Random script I needed at least once for investigations or tests. Mostly python 3 compliant but maybe not. Old and new, useless and useful. If you like that, you may like Harpoon or pe.

Feel free to open issues if you have any question.

• clamav_to_yara.py : Convert ClamAV signature to Yara (from the Malware Analyst's Cookbook)
• cloudcidrs.py : check if an IP is part of a Cloud provider range (for now, only Google Cloud and Amazon AWS, inspired from cloudcidrs)
• disassemble.py : disassemble a binary file using Capstone (mostly for shellcode)
• csv_extract.py : extract a column from a csv file
• hostnametoips.py : resolve a list of hostnames in a text files and return list of uniq IPs
• infect.sh : classic script to create an encrypted zip of a file with password infected (password used to share malware)
• mqtt-get.py : basic script to do get requests to an MQTT service
• parsejpeg.py : Analyze JPEG headers of a file
• parsepng.py : Analyze a PNG file looking for weird things
• scrdec18.c : An old code still useful to decode .jse files (MS Jscript encoded), by MrBrownStone (website archive, source code)

• android : Android stuff (surprising !)
• bitly : bit.ly tools
  • bitly.py : basic tool to request the bit.ly API
• censys : scripts using the censys.io API
  • censyscerts.py : Search for certificates
  • censysip.py : Search in censys IP database
  • censysipentries.py : Display information on an IPv4
  • censyslib.py a file to reuse the function to get the API key from ~/.censys
• certs : scripts to deal with certificates and CT dbs
  • listcerts.py list certificates from a domain in crt.sh using pycrtsh
• email : scripts to handle emails
• forensic : forensic related scripts
  • filetimeline.py : get a list of files in a folder with their change time, modification time and birth time using stat (which does not give the creation time even if the file system has it)
  • mactime.py : convert this list of files into a csv timeline
• format : convert files in different formats
  • csv2md.py : convert a csv file to a markdown table
  • extract_ttld.py : extract the TLDs from a list of domains
  • punycode.py : convert a punycode domain to its encoded form
• ghidra_scripts : scripts for ghidra
• goo.gl : playing with the now deprecated goo.gl API
  • api.py : API and CLI tool to query Google URL shortener goo.gl (soon deprecated by Google)
• harpoon-extra : some scripts expanding Harpoon features
• web : Web stuff (mostly outdated)
• macos : Mac OSX related scripts
• misp : some scripts helping using MISP servers
• network : network related scripts
• ooni : OONI API scripts
• osint : open source intelligence scripts
• pe : PE scripts (most of them moved to PE)
• pt : scripts using Passive Total API
• resources : interesting infosec resources
• shodan : shodan.io scripts
• threats : threat intelligence scripts
• twilio : scripts related to Twilio
• twitter : Twitter stuff
• visualization : nice graphs everywhere
• vt : scripts related to Virus Total