Nathan Manzi's Blog

Projects

Posted on Jan 1, 0001

paloaws-lambda

a cludge for sandwiching Palo-Alto Firewalls between an internal and external AWS ELB.

The repo includes updatenat.py which is an AWS Lambda function designed to do the following:

  1. Resolve the IP addresses of configured ELBs
  2. Match the IPs with configured Availability Zones
  3. Check if the associated Address Object on the PA Firewall residing in the respective Availability Zone matches the resolved IP
  4. Update the Address Objects if the addresses do not match the ELB’s IPs
  5. Store the resolved IP addresses as JSON in an S3 Bucket to reduce processing time at the next execution
  6. Commit the updated PA configuration

Repo here: paloaws-lambda

webcvescanner

a tool for searching and scanning shodan results. I built this to scan for assets exposed to the CVE-2019-19781 “shitrix” vulnerability that kept me awake during xmas 2019. It can do other things too.

Gather a list of Citrix appliances in a country / state pair, and check if they’re vulnerable to CVE-2019-19781. Results are output as JSON which can be wrangled quite nicely into a meaningful PowerBI report.

Example PBI report from JSON output

It does this by querying Shodan for all results in a particular country matching a search string. By default, it searches country:AU has_ssl:true with the search string "Set-Cookie: pwcount=0"

To check for vulnerability, we see if a HEAD for https://<HOST>/vpn/%2E%2E/vpns/cfg/smb.conf returns a status 200. This means directory traversal is allowed, and the patch or workaround has not been applied to the host.

Repo here: webcvescanner

throwphish

terraform and provisioners to build ssl-enabled gophish instances for multiple customers. I wrote about this in a blog post

GoPhish is an OSS “Phishing Toolkit” which provides facilities for creating, running, and reporting on phishing campaigns. You can read more about GoPhish and what it can do here. GoPhish was absolutely what I needed to move forward with running some phishing tests on our customers, but provisioning and configuring it was clunky and took time. GoPhish wasn’t designed with multiple target organisations in mind either.

Check out the blog post or the project readme get started.

Repo here: throwphish

MacOS-OneDrive-KFM

a package to do OneDrive Known Folder Move on macOS. I wrote about this in a blog post

Microsoft OneDrive has a super great feature (for Windows) called Known Folder Move. This redirects the Desktop, Documents, and Pictures folders to your OneDrive folder. This allows you to have multiple computers stay in sync.

This application (a fork of synapsed) brings this same functionality to MacOS through the use of SymLinks thus enabling sync between your Desktop and Documents folders and OneDrive.

Repo here: MacOS-OneDrive-KFM

Latest release here: MacOS-OneDrive-KFM 0.2

skykick-scripts

a bunch of scripts to make tenant-to-tenant migrations using SkyKick a bit easier.

Repo here: skykick-scripts