random

- collection of un-sorted bollocks
git clone git://git.acid.vegas/random.git
Log | Files | Refs | Archive

commit 2d44ba50001fa0e6c7988b4e419616e7e3e3a2d7
parent a43d747cfdcd77e446c6bfce13c71a11949b4d68
Author: acidvegas <acid.vegas@acid.vegas>
Date: Tue, 12 Sep 2023 16:44:54 -0400

more stuff get fucked ok

Diffstat:
Aarchlinux/arch | 73+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aarchlinux/arm | 11+++++++++++
Aarchlinux/fstab | 9+++++++++
Aarchlinux/x86 | 34++++++++++++++++++++++++++++++++++
Abash.bashrc | 32++++++++++++++++++++++++++++++++
Abtkb | 12++++++++++++
Mbuyvm.py | 36+++++++++++++++++++-----------------
Mconfusables.py | 3+--
Mddosmonit | 29+++++++----------------------
Adocs/elkstack.md | 110+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Diprange.py | 44--------------------------------------------
Aiptables.sh | 45+++++++++++++++++++++++++++++++++++++++++++++
Mlogga.py | 29++++++++++++++---------------
Alogs/debug.log | 5+++++
Dproxscrap | 62--------------------------------------------------------------
Rstagit/stagit -> stagit | 0
Dstagit/README.md | 28----------------------------
Atermux | 36++++++++++++++++++++++++++++++++++++
Avps | 18++++++++++++++++++

19 files changed, 426 insertions(+), 190 deletions(-)

diff --git a/archlinux/arch b/archlinux/arch
@@ -0,0 +1,73 @@
+#!/bin/sh
+set -xev
+
+GIT_URL="https://raw.githubusercontent.com/acidvegas/archlinux/master"
+RPI=0
+
+setup_initial() {
+	systemctl stop sshd && systemctl disable sshd
+	history -c && export HISTFILESIZE=0 && export HISTSIZE=0 && unset HISTFILE
+	[ -f /root/.bash_history ] && rm /root/.bash_history
+	passwd
+	[ $RPI -eq 1 ] && userdel -r alarm
+	useradd -m -s /bin/bash acidvegas && gpasswd -a acidvegas wheel && passwd acidvegas
+	timedatectl set-timezone America/New_York && timedatectl set-ntp true
+	echo "LANG=en_US.UTF-8" > /etc/locale.conf && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
+}
+
+setup_wifi() {
+	echo "wildwest" > /etc/hostname
+	echo -e "[Match]\nName=wlan0\n\n[Network]\nDHCP=ipv4\nMulticastDNS=yes\n#Address=10.0.0.200/24\nGateway=10.0.0.1" > /etc/systemd/network/25-wireless.network
+	echo -e "[Resolve]\nDNS=8.8.4.4 8.8.8.8 2001:4860:4860::8888 2001:4860:4860::8844\nFallbackDNS=1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001\nMulticastDNS=yes\nDNSSEC=no\nCache=yes" > /etc/systemd/resolved.conf
+	ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+	wpa_passphrase MYSSID passphrase > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf && chmod 600 /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
+	systemctl start systemd-networkd && systemctl enable systemd-networkd
+	systemctl start systemd-resolved && systemctl enable systemd-resolved
+	systemctl start wpa_supplicant@wlan0 && systemctl enable wpa_supplicant@wlan0
+}
+
+setup_pacman() {
+	MI="Include = /etc/pacman.d/mirrorlist"
+	echo -e "[options]\nArchitecture = auto\nColor\nCheckSpace\nHoldPkg = pacman glibc\nParallelDownloads = 10\nSigLevel = Required DatabaseOptional\nLocalFileSigLevel = Optional\nRemoteFileSigLevel = Required\n\n" > /etc/pacman.conf
+	echo -e "[core-testing]\n$MI\n\n[core]\n$MI\n\n[extra-testing]\n$MI\n\n[extra]\n$MI\n\n" >> /etc/pacman.conf
+	[ $RPI -eq 0 ] && echo -e "[multilib-testing]\n$MI\n\n[multilib]\n$MI"     >> /etc/pacman.conf
+	[ $RPI -eq 1 ] && echo -e "[community]\n$MI\n\n[alarm]\n$MI\n\n[aur]\n$MI" >> /etc/pacman.conf
+	pacman-key --init
+	[ $RPI -eq 1 ] && pacman-key --populate archlinuxarm && echo 'Server = http://mirror.archlinuxarm.org/$arch/$repo' > /etc/pacman.d/mirrorlist
+	[ $RPI -eq 0 ] && pacman-key --populate archlinux
+	pacman -Syyu
+	pacman -S checkbashisms gcc go make patch pkg-config python python-pip
+	pacman -S asciiquarium cmatrix hollywood tty-solitaire
+	pacman -S abduco curl fzf git man nano ncdu progress rsync sudo tor unzip weechat which yank
+	pacman -S bandwhich exa glow gping gpm
+	pacman -S alsa-utils alsa-lib alsa-firmware libpulse pulseaudio cmus id3v2 mps-youtube python-eyed3 youtube-dl # TODO: check these
+	pacman -S dmenu dunst firefox scrot unclutter xclip
+	pacman -S acpi xorg-xbacklight xorg-xinit xorg-xrandr xorg-server xorg-xsetroot
+	pacman -S fakeroot xorg-font-util xorg-mkfontscale xorg-mkfontdir
+	[ $RPI -eq 1 ] && pacman -S xf86-video-fbdev
+	[ $RPI -eq 0 ] && pacman -S xf86-video-intel mesa lib32-mesa
+	#[ $RPI -eq 0 ] && pacman -S nvidia nvidia-utils lib32-nvidia-utils
+	[ $RPI -eq 1 ] && systemctl start gpm && systemctl enable gpm
+}
+
+setup_configs() {
+	if [ $RPI -eq 1 ]; then
+		sed -i 's/^console=tty1/console=tty3/' /boot/cmdline.txt && echo "quiet loglevel=3 rd.systemd.show_status=auto rd.udev.log_level=3 logo.nologo consoleblank=0" >> /boot/cmdline.txt
+		echo -e "avoid_warnings=1\ndisable_splash=1\ndtparam=act_led_trigger=none\ndtparam=act_led_activelow=on\ndtparam=audio=on" > /boot/config.txt
+		wget -O /etc/fstab $GIT_URL/etc/fstab
+	fi
+	wget -O /etc/issue $GIT_URL/etc/issue
+	wget -O /etc/sudoers.d/sudoers.lecture $GIT_URL/etc/sudoers.d/sudoers.lecture
+	echo -e "set boldtext\nset minibar\nset nohelp\nset nowrap\nset quickblank\nset tabsize 4\nunbind ^J main\nset selectedcolor black,red\ninclude \"/usr/share/nano/*.nanorc\"" > /etc/nanorc
+	echo -e "export VISUAL=nano\nexport EDITOR=nano\nunset HISTFILE\nln /dev/null ~/.bash_history -sf" >> /etc/profile
+	echo -e "AuthenticationMethods publickey\nBanner /etc/issue\nClientAliveInterval 0\nDisableForwarding yes\nPermitRootLogin no\nPort CHANGEME\nPrintLastLog no" > /etc/ssh/sshd_config
+	echo -e "Defaults lecture = always\nDefaults lecture_file = /etc/sudoers.d/sudoers.lecture\nroot ALL=(ALL) ALL\n%wheel ALL=(ALL) ALL" > /etc/sudoers
+	echo -e "[Journal]\nStorage=volatile\nSplitMode=none\nRuntimeMaxUse=500K" > /etc/systemd/journald.conf
+	mkdir -p /etc/systemd/system/systemd-logind.service.d && echo -e "[Service]\nSupplementaryGroups=proc" > /etc/systemd/system/systemd-logind.service.d/hidepid.conf
+	[ $RPI -eq 1 ] && echo "FONT=ohsnap6x11r" > /etc/vconsole.conf
+}
+
+setup_initial
+setup_wifi
+setup_pacman
+setup_configs
diff --git a/archlinux/arm b/archlinux/arm
@@ -0,0 +1,11 @@
+#!/bin/sh
+# required: dosfstools
+set -xev
+echo -e "o\nn\np\n1\n\n+100M\nt\nc\nn\np\n2\n\n\nw\n" | fdisk -w always -W always /dev/sda
+mkdir boot root
+mkfs.vfat /dev/sda1 && mount /dev/sda1 boot
+mkfs.ext4 /dev/sda2 && mount /dev/sda2 root
+wget -O archlinuxarm.tar.gz http://os.archlinuxarm.org/os/ArchLinuxARM-rpi-armv7-latest.tar.gz
+bsdtar -xpf archlinuxarm.tar.gz -C root && sync
+mv root/boot/* boot
+umount boot root && rm -r archlinuxarm.tar.gz boot root
diff --git a/archlinux/fstab b/archlinux/fstab
@@ -0,0 +1,9 @@
+# NOTE: This fstab file was made for a Raspberry Pi runnning Arch Linux ARM
+# <file system> <dir>    <type> <options>                                         <dump> <pass>
+/dev/mmcblk0p1  /boot    vfat   ro,noatime,nodev,noexec,nosuid                    0      2
+/dev/mmcblk0p2  /        ext4   rw,noatime,data=ordered,commit=60                 0      1
+proc            /proc    proc   nosuid,nodev,noexec,hidepid=2,gid=proc            0      0
+tmpfs           /dev/shm tmpfs  rw,noatime,nodev,noexec,nosuid                    0      0
+tmpfs           /tmp     tmpfs  rw,mode=0755,noatime,nodev,nosuid,size=100m       0      0
+tmpfs           /var/log tmpfs  rw,mode=0755,noatime,nodev,noexec,nosuid,size=25m 0      0
+tmpfs           /run     tmpfs  rw,mode=0755,noatime,nodev,nosuid,size=25m        0      0
diff --git a/archlinux/x86 b/archlinux/x86
@@ -0,0 +1,34 @@
+#!/bin/sh
+# arch linxu x86 helper - developed by acidvegas (https://git.acid.vegas/archlinux)
+
+MNT="sda"
+DEV="wlan0"
+
+lspci -v | grep -A1 -e VGA -e 3D
+iwctl --passphrase PASSWORD station $DEV connect SSID
+#fdisk # convert mbr to gpt
+mkfs.ext4 /dev/${MNT}p2
+#mkswap /dev/swap_partition
+mkfs.fat -F 32 /dev/${MNT}p1
+mount /dev/${MNT}p2 /mnt
+mount --mkdir /dev/${MNT}p1 /mnt/boot
+#swapon /dev/swap_partition
+pacstrap -K /mnt base linux linux-firmware # Microcodes: amd-ucode intel-ucode
+genfstab -U /mnt >> /mnt/etc/fstab
+arch-chroot /mnt
+
+ln -sf /usr/share/zoneinfo/Region/City /etc/localtime
+hwclock --systohc
+echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
+echo "LANG=en_US.UTF-8"  > /etc/locale.conf
+echo "wildwest" > /etc/hostname
+passwd
+bootctl install
+systemctl enable systemd-boot-update.service
+mkdir -p /etc/pacman.d/hooks
+echo -e "[Trigger]\nType = Package\nOperation = Upgrade\nTarget = systemd\n\n[Action]\nDescription = Gracefully upgrading systemd-boot...\nWhen = PostTransaction\nExec = /usr/bin/systemctl restart systemd-boot-update.service" > /etc/pacman.d/hooks/95-systemd-boot.hook
+echo -e "title   Arch Linux\n\nlinux   /vmlinuz-linux\ninitrd  /intel-ucode.img\ninitrd  /initramfs-linux.img\noptions root=\"/dev/mmcblk0p2\" rw" > /boot/loader/entries/arch.conf
+echo -e "title   Arch Linux (fallback initramfs)\n\nlinux   /vmlinuz-linux\ninitrd  /intel-ucode.img\ninitrd  /initramfs-linux-fallback.img\noptions root=\"/dev/mmcblk0p2\" rw" > /boot/loader/entries/arch-fallback.conf
+exit
+
+umount -R /mnt
diff --git a/bash.bashrc b/bash.bashrc
@@ -0,0 +1,32 @@
+[[ $- != *i* ]] && return
+
+shopt -s checkwinsize
+
+export LC_CTYPE=en_US.UTF-8
+export LC_ALL=en_US.UTF-8
+
+# color
+alias diff='diff --color=auto'
+alias dir='dir --color=auto'
+alias egrep='egrep --color=auto'
+alias grep='grep --color=auto'
+alias fgrep='fgrep --color=auto'
+alias ip='ip -color=auto'
+alias ls='ls --color=auto'
+alias ncdu='ncdu --color dark -rr'
+alias vdir='vdir --color=auto'
+
+# rewrites
+alias pip='pip3'
+alias python='python3'
+alias wget='wget -q --show-progress'
+
+# random
+alias ..="cd ../"
+alias up="sudo apt-get update && sudo apt-get upgrade && sudo apt autoremove"
+
+if [ $(id -u) == "0" ]; then
+	export PS1="\e[31m\u@\h\e[0m \e[33m\w \e[0m: "
+else
+	export PS1="\e[38;5;41m\u@\h\e[0m \e[38;5;69m\w \e[0m: "
+fi
diff --git a/btkb b/btkb
@@ -0,0 +1,12 @@
+#!/bin/sh
+pacman -S bluez bluez-utils
+systemctl enable bluetooth && sudo systemctl start bluetooth
+sed -i 's/#AutoEnable=false/AutoEnable=true/' /etc/bluetooth/main.conf
+bluetoothctl power on # possible bluetoothctl -- <cmd>
+bluetoothctl agent KeyboardOnly
+bluetoothctl pairable on
+bluetoothctl scan on
+bluetoothctl pair CC:C5:0A:20:91:5B
+bluetoothctl trust CC:C5:0A:20:91:5B
+bluetoothctl connect CC:C5:0A:20:91:5B
+bluetoothctl scan off
diff --git a/buyvm.py b/buyvm.py
@@ -12,21 +12,23 @@ nodes = {
 	'Miami'      : '48'
 }
 
-for node in nodes:
-	data     = urllib.request.urlopen('https://my.frantech.ca/cart.php?gid=' + nodes[node]).read().decode()
-	packages = re.findall(r'<h3 class="package-name">(.+?)Available\n', data, re.I | re.M | re.S | re.U)
-	print(f'Servers in \033[34m{node}\033[0m:')
-	for server in packages:
-		name     = server.split('</h3>')[0].ljust(18)
-		price    = server.split('</span>')[1].split('<span ')[0].ljust(10)
-		features = server.split('<ul class="package-features"><li><b>')[1].split('</ul>')[0].split('NVME')[0]
-		for item in ('<li>','</li>','<b>','</b>'):
-			features = features.replace(item,'')
-		features = features.ljust(39)
-		stock    = server.split()[-1]
-		if stock == '0':
-			stock = f'\033[31m{stock}\033[0m'
-		else:
-			stock = f'\033[32m{stock}\033[0m'
-		print(f'{name} \033[1;30m|\033[0m {price} \033[1;30m|\033[0m {features} \033[1;30m|\033[0m {stock}')
+while True:
+	for node in nodes:
+		data     = urllib.request.urlopen('https://my.frantech.ca/cart.php?gid=' + nodes[node]).read().decode()
+		packages = re.findall(r'<h3 class="package-name">(.+?)Available\n', data, re.I | re.M | re.S | re.U)
+		print(f'Servers in \033[34m{node}\033[0m:')
+		for server in packages:
+			name     = server.split('</h3>')[0].ljust(18)
+			price    = server.split('</span>')[1].split('<span ')[0].ljust(10)
+			features = server.split('<ul class="package-features"><li><b>')[1].split('</ul>')[0].split('NVME')[0]
+			for item in ('<li>','</li>','<b>','</b>'):
+				features = features.replace(item,'')
+			features = features.ljust(39)
+			stock    = server.split()[-1]
+			if stock == '0':
+				stock = f'\033[31m{stock}\033[0m'
+			else:
+				stock = f'\033[32m{stock}\033[0m'
+			print(f'{name} \033[1;30m|\033[0m {price} \033[1;30m|\033[0m {features} \033[1;30m|\033[0m {stock}')
+	time.sleep(300)
 
diff --git a/confusables.py b/confusables.py
@@ -102,4 +102,4 @@ confusable = {
 }
 
 for i in range(30):
-	print(confuse('IRC.SUPERNETS.ORG #SUPERBOWL GET FUCKED'))
-\ No newline at end of file
+	print(confuse('facebook'))
diff --git a/ddosmonit b/ddosmonit
@@ -1,27 +1,13 @@
 #!/bin/sh
-interface=eth0
-dumpdir=/tmp/
-email="admin@domain.tld"
-subject="DDoS Notification: `hostname`"
-sender="admin@domain.tld"
-while /bin/true; do
-	pkt_old=`grep $interface: /proc/net/dev | cut -d : -f2 | awk '{ print $2 }'`
+while true; do
+	pkt_old=$(grep eth0: /proc/net/dev | cut -d ':'  -f2 | awk '{ print $2 }')
 	sleep 1
-	pkt_new=`grep $interface: /proc/net/dev | cut -d : -f2 | awk '{ print $2 }'`
-	pkt=$(( $pkt_new-$pkt_old ))
+	pkt_new=$(grep eth0: /proc/net/dev | cut -d ':'  -f2 | awk '{ print $2 }')
+	pkt=$(( $pkt_new - $pkt_old ))
 	echo -ne "\r$pkt packets/s\033[0K"
 	if [ $pkt -gt 5000 ]; then
-		filename=$dumpdir/dump.`date +"%Y%m%d-%H%M%S"`.cap
-		tcpdump -n -s0 -c 2000 > $filename
-		echo "`date` Packets dumped, sleeping now."
-		sleep 1
-		data=`cat $filename`
-		sendmail -F $sender -it <<END_MESSAGE
-		To: $email
-		Subject: $subject
-		`cat $filename`
-		END_MESSAGE
-		echo "sendmail complete"
+		echo "\nDDoS detected"
+		tcpdump -n -s0 -c 5000 -w /home/acidvegas/dumps/dump.$(date +"%Y%m%d-%H%M%S").cap
 		sleep 300
 	fi
-done
-\ No newline at end of file
+done
diff --git a/docs/elkstack.md b/docs/elkstack.md
@@ -0,0 +1,110 @@
+# ELK Stack
+> Elasticsearch, Logstash, & Kibana
+
+This is just a little write-up on my research in deploying the ELK stack.
+
+## Prerequisites
+```shell
+sudo apt-get install -y gpg apt-transport-https`
+wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
+echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
+sudo apt-get update && sudo apt-get install elasticsearch kibana logstash
+sudo certbot certonly --standalone --preferred-challenges http -d elastic.domain.org
+```
+
+## Setup Elasticsearch
+* Copy your certificates to `/etc/elasticsearch/certs`:
+```shell
+mkdir -p /etc/elasticsearch/certs/
+sudo cp /etc/letsencrypt/live/elastic.domain.org/fullchain.pem /etc/elasticsearch/certs/fullchain.pem
+sudo cp /etc/letsencrypt/live/elastic.domain.org/privkey.pem   /etc/elasticsearch/certs/privkey.pem
+sudo chmod -R 777 /etc/elasticsearch/certs/
+```
+
+* Edit your `/etc/elasticsearch/elasticsearch.yml` and change the follow options:
+```yaml
+cluster.name: BeeHive
+node.name: gibson
+network.host: 0.0.0.0    
+bootstrap.memory_lock: true
+xpack.security.audit.enabled: true
+xpack.security.http.ssl:
+  enabled: true
+  key: /etc/elasticsearch/ssl/privkey.pem
+  certificate: /etc/elasticsearch/ssl/fullchain.pem
+```
+
+* System changes:
+```shell
+sudo su  
+	ulimit -n 65535
+	ulimit -u 4096
+
+echo "elasticsearch  -  nofile  65535" > /etc/security/limits.conf
+mkdir -p /etc/systemd/system/elasticsearch.service.d/
+echo "[Service]\nLimitMEMLOCK=infinity" > /etc/systemd/system/elasticsearch.service.d/override.conf
+sudo swapoff -a
+sudo sysctl -w vm.swappiness=1         # Add these
+sudo sysctl -w vm.max_map_count=262144 # to /etc/systctl.conf
+sudo sysctl -w net.ipv4.tcp_retries2=5 # 
+```
+
+* Set the password for Kibana:
+`./usr/share/elasticsearch/bin/elasticsearch-reset-password -u kibana_system`
+`./usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token --scope kibana # Save this for when we access Kibana the first time`
+`./usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node # enrollment token for a new node`
+
+## Setup Kibana
+* Copy your certificates to `/etc/kibana/certs`:
+```shell
+mkdir -p /etc/kibana/certs/
+sudo cp /etc/letsencrypt/live/elastic.domain.org/fullchain.pem /etc/kibana/certs/fullchain.pem
+sudo cp /etc/letsencrypt/live/elastic.domain.org/privkey.pem   /etc/kibana/certs/privkey.pem
+```
+
+* Edit your `/etc/kibana/kibana.yml` and change the follow options:
+```yaml
+server.host: "0.0.0.0"
+server.publicBaseUrl: "https://elastic.domain.org"
+server.ssl.enabled: true 
+server.ssl.certificate: /etc/kibana/certs/fullchain.pem
+server.ssl.key: /etc/kibana/certs/privkey.pem
+elasticsearch.hosts: ["https://elastic.domain.org:9200"]
+elasticsearch.username: "kibana_system"
+elasticsearch.password: "changeme" # Use the password from the reset command we did earlier
+```
+
+## Setup Logstash
+* Copy your certificates to `/etc/logstash/certs`:
+```shell
+mkdir -p /etc/logstash/certs/
+sudo cp /etc/letsencrypt/live/elastic.domain.org/fullchain.pem /etc/logstash/certs/cacert.pem
+```
+
+* Edit your `/etc/logstash/logstash.yml` and change the follow options:
+```yaml
+input {
+  beats {
+    port => 5044
+  }
+}
+output {
+  elasticsearch {
+    hosts => ["https://elastic.domain.org:9200"]
+    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
+    user => "elastic"
+    password => "changeme"
+    cacert => "/etc/logstash/cacert.pem"
+  }
+}
+```
+
+* `logstash-plugin install logstash-input-irc`
+
+## Start the ELK stack:
+```shell
+sudo systemctl daemon-reload
+sudo systemctl enable elasticsearch.service && sudo systemctl start elasticsearch.service
+sudo systemctl enable kibana.service        && sudo systemctl start kibana.service
+sudo systemctl enable logstash.service      && sudo systemctl start logstash.service
+```
diff --git a/iprange.py b/iprange.py
@@ -1,44 +0,0 @@
-#!/usr/bin/env python
-
-import ipaddress
-
-donotscan = {
-	'0.0.0.0/8',          # "This" network
-	'10.0.0.0/8',         # Private networks
-	'100.64.0.0/10',      # Carrier-grade NAT - RFC 6598
-	'127.0.0.0/8',        # Host loopback
-	'169.254.0.0/16',     # Link local
-	'172.16.0.0/12',      # Private networks
-	'192.0.0.0/24',       # IETF Protocol Assignments
-	'192.0.0.0/29',       # DS-Lite
-	'192.0.0.170/32',     # NAT64
-	'192.0.0.171/32',     # DNS64
-	'192.0.2.0/24',       # Documentation (TEST-NET-1)
-	'192.88.99.0/24',     # 6to4 Relay Anycast
-	'192.168.0.0/16',     # Private networks
-	'198.18.0.0/15',      # Benchmarking
-	'198.51.100.0/24',    # Documentation (TEST-NET-2)
-	'203.0.113.0/24',     # Documentation (TEST-NET-3)
-	'240.0.0.0/4',        # Reserved
-	'255.255.255.255/32', # Limited Broadcast
-	'6.0.0.0/8',          # Army Information Systems Center
-	'7.0.0.0/8',          # DoD Network Information Center
-	'11.0.0.0/8',         # DoD Intel Information Systems
-	'21.0.0.0/8',         # DDN-RVN
-	'22.0.0.0/8',         # Defense Information Systems Agency
-	'26.0.0.0/8',         # Defense Information Systems Agency
-	'28.0.0.0/8',         # DSI-North
-	'29.0.0.0/8',         # Defense Information Systems Agency
-	'30.0.0.0/8',         # Defense Information Systems Agency
-	'33.0.0.0/8',         # DLA Systems Automation Center
-	'55.0.0.0/8',         # DoD Network Information Center
-	'205.0.0.0/8',        # US-DOD
-	'214.0.0.0/8',        # US-DOD
-	'215.0.0.0/8'         # US-DOD
-}
-
-total = ipaddress.IPv4Network('0.0.0.0/0').num_addresses
-print(f'Total IPv4 Addresses : {total:,}')
-for i in donotscan:
-	total -= ipaddress.IPv4Network(i).num_addresses
-print(f'Total After Clean    : {total:,}')
diff --git a/iptables.sh b/iptables.sh
@@ -0,0 +1,45 @@
+### 1: Drop invalid packets ### 
+/sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP  
+
+### 2: Drop TCP packets that are new and are not SYN ### 
+/sbin/iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP 
+ 
+### 3: Drop SYN packets with suspicious MSS value ### 
+/sbin/iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP  
+
+### 4: Block packets with bogus TCP flags ### 
+/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
+/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
+/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
+/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
+/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
+/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
+
+### 5: Block spoofed packets ### 
+/sbin/iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP 
+/sbin/iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP 
+/sbin/iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP 
+/sbin/iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP 
+/sbin/iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j DROP 
+/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP 
+/sbin/iptables -t mangle -A PREROUTING -s 0.0.0.0/8 -j DROP 
+/sbin/iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP 
+/sbin/iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP  
+
+### 6: Drop ICMP (you usually don't need this protocol) ### 
+/sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP  
+
+### 7: Drop fragments in all chains ### 
+/sbin/iptables -t mangle -A PREROUTING -f -j DROP  
+
+### 8: Limit connections per source IP ### 
+/sbin/iptables -A INPUT -p tcp -m connlimit --connlimit-above 111 -j REJECT --reject-with tcp-reset  
+
+### 9: Limit RST packets ### 
+/sbin/iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT 
+/sbin/iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP  
+
+### 10: Limit new TCP connections per second per source IP ### 
+/sbin/iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/s --limit-burst 20 -j ACCEPT 
+/sbin/iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
diff --git a/logga.py b/logga.py
@@ -7,25 +7,25 @@ import os
 log_file=True # Set to False for console logging only
 
 # Set up logging
-sh = logging.StreamHandler()
-sh.setFormatter(logging.Formatter('%(asctime)s | %(levelname)9s | %(message)s', '%I:%M %p'))
-if log_file:
-	if not os.path.exists('logs'):
-		os.makedirs('logs')
-	fh = logging.handlers.RotatingFileHandler('logs/debug.log', maxBytes=250000, backupCount=7, encoding='utf-8')
-	fh.setFormatter(logging.Formatter('%(asctime)s | %(levelname)9s | %(filename)s.%(funcName)s.%(lineno)d | %(message)s', '%Y-%m-%d %I:%M %p'))
-	logging.basicConfig(level=logging.NOTSET, handlers=(sh,fh))
-	del fh
-else:
-	logging.basicConfig(level=logging.NOTSET, handlers=(sh,))
-finally:
+def setup_logger():
+	sh = logging.StreamHandler()
+	sh.setFormatter(logging.Formatter('%(asctime)s | %(levelname)9s | %(message)s', '%I:%M %p'))
+	if log_file:
+		if not os.path.exists('logs'):
+			os.makedirs('logs')
+		fh = logging.handlers.RotatingFileHandler('logs/debug.log', maxBytes=250000, backupCount=7, encoding='utf-8')
+		fh.setFormatter(logging.Formatter('%(asctime)s | %(levelname)9s | %(filename)s.%(funcName)s.%(lineno)d | %(message)s', '%Y-%m-%d %I:%M %p'))
+		logging.basicConfig(level=logging.NOTSET, handlers=(sh,fh))
+		del fh
+	else:
+		logging.basicConfig(level=logging.NOTSET, handlers=(sh,))
 	del sh
 
 # Logging examples
+setup_logger()
 logging.debug('This message should go to the log file')
 logging.info('So should this')
 logging.critical('ok')
 logging.warning('And this, too')
 logging.error('And non-ASCII stuff, too, like Øresund and Malmö')
-
-logging.shutdown()
-\ No newline at end of file
+logging.shutdown()
diff --git a/logs/debug.log b/logs/debug.log
@@ -0,0 +1,5 @@
+2023-07-23 12:57 AM |     DEBUG | logga.py.<module>.26 | This message should go to the log file
+2023-07-23 12:57 AM |      INFO | logga.py.<module>.27 | So should this
+2023-07-23 12:57 AM |  CRITICAL | logga.py.<module>.28 | ok
+2023-07-23 12:57 AM |   WARNING | logga.py.<module>.29 | And this, too
+2023-07-23 12:57 AM |     ERROR | logga.py.<module>.30 | And non-ASCII stuff, too, like Øresund and Malmö
diff --git a/proxscrap b/proxscrap
@@ -1,62 +0,0 @@
-#!/bin/env bash
-# Author: perp
-# Description: Scrape free proxies
-
-URLS=(
-    # SOCKS5
-    "https://api.proxyscrape.com/v2/?request=displayproxies&protocol=socks5&timeout=10000&country=all"
-    "https://www.proxyscan.io/download?type=socks5"
-    "https://raw.githubusercontent.com/TheSpeedX/PROXY-List/master/socks5.txt"
-    "https://raw.githubusercontent.com/jetkai/proxy-list/main/online-proxies/txt/proxies-socks5.txt"
-    "https://raw.githubusercontent.com/RX4096/proxy-list/main/online/socks5.txt"
-    "https://raw.githubusercontent.com/UptimerBot/proxy-list/main/proxies/socks5.txt"
-    "https://raw.githubusercontent.com/ShiftyTR/Proxy-List/master/socks5.txt"
-    "https://raw.githubusercontent.com/saschazesiger/Free-Proxies/master/proxies/socks5.txt"
-
-    # SOCKS4
-    "https://api.proxyscrape.com/v2/?request=displayproxies&protocol=socks4&timeout=10000&country=all"
-    "https://www.proxyscan.io/download?type=socks4"
-    "https://raw.githubusercontent.com/TheSpeedX/PROXY-List/master/socks4.txt"
-    "https://raw.githubusercontent.com/jetkai/proxy-list/main/online-proxies/txt/proxies-socks4.txt"
-    "https://raw.githubusercontent.com/RX4096/proxy-list/main/online/socks4.txt"
-    "https://raw.githubusercontent.com/UptimerBot/proxy-list/main/proxies/socks4.txt"
-    "https://raw.githubusercontent.com/ShiftyTR/Proxy-List/master/socks4.txt"
-    "https://raw.githubusercontent.com/saschazesiger/Free-Proxies/master/proxies/socks4.txt"
-
-    # HTTP
-    "https://api.proxyscrape.com/v2/?request=displayproxies&protocol=http&timeout=10000&country=all"
-    "https://www.proxyscan.io/download?type=http"
-    "https://raw.githubusercontent.com/TheSpeedX/PROXY-List/master/http.txt"
-    "https://raw.githubusercontent.com/jetkai/proxy-list/main/online-proxies/txt/proxies-http.txt"
-    "https://raw.githubusercontent.com/RX4096/proxy-list/main/online/http.txt"
-    "https://raw.githubusercontent.com/UptimerBot/proxy-list/main/proxies/http.txt"
-    "https://raw.githubusercontent.com/ShiftyTR/Proxy-List/master/http.txt"
-
-    # HTTPS
-    "https://api.proxyscrape.com/v2/?request=displayproxies&protocol=https&timeout=10000&country=all"
-    "https://www.proxyscan.io/download?type=https"
-    "https://raw.githubusercontent.com/jetkai/proxy-list/main/online-proxies/txt/proxies-https.txt"
-    "https://raw.githubusercontent.com/RX4096/proxy-list/main/online/https.txt"
-    "https://raw.githubusercontent.com/ShiftyTR/Proxy-List/master/https.txt"
-
-    # MIXED
-    "https://raw.githubusercontent.com/sunny9577/proxy-scraper/master/proxies.txt"
-    "https://raw.githubusercontent.com/saschazesiger/Free-Proxies/master/proxies/http.txt"
-)
-
-# Remove proxies file
-rm -f -- proxies.txt 
-
-# Go through each URL
-for URL in "${URLS[@]}";
-do
-    # Curl & append to file
-    echo "Downloading from $URL"
-    curl -s $URL >> proxies.txt &
-done
-wait
-
-# Sort the uniques
-sort -u -o proxies.txt proxies.txt
-
-echo "Finished downloading proxies"
diff --git a/stagit/stagit b/stagit
diff --git a/stagit/README.md b/stagit/README.md
@@ -1,27 +0,0 @@
-# stagit
-> static git page generator
-
-## Information
-This is basically a pure shell script clone of [stagit](https://git.2f30.org/stagit/).
-
-It is meant to be hosted on [Github](https://github.com) using [Github Pages](https://pages.github.com) with a [Custom Domain](https://help.github.com/en/articles/using-a-custom-domain-with-github-pages).
-
-It also has support for hosting on [Gitlab](https://gitlab.com) using [Gitlab Pages](https://docs.gitlab.com/ee/user/project/pages/) with a [Custom Domain](https://docs.gitlab.com/ee/user/project/pages/custom_domains_ssl_tls_certification/)
-
-## Settings
-| Setting          | Default        | Description                                                        |
-| ---------------- | -------------- | ------------------------------------------------------------------ |
-| CLONE_URL        | remote         | base url for cloning repositories *(remote = remote.origin.url)*   |
-| CNAME            | empty          | create a CNAME file with a custom domain *(empty = do not create)* |
-| MAX_COMMITS      | 100            | maximum number of commits to show (0 = all)                        |
-| MAX_COMMIT_MSG   | 100            | maximum characters in a commit message to display *(0 = all)*      |
-| MAX_COMMIT_LINES | 999            | maximum number of lines to show in a commit *(0 = all)*            |
-| REPO_DIR         | $HOME/git      | directory containing repositories                                  |
-| TITLE            | "Repositories" | title used on homepage                                             |
-| WWW_DIR          | $HOME/www      | directory to output to                                             |
-
-If the `CLONE_URL` was set to `https://github.com/acidvegas/` for example, then it will display as `git clone https://github.com/acidvegas/REPO_NAME.git` on all repository indexes, otherwise if you leave it as `remote` it will just parse the remote url *(`git config --get remote.origin.url`)* for that repository. For those using the `remote` option, remote urls from Github/Gitlab that use SSH will be converted to an HTTPS url. This applies to Github/Gitlab remote urls only, so if you cloned your repositories with SSH, then people may not be able to clone your repositories!
-
-The `CNAME` option is optional if you are planning on using a custom domain with Github pages. See [here](https://help.github.com/en/articles/troubleshooting-custom-domains#github-repository-setup-errors) for more information.
-
-Lastly, stagit will ignore the `$REPO_DIR/mirrors` directory by default. To make stagit include this directory, remove `-path $REPO_DIR/mirrors -prune` from the `find` command in the source.
-\ No newline at end of file
diff --git a/termux b/termux
@@ -0,0 +1,36 @@
+#!bin/sh
+# termux helper - developed by acidvegas (https://git.acid.vegas/archlinux)
+set -xev
+passwd
+termux-setup-storage
+pkg upgrade
+pkg install abduco cmatrix gcc git exa make man nano ncdu oath-toolkit openssh python python-pip rsync tor wget
+wget https://github.com/64BitAsura/ohsnap-ttf/raw/master/ohsnap6x11r.icons.ttf /data/data/com.termux/files/home/.termux/font.ttf
+termux-reload-settings
+echo "\nE N T E R   T H E   V O I D\n\n" > $PREFIX/etc/motd
+echo "set boldtext\nset minibar\nnset nohelp\net nonewlines\nset nowrap\nset quickblank\nset tabsize 4\ninclude \"/usr/share/nano/*.nanorc\"" > $PREFIX/etc/nanorc
+{
+	echo "export LC_CTYPE=en_US.UTF-8"
+	echo "export LC_ALL=en_US.UTF-8"
+	echo "export GPG_TTY=$(tty)"
+
+	echo "# colors"
+	echo "alias diff='diff --color=auto'"
+	echo "alias grep='grep --color=auto'"
+	echo "alias ip='ip -color=auto'"
+	echo "alias ls='ls --color=auto'"
+
+	echo "# rewrites"
+	echo "alias exa='exa -aghl --git'"
+	echo "alias ssh-add='ssh-add -t 1h'"
+	echo "alias su='su -l'"
+
+	echo "# random"
+	echo "alias ..='cd ../'"
+	echo "alias busy=\"cat /dev/urandom | hexdump -C | grep 'ca fe'\""
+	echo "alias musync=\"rsync -vcahz --delete-before pi:music/ $HOME/storage/music\""
+	echo "alias updatemux=\"pkg update && pkg clean\""
+
+	echo "export PS1=\"\e[38;5;237m\T\e[0m \e[38;5;69m\w \e[0m: \""
+} > ~/.bashrc
+echo "shortcut.create-session=ctrl + t\n\nshortcut.next-session=ctrl + 2\nshortcut.previous-session=ctrl + 1\nshortcut.rename-session=ctrl + n\nbell-character=ignore" > $HOME/.termux/termux.properties
diff --git a/vps b/vps
@@ -0,0 +1,18 @@
+#!/bin/sh
+apt-get update && apt-get upgrade
+echo "LANG=en_US.UTF-8" > /etc/locale.conf && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
+localectl set-locale LANG=en_US.UTF-8
+echo -e "set boldtext\nset nohelp\nset nowrap\nset quickblank\nset tabsize 4\nunbind ^J main\nset selectedcolor black,red\ninclude \"/usr/share/nano/*.nanorc\"" > /etc/nanorc
+echo -e "export VISUAL=nano\nexport EDITOR=nano\nunset HISTFILE" >> /etc/profile
+echo -e "AuthenticationMethods publickey\nBanner /etc/issue\nClientAliveInterval 0\nDisableForwarding yes\nPermitRootLogin no\nPort CHANGEME\nPrintLastLog no" > /etc/ssh/sshd_config
+echo -e "[Journal]\nStorage=volatile\nSplitMode=none\nRuntimeMaxUse=500K" > /etc/systemd/journald.conf
+apt-get install cmake curl firehol gcc git htop make nano ncdu python3 python-pip screen sudo tor tmate
+apt-get install build-essential pkg-config gdb libssl-dev libpcre2-dev libargon2-0-dev libsodium-dev libc-ares-dev libcurl4-openssl-dev
+useradd -m -s /bin/bash acidvegas && gpasswd -a acidvegas sudo && passwd acidvegas
+
+mkdir $HOME/.ssh
+echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/fz4INjgCmSZOUiE9HL3+YRalyF/ptk1+qybcBCwUp" > $HOME/.ssh/authorized_keys
+chmod 700 $HOME/.ssh && chown -R acidvegas $HOME/.ssh && chmod 400 $HOME/.ssh/authorized_keys
+mkdir $HOME/build
+
+mkdir $HOME/.scripts && wget -O $HOME/.scipts/ddosmonit https://github.com/acidvegas/random/blob/master/ddosmonit && screen -S ddosmonit sudo ./.scripts/ddosmonit