acidvegas/random
1
Fork 0
mirror of git://git.acid.vegas/random.git synced 2024-11-13 03:26:43 +00:00
Code Issues Activity

more stuff get fucked ok

Browse Source
This commit is contained in:
Dionysus 2023-09-12 16:44:54 -04:00
parent a43d747cfd
commit 2d44ba5000
Signed by: acidvegas
GPG Key ID: EF4B922DB85DC9DE
19 changed files with 426 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
archlinux/arch Executable file
View File

@ -0,0 +1,73 @@
#!/bin/sh
set -xev
GIT_URL="https://raw.githubusercontent.com/acidvegas/archlinux/master"
RPI=0
setup_initial() {
systemctl stop sshd && systemctl disable sshd
history -c && export HISTFILESIZE=0 && export HISTSIZE=0 && unset HISTFILE
[ -f /root/.bash_history ] && rm /root/.bash_history
passwd
[ $RPI -eq 1 ] && userdel -r alarm
useradd -m -s /bin/bash acidvegas && gpasswd -a acidvegas wheel && passwd acidvegas
timedatectl set-timezone America/New_York && timedatectl set-ntp true
echo "LANG=en_US.UTF-8" > /etc/locale.conf && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
}
setup_wifi() {
echo "wildwest" > /etc/hostname
echo -e "[Match]\nName=wlan0\n\n[Network]\nDHCP=ipv4\nMulticastDNS=yes\n#Address=10.0.0.200/24\nGateway=10.0.0.1" > /etc/systemd/network/25-wireless.network
echo -e "[Resolve]\nDNS=8.8.4.4 8.8.8.8 2001:4860:4860::8888 2001:4860:4860::8844\nFallbackDNS=1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001\nMulticastDNS=yes\nDNSSEC=no\nCache=yes" > /etc/systemd/resolved.conf
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
wpa_passphrase MYSSID passphrase > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf && chmod 600 /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
systemctl start systemd-networkd && systemctl enable systemd-networkd
systemctl start systemd-resolved && systemctl enable systemd-resolved
systemctl start wpa_supplicant@wlan0 && systemctl enable wpa_supplicant@wlan0
}
setup_pacman() {
MI="Include = /etc/pacman.d/mirrorlist"
echo -e "[options]\nArchitecture = auto\nColor\nCheckSpace\nHoldPkg = pacman glibc\nParallelDownloads = 10\nSigLevel = Required DatabaseOptional\nLocalFileSigLevel = Optional\nRemoteFileSigLevel = Required\n\n" > /etc/pacman.conf
echo -e "[core-testing]\n$MI\n\n[core]\n$MI\n\n[extra-testing]\n$MI\n\n[extra]\n$MI\n\n" >> /etc/pacman.conf
[ $RPI -eq 0 ] && echo -e "[multilib-testing]\n$MI\n\n[multilib]\n$MI" >> /etc/pacman.conf
[ $RPI -eq 1 ] && echo -e "[community]\n$MI\n\n[alarm]\n$MI\n\n[aur]\n$MI" >> /etc/pacman.conf
pacman-key --init
[ $RPI -eq 1 ] && pacman-key --populate archlinuxarm && echo 'Server = http://mirror.archlinuxarm.org/$arch/$repo' > /etc/pacman.d/mirrorlist
[ $RPI -eq 0 ] && pacman-key --populate archlinux
pacman -Syyu
pacman -S checkbashisms gcc go make patch pkg-config python python-pip
pacman -S asciiquarium cmatrix hollywood tty-solitaire
pacman -S abduco curl fzf git man nano ncdu progress rsync sudo tor unzip weechat which yank
pacman -S bandwhich exa glow gping gpm
pacman -S alsa-utils alsa-lib alsa-firmware libpulse pulseaudio cmus id3v2 mps-youtube python-eyed3 youtube-dl # TODO: check these
pacman -S dmenu dunst firefox scrot unclutter xclip
pacman -S acpi xorg-xbacklight xorg-xinit xorg-xrandr xorg-server xorg-xsetroot
pacman -S fakeroot xorg-font-util xorg-mkfontscale xorg-mkfontdir
[ $RPI -eq 1 ] && pacman -S xf86-video-fbdev
[ $RPI -eq 0 ] && pacman -S xf86-video-intel mesa lib32-mesa
#[ $RPI -eq 0 ] && pacman -S nvidia nvidia-utils lib32-nvidia-utils
[ $RPI -eq 1 ] && systemctl start gpm && systemctl enable gpm
}
setup_configs() {
if [ $RPI -eq 1 ]; then
sed -i 's/^console=tty1/console=tty3/' /boot/cmdline.txt && echo "quiet loglevel=3 rd.systemd.show_status=auto rd.udev.log_level=3 logo.nologo consoleblank=0" >> /boot/cmdline.txt
echo -e "avoid_warnings=1\ndisable_splash=1\ndtparam=act_led_trigger=none\ndtparam=act_led_activelow=on\ndtparam=audio=on" > /boot/config.txt
wget -O /etc/fstab $GIT_URL/etc/fstab
fi
wget -O /etc/issue $GIT_URL/etc/issue
wget -O /etc/sudoers.d/sudoers.lecture $GIT_URL/etc/sudoers.d/sudoers.lecture
echo -e "set boldtext\nset minibar\nset nohelp\nset nowrap\nset quickblank\nset tabsize 4\nunbind ^J main\nset selectedcolor black,red\ninclude \"/usr/share/nano/*.nanorc\"" > /etc/nanorc
echo -e "export VISUAL=nano\nexport EDITOR=nano\nunset HISTFILE\nln /dev/null ~/.bash_history -sf" >> /etc/profile
echo -e "AuthenticationMethods publickey\nBanner /etc/issue\nClientAliveInterval 0\nDisableForwarding yes\nPermitRootLogin no\nPort CHANGEME\nPrintLastLog no" > /etc/ssh/sshd_config
echo -e "Defaults lecture = always\nDefaults lecture_file = /etc/sudoers.d/sudoers.lecture\nroot ALL=(ALL) ALL\n%wheel ALL=(ALL) ALL" > /etc/sudoers
echo -e "[Journal]\nStorage=volatile\nSplitMode=none\nRuntimeMaxUse=500K" > /etc/systemd/journald.conf
mkdir -p /etc/systemd/system/systemd-logind.service.d && echo -e "[Service]\nSupplementaryGroups=proc" > /etc/systemd/system/systemd-logind.service.d/hidepid.conf
[ $RPI -eq 1 ] && echo "FONT=ohsnap6x11r" > /etc/vconsole.conf
}
setup_initial
setup_wifi
setup_pacman
setup_configs

11
archlinux/arm Executable file
View File

@ -0,0 +1,11 @@
#!/bin/sh
# required: dosfstools
set -xev
echo -e "o\nn\np\n1\n\n+100M\nt\nc\nn\np\n2\n\n\nw\n" | fdisk -w always -W always /dev/sda
mkdir boot root
mkfs.vfat /dev/sda1 && mount /dev/sda1 boot
mkfs.ext4 /dev/sda2 && mount /dev/sda2 root
wget -O archlinuxarm.tar.gz http://os.archlinuxarm.org/os/ArchLinuxARM-rpi-armv7-latest.tar.gz
bsdtar -xpf archlinuxarm.tar.gz -C root && sync
mv root/boot/* boot
umount boot root && rm -r archlinuxarm.tar.gz boot root

9
archlinux/fstab Normal file
View File

@ -0,0 +1,9 @@
# NOTE: This fstab file was made for a Raspberry Pi runnning Arch Linux ARM
# <file system> <dir> <type> <options> <dump> <pass>
/dev/mmcblk0p1 /boot vfat ro,noatime,nodev,noexec,nosuid 0 2
/dev/mmcblk0p2 / ext4 rw,noatime,data=ordered,commit=60 0 1
proc /proc proc nosuid,nodev,noexec,hidepid=2,gid=proc 0 0
tmpfs /dev/shm tmpfs rw,noatime,nodev,noexec,nosuid 0 0
tmpfs /tmp tmpfs rw,mode=0755,noatime,nodev,nosuid,size=100m 0 0
tmpfs /var/log tmpfs rw,mode=0755,noatime,nodev,noexec,nosuid,size=25m 0 0
tmpfs /run tmpfs rw,mode=0755,noatime,nodev,nosuid,size=25m 0 0

34
archlinux/x86 Executable file
View File

@ -0,0 +1,34 @@
#!/bin/sh
# arch linxu x86 helper - developed by acidvegas (https://git.acid.vegas/archlinux)
MNT="sda"
DEV="wlan0"
lspci -v | grep -A1 -e VGA -e 3D
iwctl --passphrase PASSWORD station $DEV connect SSID
#fdisk # convert mbr to gpt
mkfs.ext4 /dev/${MNT}p2
#mkswap /dev/swap_partition
mkfs.fat -F 32 /dev/${MNT}p1
mount /dev/${MNT}p2 /mnt
mount --mkdir /dev/${MNT}p1 /mnt/boot
#swapon /dev/swap_partition
pacstrap -K /mnt base linux linux-firmware # Microcodes: amd-ucode intel-ucode
genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt
ln -sf /usr/share/zoneinfo/Region/City /etc/localtime
hwclock --systohc
echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
echo "LANG=en_US.UTF-8" > /etc/locale.conf
echo "wildwest" > /etc/hostname
passwd
bootctl install
systemctl enable systemd-boot-update.service
mkdir -p /etc/pacman.d/hooks
echo -e "[Trigger]\nType = Package\nOperation = Upgrade\nTarget = systemd\n\n[Action]\nDescription = Gracefully upgrading systemd-boot...\nWhen = PostTransaction\nExec = /usr/bin/systemctl restart systemd-boot-update.service" > /etc/pacman.d/hooks/95-systemd-boot.hook
echo -e "title Arch Linux\n\nlinux /vmlinuz-linux\ninitrd /intel-ucode.img\ninitrd /initramfs-linux.img\noptions root=\"/dev/mmcblk0p2\" rw" > /boot/loader/entries/arch.conf
echo -e "title Arch Linux (fallback initramfs)\n\nlinux /vmlinuz-linux\ninitrd /intel-ucode.img\ninitrd /initramfs-linux-fallback.img\noptions root=\"/dev/mmcblk0p2\" rw" > /boot/loader/entries/arch-fallback.conf
exit
umount -R /mnt

32
bash.bashrc Normal file
View File

@ -0,0 +1,32 @@
[[ $- != *i* ]] && return
shopt -s checkwinsize
export LC_CTYPE=en_US.UTF-8
export LC_ALL=en_US.UTF-8
# color
alias diff='diff --color=auto'
alias dir='dir --color=auto'
alias egrep='egrep --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias ip='ip -color=auto'
alias ls='ls --color=auto'
alias ncdu='ncdu --color dark -rr'
alias vdir='vdir --color=auto'
# rewrites
alias pip='pip3'
alias python='python3'
alias wget='wget -q --show-progress'
# random
alias ..="cd ../"
alias up="sudo apt-get update && sudo apt-get upgrade && sudo apt autoremove"
if [ $(id -u) == "0" ]; then
export PS1="\e[31m\u@\h\e[0m \e[33m\w \e[0m: "
else
export PS1="\e[38;5;41m\u@\h\e[0m \e[38;5;69m\w \e[0m: "
fi

12
btkb Executable file
View File

@ -0,0 +1,12 @@
#!/bin/sh
pacman -S bluez bluez-utils
systemctl enable bluetooth && sudo systemctl start bluetooth
sed -i 's/#AutoEnable=false/AutoEnable=true/' /etc/bluetooth/main.conf
bluetoothctl power on # possible bluetoothctl -- <cmd>
bluetoothctl agent KeyboardOnly
bluetoothctl pairable on
bluetoothctl scan on
bluetoothctl pair CC:C5:0A:20:91:5B
bluetoothctl trust CC:C5:0A:20:91:5B
bluetoothctl connect CC:C5:0A:20:91:5B
bluetoothctl scan off

36
buyvm.py
View File

@ -12,21 +12,23 @@ nodes = {
'Miami' : '48'
}
for node in nodes:
data = urllib.request.urlopen('https://my.frantech.ca/cart.php?gid=' + nodes[node]).read().decode()
packages = re.findall(r'<h3 class="package-name">(.+?)Available\n', data, re.I | re.M | re.S | re.U)
print(f'Servers in \033[34m{node}\033[0m:')
for server in packages:
name = server.split('</h3>')[0].ljust(18)
price = server.split('</span>')[1].split('<span ')[0].ljust(10)
features = server.split('<ul class="package-features"><li><b>')[1].split('</ul>')[0].split('NVME')[0]
for item in ('<li>','</li>','<b>','</b>'):
features = features.replace(item,'')
features = features.ljust(39)
stock = server.split()[-1]
if stock == '0':
stock = f'\033[31m{stock}\033[0m'
else:
stock = f'\033[32m{stock}\033[0m'
print(f'{name} \033[1;30m|\033[0m {price} \033[1;30m|\033[0m {features} \033[1;30m|\033[0m {stock}')
while True:
for node in nodes:
data = urllib.request.urlopen('https://my.frantech.ca/cart.php?gid=' + nodes[node]).read().decode()
packages = re.findall(r'<h3 class="package-name">(.+?)Available\n', data, re.I | re.M | re.S | re.U)
print(f'Servers in \033[34m{node}\033[0m:')
for server in packages:
name = server.split('</h3>')[0].ljust(18)
price = server.split('</span>')[1].split('<span ')[0].ljust(10)
features = server.split('<ul class="package-features"><li><b>')[1].split('</ul>')[0].split('NVME')[0]
for item in ('<li>','</li>','<b>','</b>'):
features = features.replace(item,'')
features = features.ljust(39)
stock = server.split()[-1]
if stock == '0':
stock = f'\033[31m{stock}\033[0m'
else:
stock = f'\033[32m{stock}\033[0m'
print(f'{name} \033[1;30m|\033[0m {price} \033[1;30m|\033[0m {features} \033[1;30m|\033[0m {stock}')
time.sleep(300)

2
confusables.py
View File

@ -102,4 +102,4 @@ confusable = {
}
for i in range(30):
print(confuse('IRC.SUPERNETS.ORG #SUPERBOWL GET FUCKED'))
print(confuse('facebook'))

28
ddosmonit
View File

@ -1,27 +1,13 @@
#!/bin/sh
interface=eth0
dumpdir=/tmp/
email="admin@domain.tld"
subject="DDoS Notification: `hostname`"
sender="admin@domain.tld"
while /bin/true; do
pkt_old=`grep $interface: /proc/net/dev | cut -d : -f2 | awk '{ print $2 }'`
while true; do
pkt_old=$(grep eth0: /proc/net/dev | cut -d ':' -f2 | awk '{ print $2 }')
sleep 1
pkt_new=`grep $interface: /proc/net/dev | cut -d : -f2 | awk '{ print $2 }'`
pkt=$(( $pkt_new-$pkt_old ))
pkt_new=$(grep eth0: /proc/net/dev | cut -d ':' -f2 | awk '{ print $2 }')
pkt=$(( $pkt_new - $pkt_old ))
echo -ne "\r$pkt packets/s\033[0K"
if [ $pkt -gt 5000 ]; then
filename=$dumpdir/dump.`date +"%Y%m%d-%H%M%S"`.cap
tcpdump -n -s0 -c 2000 > $filename
echo "`date` Packets dumped, sleeping now."
sleep 1
data=`cat $filename`
sendmail -F $sender -it <<END_MESSAGE
To: $email
Subject: $subject
`cat $filename`
END_MESSAGE
echo "sendmail complete"
echo "\nDDoS detected"
tcpdump -n -s0 -c 5000 -w /home/acidvegas/dumps/dump.$(date +"%Y%m%d-%H%M%S").cap
sleep 300
fi
done
done

110
docs/elkstack.md Normal file
View File

@ -0,0 +1,110 @@
# ELK Stack
> Elasticsearch, Logstash, & Kibana
This is just a little write-up on my research in deploying the ELK stack.
## Prerequisites
```shell
sudo apt-get install -y gpg apt-transport-https`
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
sudo apt-get update && sudo apt-get install elasticsearch kibana logstash
sudo certbot certonly --standalone --preferred-challenges http -d elastic.domain.org
```
## Setup Elasticsearch
* Copy your certificates to `/etc/elasticsearch/certs`:
```shell
mkdir -p /etc/elasticsearch/certs/
sudo cp /etc/letsencrypt/live/elastic.domain.org/fullchain.pem /etc/elasticsearch/certs/fullchain.pem
sudo cp /etc/letsencrypt/live/elastic.domain.org/privkey.pem /etc/elasticsearch/certs/privkey.pem
sudo chmod -R 777 /etc/elasticsearch/certs/
```
* Edit your `/etc/elasticsearch/elasticsearch.yml` and change the follow options:
```yaml
cluster.name: BeeHive
node.name: gibson
network.host: 0.0.0.0
bootstrap.memory_lock: true
xpack.security.audit.enabled: true
xpack.security.http.ssl:
enabled: true
key: /etc/elasticsearch/ssl/privkey.pem
certificate: /etc/elasticsearch/ssl/fullchain.pem
```
* System changes:
```shell
sudo su
ulimit -n 65535
ulimit -u 4096
echo "elasticsearch - nofile 65535" > /etc/security/limits.conf
mkdir -p /etc/systemd/system/elasticsearch.service.d/
echo "[Service]\nLimitMEMLOCK=infinity" > /etc/systemd/system/elasticsearch.service.d/override.conf
sudo swapoff -a
sudo sysctl -w vm.swappiness=1 # Add these
sudo sysctl -w vm.max_map_count=262144 # to /etc/systctl.conf
sudo sysctl -w net.ipv4.tcp_retries2=5 #
```
* Set the password for Kibana:
`./usr/share/elasticsearch/bin/elasticsearch-reset-password -u kibana_system`
`./usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token --scope kibana # Save this for when we access Kibana the first time`
`./usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node # enrollment token for a new node`
## Setup Kibana
* Copy your certificates to `/etc/kibana/certs`:
```shell
mkdir -p /etc/kibana/certs/
sudo cp /etc/letsencrypt/live/elastic.domain.org/fullchain.pem /etc/kibana/certs/fullchain.pem
sudo cp /etc/letsencrypt/live/elastic.domain.org/privkey.pem /etc/kibana/certs/privkey.pem
```
* Edit your `/etc/kibana/kibana.yml` and change the follow options:
```yaml
server.host: "0.0.0.0"
server.publicBaseUrl: "https://elastic.domain.org"
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/certs/fullchain.pem
server.ssl.key: /etc/kibana/certs/privkey.pem
elasticsearch.hosts: ["https://elastic.domain.org:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "changeme" # Use the password from the reset command we did earlier
```
## Setup Logstash
* Copy your certificates to `/etc/logstash/certs`:
```shell
mkdir -p /etc/logstash/certs/
sudo cp /etc/letsencrypt/live/elastic.domain.org/fullchain.pem /etc/logstash/certs/cacert.pem
```
* Edit your `/etc/logstash/logstash.yml` and change the follow options:
```yaml
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["https://elastic.domain.org:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "changeme"
cacert => "/etc/logstash/cacert.pem"
}
}
```
* `logstash-plugin install logstash-input-irc`
## Start the ELK stack:
```shell
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service && sudo systemctl start elasticsearch.service
sudo systemctl enable kibana.service && sudo systemctl start kibana.service
sudo systemctl enable logstash.service && sudo systemctl start logstash.service
```

44
iprange.py
View File

@ -1,44 +0,0 @@
#!/usr/bin/env python
import ipaddress
donotscan = {
'0.0.0.0/8', # "This" network
'10.0.0.0/8', # Private networks
'100.64.0.0/10', # Carrier-grade NAT - RFC 6598
'127.0.0.0/8', # Host loopback
'169.254.0.0/16', # Link local
'172.16.0.0/12', # Private networks
'192.0.0.0/24', # IETF Protocol Assignments
'192.0.0.0/29', # DS-Lite
'192.0.0.170/32', # NAT64
'192.0.0.171/32', # DNS64
'192.0.2.0/24', # Documentation (TEST-NET-1)
'192.88.99.0/24', # 6to4 Relay Anycast
'192.168.0.0/16', # Private networks
'198.18.0.0/15', # Benchmarking
'198.51.100.0/24', # Documentation (TEST-NET-2)
'203.0.113.0/24', # Documentation (TEST-NET-3)
'240.0.0.0/4', # Reserved
'255.255.255.255/32', # Limited Broadcast
'6.0.0.0/8', # Army Information Systems Center
'7.0.0.0/8', # DoD Network Information Center
'11.0.0.0/8', # DoD Intel Information Systems
'21.0.0.0/8', # DDN-RVN
'22.0.0.0/8', # Defense Information Systems Agency
'26.0.0.0/8', # Defense Information Systems Agency
'28.0.0.0/8', # DSI-North
'29.0.0.0/8', # Defense Information Systems Agency
'30.0.0.0/8', # Defense Information Systems Agency
'33.0.0.0/8', # DLA Systems Automation Center
'55.0.0.0/8', # DoD Network Information Center
'205.0.0.0/8', # US-DOD
'214.0.0.0/8', # US-DOD
'215.0.0.0/8' # US-DOD
}
total = ipaddress.IPv4Network('0.0.0.0/0').num_addresses
print(f'Total IPv4 Addresses : {total:,}')
for i in donotscan:
total -= ipaddress.IPv4Network(i).num_addresses
print(f'Total After Clean : {total:,}')

45
iptables.sh Normal file
View File

@ -0,0 +1,45 @@
### 1: Drop invalid packets ###
/sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
### 2: Drop TCP packets that are new and are not SYN ###
/sbin/iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
### 3: Drop SYN packets with suspicious MSS value ###
/sbin/iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
### 4: Block packets with bogus TCP flags ###
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
### 5: Block spoofed packets ###
/sbin/iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 0.0.0.0/8 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP
/sbin/iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP
### 6: Drop ICMP (you usually don't need this protocol) ###
/sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP
### 7: Drop fragments in all chains ###
/sbin/iptables -t mangle -A PREROUTING -f -j DROP
### 8: Limit connections per source IP ###
/sbin/iptables -A INPUT -p tcp -m connlimit --connlimit-above 111 -j REJECT --reject-with tcp-reset
### 9: Limit RST packets ###
/sbin/iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP
### 10: Limit new TCP connections per second per source IP ###
/sbin/iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/s --limit-burst 20 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP

28
logga.py
View File

@ -7,25 +7,25 @@ import os
log_file=True # Set to False for console logging only
# Set up logging
sh = logging.StreamHandler()
sh.setFormatter(logging.Formatter('%(asctime)s | %(levelname)9s | %(message)s', '%I:%M %p'))
if log_file:
if not os.path.exists('logs'):
os.makedirs('logs')
fh = logging.handlers.RotatingFileHandler('logs/debug.log', maxBytes=250000, backupCount=7, encoding='utf-8')
fh.setFormatter(logging.Formatter('%(asctime)s | %(levelname)9s | %(filename)s.%(funcName)s.%(lineno)d | %(message)s', '%Y-%m-%d %I:%M %p'))
logging.basicConfig(level=logging.NOTSET, handlers=(sh,fh))
del fh
else:
logging.basicConfig(level=logging.NOTSET, handlers=(sh,))
finally:
def setup_logger():
sh = logging.StreamHandler()
sh.setFormatter(logging.Formatter('%(asctime)s | %(levelname)9s | %(message)s', '%I:%M %p'))
if log_file:
if not os.path.exists('logs'):
os.makedirs('logs')
fh = logging.handlers.RotatingFileHandler('logs/debug.log', maxBytes=250000, backupCount=7, encoding='utf-8')
fh.setFormatter(logging.Formatter('%(asctime)s | %(levelname)9s | %(filename)s.%(funcName)s.%(lineno)d | %(message)s', '%Y-%m-%d %I:%M %p'))
logging.basicConfig(level=logging.NOTSET, handlers=(sh,fh))
del fh
else:
logging.basicConfig(level=logging.NOTSET, handlers=(sh,))
del sh
# Logging examples
setup_logger()
logging.debug('This message should go to the log file')
logging.info('So should this')
logging.critical('ok')
logging.warning('And this, too')
logging.error('And non-ASCII stuff, too, like Øresund and Malmö')
logging.shutdown()
logging.shutdown()

5
logs/debug.log Normal file
View File

@ -0,0 +1,5 @@
2023-07-23 12:57 AM | DEBUG | logga.py.<module>.26 | This message should go to the log file
2023-07-23 12:57 AM | INFO | logga.py.<module>.27 | So should this
2023-07-23 12:57 AM | CRITICAL | logga.py.<module>.28 | ok
2023-07-23 12:57 AM | WARNING | logga.py.<module>.29 | And this, too
2023-07-23 12:57 AM | ERROR | logga.py.<module>.30 | And non-ASCII stuff, too, like Øresund and Malmö

62
proxscrap
View File

@ -1,62 +0,0 @@
#!/bin/env bash
# Author: perp
# Description: Scrape free proxies
URLS=(
# SOCKS5
"https://api.proxyscrape.com/v2/?request=displayproxies&protocol=socks5&timeout=10000&country=all"
"https://www.proxyscan.io/download?type=socks5"
"https://raw.githubusercontent.com/TheSpeedX/PROXY-List/master/socks5.txt"
"https://raw.githubusercontent.com/jetkai/proxy-list/main/online-proxies/txt/proxies-socks5.txt"
"https://raw.githubusercontent.com/RX4096/proxy-list/main/online/socks5.txt"
"https://raw.githubusercontent.com/UptimerBot/proxy-list/main/proxies/socks5.txt"
"https://raw.githubusercontent.com/ShiftyTR/Proxy-List/master/socks5.txt"
"https://raw.githubusercontent.com/saschazesiger/Free-Proxies/master/proxies/socks5.txt"
# SOCKS4
"https://api.proxyscrape.com/v2/?request=displayproxies&protocol=socks4&timeout=10000&country=all"
"https://www.proxyscan.io/download?type=socks4"
"https://raw.githubusercontent.com/TheSpeedX/PROXY-List/master/socks4.txt"
"https://raw.githubusercontent.com/jetkai/proxy-list/main/online-proxies/txt/proxies-socks4.txt"
"https://raw.githubusercontent.com/RX4096/proxy-list/main/online/socks4.txt"
"https://raw.githubusercontent.com/UptimerBot/proxy-list/main/proxies/socks4.txt"
"https://raw.githubusercontent.com/ShiftyTR/Proxy-List/master/socks4.txt"
"https://raw.githubusercontent.com/saschazesiger/Free-Proxies/master/proxies/socks4.txt"
# HTTP
"https://api.proxyscrape.com/v2/?request=displayproxies&protocol=http&timeout=10000&country=all"
"https://www.proxyscan.io/download?type=http"
"https://raw.githubusercontent.com/TheSpeedX/PROXY-List/master/http.txt"
"https://raw.githubusercontent.com/jetkai/proxy-list/main/online-proxies/txt/proxies-http.txt"
"https://raw.githubusercontent.com/RX4096/proxy-list/main/online/http.txt"
"https://raw.githubusercontent.com/UptimerBot/proxy-list/main/proxies/http.txt"
"https://raw.githubusercontent.com/ShiftyTR/Proxy-List/master/http.txt"
# HTTPS
"https://api.proxyscrape.com/v2/?request=displayproxies&protocol=https&timeout=10000&country=all"
"https://www.proxyscan.io/download?type=https"
"https://raw.githubusercontent.com/jetkai/proxy-list/main/online-proxies/txt/proxies-https.txt"
"https://raw.githubusercontent.com/RX4096/proxy-list/main/online/https.txt"
"https://raw.githubusercontent.com/ShiftyTR/Proxy-List/master/https.txt"
# MIXED
"https://raw.githubusercontent.com/sunny9577/proxy-scraper/master/proxies.txt"
"https://raw.githubusercontent.com/saschazesiger/Free-Proxies/master/proxies/http.txt"
)
# Remove proxies file
rm -f -- proxies.txt
# Go through each URL
for URL in "${URLS[@]}";
do
# Curl & append to file
echo "Downloading from $URL"
curl -s $URL >> proxies.txt &
done
wait
# Sort the uniques
sort -u -o proxies.txt proxies.txt
echo "Finished downloading proxies"

0
stagit/stagit → stagit
View File

27
stagit/README.md
View File

@ -1,27 +0,0 @@
# stagit
> static git page generator
## Information
This is basically a pure shell script clone of [stagit](https://git.2f30.org/stagit/).
It is meant to be hosted on [Github](https://github.com) using [Github Pages](https://pages.github.com) with a [Custom Domain](https://help.github.com/en/articles/using-a-custom-domain-with-github-pages).
It also has support for hosting on [Gitlab](https://gitlab.com) using [Gitlab Pages](https://docs.gitlab.com/ee/user/project/pages/) with a [Custom Domain](https://docs.gitlab.com/ee/user/project/pages/custom_domains_ssl_tls_certification/)
## Settings
| Setting | Default | Description |
| ---------------- | -------------- | ------------------------------------------------------------------ |
| CLONE_URL | remote | base url for cloning repositories *(remote = remote.origin.url)* |
| CNAME | empty | create a CNAME file with a custom domain *(empty = do not create)* |
| MAX_COMMITS | 100 | maximum number of commits to show (0 = all) |
| MAX_COMMIT_MSG | 100 | maximum characters in a commit message to display *(0 = all)* |
| MAX_COMMIT_LINES | 999 | maximum number of lines to show in a commit *(0 = all)* |
| REPO_DIR | $HOME/git | directory containing repositories |
| TITLE | "Repositories" | title used on homepage |
| WWW_DIR | $HOME/www | directory to output to |
If the `CLONE_URL` was set to `https://github.com/acidvegas/` for example, then it will display as `git clone https://github.com/acidvegas/REPO_NAME.git` on all repository indexes, otherwise if you leave it as `remote` it will just parse the remote url *(`git config --get remote.origin.url`)* for that repository. For those using the `remote` option, remote urls from Github/Gitlab that use SSH will be converted to an HTTPS url. This applies to Github/Gitlab remote urls only, so if you cloned your repositories with SSH, then people may not be able to clone your repositories!
The `CNAME` option is optional if you are planning on using a custom domain with Github pages. See [here](https://help.github.com/en/articles/troubleshooting-custom-domains#github-repository-setup-errors) for more information.
Lastly, stagit will ignore the `$REPO_DIR/mirrors` directory by default. To make stagit include this directory, remove `-path $REPO_DIR/mirrors -prune` from the `find` command in the source.

36
termux Executable file
View File

@ -0,0 +1,36 @@
#!bin/sh
# termux helper - developed by acidvegas (https://git.acid.vegas/archlinux)
set -xev
passwd
termux-setup-storage
pkg upgrade
pkg install abduco cmatrix gcc git exa make man nano ncdu oath-toolkit openssh python python-pip rsync tor wget
wget https://github.com/64BitAsura/ohsnap-ttf/raw/master/ohsnap6x11r.icons.ttf /data/data/com.termux/files/home/.termux/font.ttf
termux-reload-settings
echo "\nE N T E R T H E V O I D\n\n" > $PREFIX/etc/motd
echo "set boldtext\nset minibar\nnset nohelp\net nonewlines\nset nowrap\nset quickblank\nset tabsize 4\ninclude \"/usr/share/nano/*.nanorc\"" > $PREFIX/etc/nanorc
{
echo "export LC_CTYPE=en_US.UTF-8"
echo "export LC_ALL=en_US.UTF-8"
echo "export GPG_TTY=$(tty)"
echo "# colors"
echo "alias diff='diff --color=auto'"
echo "alias grep='grep --color=auto'"
echo "alias ip='ip -color=auto'"
echo "alias ls='ls --color=auto'"
echo "# rewrites"
echo "alias exa='exa -aghl --git'"
echo "alias ssh-add='ssh-add -t 1h'"
echo "alias su='su -l'"
echo "# random"
echo "alias ..='cd ../'"
echo "alias busy=\"cat /dev/urandom | hexdump -C | grep 'ca fe'\""
echo "alias musync=\"rsync -vcahz --delete-before pi:music/ $HOME/storage/music\""
echo "alias updatemux=\"pkg update && pkg clean\""
echo "export PS1=\"\e[38;5;237m\T\e[0m \e[38;5;69m\w \e[0m: \""
} > ~/.bashrc
echo "shortcut.create-session=ctrl + t\n\nshortcut.next-session=ctrl + 2\nshortcut.previous-session=ctrl + 1\nshortcut.rename-session=ctrl + n\nbell-character=ignore" > $HOME/.termux/termux.properties

18
vps Executable file
View File

@ -0,0 +1,18 @@
#!/bin/sh
apt-get update && apt-get upgrade
echo "LANG=en_US.UTF-8" > /etc/locale.conf && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
localectl set-locale LANG=en_US.UTF-8
echo -e "set boldtext\nset nohelp\nset nowrap\nset quickblank\nset tabsize 4\nunbind ^J main\nset selectedcolor black,red\ninclude \"/usr/share/nano/*.nanorc\"" > /etc/nanorc
echo -e "export VISUAL=nano\nexport EDITOR=nano\nunset HISTFILE" >> /etc/profile
echo -e "AuthenticationMethods publickey\nBanner /etc/issue\nClientAliveInterval 0\nDisableForwarding yes\nPermitRootLogin no\nPort CHANGEME\nPrintLastLog no" > /etc/ssh/sshd_config
echo -e "[Journal]\nStorage=volatile\nSplitMode=none\nRuntimeMaxUse=500K" > /etc/systemd/journald.conf
apt-get install cmake curl firehol gcc git htop make nano ncdu python3 python-pip screen sudo tor tmate
apt-get install build-essential pkg-config gdb libssl-dev libpcre2-dev libargon2-0-dev libsodium-dev libc-ares-dev libcurl4-openssl-dev
useradd -m -s /bin/bash acidvegas && gpasswd -a acidvegas sudo && passwd acidvegas
mkdir $HOME/.ssh
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/fz4INjgCmSZOUiE9HL3+YRalyF/ptk1+qybcBCwUp" > $HOME/.ssh/authorized_keys
chmod 700 $HOME/.ssh && chown -R acidvegas $HOME/.ssh && chmod 400 $HOME/.ssh/authorized_keys
mkdir $HOME/build
mkdir $HOME/.scripts && wget -O $HOME/.scipts/ddosmonit https://github.com/acidvegas/random/blob/master/ddosmonit && screen -S ddosmonit sudo ./.scripts/ddosmonit