From 37cf5e728fdc8ea4dca81b76b24b85828da6e8ed Mon Sep 17 00:00:00 2001 From: weekndr_sec <172009322+ndr-repo@users.noreply.github.com> Date: Thu, 16 Jan 2025 00:48:08 -0500 Subject: [PATCH 1/7] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index b4b9739..d85faa1 100644 --- a/README.md +++ b/README.md @@ -41,3 +41,5 @@ Sometimes, the domain may block the internetDB from indexing the address. In the **cfWhoami** - Check your external IP address, user-agent, and detected location using CloudFlare's public trace services. **mvWhoami** - An external check to validate connections to Mullvad VPN. This uses their public "Am I Mullvad?" service and a good second-opinion scan after your local command line if youre doing things like split tunneling or using proxies. + +**cfUagTest** - Cloudflare User-Agent Test - Test a user-agent on Cloudflare Trace to see how it looks on the other end. Verify discrepencies against parsers, etc. From af442598b9cd3bff26c4459c4c67c62c2c52a0e9 Mon Sep 17 00:00:00 2001 From: weekndr_sec <172009322+ndr-repo@users.noreply.github.com> Date: Thu, 16 Jan 2025 00:54:06 -0500 Subject: [PATCH 2/7] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d85faa1..f4aaf43 100644 --- a/README.md +++ b/README.md @@ -42,4 +42,5 @@ Sometimes, the domain may block the internetDB from indexing the address. In the **mvWhoami** - An external check to validate connections to Mullvad VPN. This uses their public "Am I Mullvad?" service and a good second-opinion scan after your local command line if youre doing things like split tunneling or using proxies. -**cfUagTest** - Cloudflare User-Agent Test - Test a user-agent on Cloudflare Trace to see how it looks on the other end. Verify discrepencies against parsers, etc. +![cfUagTest](https://github.com/user-attachments/assets/a82682b3-b0b1-4feb-83e7-01daaeaeaa82) +**cfUagTest** - Cloudflare User-Agent Test. Test a user-agent on Cloudflare Trace to see how it looks on the other end. Verify discrepencies against parsers, etc. From 91361e63662f3e9737b6cf8711a4b752b05c0370 Mon Sep 17 00:00:00 2001 From: weekndr_sec <172009322+ndr-repo@users.noreply.github.com> Date: Sat, 18 Jan 2025 03:20:59 -0500 Subject: [PATCH 3/7] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f4aaf43..89906fc 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,9 @@ These can be used for threat hunting, but I mostly use these during external pen I would definitely recommend the resolvers over a traditional nslookup when working with indicators, since these tools all resolve by proxy through another host and not your own box. At most, I would use them to find any initial indicators (i.e: Quad9 blocked ___ hostname), and then move the work over to a CTI platform for OSINT like [AlienVault OTX](https://otx.alienvault.com/). -I will continue to update the repository with more tools as time goes on. Most of my time with new tools is spent performing internal QA to ensure they are easy to read from the IDE and provide a good experience during input handling. I would also like to make setup scripts for Windows & popular Linux distros respectively to quickly set the script folders to PATH/environment variables. In the mean time, I recommend manually adding the 'Resolvers' and 'Validators' folder to your PATH for quick use. This is what I personally do. +I will continue to update the repository with more tools as time goes on. Most of my time with new tools is spent performing internal QA to ensure they are easy to read from the IDE and provide a good experience during input handling. + +Plans include setup scripts for Windows & popular Linux distros to quickly set the script folders to PATH/environment variables. In the mean time, I recommend manually adding the 'Resolvers' and 'Validators' folder to your PATH for quick use. This is what I personally do. ## Quick Reference - Command Syntax From 524c7221a2fe34e8a84404aa639b6d52fcd66240 Mon Sep 17 00:00:00 2001 From: weekndr_sec <172009322+ndr-repo@users.noreply.github.com> Date: Sat, 18 Jan 2025 03:27:23 -0500 Subject: [PATCH 4/7] Update README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 89906fc..6327ebd 100644 --- a/README.md +++ b/README.md @@ -46,3 +46,7 @@ Sometimes, the domain may block the internetDB from indexing the address. In the ![cfUagTest](https://github.com/user-attachments/assets/a82682b3-b0b1-4feb-83e7-01daaeaeaa82) **cfUagTest** - Cloudflare User-Agent Test. Test a user-agent on Cloudflare Trace to see how it looks on the other end. Verify discrepencies against parsers, etc. + +## Support +- If you find use from this, consider supporting my work on [Ko-fi](https://ko-fi.com/weekndr_sec). +- As of this release, I'm currently consulting full-time and get paid by the project, not by my time. From d1b725695bea91b228d7881415c0f3f5bd593174 Mon Sep 17 00:00:00 2001 From: weekndr_sec <172009322+ndr-repo@users.noreply.github.com> Date: Sat, 18 Jan 2025 03:28:05 -0500 Subject: [PATCH 5/7] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6327ebd..717a5cd 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ These can be used for threat hunting, but I mostly use these during external pen I would definitely recommend the resolvers over a traditional nslookup when working with indicators, since these tools all resolve by proxy through another host and not your own box. At most, I would use them to find any initial indicators (i.e: Quad9 blocked ___ hostname), and then move the work over to a CTI platform for OSINT like [AlienVault OTX](https://otx.alienvault.com/). -I will continue to update the repository with more tools as time goes on. Most of my time with new tools is spent performing internal QA to ensure they are easy to read from the IDE and provide a good experience during input handling. +I will continue to update the repository with more tools as time goes on. Most of my time with new additions is spent performing internal QA to ensure they are easy to read from the IDE and provide a good experience during input handling. Plans include setup scripts for Windows & popular Linux distros to quickly set the script folders to PATH/environment variables. In the mean time, I recommend manually adding the 'Resolvers' and 'Validators' folder to your PATH for quick use. This is what I personally do. From 3485da2a175bfd2e3d068505328d203ebae3df7d Mon Sep 17 00:00:00 2001 From: weekndr_sec <172009322+ndr-repo@users.noreply.github.com> Date: Sat, 18 Jan 2025 03:31:26 -0500 Subject: [PATCH 6/7] Create powershell.yml --- .github/workflows/powershell.yml | 49 ++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/workflows/powershell.yml diff --git a/.github/workflows/powershell.yml b/.github/workflows/powershell.yml new file mode 100644 index 0000000..89fc654 --- /dev/null +++ b/.github/workflows/powershell.yml @@ -0,0 +1,49 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# +# https://github.com/microsoft/action-psscriptanalyzer +# For more information on PSScriptAnalyzer in general, see +# https://github.com/PowerShell/PSScriptAnalyzer + +name: PSScriptAnalyzer + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + schedule: + - cron: '28 20 * * 0' + +permissions: + contents: read + +jobs: + build: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + name: PSScriptAnalyzer + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Run PSScriptAnalyzer + uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f + with: + # Check https://github.com/microsoft/action-psscriptanalyzer for more info about the options. + # The below set up runs PSScriptAnalyzer to your entire repository and runs some basic security rules. + path: .\ + recurse: true + # Include your own basic security rules. Removing this option will run all the rules + includeRule: '"PSAvoidGlobalAliases", "PSAvoidUsingConvertToSecureStringWithPlainText"' + output: results.sarif + + # Upload the SARIF file generated in the previous step + - name: Upload SARIF results file + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results.sarif From 3864099b1b796f5300b273f4c02e0caca93e5e42 Mon Sep 17 00:00:00 2001 From: weekndr_sec <172009322+ndr-repo@users.noreply.github.com> Date: Sat, 18 Jan 2025 03:51:29 -0500 Subject: [PATCH 7/7] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 717a5cd..47e8ee1 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ These can be used for threat hunting, but I mostly use these during external pen I would definitely recommend the resolvers over a traditional nslookup when working with indicators, since these tools all resolve by proxy through another host and not your own box. At most, I would use them to find any initial indicators (i.e: Quad9 blocked ___ hostname), and then move the work over to a CTI platform for OSINT like [AlienVault OTX](https://otx.alienvault.com/). -I will continue to update the repository with more tools as time goes on. Most of my time with new additions is spent performing internal QA to ensure they are easy to read from the IDE and provide a good experience during input handling. +I will continue to update the repository with more tools as time goes on. Most of my time with new additions is spent performing internal QA to ensure they are easy to read from the IDE and provide a good experience during input handling. :) Plans include setup scripts for Windows & popular Linux distros to quickly set the script folders to PATH/environment variables. In the mean time, I recommend manually adding the 'Resolvers' and 'Validators' folder to your PATH for quick use. This is what I personally do.