mirror of git://git.acid.vegas/random.git
Compare commits
2 Commits
9fb326fd8f
...
fd8090d863
| Author | SHA1 | Date |
|---|---|---|
 Dionysus
|
fd8090d863
|
|
|
Dionysus
|
03bfdd4248
|
|
|
@ -1,82 +0,0 @@
|
|||
/* context menu - blank */
|
||||
#context-back,#context-bookmarkpage,#context-forward,#context-inspect,#context-navigation,#context-pocket,#context-reload,#context-savepage,#context-selectall,#context-sendpagetodevice,#context-sep-navigation,#context-sep-sendpagetodevice,#context-sep-viewbgimage,#context-sep-viewsource,#context-stop,#context-viewinfo,#context-viewsource,#inspect-separator,#screenshots_mozilla_org_create-screenshot{display:none !important}
|
||||
|
||||
/* context menu - frame */
|
||||
#context-bookmarkframe,#context-openframe,#context-openframeintab,#context-printframe,#context-printframe + menuseparator,#context-reloadframe,#context-reloadframe + menuseparator,#context-saveframe,#context-saveframe + menuseparator,#context-showonlythisframe,#context-viewframeinfo,#context-viewframesource,#open-frame-sep{display:none !important}
|
||||
|
||||
/* context menu - image */
|
||||
#context-reloadimage,#context-sendimage,#context-sep-copyimage,#context-setDesktopBackground,#context-viewimageinfo{display:none !important}
|
||||
|
||||
/* context menu - input */
|
||||
#context-bidi-page-direction-toggle,#context-bidi-text-direction-toggle,#context-copy,#context-cut,#context-delete,#context-keywordfield,#context-paste,#context-selectall,#context-sep-bidi,#context-sep-paste,#context-sep-undo,#context-undo,#fill-login,#fill-login-separator,#spell-add-dictionaries-main,#spell-check-enabled,#spell-dictionaries,#spell-separator{display:none !important}
|
||||
|
||||
/* context menu - link */
|
||||
#context-bookmarklink,#context-openlink,#context-openlinkinusercontext-menu,#context-openlinkprivate,#context-savelinktopocket,#context-searchselect,#context-sendlinktodevice,#context-sep-open,#context-sep-sendlinktodevice{display:none !important}
|
||||
|
||||
/* context menu - media */
|
||||
#context-sendaudio{display:none !important}
|
||||
|
||||
/* context menu - page action */
|
||||
#pageAction-panel-addSearchEngine,#pageAction-panel-bookmark,#pageAction-panel-bookmarkSeparator,#pageAction-panel-builtInSeparator,#pageAction-panel-copyURL,#pageAction-panel-emailLink,#pageAction-panel-pocket,#pageAction-panel-screenshots,#pageAction-panel-sendToDevice,#pageAction-panel-transientSeparator,#pageAction-panel-webcompat-reporter-button{display:none !important}
|
||||
|
||||
/* context menu - select */
|
||||
#context-viewpartialsource-selection{display:none !important}
|
||||
|
||||
/* context menu - side bar */
|
||||
#placesContext_copy,#placesContext_createBookmark,#placesContext_cut,#placesContext_deleteHost,#placesContext_deleteSeparator,#placesContext_delete_history,#placesContext_editSeparator,#placesContext_openLinks:tabs,#placesContext_open:newprivatewindow,#placesContext_open:newwindow,#placesContext_paste,#placesContext_reload{display:none !important}
|
||||
|
||||
/* context menu - tab */
|
||||
#context_closeOtherTabs,#context_closeTabsToTheEnd,#context_duplicateTab,#context_duplicateTab + menuseparator,#context_moveTabOptions,#context_pinSelectedTabs,#context_reloadSelectedTabs,#context_reloadTab,#context_reopenInContainer,#context_sendTabToDevice,#context_sendTabToDevice + menuseparator,#context_toggleMuteSelectedTabs,#context_undoCloseTab,#context_unpinSelectedTabs{display:none !important}
|
||||
|
||||
/* context menu - tool bar */
|
||||
#toggle_PersonalToolbar,#toggle_toolbar-menubar,#toolbar-context-bookmarkSelectedTab,#toolbar-context-bookmarkSelectedTabs,#toolbar-context-reloadSelectedTab,#toolbar-context-reloadSelectedTabs,#toolbar-context-selectAllTabs,#toolbar-context-undoCloseTab,#toolbar-context-undoCloseTab + menuseparator,.customize-context-autoHide,.customize-context-manageExtension,.customize-context-moveToPanel,.customize-context-removeExtension,.customize-context-removeExtension + menuseparator,.customize-context-removeFromToolbar,.viewCustomizeToolbar{display:none !important}
|
||||
|
||||
|
||||
/* context menu - url bar */
|
||||
#urlbar menuitem[anonid="paste-and-go"],#urlbar menuitem[cmd="cmd_copy"],#urlbar menuitem[cmd="cmd_cut"],#urlbar menuitem[cmd="cmd_delete"],#urlbar menuitem[cmd="cmd_delete"] + menuseparator,#urlbar menuitem[cmd="cmd_paste"],#urlbar menuitem[cmd="cmd_selectAll"],#urlbar menuitem[cmd="cmd_undo"],#urlbar menuitem[cmd="cmd_undo"] + menuseparator{display:none !important}
|
||||
|
||||
/* find bar - hide extra options */
|
||||
.findbar-entire-word, .findbar-case-sensitive, .findbar-highlight {visibility: collapse !important}
|
||||
|
||||
/* nav bar - hide back & forward buttons */
|
||||
:-moz-any(#back-button, #forward-button){display:none !important}
|
||||
|
||||
/* nav bar - hide hamburger button */
|
||||
#PanelUI-menu-button{display:none}
|
||||
|
||||
/* nav + tab bar merge */
|
||||
:root[uidensity=compact]{--tabs-margin-left:3em;--space-before-tabs:34.5em;--space-after-tabs:2em;--nav-margin-top:-1.9em;--menu-margin-top:0.05em}
|
||||
#TabsToolbar{margin-left:var(--tabs-margin-left) !important;padding-left:var(--space-before-tabs) !important;margin-right:var(--space-after-tabs) !important;margin-bottom:-0.1em; !important}
|
||||
#nav-bar{margin-top:var(--nav-margin-top) !important;margin-right:60vw !important;margin-bottom:-0.1em !important;background-color:transparent !important}
|
||||
|
||||
/* side bar - hide header & search */
|
||||
#sidebar-header,#sidebar-search-container{display:none}
|
||||
|
||||
/* tab bar - close button on hover only */
|
||||
.tabbrowser-tab:not([selected]):not([pinned]) .tab-close-button{display:none !important}
|
||||
.tabbrowser-tab:not([selected]):not([pinned]):hover .tab-close-button{display:-moz-box !important}
|
||||
|
||||
/* tab bar - hide buttons */
|
||||
.tabbrowser-strip *[class^="scrollbutton"], .tabbrowser-strip *[class^="tabs-alltabs"], .tabbrowser-strip *[class^="tabs-newtab-button"]{display:none}
|
||||
|
||||
/* tool bar - compact icons */
|
||||
#widget-overflow-fixed-list{display:grid;grid-template-rows:repeat(1,1.5em);grid-template-columns:repeat(20, 15em)}
|
||||
#widget-overflow-fixed-list .toolbarbutton-1 > .toolbarbutton-text{display:none !important}
|
||||
|
||||
/* url bar - hide bookmark star */
|
||||
#star-button{display:none !important}
|
||||
|
||||
/* url bar - hide dropdown */
|
||||
.urlbar-history-dropmarker{display:none !important}
|
||||
|
||||
/* url bar - hide feed button */
|
||||
#feed-button {display:none !important}
|
||||
|
||||
/* url bar - hide info icon */
|
||||
#urlbar:not(.grantedPermissions) #identity-icon{transition:300ms !important;opacity:0 !important;-moz-margin-end:-1.1em !important}
|
||||
|
||||
/* url bar - hide page actions */
|
||||
#pageActionButton{display:none !important}
|
||||
|
||||
#urlbar-container {max-width: 400px !important;}
|
||||
#search-container {max-width: 200px !important;}
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
/* color blank pages for dark theme */
|
||||
@-moz-document url("about:blank"){*:empty:not([id]):not([style]){background-color:#474749 !important;}}
|
||||
@-moz-document url("about:home"), url("about:newtab"){.activity-stream{background-color:#474749 !important;}}
|
||||
@-moz-document url("about:newtab"){input#newtab-customize-button{display:none !important;}}
|
||||
|
|
@ -1,68 +0,0 @@
|
|||
// custom prefs
|
||||
lockPref("accessibility.typeaheadfind.autostart", false) // http://kb.mozillazine.org/Accessibility.typeaheadfind.autostart
|
||||
lockPref("accessibility.typeaheadfind.enablesound", false) // http://kb.mozillazine.org/Accessibility.typeaheadfind.enablesound
|
||||
lockPref("app.update.auto", false) // http://kb.mozillazine.org/App.update.auto
|
||||
lockPref("app.update.enabled", true) // http://kb.mozillazine.org/App.update.enabled
|
||||
lockPref("beacon.enabled", false)
|
||||
lockPref("browser.aboutHomeSnippets.updateUrl", "")
|
||||
lockPref("browser.backspace_action", 0) // http://kb.mozillazine.org/Browser.backspace_action
|
||||
lockPref("browser.bookmarks.max_backups", 0) // http://kb.mozillazine.org/Browser.bookmarks.max_backups
|
||||
lockPref("browser.cache.check_doc_frequency", 3) // http://kb.mozillazine.org/Browser.cache.check_doc_frequency
|
||||
lockPref("browser.cache.disk.enable", false) // http://kb.mozillazine.org/Browser.cache.disk.enable
|
||||
lockPref("browser.cache.disk_cache_ssl", false) // http://kb.mozillazine.org/Browser.cache.disk_cache_ssl
|
||||
lockPref("browser.cache.memory.capacity", -1) // http://kb.mozillazine.org/Browser.cache.memory.capacity
|
||||
lockPref("browser.cache.memory.enable", true) // http://kb.mozillazine.org/Browser.cache.memory.enable
|
||||
lockPref("browser.cache.offline.enable", false) // http://kb.mozillazine.org/Browser.cache.offline.enable
|
||||
lockPref("browser.chrome.site_icons", false) // http://kb.mozillazine.org/Browser.chrome.site_icons
|
||||
lockPref("browser.chrome.toolbar_tips", false) // http://kb.mozillazine.org/Browser.chrome.toolbar_tips
|
||||
lockPref("browser.download.manager.addToRecentDocs", false) // http://kb.mozillazine.org/Browser.download.manager.addToRecentDocs
|
||||
lockPref("browser.formfill.enable", false)
|
||||
lockPref("browser.link.open_newwindow", 3) // http://kb.mozillazine.org/Browser.link.open_newwindow
|
||||
lockPref("browser.link.open_newwindow.restriction", 0) // http://kb.mozillazine.org/Browser.link.open_newwindow.restriction
|
||||
lockPref("browser.newtabpage.enabled", false)
|
||||
lockPref("browser.privatebrowsing.autostart", true)
|
||||
lockPref("browser.safebrowsing.malware.enabled", false)
|
||||
lockPref("browser.safebrowsing.phishing.enabled", false)
|
||||
lockPref("browser.safebrowsing.downloads.enabled", false)
|
||||
lockPref("browser.search.suggest.enabled", false) // http://kb.mozillazine.org/Browser.search.suggest.enabled
|
||||
lockPref("browser.send_pings", false) // http://kb.mozillazine.org/Browser.send_pings
|
||||
lockPref("browser.sessionhistory.max_total_viewers", 3) // http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers
|
||||
lockPref("browser.sessionstore.max_resumed_crashes", 0) // http://kb.mozillazine.org/Browser.sessionstore.max_resumed_crashes
|
||||
lockPref("browser.sessionstore.max_tabs_undo", 3) // http://kb.mozillazine.org/Browser.sessionstore.max_tabs_undo
|
||||
lockPref("browser.sessionstore.privacy_level", 2) // http://kb.mozillazine.org/Browser.sessionstore.privacy_level
|
||||
lockPref("browser.sessionstore.resume_from_crash", false) // http://kb.mozillazine.org/Browser.sessionstore.resume_from_crash
|
||||
lockPref("browser.startup.page", 0) // http://kb.mozillazine.org/Browser.startup.page
|
||||
lockPref("browser.tabs.crashReporting.sendReport", false)
|
||||
lockPref("browser.urlbar.autoFill", false)
|
||||
lockPref("browser.urlbar.autocomplete.enabled", false)
|
||||
lockPref("browser.urlbar.maxRichResults", 0) // http://kb.mozillazine.org/Browser.urlbar.maxRichResults
|
||||
lockPref("browser.zoom.siteSpecific", false)
|
||||
lockPref("dom.battery.enabled", false)
|
||||
lockPref("dom.event.clipboardevents.enabled", false)
|
||||
lockPref("dom.event.contextmenu.enabled", false)
|
||||
lockPref("general.warnOnAboutConfig", false) // http://kb.mozillazine.org/General.warnOnAboutConfig
|
||||
lockPref("geo.enabled", false)
|
||||
lockPref("extensions.pocket.enabled", false)
|
||||
lockPref("extensions.screenshots.disabled", true)
|
||||
lockPref("image.animation_mode", "once")
|
||||
lockPref("layout.spellcheckDefault", 0)
|
||||
lockPref("network.cookie.cookieBehavior", 1) // http://kb.mozillazine.org/Network.cookie.cookieBehavior
|
||||
lockPref("network.cookie.lifetimePolicy", 2) // http://kb.mozillazine.org/Network.cookie.lifetimePolicy
|
||||
lockPref("network.dns.disablePrefetch", true) // http://kb.mozillazine.org/Network.dns.disablePrefetch
|
||||
lockPref("network.dnsCacheEntries", 10) // http://kb.mozillazine.org/Network.dnsCacheEntries
|
||||
lockPref("network.http.referer.XOriginPolicy", 0)
|
||||
lockPref("network.http.referer.spoofSource", true)
|
||||
lockPref("network.http.sendRefererHeader", 0)
|
||||
lockPref("network.IDN_show_punycode", true) // http://kb.mozillazine.org/Network.IDN_show_punycode
|
||||
lockPref("network.prefetch-next", false) // http://kb.mozillazine.org/Network.prefetch-next
|
||||
lockPref("places.history.enabled", false)
|
||||
lockPref("signon.autofillForms", false) // http://kb.mozillazine.org/Signon.autofillForms
|
||||
lockPref("plugins.flashBlock.enabled", true)
|
||||
lockPref("privacy.clearOnShutdown.*", true)
|
||||
lockPref("privacy.cpd.*", true)
|
||||
lockPref("privacy.donottrackheader.enabled", true)
|
||||
lockPref("privacy.sanitize.sanitizeOnShutdown", true)
|
||||
lockPref("privacy.trackingprotection.enabled", true)
|
||||
lockPref("reader.parse-on-load.enabled", false)
|
||||
lockPref("security.dialog_enable_delay", 0)
|
||||
lockPref("toolkit.cosmeticAnimations.enabled", false)
|
||||
22
ampscan.py
22
ampscan.py
|
|
@ -32,17 +32,17 @@ def scan():
|
|||
while True:
|
||||
ip = socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff)))
|
||||
for port in scan_ports:
|
||||
sock = socket.socket()
|
||||
sock.settimeout(3)
|
||||
try:
|
||||
code = sock.connect((ip, port))
|
||||
except socket.error:
|
||||
pass
|
||||
else:
|
||||
if not code:
|
||||
print('FOUND ' + ip + ':' + str(port) + ' (' + scan_ports[port] + ')')
|
||||
finally:
|
||||
sock.close()
|
||||
sock = socket.socket()
|
||||
sock.settimeout(3)
|
||||
try:
|
||||
code = sock.connect((ip, port))
|
||||
except socket.error:
|
||||
pass
|
||||
else:
|
||||
if not code:
|
||||
print('FOUND ' + ip + ':' + str(port) + ' (' + scan_ports[port] + ')')
|
||||
finally:
|
||||
sock.close()
|
||||
|
||||
for i in range(100):
|
||||
threading.Thread(target=scan).start()
|
||||
|
|
|
|||
32
bash.bashrc
32
bash.bashrc
|
|
@ -1,32 +0,0 @@
|
|||
[[ $- != *i* ]] && return
|
||||
|
||||
shopt -s checkwinsize
|
||||
|
||||
export LC_CTYPE=en_US.UTF-8
|
||||
export LC_ALL=en_US.UTF-8
|
||||
|
||||
# color
|
||||
alias diff='diff --color=auto'
|
||||
alias dir='dir --color=auto'
|
||||
alias egrep='egrep --color=auto'
|
||||
alias grep='grep --color=auto'
|
||||
alias fgrep='fgrep --color=auto'
|
||||
alias ip='ip -color=auto'
|
||||
alias ls='ls --color=auto'
|
||||
alias ncdu='ncdu --color dark -rr'
|
||||
alias vdir='vdir --color=auto'
|
||||
|
||||
# rewrites
|
||||
alias pip='pip3'
|
||||
alias python='python3'
|
||||
alias wget='wget -q --show-progress'
|
||||
|
||||
# random
|
||||
alias ..="cd ../"
|
||||
alias up="sudo apt-get update && sudo apt-get upgrade && sudo apt autoremove"
|
||||
|
||||
if [ $(id -u) == "0" ]; then
|
||||
export PS1="\e[31m\u@\h\e[0m \e[33m\w \e[0m: "
|
||||
else
|
||||
export PS1="\e[38;5;41m\u@\h\e[0m \e[38;5;69m\w \e[0m: "
|
||||
fi
|
||||
4
buyvm.py
4
buyvm.py
|
|
@ -30,5 +30,5 @@ while True:
|
|||
else:
|
||||
stock = f'\033[32m{stock}\033[0m'
|
||||
print(f'{name} \033[1;30m|\033[0m {price} \033[1;30m|\033[0m {features} \033[1;30m|\033[0m {stock}')
|
||||
time.sleep(300)
|
||||
|
||||
time.sleep(3600)
|
||||
print('--------------------------------------------------')
|
||||
|
|
|
|||
|
|
@ -1,27 +0,0 @@
|
|||
location ~ /.well-known/acme-challenge/ {
|
||||
allow all;
|
||||
root /var/www/html; # This should point to the webroot of your site
|
||||
}
|
||||
|
||||
sudo nano /etc/systemd/system/certbot-renewal.service
|
||||
[Unit]
|
||||
Description=Certbot Renewal
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/bin/certbot renew --webroot -w /var/www/html --quiet
|
||||
|
||||
sudo nano /etc/systemd/system/certbot-renewal.timer
|
||||
[Unit]
|
||||
Description=Run certbot renewal daily
|
||||
|
||||
[Timer]
|
||||
OnCalendar=daily
|
||||
Persistent=true
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
|
||||
|
||||
sudo systemctl enable certbot-renewal.timer
|
||||
sudo systemctl start certbot-renewal.timer
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
#!/bin/sh
|
||||
# USB Deadman's Switch - Developed by acidvegas (https://git.acid.vegas/random)
|
||||
|
||||
# This script will create a udev rule that will execute a payload when a USB drive is removed.
|
||||
# udev is typically installed & running on most Linux distributions, but alwways verify.
|
||||
|
||||
if [ "$#" -ne 2 ]; then
|
||||
echo "Usage: $0 <usb_path> <payload_path>" && exit 1
|
||||
fi
|
||||
|
||||
USB_PATH=$1
|
||||
PAYLOAD_PATH=$2
|
||||
|
||||
if [ ! -e "$USB_PATH" ]; then
|
||||
echo "Error: USB drive at $USB_PATH not found." && exit 1
|
||||
else if [ ! -f "$PAYLOAD_PATH" ]; then
|
||||
echo "Error: Payload at $PAYLOAD_PATH not found." && exit 1
|
||||
fi
|
||||
|
||||
LABEL=$(blkid -o value -s LABEL $USB_PATH)
|
||||
UUID=$(blkid -o value -s UUID $USB_PATH)
|
||||
|
||||
echo "Deadman USB: $LABEL ($UUID)"
|
||||
|
||||
mkdir -p /etc/udev/rules.d/
|
||||
printf "ACTION==\"remove\", ENV{ID_FS_UUID}==\"$UUID\", RUN+=\"$PAYLOAD_PATH\"\n" > /etc/udev/rules.d/99-usb-removal.rules
|
||||
|
||||
udevadm control --reload-rules && udevadm trigger
|
||||
|
|
@ -8,7 +8,7 @@ import (
|
|||
)
|
||||
|
||||
const (
|
||||
fileName = "secure_file.dat"
|
||||
fileName = "fuckfile.dat"
|
||||
fileSize = 1 << 30 // 1 GB
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Cloud Provider Reviews
|
||||
|
||||
###### BuyVM
|
||||
## BuyVM
|
||||
The most recommended out of this list in my opinion.
|
||||
|
||||
Entire support team is on Discord/IRC & very responsive.
|
||||
|
|
@ -9,7 +9,7 @@ Offers Path.net DDoS protection for 3$ per IP address.
|
|||
|
||||
Only issue is streaming shit like Jitsi is TERRIBLE on Path.net
|
||||
|
||||
###### OVH
|
||||
## OVH
|
||||
The aboslute WORST provider I have ever used in my entire existence. I was a customer of their for almost 10 years, so I have some merit in what I am about to say.
|
||||
|
||||
OVH used to be the KING, half of EFNet would use them, and SuperNETs was ran entirely behind a swarm of OVH boxes, but their services have gone to shit over the years...drastically.
|
||||
|
|
@ -24,23 +24,21 @@ Their have VERY strict anti-fraud policies now, and require a picture of you ID
|
|||
|
||||
THE ONLY GOOD THING ABOUT OVH is that, because they have a non-existent support team, in turn they also have a non-existent abuse team. You can do anythiung you want really & they wont ever get involved. Not only that, but their RBX location is a BEAST at handling DDoS, even better than Path.net it seems.
|
||||
|
||||
Lastly, dedishops.com is a recommended reseller of OVH, if you want OVH resources/prtection, do not want to deal with OVH itself, get on dedishops.com & cop a GAME-2 server.
|
||||
|
||||
###### Tempest Hosting
|
||||
## Tempest Hosting
|
||||
They 100% lie about the speeds they offer LOL. Claiming 10gbp/s on a 60$ server. You can google about how fraudulent their claimed speeds really are...
|
||||
|
||||
ALSO, when I tried to use them, thye couldnt even spin up a debian box for me. Was stuck on installing for 4 hours and it took them 3 days until I finally said fuckyou, give me my money back.
|
||||
|
||||
Terrible first impressins, their infra and dev team is kind fo clueless. Do not use these guys. They are owned by PATH.NET but they are garbage.
|
||||
|
||||
###### NFO Servers
|
||||
## NFO Servers
|
||||
Over-priced junk. Servers are all vulnerable to local DOSing, the SuperNETs IRCd was being !smoke flooded and it knocked out 3 nodes from ACK packets recieved from the IRCd.
|
||||
|
||||
DDoS protectin is terrible and bypassed easily. Opers had ZERO clue about it on their end...tells you alot right there. Still vulnerable. Refused to delete my information when requiested aswell.
|
||||
|
||||
Speeds for unmetered are under 100mpbs and pricey as fuck.
|
||||
|
||||
###### DediShops
|
||||
## DediShops
|
||||
Their "firewall" limits you to only like 10 rules...so if you have a complex network setup, these guys are USELESS. They re-sell OVH boxes, specifically the RBX ones, which typically have great DDoS protectin...but just like OVH, DediShops ahs zero support team.
|
||||
|
||||
My ticket went 2 weeks with no respnose, and then they prevent you from opening any more tickets or replying to your own ticket. Never using them again.
|
||||
My ticket went 2 weeks with no respnose, and then they prevent you from opening any more tickets or replying to your own ticket. Never using them again.
|
||||
45
iptables.sh
45
iptables.sh
|
|
@ -1,45 +0,0 @@
|
|||
### 1: Drop invalid packets ###
|
||||
/sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
|
||||
|
||||
### 2: Drop TCP packets that are new and are not SYN ###
|
||||
/sbin/iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
|
||||
|
||||
### 3: Drop SYN packets with suspicious MSS value ###
|
||||
/sbin/iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
|
||||
|
||||
### 4: Block packets with bogus TCP flags ###
|
||||
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
|
||||
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
|
||||
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
|
||||
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
|
||||
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
|
||||
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
|
||||
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
|
||||
|
||||
### 5: Block spoofed packets ###
|
||||
/sbin/iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP
|
||||
/sbin/iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP
|
||||
/sbin/iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP
|
||||
/sbin/iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP
|
||||
/sbin/iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j DROP
|
||||
/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP
|
||||
/sbin/iptables -t mangle -A PREROUTING -s 0.0.0.0/8 -j DROP
|
||||
/sbin/iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP
|
||||
/sbin/iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP
|
||||
|
||||
### 6: Drop ICMP (you usually don't need this protocol) ###
|
||||
/sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP
|
||||
|
||||
### 7: Drop fragments in all chains ###
|
||||
/sbin/iptables -t mangle -A PREROUTING -f -j DROP
|
||||
|
||||
### 8: Limit connections per source IP ###
|
||||
/sbin/iptables -A INPUT -p tcp -m connlimit --connlimit-above 111 -j REJECT --reject-with tcp-reset
|
||||
|
||||
### 9: Limit RST packets ###
|
||||
/sbin/iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT
|
||||
/sbin/iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP
|
||||
|
||||
### 10: Limit new TCP connections per second per source IP ###
|
||||
/sbin/iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/s --limit-burst 20 -j ACCEPT
|
||||
/sbin/iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
#!/usr/bin/env python
|
||||
# requires: https://pypi.org/project/lyricsgenius/
|
||||
import sys, lyricsgenius
|
||||
genius = lyricsgenius.Genius('CLIENT ACCESS TOKEN') # http://genius.com/api-clients
|
||||
genius.verbose = False
|
||||
song = genius.search_song(sys.argv[2], sys.argv[1])
|
||||
print(song.lyrics) if song else print('no lyrics found')
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
#!/bin/sh
|
||||
sudo apt-get update && sudo apt-get upgrade -y
|
||||
sudo apt-get install -y git wget curl dnsutils nmap masscan
|
||||
export PATH=$PATH:/usr/local/go/bin && printf "\nexport PATH=$PATH:/usr/local/go/bin\n" >> ~/.bashrc
|
||||
export PATH=$PATH:/home/acidvegas/.pdtm/go/bin && printf "\nexport PATH=$PATH:/home/acidvegas/.pdtm/go/bin\n" >> ~/.bashrc
|
||||
source $HOME/.bashrc
|
||||
wget -O gosource.tar.gz https://go.dev/dl/go1.21.4.linux-amd64.tar.gz && sudo tar -C /usr/local -xzf gosource.tar.gz && rm gosource.tar.gz
|
||||
mkdir -p $HOME/git
|
||||
git clone https://github.com/blechschmidt/massdns.git $HOME/git/massdns && cd git/massdns && make && sudo make install && cd
|
||||
git clone https://github.com/projectdiscovery/nuclei-templates.git $HOMEgit/nuclei-templates
|
||||
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
|
||||
pdtm -ia
|
||||
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
#!/bin/sh
|
||||
if [ $(id -u) -ne 0 ]; then
|
||||
echo "error: must be ran as root" && exit 1
|
||||
fi
|
||||
|
||||
apt-get update
|
||||
apt-get install wireguard-tools -y
|
||||
|
||||
sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p # add to conf
|
||||
|
||||
gen_server() {
|
||||
umask 077
|
||||
wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
|
||||
|
||||
{
|
||||
printf "[Interface]\n"
|
||||
printf "Address = 10.0.0.1/24, fd00:db8:0:0::1/64\n" # IPv4 and IPv6 addresses
|
||||
printf "SaveConfig = true\n"
|
||||
printf "ListenPort = CHANGEME\n"
|
||||
printf "PrivateKey = $(cat /etc/wireguard/privatekey)\n\n"
|
||||
printf "[Peer]\n"
|
||||
printf "PublicKey = $(cat /etc/wireguard/client1_publickey)\n" # Client 1 public key
|
||||
printf "AllowedIPs = 10.0.0.2/32, fd00:db8:0:0::2/128\n" # IPv4 and IPv6 for Client 1
|
||||
printf "MaxConnections = 5\n"
|
||||
} > /etc/wireguard/wg0.conf
|
||||
|
||||
systemctl enable wg-quick@wg0 && systemctl start wg-quick@wg0
|
||||
}
|
||||
|
||||
gen_client() {
|
||||
wg genkey | tee privatekey | wg pubkey > publickey
|
||||
{
|
||||
printf "[Interface]\n"
|
||||
printf "Address = 10.0.0.2/32\n" # NEED V6
|
||||
printf "PrivateKey = $(cat /path/to/client/privatekey)\n" # Client's private key
|
||||
printf "DNS = 8.8.8.8\n\n" # DNS server (can we exclude to allow machine)
|
||||
|
||||
printf "[Peer]\n"
|
||||
printf "PublicKey = $(cat /path/to/server/publickey)\n" # Server's public key
|
||||
printf "AllowedIPs = 0.0.0.0/0, ::/0\n" # Route all traffic through VPN
|
||||
printf "Endpoint = [Server's IP Address]:[Server's ListenPort]\n" # Server endpoint
|
||||
} > /path/to/client/wg0.conf
|
||||
}
|
||||
Loading…
Reference in New Issue