| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "rds-db:connect" | |
| ], | |
| "Resource": [ | |
| "arn:aws:rds-db:region:account-id:dbuser:dbi-resource-id/database-user-name" |
Follow the instructions on Github to Create an Access Token in Github
By default, git credentials are not cached so you need to tell Git if you want to avoid having to provide them each time Github requires you to authenticate. On Mac, Git comes with an “osxkeychain” mode, which caches credentials in the secure keychain that’s attached to your system account.
You can tell Git you want to store credentials in the osxkeychain by running the following:-
| #!/usr/bin/python | |
| # -*- coding: utf-8 -*- | |
| '''To use gzip file between python application and S3 directly for Python3. | |
| Python 2 version - https://gist.github.com/a-hisame/f90815f4fae695ad3f16cb48a81ec06e | |
| ''' | |
| import io | |
| import gzip | |
| import json |
Documenting this here, as I often forget (what I have found) is the best way to do this at the moment.
For example, you have a list of two existing security groups given to a stack and wish to create (and use) a third - attaching all to an ALB:
AWSTemplateFormatVersion: '2010-09-09'
Description: Example template
sudo service ssh statussudo apt-get install sshsudo vim /etc/ssh/sshd_configPermitRootLogin no #Disable direct login from root
AllowUsers user1 user2 user3 #*Only* allow this users to connect
AllowTcpForwarding yes #Required to setup the tunnel, yes or commented out
PubkeyAuthentication yes #Enables public key authentication
Port 22 #Listening port of the server
| a4b.amazonaws.com | |
| access-analyzer.amazonaws.com | |
| account.amazonaws.com | |
| acm-pca.amazonaws.com | |
| acm.amazonaws.com | |
| airflow-env.amazonaws.com | |
| airflow.amazonaws.com | |
| alexa-appkit.amazon.com | |
| alexa-connectedhome.amazon.com | |
| amazonmq.amazonaws.com |
| #!/bin/bash | |
| # Simple command to display the wireless strenght signal | |
| # | |
| clear | |
| while x=1 | |
| do /System/Library/PrivateFrameworks/Apple*.framework/Versions/Current/Resources/airport -I \ | |
| | grep CtlRSSI \ | |
| | sed -e 's/^.*://g' \ | |
| | xargs -I SIGNAL printf "\rWifi dBm: SIGNAL" | |
| sleep 0.5 |
My Elasticsearch cheatsheet with example usage via rest api (still a work-in-progress)
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
Random query recipes of JMESPath for the AWS CLI tools that I might have written or stumbled upon.