A common practice I see from time to time that makes me cringe -- documents titled "passwords" which contains passwords.  It's fairly simple to hunt those down though.  Files containing sensitive data such as social security numbers and credit card numbers are a harder due to not so obvious filenames and the numeric formatting possibilities.  I was originally intending to go with two different scripts but ended up combing them.

This test script searches recursively for .txt files, hunts for both social security numbers and credit card numbers, with dashed and non-dashed variations, and then it spits out the number with the corresponding filename and path.    

#!/usr/bin/python3
import re
import sys
import glob
folder_path = './'
for filename in glob.iglob(folder_path + '**/*.txt', recursive=True):
    file = open(filename, 'r',errors='ignore')
    for line in file:
        if re.match(r'\b(?:\d[ -]*?){13,16}\b', line):
            sys.stdout.write(filename+':'+line)
        elif re.match(r'^\d{3}-?\d{2}-?\d{4}$|^XXX-XX-XXXX$', line):
            sys.stdout.write(filename+':'+line)

While playing around with a couple of other scripts, I got this idea that I wanted to incorporate extracting data from PDFs.  Nothing fancy here, just a recursive search for PDFs, we're extracting the text, and we're writing it out to a text file:  output.txt

#!/usr/bin/python3
import glob
import PyPDF2
folder_path = './'
for filename in glob.iglob(folder_path + '**/*.pdf', recursive=True):
    file = open(filename, 'rb')
    pdfReader = PyPDF2.PdfFileReader(file, strict=False)
    pageObj = pdfReader.getPage(0)
    f1=open('./output.txt', 'a+')
    f1.write(pageObj.extractText())
    f1.close()

I have a Raspberry Pi implant that I can drop on a network.  When connected, it will grab an address from DHCP but I won't know its address.  I could have it open up an SSH connection but I don't want a persistent outbound connection.  What I would like is for it to get its internal address, ping something, and relay its IP back to me.  Something as simple as a single GET request hitting the logs on a server from which I can parse it out.  

The supposed logical method is to use:  socket.gethostbyname(socket.gethostname())

The problem with that method in most modern nix installs is the response:  '127.0.0.1'