Scripts

Control of friends and followers on Twitter (API 1.1 update)

More than 2 years ago (that's a lot of time!) I published a simple Python script to monitor a Twitter account using Tweepy: basic account information, inactive friends and new/lost followers. But this script stopped working some time ago because Twitter updated its API to version 1.1. This update made obligatory using authentication to make any request and they also modified the request limits. Before the update, there was a limit of 150/350 requests per hour, depending on whether the request was authenticated or not, but now these limits are per request type and per 15 minutes. For example, to get a list of friends you can make a maximum of 15 requests per quarter of hour, but you can make other 15 to get a list of followers. If someone is late (like me) with the new API here you can find the full changelog.

Before starting to modify the code I had to update the Tweepy version too (2.1). The best and easiest way is using pip:
 

$ pip install tweepy

 

NFC CreditCard Reader


 

Language: C

Publication date: 2012-12-21

Description: Program based on readnfccc (by Renaud Lifchitz) to read some private data from credit cards, like cardholder, Permanent Account Number (PAN), expiry date, etc., using NFC technology. It has been tested with Spanish contactless credit cards, but can also be used with other countries cards. Take a look at this post (Spanish) and this video.

Requirements: libnfc (and an NFC reader, of course!)

Download it!

 


Usage


 
After installing libnfc, just compile the code:

$ gcc nfc_creditcard_reader.c -lnfc -o nfc_creditcard_reader

 
Place an NFC credit card close to the reader and execute it:

writeURItoNFCtag


 

Language: Python

Publication date: 2012-07-01

Description: Simple script to write any URI to an NFC tag. Using the 0x00 URI type we can write any type of URI in the tag, without thinking about it. Based on the helloworld.py (nfcpy) script. You can take a look at the different URIs defined by the specification here and other special URIs related to installed mobile applications.

Requirements: nfcpy

Download it!

 


Usage


 

Usage: writeURItoNFCtag.py uri

 

Control of friends and followers on Twitter

I'm going to lay aside PDF files and malware to write a simple script to control friends and followers on Twitter. We use to have a lot of them and it's difficult to know if our friends haven't written some time ago or our followers have left. But we can use one of the multiple modules (talking about Python) to communicate with the Twitter API and solve this task. I've chosen Tweepy because I think it's very simple and well documented. What we want to obtain from Twitter is:

It's important to highlight that we cannot obtain all the friends/followers with one API request  but  only 100 each time. We can use the Cursors object from Tweepy to solve this very easily:

followersCursor = tweepy.Cursor(tweepy.api.followers,id=user)
for follower in followersCursor.items():
print follower.name

twitCheck


 

Language: Python

Publication date: 2011-08-16

Update: 2013-09-08

Description: Simple script to show details of a given Twitter account: basic account information, inactivity of friends, new and lost followers, etc.

Requirements: Tweepy

Download it!

 


Usage


 

Usage: twitCheck.py twitter_user

 

shellcode2js


 

Language: Python

Publication date: 2009-04-29

Description: Little script to obtain an escaped Javascript shellcode from a  C style shellcode or a binary file containing the shellcode.

Download it!

 


Usage


 

Usage: shellcode2js shellcode|file
Arguments:
shellcode: C style shellcode.
file: binary file containing the shellcode.

 

js2shellcode


 

Language: Python

Publication date: 2009-06-02

Description: Little script to obtain a printable (C style) shellcode from the escaped Javascript code. It also writes to shellcode.out the resulted bytes.

Download it!

 


Usage


 

Usage: js2shellcode js_shellcode
Arguments:
js_shellcode: escaped Javascript shellcode.

 

PDFAnalyzer


 

Language: Python

Publication date: 2009-06-02

Updated: 2010-01-10

Description: Script to analyze malicious PDF files containing obfuscated Javascript code. It uses Spidermonkey to execute the found Javascript code and showing the shellcode to be launched. Sometimes it's not able to deobfuscate the code, but you can specify the parameter -w to write to disk the Javascript code, helping to carry out a later manual analysis. Its output has five sections where you can find trigger events (/OpenAction and /AA), suspicious actions (/JS, /Launch, /SubmitForm and /ImportData), vulnerable elements, escaped bytes and URLs, which can be useful to get an idea of the file risk.

Requirements: Spidermonkey (and Pyrex).

Download it!

 


Usage


 

ZlibStreams


 

Language: Python

Publication date: 2009-03-17

Description: This script compress/decompress a specified string or file using the Zlib library and writes to the standard output. If the input is a file and the method used is decompression, then the script looks for the streams compressed with the /FlateDecode filter, so it's focused on PDF files. If there is no filters in the file, the whole file is considered as a stream.

Download it!

 


Usage


 

Usage: zlibStreams -c|-d target
Arguments:
target: the string or file to be de/compressed.
Options:
-c: compress
-d: decompress

 

# zlibStreams -c "Hello World"
x��H����/�I

 

# zlibStreams -c "Hello World" > test
# zlibStreams -d test
Hello World

 

# zlibStreams -d myPOC.pdf

 

 

XORBruteForcer


 

Language: Python

Publication date: 2008-09-24

Description: Script that implements a XOR bruteforcing of a given file, although a specific key can be used too. It's possible to look for a word in the xored result, minimizing the output.

Download it!

 


Usage


 

Usage: xorBruteForcer -k xor_key file [search_pattern]
Arguments:
file: the source file to be xored.
search_pattern: pattern that must be found in the xored result.
Options:
-k xor_key: key used in the XOR function (00-ff). If not specified, all the possible values will be tested (bruteforcing).

 

# xorBruteForcer -k 25 geoloc > geoloc_xored_25
# xorBruteForcer geoloc_xored_25 GEoIpTOOl > out
Pattern found using the following keys: ['0X5', '0X25']

 

 

HostsGrabber


 

Language: Python

Publication date: 2008-08-12

Description: Script which returns a list of hostnames of the given domain (and their resolved IPs) contained in the given URL. The request can be recursive. This is useful to map all the hosts of one organization.

Download it!

 


Usage


 

Usage: hostsGrabber [-r] url [domain]
Arguments:
url: the URL of the page which must be searched for hostnames.
domain: the domain of the hostnames to look for. By default it's the url domain.
Options:
-r: recursive

 

# hostsGrabber www.facebook.com

blog.facebook.com -> 69.63.190.10
ca-es.facebook.com -> 69.63.189.26
de-de.facebook.com -> 69.63.189.26
developers.facebook.com -> 69.63.178.31
es-es.facebook.com -> 69.63.190.10
es-la.facebook.com -> 69.63.189.26
eu-es.facebook.com -> 66.220.153.19
fr-fr.facebook.com -> 66.220.153.19
gl-es.facebook.com -> 66.220.153.19
pt-br.facebook.com -> 69.63.189.26
www.facebook.com -> 66.220.153.19

 

GeoLoc


 

Language: Python

Publication date: 2008-05-09

Description: Given one host (domain or IP) returns its geolocalization (based on GeoIpTool.com)

Download it!

 


Usage


 

Usage: geoloc host

 

# geoloc www.google.com

Host Name: bs-in-f104.1e100.net
IP Address: 64.233.163.104
Country: United States
Region: California
City: Mountain View
Longitude: -122.0574
Latitude: 37.4192

 

 

Syndicate content