VENOMOUSVIPER LABS
← Back to Portfolio

Code Samples & Scripts

PowerShell, Bash, and Python scripts for security automation and incident response

AD Security Enumeration PowerShell
Enumerates privileged AD groups, stale accounts, and potential security risks 
# Get privileged groups and nested memberships
$PrivGroups = @('Domain Admins','Enterprise Admins','Schema Admins')
foreach ($group in $PrivGroups) {
    Get-ADGroupMember -Identity $group -Recursive |
    Select-Object Name, SamAccountName, @{N='Group';E={$group}}
}

# Find stale computer accounts (90+ days)
$StaleDate = (Get-Date).AddDays(-90)
Get-ADComputer -Filter {LastLogonDate -lt $StaleDate} -Properties LastLogonDate |
Select-Object Name, LastLogonDate | Export-Csv "stale-computers.csv"
Script Safety Checker Bash
AI-powered script analysis to detect risky patterns before execution 
#!/bin/bash
# Scan bash script for dangerous patterns
check_script() {
    local script="$1"
    local risks=0

    # Check for destructive commands
    if grep -qE 'rm -rf|mkfs|dd if=|:(){:|format' "$script"; then
        echo "[CRITICAL] Destructive command detected"
        ((risks++))
    fi

    # Check for credential exposure
    if grep -qE 'password=|api_key=|secret=' "$script"; then
        echo "[WARN] Potential credential exposure"
        ((risks++))
    fi

    return $risks
}
Incident Response Triage Python
Rapid triage script for suspicious process analysis and hash lookups 
import psutil
import hashlib
import requests

def triage_processes():
    suspicious = []
    for proc in psutil.process_iter(['pid', 'name', 'exe']):
        try:
            # Flag processes without valid exe paths
            if proc.info['exe'] is None:
                suspicious.append(proc.info)

            # Check hash against threat intel
            if proc.info['exe']:
                file_hash = hash_file(proc.info['exe'])
                if check_virustotal(file_hash):
                    suspicious.append({**proc.info, 'hash': file_hash})
        except (psutil.AccessDenied, psutil.NoSuchProcess):
            continue
    return suspicious
Persistence Mechanism Scanner PowerShell
Scans common persistence locations used by malware and APTs 
# Check registry run keys
$RunKeys = @(
    'HKLM:\Software\Microsoft\Windows\CurrentVersion\Run',
    'HKCU:\Software\Microsoft\Windows\CurrentVersion\Run',
    'HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce'
)

foreach ($key in $RunKeys) {
    Get-ItemProperty -Path $key -ErrorAction SilentlyContinue |
    Select-Object PSChildName, * -ExcludeProperty PS*
}

# Check scheduled tasks created recently
Get-ScheduledTask | Where-Object {
    $_.Date -gt (Get-Date).AddDays(-30) -and
    $_.TaskPath -notlike '\Microsoft\*'
} | Select-Object TaskName, TaskPath, State