joshfinley’s gists

joshfinley / lambda-to-aws-cred.py

Created March 4, 2025 14:32

	import boto3
	import json
	import os

	def lambda_handler(event, context):
	"""
	Lambda function to print AWS credentials in credentials file format
	Uses the IAM role name as the profile name

	SECURITY WARNING:

joshfinley / lambda-get-creds.py

Created March 3, 2025 20:31

	import boto3

	def lambda_handler(event, context):
	session = boto3.Session()
	credentials = session.get_credentials().get_frozen_credentials()

	print("Access Key:", credentials.access_key)
	print("Secret Key:", credentials.secret_key)
	print("Session Token:", credentials.token)

joshfinley / top-ports-scan.ps1

Created February 19, 2025 21:27

	# Define the target host
	$target = "192.168.1.1" # Change this to your target IP or hostname

	# 100 most common ports
	$ports = @(21, 22, 23, 25, 26, 37, 53, 67, 68, 69, 80, 81, 88, 110, 111, 123, 135, 137, 138, 139, 143, 161, 162, 179, 199, 389, 427, 443, 445, 465, 500, 514, 515, 520, 523, 524, 548, 554, 587, 623, 636, 873, 902, 989, 990, 993, 995, 1025, 1080, 1194, 1433, 1723, 2049, 2082, 2083, 2181, 2195, 3128, 3268, 3306, 3389, 3690, 4000, 4045, 4369, 4500, 4664, 4899, 5000, 5060, 5190, 5222, 5432, 5500, 5631, 5900, 6000, 6379, 6665, 6666, 6667, 7001, 7002, 8000, 8008, 8080, 8081, 8443, 8888, 9000, 9090, 9100, 9418, 9999, 10000, 32768, 49152, 49153, 49154, 49155, 49156, 49157)

	# Function to check open ports
	function Check-Port {
	param (
	[string]$ip,

joshfinley / basic-port-scan.ps1

Last active February 19, 2025 21:19

	# Define ports to check
	$ports = @(22, 53, 80, 443, 445)

	# Get IPs from arp -a
	$ips = arp -a \| ForEach-Object {
	if ($_ -match '(\d+\.\d+\.\d+\.\d+)') {
	$matches[1]
	}
	} \| Where-Object { $_ -ne "0.0.0.0" -and $_ -ne "255.255.255.255" }

joshfinley / smb-scan-using-arp.ps1

Created February 19, 2025 21:13

	# Run arp -a and extract IP addresses
	$ips = arp -a \| ForEach-Object {
	if ($_ -match '(\d+\.\d+\.\d+\.\d+)') {
	$matches[1]
	}
	} \| Where-Object { $_ -ne "0.0.0.0" -and $_ -ne "255.255.255.255" }

	# Function to check SMB connectivity
	function Check-SMB {
	param (

joshfinley / get_aws_signon_url.py

Last active February 19, 2025 20:48

	import json
	import requests
	import urllib.parse

	def get_sign_on_url(credentials):
	# Ensure credentials exist
	if not credentials.access_key or not credentials.secret_key or not credentials.token:
	raise ValueError("Invalid AWS credentials.")

	# Generate session JSON

joshfinley / upload_tip.md

Last active November 7, 2024 17:48

Python GET upload server and client to use for it

import os
from http.server import BaseHTTPRequestHandler, HTTPServer

class UploadHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        filename = os.path.basename(self.path)
        content_length = int(self.headers['Content-Length'])
        data = self.rfile.read(content_length)
        with open(filename, 'wb') as f:

joshfinley / hunt-cfgless-rops.py

Created August 9, 2024 16:24

🥱

	# 🥱 https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolines
	import os
	import pefile
	import re

	# Define the flag for CFG in DLL characteristics
	IMAGE_DLLCHARACTERISTICS_GUARD_CF = 0x4000

	# Define the flag for executable sections
	IMAGE_SCN_MEM_EXECUTE = 0x20000000

joshfinley / Sysvol-GPOCheck

Created May 30, 2024 14:07

	# Import the Group Policy module
	Import-Module GroupPolicy

	# Get all the Group Policy Objects (GPOs)
	$GPOs = Get-GPO -All

	# Initialize an array to store GPOs with File System security settings
	$GPOsWithSysvolPermissions = @()

	# Loop through each GPO and check for File System security settings affecting SYSVOL

joshfinley / recursive-dns-enum.py

Created February 22, 2024 20:59

Take a list of domain names and try dnsenum against them all

	import subprocess
	import sys

	def run_dnsenum(wordlist, dns_server, domain_file):
	with open(domain_file, 'r') as file:
	domains = file.readlines()

	for domain in domains:
	domain = domain.strip()
	command = [

Josh Finley joshfinley