Last updated: August 16, 2023
| Endpoint Name | path |
|---|
Beau Bullock dafthack
dafthack
/ s3_fuzz.py
Created
January 26, 2025 15:23
Basic PoC script to scan for public S3 buckets using an authenticated profile
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import subprocess | |
| import itertools | |
| import argparse | |
| from concurrent.futures import ThreadPoolExecutor | |
| # Function to generate bucket name variations | |
| def generate_bucket_names(keyword, fuzz_words): | |
| variations = [] | |
| for fuzz_word in fuzz_words: | |
| variations.append(f"{keyword}{fuzz_word}") |
dafthack
/ AzureSubscriptionEnum.ps1
Created
August 26, 2024 13:12
Quick script to enumerate various things from an Azure Subscription.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-SubscriptionEnum{ | |
| param( | |
| [string]$outputDirectory = "." | |
| ) | |
| $context = Get-AzContext | |
| $subid = $context.Subscription.Id | |
| Write-Host -ForegroundColor Yellow ("[***] Enumerating Subscription " + $subid) | |
| $publicresources = @() |
dafthack
/ api endpoints.md
Created
December 16, 2023 17:38
— forked from hackermondev/api endpoints.md
discord api endpoints
dafthack
/ azure_client_ids.txt
Created
June 16, 2023 11:57
A collection of client IDs that can be used to authenticate a user, and their associated application name that shows up in Azure Sign-In logs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 00b41c95-dab0-4487-9791-b9d2c32c80f2 - Office 365 Management | |
| 04b07795-8ddb-461a-bbee-02f9e1bf7b46 - Microsoft Azure CLI | |
| 0ec893e0-5785-4de6-99da-4ed124e5296c - Office UWP PWA | |
| 18fbca16-2224-45f6-85b0-f7bf2b39b3f3 - Microsoft Docs | |
| 1950a258-227b-4e31-a9cf-717495945fc2 - Microsoft Azure PowerShell | |
| 1b3c667f-cde3-4090-b60b-3d2abd0117f0 - Windows Spotlight | |
| 1b730954-1685-4b74-9bfd-dac224a7b894 - Azure Active Directory PowerShell | |
| 1fec8e78-bce4-4aaf-ab1b-5451cc387264 - Microsoft Teams | |
| 22098786-6e16-43cc-a27d-191a01a1e3b5 - Microsoft To-Do client | |
| 268761a2-03f3-40df-8a8b-c3db24145b6b - Universal Store Native Client |
dafthack
/ AzPublicStorageEnum.ps1
Created
June 2, 2023 16:42
PowerShell script for checking each Azure storage container to determine if they are publicly accessible
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-AzPublicStorageEnum{ | |
| # First create a list of storage accounts and containers from ScoutSuite results | |
| # tail scoutsuite_results*.js -n +2 | jq -r '.services.storageaccounts.subscriptions[].storage_accounts[] | .blob_containers_count,.name,.blob_containers[].id' > /root/Desktop/storage-array.txt | |
| [string[]]$arrayFromFile = Get-Content -Path '.\storage-array.txt' | |
| $FullList = @() | |
| $PossiblePublicContainers = @() |
dafthack
/ hacker_chat.py
Last active
April 23, 2022 23:56
— forked from banteg/hacker_chat.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from brownie import * | |
| from itertools import count | |
| from click import style | |
| from eth_utils import decode_hex | |
| from time import sleep | |
| start_block = 13004800 | |
| hacker = '0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963' | |
| poly = '0x0E860F44d73F9FDbaF5E9B19aFC554Bf3C8E8A57' |
dafthack
/ AzureOAuthTools.ps1
Last active
June 1, 2023 12:34
A few PowerShell tools for working with Azure OAuth2 Authentication Codes and Access Tokens
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## A few tools for working with Azure OAuth2 Authentication Codes and access_tokens | |
| ## By Beau Bullock @dafthack | |
| Function Get-AzureAccessToken{ | |
| Param | |
| ( | |
| [Parameter(Position = 0, Mandatory = $false)] | |
| [string] |
dafthack
/ aws-dangling-domain-discovery-tool.sh
Created
May 25, 2020 14:15
A proof of concept script for discovering AWS dangling domains
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script attempts to locate potential dangling domains on AWS. You need AWS CLI installed and your keys configured | |
| # Make sure you insert your Bing API key below as well. | |
| # All the sleeps were necessary to not allocate the same IP address multiple times | |
| while true | |
| do | |
| unset IP |
dafthack
/ grepcloud.sh
Created
April 27, 2020 16:34
Quick script to check a list of IP addresses against Azure, AWS, and GCP netblock ranges.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| ## You need to install grepcidr and jq first | |
| ## sudo apt-get install grepcidr jq | |
| ## | |
| ## AWS and GCP ranges will be created automatically | |
| ## | |
| ## Because of the way Microsoft hosts the ranges go manually download the public range | |
| ## from here: https://www.microsoft.com/en-us/download/details.aspx?id=56519 | |
| ## |
dafthack
/ gist:5f8c36f7468fad991e9e1f6d81ec29d4
Created
March 19, 2019 14:38
PowerView One-Liner to Dump Cleartext Passwords From AD User Attributes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $users = Get-NetUser; $props=@(); $users | Get-Member | foreach-object{if($_.Name -notlike "badpassword*"){$props+=$_.Name}}; foreach($user in $users){ foreach($prop in $props){ if($user.$prop -like "*password*" -and $user.$prop -notlike "*dont_expire_password" -and $user.$prop -notlike "*RODC Password*"){Write-Output ($user.samAccountName + "[" + $prop + "]" + " : " + $user.$prop) } } } |
NewerOlder