_scripts_dir: '/usr/share/customscripts'
custom_scripts_repo: 'https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup.git'
# password is precalculated hash
# mkpasswd --method=sha-512
# defaultpassword###
# user_password: '$6$n3ybB6uVX.BwKiR4$vjENClERci2hmAkn9d9a8EUFAfnUlsH.R6/8EIXx1bu.k.bC7l/aE//s9ONw/PcbSQ2.hRdUgjxFrJ54/NhBm0'
ssh_key_auth: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2D+9oYQlTnu1zeVi2gHfTKE7+DDWiu1EibXNwB9g72'
list_of_packages:
- 'unattended-upgrades'
- 'python3'
- 'python3-pip'
- 'python3-virtualenv'
- 'python3-setuptools'
- 'thefuck'
- 'nginx'
- 'wget'
- 'htop'
- 'btop'
- 'lynx'
- 'neovim'
- 'docker.io'
- 'docker-compose'
- 'screen'
- 'byobu'
- 'zsh'
- 'nmap'
- 'iptraf'
- 'iotop'
- 'zip'
- 'unzip'
- 'net-tools'
- 'git'
- 'chkrootkit'
- 'fail2ban'
- 'lynis'
open_services:
- { name: 'ssh', proto: 'tcp' }
- { name: 'http', proto: 'tcp' }
- { name: 'https', proto: 'tcp' }
custom_scripts:
- 'crowdsec.sh'
- 'add_user_ssh.sh'
- 'fix_permissions.sh'
+87
View File
@@ -0,0 +1,87 @@
0) Anything inside < and > for example <service name> is a bit of text you provide so if I say "<password>" you would replace with something like "password123"
1) acquire btc
spot app
coinmama
2) tumble btc deep web
3) put btc in deep web wallet
4) launch host on bithost
https://bithost.io
// Ubuntu 20.04 LTS with minimum 1gb RAM
5) lock down bitohst jump box to VPN IP
6) generate keys on bithost
5) get key from sporehost and launch server
http://spore64i5sofqlfz5gq2ju4msgzojjwifls7rok2cti624zyq3fcelad.onion/
6) log in from bithost on VPN
sudo -i
apt update
apt upgrade
ufw allow ssh
ufw enable
apt install apache2 tor mysql-server php libapache2-mod-php php-mysql php-curl php-gd screen iotop zip unzip lynx htop chkrootkit lynis certbot fail2ban python3 python3-pip curl nmap
a2enmod ssl
systemctl restart apache2
mysql_secure_installation
password validation: 2
// update phpmyadmin repo/install from git pull
// this is a workaround for an old phpmyadmin repo on the 20.04 LTS
// mysql -h localhost -u root -p
// UNINSTALL COMPONENT 'file://component_validate_password';
// CREATE USER 'rootuser'@'localhost' IDENTIFIED BY '<Secure Password>'; // REMEMBER THIS PASSWORD
// GRANT ALL PRIVILEGES ON *.* TO 'rootuser'@'localhost';
// FLUSH PRIVILEGES;
// quit;
apt install phpmyadmin //change to git pull OR updated manual repo
[x] apache2
[x] YES
[Secure Password] // REMEMBER THIS PASSWORD
cd /var/www/html
ln -s /usr/share/phpmyadmin
mv phpmyadmin pma
//to access phpmyadmin, go to http://<ip address>/pma //log in with user rootuser and your password from before
systemctl enable tor
systemctl start tor
mkdir /var/www/<servicename>
nano /etc/tor/torrc
Ctrl+W "hidden"
>uncomment hidden service 127.0.0.1:80
>uncomment hidden service dir, name /var/lib/tor/<servicename>
Ctrl+X
Y
systemctl restart tor
comment out logging
nano /etc/apache2/sites-available/<service name>.conf
<VirtualHost localhost:80>
DocumentRoot /var/www/<servicename>
</VirtualHost>
Ctrl+X
Y
a2ensite <service name>
systemctl restart apache2
cat /var/lib/tor/<service name>/hostname
save onion address, its your hostname!
// scallion
mkdir /usr/share/scripts
nano /usr/share/scripts/perms.sh
```
#!/bin/bash
chown -R www-data:www-data /var/www/*
find /var/www/* -type d -exec chmod g=rwx "{}" \;
find /var/www/* -type f -exec chmod g=rw "{}" \;
```
Ctrl+X
Y
chmod +x /usr/share/scripts/perms.sh
sh /usr/share/scripts/perms.sh
crontab -e
1
at bottom add
```
0 8 * * * chkrootkit -q
0 11 * * 0 lynis -q
0 */6 * * * apt update; apt -y upgrade;
```
Ctrl+X
Y
+84
View File
@@ -0,0 +1,84 @@
1) acquire btc
spot app
coinmama
2) tumble btc deep web
3) put btc in deep web wallet
4) launch host on bithost
https://bithost.io
// Ubuntu 20.04 LTS with minimum 1gb RAM
5) lock down bitohst jump box to VPN IP
6) generate keys on bithost
5) get key from sporehost and launch server
http://spore64i5sofqlfz5gq2ju4msgzojjwifls7rok2cti624zyq3fcelad.onion/
6) log in from bithost on VPN
sudo -i
apt update
apt upgrade
ufw allow ssh
ufw enable
apt install apache2 tor mysql-server php libapache2-mod-php php-mysql php-curl php-gd screen iotop zip unzip lynx htop chkrootkit lynis certbot fail2ban python3 python3-pip curl nmap
a2enmod sslsystemctl restart apache2
mysql_secure_installation
password validation: 2
// this is a workaround for an old phpmyadmin repo on the 20.04 LTS
// mysql -h localhost -u root -p
// UNINSTALL COMPONENT 'file://component_validate_password';
// CREATE USER 'rootuser'@'localhost' IDENTIFIED BY '<Secure Password>'; // REMEMBER THIS PASSWORD
// GRANT ALL PRIVILEGES ON *.* TO 'rootuser'@'localhost';
// FLUSH PRIVILEGES;
// quit;
apt install phpmyadmin //change to git pull OR updated manual repo
[x] apache2
[x] YES
[Secure Password] // REMEMBER THIS PASSWORD
cd /var/www/html
ln -s /usr/share/phpmyadmin
mv phpmyadmin pma
//to access phpmyadmin, go to http://<ip address>/pma //log in with user rootuser and your password from before
systemctl enable tor
systemctl start tor
mkdir /var/www/<servicename>
nano /etc/tor/torrc
Ctrl+W "hidden"
>uncomment hidden service 127.0.0.1:80
>uncomment hidden service dir, name /var/lib/tor/<servicename>
Ctrl+X
Y
systemctl restart tor
comment out logging
nano /etc/apache2/sites-available/<service name>.conf
<VirtualHost localhost:80>
DocumentRoot /var/www/<servicename>
</VirtualHost>
Ctrl+X
Y
a2ensite <service name>
systemctl restart apache2
cat /var/lib/tor/<service name>/hostname
save onion address, its your hostname!
// scallion
mkdir /usr/share/scripts
nano /usr/share/scripts/perms.sh
```
#!/bin/bash
chown -R www-data:www-data /var/www/*
find /var/www/* -type d -exec chmod g=rwx "{}" \;
find /var/www/* -type f -exec chmod g=rw "{}" \;
```
Ctrl+X
Y
chmod +x /usr/share/scripts/perms.sh
sh /usr/share/scripts/perms.sh
crontab -e
1
at bottom add
```
0 8 * * * chkrootkit -q
0 11 * * 0 lynis -q
0 */6 * * * apt update; apt -y upgrade;
```
Ctrl+X
Y
+123
View File
@@ -0,0 +1,123 @@
#IPTABLES RULES
iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP
iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP
iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP
iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j DROP
iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP
iptables -t mangle -A PREROUTING -s 0.0.0.0/8 -j DROP
iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP
iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP
iptables -t mangle -A PREROUTING -p icmp -j DROP
iptables -A INPUT -p tcp -m connlimit --connlimit-above 80 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/s --limit-burst 20 -j ACCEPT
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
iptables -t mangle -A PREROUTING -f -j DROP
iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT
iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP
iptables -t raw -A PREROUTING -p tcp -m tcp --syn -j CT --notrack
iptables -A INPUT -p tcp -m tcp -m conntrack --ctstate INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --set
iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP
iptables -N port-scanning
iptables -A port-scanning -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s --limit-burst 2 -j RETURN
iptables -A port-scanning -j DROP
iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:"
iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:"
iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
iptables -A INPUT -m recent --name portscan --remove
iptables -A FORWARD -m recent --name portscan --remove
iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP
iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP
#KERNEL RULES
kernel.printk = 4 4 1 7
kernel.panic = 10
kernel.sysrq = 0
kernel.shmmax = 4294967296
kernel.shmall = 4194304
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
vm.swappiness = 20
vm.dirty_ratio = 80
vm.dirty_background_ratio = 5
fs.file-max = 2097152
net.core.netdev_max_backlog = 262144
net.core.rmem_default = 31457280
net.core.rmem_max = 67108864
net.core.wmem_default = 31457280
net.core.wmem_max = 67108864
net.core.somaxconn = 65535
net.core.optmem_max = 25165824
net.ipv4.neigh.default.gc_thresh1 = 4096
net.ipv4.neigh.default.gc_thresh2 = 8192
net.ipv4.neigh.default.gc_thresh3 = 16384
net.ipv4.neigh.default.gc_interval = 5
net.ipv4.neigh.default.gc_stale_time = 120
net.netfilter.nf_conntrack_max = 10000000
net.netfilter.nf_conntrack_tcp_loose = 0
net.netfilter.nf_conntrack_tcp_timeout_established = 1800
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 10
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 20
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 20
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 20
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 20
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 10
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.ip_no_pmtu_disc = 1
net.ipv4.route.flush = 1
net.ipv4.route.max_size = 8048576
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_congestion_control = htcp
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144
net.ipv4.tcp_rmem = 4096 87380 33554432
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 4096 87380 33554432
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 400000
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_ecn = 2
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 60
net.ipv4.tcp_keepalive_probes = 10
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.rp_filter = 1
@@ -0,0 +1,16 @@
<VirtualHost $IP:443>
DocumentRoot /var/www/$DOMAIN
ServerName $DOMAIN
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/$DOMAIN/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN/privkey.pem
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128"
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
</VirtualHost>
<VirtualHost $IP:80>
ServerName $DOMAIN
Redirect permanent / https://$DOMAIN/
</VirtualHost>
+3
View File
@@ -0,0 +1,3 @@
0 8 * * * chkrootkit -q
0 11 * * 0 lynis -q
0 0 * * * apt update; apt upgrade -y
+148
View File
@@ -0,0 +1,148 @@
Ubuntu 24.04.3LTS
PHP-default
Apache2
MySQL+phpmyadmin
# Step 1
sudo -i
apt update
apt -y upgrade
reboot
# Step 2
nano /etc/ssh/sshd_config
Change `#PasswordAuthentication yes` to `PasswordAuthentication no`
Add line
`AllowUsers <username>`
# Step 3
ON WINDOWS:
Via PowerShell
enable OpenSSH in PowerShell: https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse
ssh-keygen -t ed25519 -C "<your email address>"
use a STRONG PASSPHRASE
Hit [Enter] to save keys at DEFAULT location
to get your rsa PUBLIC key, do:
Press [Windows Logo Key/Start]+R
Put in `notepad %USERPROFILE%/.ssh/id_ed25519.pub`
hit Enter
copy all the text in that file
# Technical details: it saves private key at %USERPROFILE%/.ssh/id_ed25519
# private key example: C:\Users\potatouser\.ssh\id_ed25519
# public key example: C:\Users\potatouser\.ssh\id_ed25519.pub
ON UBUNTU
mkdir ~/.ssh
chmod 700 ~/.ssh
nano ~/.ssh/authorized_keys
<paste rsa PUBLIC key>
chmod 600 ~/.ssh/authorized_keys
sudo systemctl reload sshd
TO CONNECT
SSH with Windows PowerShell
Powershell is installed by default on Windows 10/11
ssh <username>@<ipaddress>
Manage Files with WinSCP:
install winscp https://winscp.net/eng/download.php
install puttygen https://www.puttygen.com/download.php?val=4
run puttygen
Click Load
Select private key at %USERPROFILE%/.ssh/id_ed25519
copy and paste the string of text beginning in ssh-ed25519 and paste
save public and private key to %USERPROFILE%/.ssh/ under a %USERPROFILE%/.ssh/id_ed25519.ppk (private)
and %USERPROFILE%/.ssh/id_ed25519.ppk.pub (public)
run winscp
click new site
protocol: SFTP
host name: <server/ip>
username: <username>
port number: 22
click Advanced
on left panel under SSH click Authentication
Browse for private key at %USERPROFILE%/.ssh/id_ed25519.ppk
ok
save
# Step 4
sudo apt install -y git
# download and install scripts and tools
cd ~
git clone https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup.git
sudo -i
apt install -y apache2 snapd mysql-server byobu nmap screen iotop zip unzip lynx htop php php-cli php-fpm php-json php-common php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath unattended-upgrades net-tools python3 python3-pip unison
snap install btop
# secure mysql
mysql_secure_installation
# follow directions, defaults are fine just remember what you set as the root password
# install and config phpmyadmin
apt install -y phpmyadmin
ln -s /usr/share/phpmyadmin /var/www/html/pma
# phpmyadmin will be accessable from the public internet at http://<your server ip>/pma
# ensure your passwords are up to snuff
// TODO: prolly should do some other security shit to protect phpmyadmin
systemctl restart apache2
systemctl restart mysql
# add user to web server group
usermod -a -G www-data <username>
# unattended upgrades
dpkg-reconfigure unattended-upgrades
nano /etc/apt/apt.conf.d/50unattended-upgrades
change `//Unattended-Upgrade::Automatic-Reboot "false";` to `Unattended-Upgrade::Automatic-Reboot "true";`
change `//Unattended-Upgrade::Remove-Unused-Dependencies "false";` to `Unattended-Upgrade::Remove-Unused-Dependencies "true";`
change `//Unattended-Upgrade::Mail "root@localhost";` to Unattended-Upgrade::Mail "<your admin email>";`
systemctl start unattended-upgrades && systemctl enable unattended-upgrades
unattended-upgrade -d -v //test unattended upgrades
# uncomplicated firewall setup
ufw allow http
ufw allow https
ufw allow ssh
ufw enable
reboot
// TODO: backups setup needs more work, not working at current
// make unison script pls
// SKIP backups section for now
# backups
sudo -i
mkdir -p /backups/log
mkdir /backups/backups
ln -s /var/backups /backups/system
cp -r /home/<user>/general-scripts-and-system-ssssssetup/customscripts /usr/share
chmod +x /usr/share/customscripts/*sh
nano /usr/share/customscripts/backup.sh //edit to add dirs to back up
sh /usr/share/customscripts/crowdsec.sh
screen -R backups
sh /usr/share/customscripts/backup.sh
Ctrl+A+D
sh /usr/share/customscripts/fix_permissions.sh
# Step 5
# install some cool securiy tools
apt install -y chkrootkit lynis certbot fail2ban
crontab -e //instal crons from /home/<user>/general-scripts-and-system-ssssssetup/crontab.txt
apt install -y tripwire
Follow directions and utilize secure passphrase DO NOT LOSE PASSPHRASE
# as primary user (NOT root or sudo, run `exit` if in doubt)
pip3 install thefuck
echo "# user addons" >> ~/.bashrc
echo "PATH=~/.local/bin/:$PATH" >> ~/.bashrc
echo 'eval "$(thefuck --alias)"' >> ~/.bashrc
echo 'HISTTIMEFORMAT="%Y-%m-%d %T "' >> ~/.bashrc
source ~/.bashrc
Step 6: # optional
IF you want to use sudo without password check:
sudo visudo
for ONE user:
select editor of your choice
add `<username> ALL=(ALL) NOPASSWD: ALL`
OR for all users in the sudo group
comment out the line beginning with %sudo soi it looks like #%sudo
add `%sudo ALL=(ALL) NOPASSWD: ALL` on any new line
save and exit
sudo reboot
+67
View File
@@ -0,0 +1,67 @@
* General Guides and Scripts for:
* Ubuntu Server LAMP (20.04 LTS)
* Dark Web Hosting (LAMP on 20.04 LTS)
* General Windows 10 and mobile security guide
Install customscripts on linux with
`curl -s https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup/-/raw/master/customscripts/install_script.sh?nocache=$RANDOM | sudo "$SHELL"`
## Usage
### Linux
#### git helpers
* `gitinitshit`
* `gitshit`
* `gitsync`
* `syncstatus`
* `waypoint`
*
#### security helpers
* `backup.sh`
* `binwalk-tool`
* `configuree_webhook.sh`
* `connect-wifi`
* `crowdsec.sh`
* `find_bytes`
* `fix-wifi`
* `add_user_ssh`
* `wifi-monitor-airX`
* `recursive-analysis`
* `large_file_search_for_hash`
#### monitoring
* `mon-watch`
* `monitor_pid`
* `webhook`
#### setup and general scripts
* `ifnet`
* `install_script.sh`
* `pyenv_setup`
* `xrdp-start`
* `add_apache2_site`
### Windowwz
#### git helpers
* `gitshit.ps1`
* `gitsync.ps1`
* `syncstatus.ps1`
* `waypoint.ps1`
#### linux-like hashing helpers
* `winhash.ps1`
* `md5sum.ps1`
* `sha256sum.ps1`
* `sha384sum.ps1`
* `sha512sum.ps1`
#### remote host tools
* `ssh-wait-loop.ps1`
* `wait-on-host.ps1`
* `testtime.ps1`
#### Windows system
* `redundant-backup.ps1`
* `windows-repair.bat`
todo:
1. windwows gitinitshit
2. convert windows-repair.bat to powershell and add more features and checks
1. automatic elevation request
2. update and improve security scan via windows defender
@@ -0,0 +1 @@
donkeydicks:pope:
+17
View File
@@ -0,0 +1,17 @@
if ($args) {
$message=$args -join ' '
} else {
if(test-path './version.txt') {
$message = $(get-content './version.txt')
} else {
$message = $(Get-Date -uformat "%s")
}
}
echo "git commit message: '$message'"
git add .
git commit -m "$message"
git push
echo "Done :3"
+20
View File
@@ -0,0 +1,20 @@
# todo, param and defaults these up
$remote_dir = "/var/www/html/Media-Viewer"
$remote_host = "pi3"
$remote_cmd = "echo REMOTE pull $remote_dir; git -C $remote_dir pull; echo REMOTE add $remote_diradding; git -C $remote_dir add .; echo REMOTE commit $remote_dir; git -C $remote_dir commit -m `$(date +%s); echo REMOTE push $remote_dir; git -C $remote_dir push; echo -e `"\nREMOTE status $remote_dir\n`"; git -C $remote_dir status;"
echo "`nLOCAL pulling`n"
git pull
echo "`nLOCAL adding, comitting and pushing`n"
gitshit # usin gitshit here lmfao maybe make message a param
echo "`nLOCAL status`n"
git status
# run da REMOTE
echo "`nREMOTE running sync"
ssh $remote_host "/bin/bash -c $remote_cmd"
echo "`nLOCAL status`n"
git status
+6
View File
@@ -0,0 +1,6 @@
param (
[Parameter(Mandatory=$true)]
[string]$infile
)
Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile MD5"
+25
View File
@@ -0,0 +1,25 @@
$counter = 1;
$paths_file = ".\paths.txt"
$destination_dir = ""
$sleep_seconds = 90
# infinite loop to run through to and loop every $sleep_seconds seconeds
while($true) {
Write-Host "`n`nNew Rotation!`n`tRotation $counter `n`tCopying...`n`n"
# loop through paths in $paths_file
foreach($line in Get-Content "$paths_file") {
Clear-Host
Write-Host "Handling $line on rotation $counter"
# copy the path
$path = $line
# split $line by \ and return last element
$dirname = $line -split "\\" | Select-Object -Last 1
# do the copy
robocopy /e /z $path $destination_dir\$dirname
}
Clear-Host
Write-Host "`n`nFinished Rotation $counter`n`tSleeping 90 Seconds...`n`n"
# sleep wont start until robopy loop is finished
Start-Sleep -Seconds $sleep_seconds # sleep $sleep_seconds seconds
$counter++;
}
+74
View File
@@ -0,0 +1,74 @@
# `pwsh.exe -c "`"C:\path\to\redundant-backup.ps1`" -logFile `"`" -simpleLogFile `"`""`
# `Start-Process -filepath "C:\path\to\redundant-backup.ps1" -logFile "" -simpleLogFile ""`
# `redundant-backup -logFile "" -simpleLogFile ""`
param([string] $logFile,
[string] $simpleLogFile
)
$startUnixSeconds = get-date -uformat "%s" # unix epoch seconds for duration
$startDateHuman = get-date # human readable begin date
$startDateFilename = get-date -format 'yyyy-MM-dd-hhmm' # filename friendly date format
$warningFile = "C:\Users\human\OneDrive\Desktop\backup_error_$startDateFilename.log" # file to create to notify of a failure
$jobName = "Weekly-Backup-$startDateFilename" # name for job in case wanna restart an interrupted one
$resticRunning = "E:\restic_backups_rolling" # from dir (restic)
$redundantLocal = "D:\restic_backups_redundancy_rolling" # to dir (local drive)
$redundantLocalNetwork = "R:\restics_backups_redundancy_rolling" # to dir (network mapped drive location)
$redundantAirGap = "S:\restic_backups_redundancy_rolling" # set backup usb to use S
$logGuideString = "Verb | Current Date and Time (Current Time Unix Seconds) | Start Date and Time (Start Time Unix Seconds) | Time Elapsed in Seconds | From Directory | To Directory | Job Name | Exit Status"
function appendToLog {
param([string]$verb="INFO", [string]$exitCode="NONE", [string]$log="$logFile", [string]$fromDir="NONE", [string]$toDir="NONE")
$timeCalc = $(Get-Date -uformat "%s")-$startUnixSeconds
# Verb | Current Date and Time (Current Time Unix Seconds) | Start Date and Time (Start Time Unix Seconds) | Time Elapsed in Seconds | From Directory | To Directory | Job Name | Exit Status
$logString = "$verb | $(Get-Date) ($(Get-Date -uformat "%s")) | $startDateHuman ($startUnixSeconds) | $timeCalc | $fromDir | $toDir | $jobName | $exitCode"
echo "$logString"
echo "$logString" >> "$log"
}
function appendToErrorLog {
param ( $exceptionMessage, $part )
$errorString = "`nFAIL on $part`nException: $exceptionMessage`nVars:`n`tstartDateHuman: $startDateHuman`n`tstart: $startUnixSecondsUnixSecons`n`tappendToErrorLog: $appendToErrorLog`n`tlogFile: $logFile`n`twarningFile: $warningFile`n`tresticRunning: $resticRunning`n`tredundantLocal: $redundantLocal`n`tredundantLocalNetwork: $redundantLocalNetwork`n`tjobName: $jobName"
echo "$errorString"
try { echo "$errorString" > "$warningFile" } catch { echo "Error: $warningFile Not Found" }
}
function doBackup {
param ( [string]$fromDir="NONE", [string]$toDir="NONE", [string]$tagString="INFO" )
echo "`n$tagString"
echo "`tFollow log with:`n`t`tGet-Content `"$logFile`" -Wait -Tail 10`n"
appendToLog -verb "START-$tagString" -log "$logFile" -toDir "$toDir" -fromDir "$fromDir"
robocopy "$fromDir" "$toDir" /E /Z /FP /NP /R:2 /W:1 /SAVE:"$jobString" /LOG+:"$logFile"
appendToLog -verb "FINISH-$tagString" -exitCode "$?" -log "$logFile" -toDir "$toDir" -fromDir "$fromDir"
}
echo "Initializing Logs"
touch "$runningFile"
echo "$logGuideString" > "$logFile"
appendToLog -verb "INITIALIZE-LOG-FILES" -exitCode "$?" -log "$logFile"
echo "`n$logGuideString`n"
# run da backupssss
doBackup -fromDir "$resticRunning" -toDir "$redundantLocal" -tagString "COPY-LOCAL" -jobString "$jobName" # local
appendToLog -verb "COPY-LOCAL" -exitCode "$?" -log "$logFile" -fromDir "$resticRunning" -toDir "$redundantLocal"
doBackup -fromDir "$resticRunning" -toDir "$redundantLocalNetwork" -tagString "COPY-LOCAL-NETWORK" -jobString "$jobName" # network
appendToLog -verb "COPY-LOCAL-NETWORK" -exitCode "$?" -log "$logFile" -fromDir "$resticRunning" -toDir "$redundantLocalNetwork"
doBackup -fromDir "$resticRunning" -toDir "$redundantAirGap" -tagString "COPY-AIRGAP" -jobString "$jobName" # airgap
appendToLog -verb "COPY-AIRGAP" -exitCode "$?" -log "$logFile" -fromDir "$resticRunning" -toDir "$redundantAirGap"
appendToLog -verb "DONE" -log "$logFile"
+6
View File
@@ -0,0 +1,6 @@
param (
[Parameter(Mandatory=$true)]
[string]$infile
)
Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA1"
+6
View File
@@ -0,0 +1,6 @@
param (
[Parameter(Mandatory=$true)]
[string]$infile
)
Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA256"
+6
View File
@@ -0,0 +1,6 @@
param (
[Parameter(Mandatory=$true)]
[string]$infile
)
Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA384"
+6
View File
@@ -0,0 +1,6 @@
param (
[Parameter(Mandatory=$true)]
[string]$infile
)
Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA512"
+11
View File
@@ -0,0 +1,11 @@
param(
[string]
$session = 'pi3'
)
while($True) {
ssh $session
echo "Waiting 5 Seconds..."
sleep 5
wait-on-host -hostname $session
}
+10
View File
@@ -0,0 +1,10 @@
$remote_host = "pi3"
$remote_dir = "/var/www/html/Media-Viewer"
echo "LOCAL: pulling"
git pull
echo "LOCAL: status"
git status
ssh $remote_host "echo 'REMOTE: pulling'; git -C $remote_dir pull; echo 'REMOTE: status'; git -C $remote_dir status"
+7
View File
@@ -0,0 +1,7 @@
# usage:
# testtime "some powershell command string"
param([string] $cmd)
$start=$(get-date -uformat "%s")
invoke-expression "$cmd"
$end=$(get-date -uformat "%s")
echo "`n`ntime: $($end - $start)`n`n"
+85
View File
@@ -0,0 +1,85 @@
# usage:
# `.\wait-on-host.ps1 -hostname <DOMAIN_NAME_OR_IP> -sleep <SECONDS_TO_SLEEP_PER_CYCLE> -pingcount <NUMBER_OF_TIMES_TO_PING_PER_ITERATION> -max <MAX_NUMBER_OF_ITERATIONS> -hold <SECONDS_TO_WAIT_AFTER_FIRST_RESPONSE>`
#
# defaults:
# hostname: cable-wind.local
# sleep: 25
# pingcount: 1
# max: 500
# hold: 30
# ex. `.\wait-on-host.ps1 -hostname google.com -sleep 10 -pingcount 5`
param(
[string]
$hostname = "cable-wind.local",
[int]
$sleep = 25,
[int]
$pingcount = 1,
[int]
$max = 500,
[bool]
$loop = 0, # 1 to loop
[int]
$hold = 30
)
if($hostname -eq 'help') {
echo "usage:`n`twait-on-host [help] -hostname <DOMAIN_NAME_OR_IP> -sleep <SECONDS_TO_SLEEP_PER_CYCLE> -pingcount <NUMBER_OF_TIMES_TO_PING_PER_ITERATION> -max <MAX_NUMBER_OF_ITERATIONS> -hold <SECONDS_TO_WAIT_AFTER_FIRST_RESPONSE>`n`twait-on-host help`n`t`tthis help message`n`twait-on-host 8.8.8.8`n`t`twait on 8.8.8.8 with defaults`n`tdefaults:`n`t`thostname: cable-wind.local`n`t`tsleep: 25`n`t`tpingcount: 1`n`t`tmax: 500`n`t`thold: 30`n`tex. wait-on-host -hostname google.com -sleep 10 -pingcount 5`n";
exit;
}
$iterations = 0;
while(1 -eq 1) { # infinite loop
echo "`nHost: $hostname" # Iterations: $iterations Count: $pingcount Sleep: $sleep Max: $max`n`tFlushing dns..."
echo "`tFlushing DNS"
ipconfig /flushdns >NUL 2>&1 # redirects output nowhere
if($?) {
echo "`t`tDone."
} else {
echo "`t`tFAILED TO FLUSH DNS! EXITING!"
exit
}
echo "`tPinging..."
# $pingObj = Test-Connection -Count $pingcount -TargetName "$hostname" # powershell Test-Connection -Ping is default and redundant
$pingObj = Test-Connection -Count $pingcount -TargetName "$hostname" 2>&1
if($pingObj.Status -eq "Success") { # if return status of abopve (ping -n 1...) is True
# $pingObj = Test-Connection -Count $pingcount -TargetName "$hostname" # powershell Test-Connection -Ping is default and redundant
$ip = $pingObj.Address.IPAddressToString # get the bare ip out
echo "`t`tSuccess!`n`t`tIP: $ip`n`t`tHost: $hostname`n`t`tURL (host): http://$hostname`n`t`tURL (IP): http://$ip"
if($loop) {
echo "Sleeping $sleep Seconds..."
sleep $sleep # sleepy time
} else {
echo "`nWaiting $hold Seconds to Make Sure..."
sleep $hold
echo "`nReady!`n"
break
}
} else {
echo "`t`tNOT FOUND YET"
echo "`nSleeping $sleep Seconds..."
sleep $sleep # sleepy time
}
if($iterations -gt $max) {
echo "`nMAX ITERATIONS OF $max REACHED! EXITINTG`n"
exit
}
$iterations++
}
+2
View File
@@ -0,0 +1,2 @@
git add .
git commit -m "waypoint"
+5
View File
@@ -0,0 +1,5 @@
@ECHO OFF
mrt
sfc /scannow
DISM /Online /Cleanup-Image /RestoreHealth
chkdsk /r C:
+38
View File
@@ -0,0 +1,38 @@
# Usage:
## .\winhash.ps1 <FILE> <ALGO>
## Algos Supported:
### MD5
### SHA1
### SHA256
### SHA384
### SHA512
## Example:
### .\winhash.ps1 sillyfilly.bin SHA256
## Outputs to terminal and to a text file
### Text file name format <input filepath>.<unix epoch microseconds>.<hashing algorithm>.txt
param (
[Parameter(Mandatory=$true)] # prompt for input if not specified via cli
[string]$infile,
[Parameter(Mandatory=$true)] # this 1 2 :pope:
[string]$algo
)
function Get-UnixMicroseconds {
$unixEpoch = [DateTimeOffset]'1970-01-01T00:00:00Z' # unix epoch constant
$currentTime = [DateTimeOffset]::UtcNow # current utc time
$timeDifferenceTicks = $currentTime.Ticks - $unixEpoch.Ticks # subtract current time from unix epoch constant in ticks
$microseconds = [Int64]($timeDifferenceTicks / 10) # use 64bit int, divide ticks by 10 to give microseconds
# I am literally using Unix microseconds because they are more fun than Unix seconds :pinkie:
return $microseconds
}
# jesus fuckin analbeads the selection of hash algos in powershell is weird and limited
# probably because Bill Gates and Satya Nadella get together with the other C-suite executives
# and hypergoon to leagelese in clickwrap agreements that absolves them of liability and
# lets them sell our private data and other assorted dickpics or sumtin idk man lmao
$hash = $(Get-FileHash -Path $infile -Algorithm $algo | Format-List) # do da fookin hashin right dafucc here
echo $hash # show user
echo $hash > "$infile.$(Get-UnixMicroseconds).$algo.txt" # make the txt file
+18
View File
@@ -0,0 +1,18 @@
# CUSTOM STUFFS
# custom scripts https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup
PATH="$PATH:/usr/share/customscripts"
# pico SDK https://github.com/raspberrypi/pico-sdk
export PICO_SDK_PATH='/home/kali/pico-sdk'
# esp-install-custom https://github.com/PrincessPi3/esp-install-custom
alias get_idf='. /home/princesspi/esp/esp-idf/export.sh'
alias run_esp_reinstall='git -C /home/princesspi/esp/esp-install-custom pull;echo -e "\nOld Version:";tail -1 /home/princesspi/esp/version-data.log;echo -e "\n";bash /home/princesspi/esp/esp-install-custom/reinstall-esp-idf.sh'
alias esp_monitor='tail -n 75 -f /home/princesspi/esp/install.log'
alias esp_logs='less /home/princesspi/esp/version-data.log;less /home/princesspi/esp/install.log'
export ESPIDF_INSTALLDIR="/home/princesspi/esp"
# pyenv https://github.com/pyenv/pyenv
export PYENV_ROOT="$HOME/.pyenv"
[[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH"
eval "$(pyenv init - zsh)"
View File
+42
View File
@@ -0,0 +1,42 @@
#!/bin/bash
[ "root" != "$USER" ] && exec sudo $0 "$@"
#usage sudo sh add_site_apache2.sh 192.168.1.1 example.com
#note: the web server will go down for the duration this script is running
#set needed A records to domain DNS before beginning
#bind IP desired before beginning
IP=$1
DOMAIN=$2
#stop apache
systemctl stop apache2
#cert get interface
certbot certonly
mkdir /var/www/$DOMAIN
echo "<h1>its live</h1>" > /var/www/$DOMAIN/index.html
#make and place config file
cat << EOF | echo > /etc/apache2/sites-available/{$DOMAIN}.config
<VirtualHost {$IP}:443>
DocumentRoot /var/www/{$DOMAIN}
ServerName $DOMAIN
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/{$DOMAIN}/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{$DOMAIN}/privkey.pem
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128"
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
</VirtualHost>
<VirtualHost {$IP}:80>
ServerName $DOMAIN
Redirect permanent / https://{$DOMAIN}/
</VirtualHost>
EOF
a2ensite $DOMAIN
sh fix_permissions.sh
systemctl start apache2
+11
View File
@@ -0,0 +1,11 @@
#!/bin/bash
# usage:
# add_user_ssh.sh "$USER" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2D+9oYQlTnu1zeVi2gHfTKE7+DDWiu1EibXNwB9g72 princesspi@proton.me"
[ "root" != "$USER" ] && exec sudo $0 "$@"
KEY="$2"
mkdir /home/$1/.ssh
echo $KEY >> /home/$1/.ssh/authorized_keys
chmod 700 /home/$1/.ssh
chmod 600 /home/$1/.ssh/authorized_keys
chown -R $1:$1 /home/$1/.ssh
+8
View File
@@ -0,0 +1,8 @@
#!/bin/bash
[ "root" != "$USER" ] && exec sudo $0 "$@"
LOCK=/var/lock/backups.lock
if [ ! -f $LOCK ]; then
echo "lock" > $LOCK
rsync -rzvvb --backup-dir=_old_ --suffix=$(date+_%F-%T) --update --times -e ssh /home/ <username>@<server>:~/backups/home
rm -f $LOCK
fi
+57
View File
@@ -0,0 +1,57 @@
#!/bin/bash
# usage
# binwalk.sh filename [default/opcodes/basicextract/compressionextract/opcodeextract
set -e
filename="$2"
unix_seconds=$(date +%s)
dir="binwalk-exracted-$filename-$unix_seconds"
log="binwalk-log-$filename-$unix_seconds.txt"
basic="Bf"
basicextract="Bef"
compressionextract="BeMXZCf"
opcodecompressextract="ABeMXZCf"
opcodeextract="ABeCf"
opcode="ABf"
basic_cmd="--signature"
basicextract_cmd="--signature --extract --directory=$dir"
compressionextract_cmd="--signature --extract --matryoshka --deflate --lzma --directory=$dir"
opcodecompressextract_cmd="--opcodes --signature --extract --matryoshka --deflate -lzma --directory=$dir"
opcodeextract_cmd="--opcodes --signature --extract --directory=$dir"
opcode_cmd="--opcodes --signature"
usage_string="Usage:\n\tbinwalk.sh <option> <file>\n\t\tb/d/basic/default\n\t\to/op/opcode/opcodes\n\t\tbe/eb/basicextract/extractbasic\n\t\tce/ec/compressionextract/extractcompression\n\t\tope/oce/oec/opcodecompressionextract\n\t\toe/eo/opcodeextract/extractopcode"
if [ "$1" == "o" -o "$1" == "opcode" -o "$1" == "opcodes" -o "$1" == "op" ]; then
tag="$opcode"
cmd="$opcode_cmd"
elif [ "$1" == "d" -o "$1" == "default" -o "$1" == "b" -o "$1" == "basic" ]; then
tag="$basic"
cmd="$basic_cmd"
elif [ "$1" == "be" -o "$1" == "basicextract" -o "$1" == "eb" -o "$1" == "extractbasic" ]; then
tag="$basicextract"
cmd="$basicextract_cmd"
elif [ "$1" == "ce" -o "$1" == "compressionextract" -o "$1" == "ec" -o "$1" == "extractcompression" ]; then
tag="$compressionextract"
cmd="$compressionextract_cmd"
elif [ "$1" == "oce" -o "$1" == "opcodecompressionextract" -o "$1" == "eoc" -o "$1" == "oec" ]; then
tag="$opcodecompressextract"
cmd="$opcodecompressextract_cmd"
elif [ "$1" == "oe" -o "$1" == "opcodeextract" -o "$1" == "eo" -o "$1" == "extractopcode" ]; then
tag="$opcodeextract_cmd"
cmd="$opcodeextract_cmd"
else
echo -e "$usage_string"
exit
fi
echo -e $cmd
if [ -z $2 ]; then
echo -e "$usage_string"
exit
fi
to_run="binwalk $cmd --log=$log"
eval($to_run)
+7
View File
@@ -0,0 +1,7 @@
#!/bin/bash
echo "Enter Discord Webhook URL"
read url
echo "Enter Tag to Notify"
read tag
sudo bash -c "echo '$url' > /usr/share/customscripts/webhook.txt"
sudo bash -c "echo '$tag' > /usr/share/customscripts/tag.txt"
+40
View File
@@ -0,0 +1,40 @@
#!/bin/bash
if [ -z "$1" ]; then
echo "Showing Wifi Interfaces:"
iwconfig
echo "Please Enter Wifi Interface:"
read interface
else
interface="$1"
fi
echo "Scanning Wifi Networks"
nmcli dev wifi list
if [ -z "$2" ]; then
echo "Please Enter SSID"
read ssid
else
ssid="$2"
fi
if [ -z "$3" ]; then
echo "Please Enter Password"
read password
else
password="$2"
fi
echo -e "\n\nConnect to $ssid with password $password on interface $interface \n\n"
pause
echo "Running ./fix-wifi.sh"
sudo bash ./fix-wifi.sh $interface
echo "Rescanning"
nmcli dev wifi rescan
echo "Connecting to $ssid"
nmcli device wifi connect $ssid password $password ifname $interface # --rescan yes
echo -e "\nnyaa mrrp done~ :D\n"
+22
View File
@@ -0,0 +1,22 @@
#!/bin/bash
#Crowdsec Install and config
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
apt -y install crowdsec
truncate -s 0 /var/log/crowdsec.log
#configure bouncers as needed here https://hub.crowdsec.net/browse/#bouncers
apt -y install crowdsec-firewall-bouncer-iptables
cscli collections install crowdsecurity/base-http-scenarios
cscli bouncers add php-bouncer
systemctl reload crowdsec
#cscli bouncers add <nginx-bouncer php-bouncer wordpress-bouncer cloudflare-bouncer> #as needed
# SAVE API KEY, THEY ARE UNRECOVERABLE
#for wordpress: install crowdsec plugin in admin panel
# SAVE API KEY FROM INSTALL
# add API key
# LAPIU URL: http://localhost:8080
#for cpanel
#cscli scenarios install crowdsecurity/cpanel-bf
#unban an IP
#cscli decisions list
#cscli decisions delete --id <id number from list>
+15
View File
@@ -0,0 +1,15 @@
#!/bin/bash
if [ -z "$1" -o -z "$2" ]; then
echo -e "usage:\n\tbash find_bytes.sh <path> <bytes string>\n\t\tex. bash find_bytes.sh /path/to/dir \"\\\x20\\\x20\""
exit
fi
# took a fuckton of experimentation to figure out da escapes lmfao
double_bytes="$2" # rename it
path=$1 # rename it
# format ddmmyyyy-HHMM-SS
log="./recursive-binwalk-$(date +"%d%m%Y-%H%M-%S").txt" # make da log name
# watch your escapes here. some needs escape, redundant escape, or no escape
find "$path" -type f -exec /bin/bash -c "cmd=\"binwalk --log=$log --raw=$double_bytes {}\"; echo -e \"\n\n==\nfile: {}\nlog: $log\ncommand: \$(printf \\\"%q\\\" \$cmd)\" | tee -a $log; exec \$cmd" \;
+49
View File
@@ -0,0 +1,49 @@
#!/bin/bash
if [ -z "$1" ]; then
echo "Showing Wifi Interfaces:"
iwconfig
echo "Please Enter Wifi Interface:"
read wifi_device
echo "Selected ${wifi_device}"
else
wifi_device="$1"
fi
# wifi_device=$1
echo 'Starting NetworkManager.service'
sudo systemctl restart NetworkManager
echo 'Restarting wpa_supplicant'
sudo systemctl restart wpa_supplicant
echo 'Disconnecting from wifi'
sudo nmcli d disconnect $wifi_device
echo 'Deleting all wifi saved networks'
nmcli connection show | sudo awk '{system("nmcli connection delete " $1)}'
echo 'Bringing down interface'
sudo ifconfig $wifi_device down
echo 'Bringing back up interface'
sudo ifconfig $wifi_device up
echo 'Reloading network manager'
sudo nmcli g reload
echo 'Turning off network manager'
sudo nmcli n off
echo 'Turning on network manager'
sudo nmcli n on
echo 'Changing interface mode to managed'
sudo iwconfig $wifi_device mode managed
echo 'Restarting networking stack'
sudo systemctl restart networking
iwconfig
echo -e "\nDone~ ^w^\n"
+5
View File
@@ -0,0 +1,5 @@
#!/bin/bash
[ "root" != "$USER" ] && exec sudo $0 "$@"
chown -R www-data:www-data /var/www/*
find /var/www/* -type d -exec chmod g=rwx "{}" \;
find /var/www/* -type f -exec chmod g=rw "{}" \;
+16
View File
@@ -0,0 +1,16 @@
#!/bin/bash
set -e # die on any error
# get current directory name without the path
reponame=${PWD##*/}
# init to main branch (github default)
git init -b main
git add .
git commit -m "initial commit via gitinitshit"
# use github cli to create repo with the dir name
gh repo create "$thisdirname" --public --source=. --remote=upstream --push
# print git link and url
git remote -v | sed -n -e 1p | awk '{print "\ngit link:", $2; gsub(".git", "", $2); print "repo url:", $2, "\n"}'
+16
View File
@@ -0,0 +1,16 @@
#!/bin/bash
set -e # fail on error
if [ -f './version.txt' ]; then
message=$(cat './version.txt')
else
if [ -z "$1" ]; then
message=$(date +%s)
else
message="$*"
fi
fi
git add .
git commit -m "$message"
git push
+57
View File
@@ -0,0 +1,57 @@
#!/bin/bash
# sync a local git repo with a remote one over ssh
# usage: gitsync <remote_host> <remote_dir>
# defaults pi3 and /var/www/html/Media-Viewer
# handle defaultz
handle_args () {
if [ -z $1 ]; then
remote_host='pi3'
else
remote_host="$1"
fi
if [ -z $2 ]; then
remote_dir='/var/www/html/Media-Viewer'
else
remote_dir="$2"
fi
}
syncstatus () {
# view local and remote status before proceeding
echo -e "\nLOCAL status\n"
git status
echo -e "\nREMOTE status\n"
ssh $remote_host "/bin/bash -c git -C $remote_dir status"
}
gitsync () {
# todo: param and defaults these up
# todo: format this properly as multiline
$remote_cmd = "echo -e \"\nREMOTE pull $remote_dir\n\"; git -C $remote_dir pull; echo -e \"\nREMOTE adding on $remote_dir\n\"; git -C $remote_dir add .; echo -e \"\nREMOTE commit $remote_dir\n\"; git -C $remote_dir commit -m \"autosync $(date +%s)\"; echo -e \"\nREMOTE push $remote_dir\n\"; git -C $remote_dir push; echo -e \"\nREMOTE status $remote_dir\n\"; git -C $remote_dir status;"
echo -e "\nLOCAL pulling\n"
git pull
echo -e "\nLOCAL adding, comitting and pushing\n"
git add .
git commit -m "autosync $(date +%s)"
git push
echo -e "\nLOCAL status\n"
git status
# run da REMOTE shiz
echo -e "\nREMOTE running sync\n"
ssh $remote_host "/bin/bash -c \"$remote_cmd\""
echo -e "\nLOCAL status\n"
git status
}
handle_args
syncstatus
gitsync
syncstatus
+36
View File
@@ -0,0 +1,36 @@
#!/bin/bash
# from https://askubuntu.com/questions/3299/how-to-run-cron-job-when-network-is-up
# usage in cron
## @reboot bash /usr/share/customscripts/ifnet "/usr/share/customscripts/webhook bootup" 2>> /var/log/cron.error.log
function check_online
{
netcat -z -w 5 discord.com 80 && echo 1 || echo 0
}
# Initial check to see if we are online
IS_ONLINE=$(check_online)
# How many times we should check if we're online - this prevents infinite looping
MAX_CHECKS=10
# Initial starting value for checks
CHECKS=0
echo "running! IS_ONLINE: $IS_ONLINE"
# Loop while we're not online.
while [[ $IS_ONLINE -eq 0 ]]; do
sleep 10;
echo "is_online: $IS_ONLINE loop $CHECKS"
IS_ONLINE=check_online
CHECKS=$(($CHECKS + 1))
if [ $CHECKS -gt $MAX_CHECKS ]; then
break
fi
done
if [[ $IS_ONLINE -eq 0 ]]; then
# We never were able to get online. Kill script.
exit 1
fi
bash $1 2>> /var/log/cron.error.log
+76
View File
@@ -0,0 +1,76 @@
#!/bin/bash
# set -e # make sure da silly thing dont continue when there be errorZ
gitRepo='https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup.git'
tmpDir='/tmp/customscripts'
finalDir='/usr/share/customscripts'
echo "Updating software lists"
sudo apt update
echo "Installan my packages"
sudo apt install gh net-tools htop btop iptraf iotop screen byobu wget python3 python3-pip python3-virtualenv python3-setuptools thefuck nginx wget lynx neovim nmap -y
echo "Using Shell $SHELL"
# ta get da right usermayhaps
if [[ -z $SUDO_USER ]]; then
echo "Using User $USER"
username="$USER"
else
echo "Using User $SUDO_USER"
username="$SUDO_USER"
fi
# figure oot da sehell
if [[ "$SHELL" =~ bash$ ]]; then
rcfile="/home/$username/.bashrc"
elif [[ "$SHELL" =~ zsh$ ]]; then
rcfile="/home/$username/.zshrc"
else
echo -e "Die: Unsupported Shell";
exit
fi
# clean up any existing install
if [[ -d "$tmpDir" ]]; then
echo "Cleaning Up Existing $tmpDir"
rm -rf "$tmpDir"
fi
if [[ -d "$finalDir" ]]; then
echo "Cleaning Up Existing $finalDir"
rm -rf "$finalDir"
fi
echo "Cloning Repo $gitRepo"
git clone $gitRepo $tmpDir --single-branch --depth 1
echo "Placing in $finalDir"
mv "$tmpDir/customscripts" "$finalDir"
echo "Changing ownership of $finalDir to $username:$username recursively"
chown -R $username:$username "$finalDir"
echo "Setting perms of $finalDir and contents to 775"
chmod -R 775 "$finalDir"
grep -q $finalDir $rcfile
pathgrep=$?
if [ $pathgrep -eq 0 ]; then
echo "$finalDir Already in \$PATH Skipping"
else
echo "Adding $finalDir to $username's \$PATH by Appending to $rcfile"
echo -e "\n\n# automatically added by customscripts installer\nexport PATH=\"\$PATH:$finalDir\"" >> "$rcfile"
fi
# configure webhook
# echo "Enter Discord Webhook URL"
# read url
# echo "Enter Tag to Notify"
# read tag
# sudo bash -c "echo '$url' > /usr/share/customscripts/webhook.txt"
# sudo bash -c "echo '$tag' > /usr/share/customscripts/tag.txt"
echo -e "\n\nDone! Restart shell:\n\texec \$SHELL\n\n"
+2
View File
@@ -0,0 +1,2 @@
#!/bin/bash
< passes.txt parallel --block 10M -C 5 --pipe grep --count --max-count=1 --fixed-strings $1
+85
View File
@@ -0,0 +1,85 @@
#!/bin/bash
# usage
# bash watch.sh /path/t/dir processname logfile
set -e
if [ -z $1 ]; then
dir='.'
else
dir=$1
fi
if [ -z $2 ]; then
process_name='none'
else
process_name=$2
fi
if [ ! -f $3 ]; then
log_name=/dev/null
else
log_name=$3
fi
# uptime
uptime_dirty=$(uptime | awk '{print $3,$4}')
uptime_cleaned=${uptime_dirty:0:-1}
# date and time (default date command)
# ex. Sat May 17 11:36:04 PM MDT 2025
date_time=$(date)
echo -e "Uptime: $uptime_cleaned\t\tTime: $date_time\n"
# list filenames ordered by size large to small
list_files=$(ls -lAhS $dir | awk '{print $9}')
eval "list_files_names=($list_files)"
# echo -e "\nda names\n${list_files_names[1]}\n\n"
# size (human) ordered by size large to small
list_human=$(ls -lAhS $dir | awk '{print $5}')
eval "list_files_human=($list_human)"
# echo -e "\nda humans\n${list_files_human[1]}\n\n"
# size (bytes) ordered by size large to small
list_bytes=$(du -d 1 $dir/* | awk '{print $1}' | sort -r -n)
eval "list_files_bytes=($list_bytes)"
# echo -e "\nda bytes\n${list_files_bytes[1]}\n\n"
echo -e "Size (h)\tBytes\tName"
count=0
for name in ${list_files_names[@]}; do
echo -e "${list_files_human[$count]}\t\t${list_files_bytes[$count]} \t$name"
count=$(($count + 1))
done
# pid
list_processes_pid=$(ps aux | grep $process_name | awk '{print $2}')
eval "list_processes_pid=($list_processes_pid)"
# echo -e "\nda pids\n${list_processes_pid[1]}\n\n"
# %CPU usage
list_processes_cpu=$(ps aux | grep $process_name | awk '{print $3}')
eval "list_processes_cpu=($list_processes_cpu)"
# echo -e "\nda cpu%\n${list_processes_cpu[1]}\n\n"
# %MEMORY usage
list_processes_mem=$(ps aux | grep $process_name | awk '{print $4}')
eval "list_processes_mem=($list_processes_mem)"
# echo -e "\nda mem%\n${list_processes_mem[1]}\n\n"
# process names
list_processes_name=$(ps aux | grep $process_name | awk '{print $12,$13,$14,$15,$16,$17,$18}' | sed 's/\s/_/g')
eval "list_processes_name=($list_processes_name)"
# echo -e "\nda name\n${list_processes_name[1]}\n\n"
echo -e "\nPID\t\t%MEM\t%CPU\tNAME"
count=0
for name in ${list_processes_name[@]}; do
echo -e "${list_processes_pid[$count]}\t\t${list_processes_mem[$count]}%\t${list_processes_cpu[$count]}%\t$name"
count=$(($count + 1))
done
echo -e "\n$log_name"
tail -10 $log_name
+29
View File
@@ -0,0 +1,29 @@
#!/bin/bash
if [ -z $1 ]; then
echo -e "Usage:\n\tmonitor_pid \"MESSAGE\""
exit
fi
pid=$1
clear
echo -e "\nMonitoring for process PID $pid to end"
# get da webhook tag
tag=$(cat /usr/share/customscripts/tag.txt)
# infinite loop
while [ 1 -eq 1 ]; do
# check for da pid
ps -q $pid > /dev/null
ret=$?
# check if the process exists via retcode of the ps -q $pid
if [ $ret -ne 0 ]; then
webhook "Process $pid Ended at $(date)! \n\t$tag"
echo "Process $pid Ended at $(date)! \n\t$tag"
exit
fi
sleep 10
done
+25
View File
@@ -0,0 +1,25 @@
# run automatic installer
curl -fsSL https://pyenv.run | bash
# append relevant bits to ~/.zshrc
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.zshrc
echo '[[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.zshrc
echo 'eval "$(pyenv init - zsh)"' >> ~/.zshrc
# restart shell
exec "$SHELL"
pyenv install # CUSTOM STUFFS
# pico SDK https://github.com/raspberrypi/pico-sdk
export PICO_SDK_PATH='/home/kali/pico-sdk'
# esp-install-custom https://github.com/PrincessPi3/esp-install-custom
alias get_idf='. /home/princesspi/esp/esp-idf/export.sh'
alias run_esp_reinstall='git -C /home/princesspi/esp/esp-install-custom pull;echo -e "\nOld Version:";tail -1 /home/pri>alias esp_monitor='tail -n 75 -f /home/princesspi/esp/install.log'
alias esp_logs='less /home/princesspi/esp/version-data.log;less /home/princesspi/esp/install.log'
export ESPIDF_INSTALLDIR="/home/princesspi/esp"
# pyenv https://github.com/pyenv/pyenv
export PYENV_ROOT="$HOME/.pyenv"
[[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH"
eval "$(pyenv init - zsh)"
+74
View File
@@ -0,0 +1,74 @@
#!/bin/bash
set -e # fail on error
# default to scan pwd if arg 1 is empty
if [ -z $1 ]; then
scan_path="$PWD"
else
scan_path="$1"
fi
# configure dir structure
analysis_dir="recursive-analysis" # top level
file_dir="$analysis_dir/file"
strings_dir="$analysis_dir/strings"
sha256sum_dir="$analysis_dir/sha256sum"
binwalk_dir="$analysis_dir/binwalk"
# make the directory structure if absent or fail without error
mkdir -p "$file_dir" "$strings_dir" "$sha256sum_dir" "$binwalk_dir"
# log paths
timestamp=$(date +"%Y%m%d-%H%M-%S-%Z") # format YYYYmmdd-HHMM-SS-TZ
log_main="./recursive-log.txt"
log_binwalk="$binwalk_dir/recursive-binwalk-$timestamp.txt"
log_file="$file_dir/recursive-file-$timestamp.txt"
log_strings="$strings_dir/recursive-strings-hex-offsets-$timestamp.txt"
log_sha256sum="$sha256sum_dir/recursive-sha256sum-$timestamp.txt"
# full command except filename
pre_cmd_binwalk="binwalk"
pre_cmd_file="file"
strings_len=8
pre_cmd_strings="strings --bytes=$strings_len --print-file-name --radix=x"
pre_cmd_sha256sum="sha256sum"
echo -e "\nRunning Princess Pi's Recursive Analysis on $scan_path at $timestamp\n\tMaster log: $log_main\n"
# do da scanssss
## binwalk
echo "Recursive binwalk! Saving to $log_binwalk . . ."
find "$scan_path" -type f \
-not -path "*/.git/*" \
-not -path "*/__pycache__/*" \
-not -path "*/recursive-analysis/*" \
-exec /bin/bash -c "cmd=\"$pre_cmd_binwalk {}\" && echo -e \"File: {}\nCommand: \$cmd\nTimestamp: $timestamp\" >> $log_binwalk && exec \$cmd >> $log_binwalk" \; # watch your escapes here
## file
echo "Recursive file! Saving to $log_file . . ."
find "$scan_path" -type f \
-not -path "*/.git/*" \
-not -path "*/__pycache__/*" \
-not -path "*/recursive-analysis/*" \
-exec $pre_cmd_file {} >> $log_file \;
## strings
echo "Recursive strings! Saving to $log_strings . . ."
find "$scan_path" -type f \
-not -path "*/.git/*" \
-not -path "*/__pycache__/*" \
-not -path "*/recursive-analysis/*" \
-exec $pre_cmd_strings {} >> $log_strings \;
## sha256sum
echo "Recursive sha256sum! Saving to $log_sha256sum . . ."
find "$scan_path" -type f \
-not -path "*/.git/*" \
-not -path "*/__pycache__/*" \
-not -path "*/recursive-analysis/*" \
-exec $pre_cmd_sha256sum {} >> $log_sha256sum \;
# log to master log
echo -e "$timestamp:\n\tscan path: $scan_path\n\tbinwalk:\n\t\tlog: $log_binwalk\n\t\tcmd: $pre_cmd_sha256sum {}\n\tfile:\n\t\tlog: $log_file\n\t\tcmd: $pre_cmd_file {}\n\tstrings:\n\t\tlog: $log_strings\n\t\tcmd: $pre_cmd_strings {}\n\tsha256sum:\n\t\tlog: $log_sha256sum\n\t\tcmd: $pre_cmd_sha256sum {}\n" >> $log_main
echo -e "\nDone! :3"
+31
View File
@@ -0,0 +1,31 @@
#!/bin/bash
# helper to show status of git repos on both local and a remote host
# usage: syncstatus <remote_host> <remote_directiory>
# defaults pi3 and /var/www/html/Media-Viewer
# handle defaultz
handle_args () {
if [ -z $1 ]; then
remote_host='pi3'
else
remote_host="$1"
fi
if [ -z $2 ]; then
remote_dir='/var/www/html/Media-Viewer'
else
remote_dir="$2"
fi
}
syncstatus () {
# view local and remote status before proceeding
echo -e "\nLOCAL status\n"
git status
echo -e "\nREMOTE status\n"
ssh $remote_host "/bin/bash -c \"git -C '$remote_dir' status\""
}
handle_args
syncstatus
+3
View File
@@ -0,0 +1,3 @@
#!/bin/bash
git add .
git commit -m "waypoint"
+31
View File
@@ -0,0 +1,31 @@
#!/bin/bash
# usage in cron
## @reboot bash /usr/share/customscripts/ifnet "/usr/share/customscripts/webhook bootup" 2>> /var/log/cron.error.log
# discord_webhook="https://discord.com/api/webhooks/yourwebhook"
discord_webhook=$(cat /usr/share/customscripts/webhook.txt)
ipaddr=$(hostname -I | grep -E -o "10.0.0.[0-9]{1,3}" | tail -1)
date=$(date "+%d/%m/%Y %H:%M:%S %Z (%s)")
# to tag role run \@rolename and copy the code that is like <@something>
# tag="<@tag>"
tag=$(cat /usr/share/customscripts/tag.txt)
hostname=$(hostname)
bootup_string="bootrred on $date\n\tip addr: $ipaddr\n\t$tag\n\n"
if [[ -z $1 ]]; then
content='Default Ping!'
elif [[ "$1" == "bootup" ]]; then
content="$bootup_string"
else
content="$1"
fi
post_data() {
cat <<EOF
{
"username":"$hostname",
"content":"$content"
}
EOF
}
curl -H "Content-Type: application/json" -X POST -d "$(post_data)" "$discord_webhook"
+3
View File
@@ -0,0 +1,3 @@
sudo airmon-ng check kill
sudo airmon-ng start wlan1
sudo airodump-ng wlan1mon
+7
View File
@@ -0,0 +1,7 @@
port=$(grep '^port=33' /etc/xrdp/xrdp.ini | sed 's/port=//')
ip=$(ip addr | grep 'inet 10.\|inet 192.168.' | awk '{print $2}' | sed 's/\/24//')
sudo /etc/xrdp/startwm.sh
sudo systemctl restart xrdp
echo "connect on $ip:$port"
+3
View File
@@ -0,0 +1,3 @@
update README
document commands
update guides
+4
View File
@@ -0,0 +1,4 @@
CUSTOM_DATABASE=wordpress-db
CUSTOM_USER=wordpress-user
CUSTOM_PASSWORD=someCustomPassword1234
CUSTOM_PORT=8800
+31
View File
@@ -0,0 +1,31 @@
version: '3.1'
services:
wordpress:
image: wordpress
restart: always
ports:
- ${CUSTOM_PORT}:80
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: ${CUSTOM_USER}
WORDPRESS_DB_PASSWORD: ${CUSTOM_PASSWORD}
WORDPRESS_DB_NAME: ${CUSTOM_DATABASE}
volumes:
- wordpress:/var/www/html
db:
image: mysql
restart: always
environment:
MYSQL_DATABASE: ${CUSTOM_DATABASE}
MYSQL_USER: ${CUSTOM_USER}
MYSQL_PASSWORD: ${CUSTOM_PASSWORD}
MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
volumes:
- db:/var/lib/mysql
volumes:
wordpress:
db: