Randall Kahler angrychimp
angrychimp
/ parse-images.sh
Last active
March 21, 2018 18:15
An example of how to use a `bash` script to perform actions on AMI records
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| IFS=$'\n' | |
| for image in $(aws ec2 describe-images --filter "Name=description,Values=Auto backed up on *" --query 'Images[].{Description:Description,Image_ID:ImageId,DateCreated:CreationDate}') | |
| creationDate=$(echo $image | awk -F'\t' '{print $1}') | |
| description=$(echo $image | awk -F'\t' '{print $2}') | |
| imageId=$(echo $image | awk -F'\t' '{print $3}') | |
| echo "$imageId | $creationDate | $description" | |
| done |
angrychimp
/ get-cf-status.py
Last active
February 27, 2018 06:59
Gets the status of a CloudFormation stack and refreshes until a terminal state is reached. Run from command line using `python get-cf-status.py [stack-name-or-id]`
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from __future__ import print | |
| import boto3 | |
| import datetime | |
| import sys | |
| def main(): | |
| client = boto3.client('cloudformation') | |
| stack_name = sys.argv[1] | |
| stack = client.describe_stacks(StackName=stack_name)['Stacks'][0] | |
| # refresh while state is not final |
angrychimp
/ create-table.sql
Last active
June 6, 2019 15:29
Creating Application ELB Athena tables (updated as of June 2019)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create the partitioned table | |
| CREATE EXTERNAL TABLE IF NOT EXISTS {SCHEMA}.{TABLE_NAME} ( | |
| type string, | |
| time string, | |
| alb_id string, | |
| alb_name string, | |
| client_ip string, | |
| client_port int, | |
| target_ip string, | |
| request_processing_time double, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alias make-pkcs12='domain=$(pwd | xargs basename); openssl pkcs12 -export -inkey $domain.key -in $domain.crt -certfile $domain.ca.crt -out $domain.pfx' |
angrychimp
/ s3_threaded_delete.py
Created
November 7, 2017 18:07
Python3/boto3 multi-threaded S3 object delete
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import sys | |
| import json | |
| import logging | |
| from threading import Thread | |
| from queue import Queue | |
| logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(name)s - %(levelname)s - %(message)s') | |
| logger = logging.getLogger(__name__) |
angrychimp
/ seclists-athena.sh
Last active
August 10, 2020 22:11
Create an Athena table from danielmiessler/SecLists
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Assumes that your AWS CLI default profile is set. If not, set the AWS_PROFILE environment variable | |
| SECLISTS_BUCKET=my-seclists-bucket | |
| ATHENA_OUTPUT_BUCKET=my-athena-output-bucket | |
| # Create the bucket (if necessary) | |
| if [[ -n $(aws s3 ls s3://$SECLISTS_BUCKET 2>&1 | grep 'does not exist') ]]; then | |
| aws s3 mb s3://$SECLISTS_BUCKET --region $(aws configure get region) | |
| fi |
angrychimp
/ s3-bucket-scan
Last active
September 8, 2017 19:05
Scan S3 buckets for public-read permissions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # requires jq: https://stedolan.github.io/jq/ | |
| # requires aws-cli: http://docs.aws.amazon.com/cli/latest/userguide/installing.html | |
| for bucket in `aws s3 ls | awk '{print $NF}'`; do | |
| errors=$(expr $(aws s3api get-bucket-acl --bucket $bucket | | |
| jq '.Grants | .[] | if (.Permission == "READ" and (.Grantee.URI == "http://acs.amazonaws.com/groups/global/AuthenticatedUsers" or .Grantee.URI == "http://acs.amazonaws.com/groups/global/AllUsers")) then "ERROR" else null end' | | |
| grep ERROR | | |
| wc -l)) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am angrychimp on github. | |
| * I am angrychimp (https://keybase.io/angrychimp) on keybase. | |
| * I have a public key ASCBtywTAqDTD8u4ALnVWGevAG93Yj6a2VmCzywZjDO8qgo | |
| To claim this, I am signing this object: |
angrychimp
/ update-personal-sg.sh
Last active
October 9, 2017 16:33
Script to refresh an AWS VPC security group with your local IP address
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| SGID=sg-123ad456 | |
| PROFILE=aws-profile | |
| # Add current IP to ingress list | |
| myip=$(curl -s https://rand.tools/ip/) | |
| aws --profile $PROFILE ec2 authorize-security-group-ingress --dry-run --group-id $SGID --ip-permissions "[{\"IpProtocol\": \"tcp\", \"FromPort\": 22, \"ToPort\": 22, \"IpRanges\": [{\"CidrIp\": \"$myip/32\"}]}]" | |
| # Remove any old IPs from ingress |
angrychimp
/ sftp-setup-ssh-keys.sh
Created
January 24, 2017 18:37
Setting up SSH keys for key-auth with ProFTPd (w/ SFTP module)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| USERNAME="your username here" | |
| SFTPHOST="your sftp host" | |
| SFTPPORT=22 # or other port, if non-standard | |
| # Create SSH key-pair for SFTP access | |
| # (creates pair with no passphrase) | |
| ssh-keygen -b 2048 -t rsa -C "$SFTPHOST" -N "" -f ~/.ssh/id_rsa.sftp |