Skip to content

Instantly share code, notes, and snippets.

View joshfinley's full-sized avatar
💭
yeet

Josh Finley joshfinley

💭
yeet
26 followers · 16 following
  • United States
View GitHub Profile
@joshfinley
joshfinley / enumerate_ec2_passwords.py
Created March 4, 2025 18:42
import boto3
import base64
import argparse
# Parse command-line arguments
parser = argparse.ArgumentParser(description="List EC2 instances and their passwords.")
parser.add_argument("--profile", required=True, help="AWS profile to use")
args = parser.parse_args()
# Use specified AWS profile
@joshfinley
joshfinley / assume_tool.py
Created March 4, 2025 16:06
import boto3
import argparse
import re
import botocore.exceptions
import itertools
import os
def generate_role_permutations(keywords):
"""
Generate role name permutations from a list of keywords
@joshfinley
joshfinley / s3_cred_enum.py
Last active March 4, 2025 15:22
import boto3
import re
import json
import sys
import argparse
import mimetypes
import os
import yaml
class SecretScanner:
@joshfinley
joshfinley / lambda-to-aws-cred.py
Created March 4, 2025 14:32
import boto3
import json
import os
def lambda_handler(event, context):
"""
Lambda function to print AWS credentials in credentials file format
Uses the IAM role name as the profile name
SECURITY WARNING:
@joshfinley
joshfinley / lambda-get-creds.py
Created March 3, 2025 20:31
import boto3
def lambda_handler(event, context):
session = boto3.Session()
credentials = session.get_credentials().get_frozen_credentials()
print("Access Key:", credentials.access_key)
print("Secret Key:", credentials.secret_key)
print("Session Token:", credentials.token)
@joshfinley
joshfinley / top-ports-scan.ps1
Created February 19, 2025 21:27
# Define the target host
$target = "192.168.1.1" # Change this to your target IP or hostname
# 100 most common ports
$ports = @(21, 22, 23, 25, 26, 37, 53, 67, 68, 69, 80, 81, 88, 110, 111, 123, 135, 137, 138, 139, 143, 161, 162, 179, 199, 389, 427, 443, 445, 465, 500, 514, 515, 520, 523, 524, 548, 554, 587, 623, 636, 873, 902, 989, 990, 993, 995, 1025, 1080, 1194, 1433, 1723, 2049, 2082, 2083, 2181, 2195, 3128, 3268, 3306, 3389, 3690, 4000, 4045, 4369, 4500, 4664, 4899, 5000, 5060, 5190, 5222, 5432, 5500, 5631, 5900, 6000, 6379, 6665, 6666, 6667, 7001, 7002, 8000, 8008, 8080, 8081, 8443, 8888, 9000, 9090, 9100, 9418, 9999, 10000, 32768, 49152, 49153, 49154, 49155, 49156, 49157)
# Function to check open ports
function Check-Port {
param (
[string]$ip,
@joshfinley
joshfinley / basic-port-scan.ps1
Last active February 19, 2025 21:19
# Define ports to check
$ports = @(22, 53, 80, 443, 445)
# Get IPs from arp -a
$ips = arp -a | ForEach-Object {
if ($_ -match '(\d+\.\d+\.\d+\.\d+)') {
$matches[1]
}
} | Where-Object { $_ -ne "0.0.0.0" -and $_ -ne "255.255.255.255" }
@joshfinley
joshfinley / smb-scan-using-arp.ps1
Created February 19, 2025 21:13
# Run arp -a and extract IP addresses
$ips = arp -a | ForEach-Object {
if ($_ -match '(\d+\.\d+\.\d+\.\d+)') {
$matches[1]
}
} | Where-Object { $_ -ne "0.0.0.0" -and $_ -ne "255.255.255.255" }
# Function to check SMB connectivity
function Check-SMB {
param (
@joshfinley
joshfinley / get_aws_signon_url.py
Last active February 19, 2025 20:48
import json
import requests
import urllib.parse
def get_sign_on_url(credentials):
# Ensure credentials exist
if not credentials.access_key or not credentials.secret_key or not credentials.token:
raise ValueError("Invalid AWS credentials.")
# Generate session JSON
@joshfinley
joshfinley / upload_tip.md
Last active November 7, 2024 17:48
Python GET upload server and client to use for it 
import os
from http.server import BaseHTTPRequestHandler, HTTPServer

class UploadHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        filename = os.path.basename(self.path)
        content_length = int(self.headers['Content-Length'])
        data = self.rfile.read(content_length)
        with open(filename, 'wb') as f: