Jonathan Rau jonrau1
jonrau1
/ cisa_kev_ocsf_osint_inventory.py
Created
November 5, 2024 19:32
Python CLI utility to search the CISA KEV by CWE or CVE, and if a match is found, write a JSON file of KEV & Mitre CVEAWG data normalized into the Open Cybersecurity Schema Framework (OCSF) OSINT Inventory Information event class as a JSON file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import logging | |
| import datetime | |
| import requests | |
| from time import sleep | |
| import json | |
| from re import search | |
| import argparse | |
| logger = logging.getLogger() | |
| logging.basicConfig(level=logging.INFO) |
jonrau1
/ get_vulncheck_kev_cves.py
Created
September 7, 2024 18:20
Retrieve unique CVE IDs from Vulncheck KEV
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from os import environ | |
| import logging | |
| import requests | |
| logging.basicConfig(level=logging.INFO) | |
| logger = logging.getLogger(__name__) | |
| VULNCHECK_TOKEN = environ.get("VULNCHECK_TOKEN") | |
| def retrieve_vulncheck_kev() -> list[dict]: |
jonrau1
/ PrintNightmare_SSM.py
Last active
March 18, 2023 18:39
AWS Shutdown Print Spooler to mitigate PrintNightmare (CVE-2021-34527) using AWS Systems Manager (SSM) Run Command
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import json | |
| from botocore.config import Config | |
| # Dynamic Retries & Exponential Backoff | |
| config = Config( | |
| retries = { | |
| 'max_attempts': 10, | |
| 'mode': 'adaptive' | |
| } | |
| ) |
jonrau1
/ Ec2UserDataSecrets.py
Created
May 6, 2021 21:43
Use Yelp's Detect-Secrets to find API keys, passwords, AWS access keys, or high entropy strings in EC2 User Data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| https://github.com/Yelp/detect-secrets | |
| pip3 install --upgrade pip | |
| pip3 install --upgrade awscli | |
| pip3 install --upgrade boto3 | |
| pip3 install --upgrade detect-secrets | |
| ''' | |
| import json | |
| import boto3 |
jonrau1
/ AWS_SecurityGroup_Collector.py
Created
April 8, 2021 03:37
Multi-region script to create a CSV inventory of all Security Groups including any possible permutations of ingress/egress rules (IPv4,IPv6,Prefix List, SG) - Uses Pandas!!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## pip3 install --upgrade pip | |
| ## pip3 install --upgrade requests | |
| ## pip3 install --upgrade awscli | |
| ## pip3 install --upgrade boto3 | |
| ## pip3 install --upgrade pandas | |
| import boto3 | |
| import json | |
| import pandas as pd |
jonrau1
/ AWS_CrossAccount_CrossRegion_Multiprocessing.py
Created
February 28, 2021 15:42
This Python script provides a mechanism to retrieve all AWS Accounts from AWS Organizations and get all opted-in Regions from the EC2 DescribeRegions API and provide them to STS and Boto3 Sessions to create multiple thread-safe Boto3 Clients for the purpose of parallelized asset collection in your entire AWS Organization. This also provides a wa…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os # For environmental variables when running in CodeBuild, Fargate, Lambda, etc. | |
| import boto3 # Because you need it lol | |
| import botocore # For Error Handling | |
| import json # To parse "stringified" JSON Policy documents | |
| import time # to create Unix timestamps for DynamoDB TTL | |
| import multiprocessing | |
| import hashlib # To create unique IDs for places where AWS doesn't have them | |
| from botocore.config import Config | |
| # Boto3 Client Configuration for retries. AWS Defaults to 4 Max Attempts in "Normal Mode" |
jonrau1
/ lambda_function.py
Last active
February 26, 2024 20:57
Lambda function (Py 3.8) to convert VPC flow logs from Cloudwatch Logs into JSON. Performs enrichment by adding ENI and EC2 information, reverse DNS and geolocation courtesy of ip-api.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import time | |
| import os | |
| import json | |
| import boto3 | |
| import ipaddress | |
| import socket | |
| import base64 | |
| import zlib | |
| import datetime |