Scott Piper 0xdabbad00
0xdabbad00
/ extract.py
Last active
March 22, 2021 23:37
Parse IAM info from https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from os import listdir | |
| from os.path import isfile, join | |
| import re | |
| import json | |
| from bs4 import BeautifulSoup | |
| """ |
0xdabbad00
/ gist:f8c0054f3fb4eeb9a3e95a01cdca2c36
Last active
January 27, 2021 11:12
Walking botocore
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Clone botocore and run `git rev-list --all > commit_list.txt` to get a chrological list of the hashes. | |
| Then I manually installed https://github.com/nok/git-walk but had to modify it to use my list instead of generating it's own each time because it was going into a loop. | |
| So `read_commit_ids` looks like this: | |
| ``` | |
| def read_commit_ids(): | |
| #cmd = 'git rev-list --all' | |
| #log = subp.check_output(cmd.split()).strip() | |
| #log = [line.strip() for line in log.split('\n')] | |
| with open("commit_list.txt") as f: |
0xdabbad00
/ gist:d05b752c84712781c7ec7c040585bf3a
Last active
January 16, 2021 23:14
AWS services per region using botocore endpoints
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat botocore/data/endpoints.json | jq -cr '.partitions[0].services | keys[] as $k | .[$k] | .endpoints|to_entries[]| .key +"\t"+ $k' | sort | cut -f1 | uniq -c | sort -nr | sed 's/^ *\([0-9][0-9]*\) /\1 /' | grep -v fips | |
| 126 us-east-1 | |
| 116 us-west-2 | |
| 115 eu-west-1 | |
| 101 ap-southeast-2 | |
| 100 ap-northeast-1 | |
| 97 eu-central-1 | |
| 95 us-east-2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a4b | |
| account | |
| acm | |
| acm-pca | |
| amplify | |
| apigateway | |
| application-autoscaling | |
| appstream | |
| appsync | |
| artifact |
0xdabbad00
/ privilege_verbs.txt
Last active
October 6, 2019 22:13
AWS IAM privilege verbs, use https://gist.github.com/0xdabbad00/fa918ad85c0c3f0e0fa9a3f6b53696de and `cat privileges.txt | sed 's/.*://' | sed 's/\([A-Z][a-z]*\).*/\1/' | sort | uniq -c` and then removed the one letter apigateway results.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 5 Abort | |
| 9 Accept | |
| 3 Acknowledge | |
| 4 Activate | |
| 48 Add | |
| 23 Admin | |
| 6 Allocate | |
| 4 Apply | |
| 2 Approve | |
| 1 Archive |
0xdabbad00
/ gist:e25cf5599881c13d3b644bc4109cf619
Created
August 9, 2018 14:40
trailblazer output (https://github.com/willbengtson/trailblazer-aws). Did have to comment out the call for s3 `upload_file` and `upload_fileobj`. Output sorted and the header line moved back to the top.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| EventSource, EventName, Recorded Name, Match | |
| a4b, AssociateDeviceWithRoom, associatedevicewithroom, True | |
| a4b, AssociateSkillGroupWithRoom, associateskillgroupwithroom, True | |
| a4b, CreateProfile, createprofile, True | |
| a4b, CreateRoom, createroom, True | |
| a4b, CreateSkillGroup, createskillgroup, True | |
| a4b, CreateUser, createuser, True | |
| a4b, DeleteProfile, deleteprofile, True | |
| a4b, DeleteRoom, deleteroom, True | |
| a4b, DeleteRoomSkillParameter, deleteroomskillparameter, True |
0xdabbad00
/ grab.sh
Created
May 16, 2019 02:54
Script to get all versions of all AWS managed policies
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Use the AWS CLI to collect all versions of all AWS managed policies. Example files: | |
| # APIGatewayServiceRolePolicy.v1 | |
| # APIGatewayServiceRolePolicy.v2 | |
| # APIGatewayServiceRolePolicy.v3 | |
| # Usage: ./grab.sh | |
| # Note that the following policies do not exist and create zero byte files: |
0xdabbad00
/ aws actions
Created
August 3, 2018 17:10
AWS API calls as extracted from boto using the technique on https://github.com/duo-labs/cloudtracker#aws_actionstxt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a4b:AssociateContactWithAddressBook | |
| a4b:AssociateDeviceWithRoom | |
| a4b:AssociateSkillGroupWithRoom | |
| a4b:CreateAddressBook | |
| a4b:CreateContact | |
| a4b:CreateProfile | |
| a4b:CreateRoom | |
| a4b:CreateSkillGroup | |
| a4b:CreateUser | |
| a4b:DeleteAddressBook |
0xdabbad00
/ CloudFormation_resources.txt
Last active
May 28, 2019 15:46
CloudFormation resources. Found via: git clone --depth=1 https://github.com/awsdocs/aws-cloudformation-user-guide.git; cd aws-cloudformation-user-guide; grep -h "# AWS::" doc_source/aws-* | sed 's/# //' | sed 's/<.*//' | sort | uniq
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWS::AmazonMQ::Broker | |
| AWS::AmazonMQ::Configuration | |
| AWS::ApiGateway::Account | |
| AWS::ApiGateway::ApiKey | |
| AWS::ApiGateway::Authorizer | |
| AWS::ApiGateway::BasePathMapping | |
| AWS::ApiGateway::ClientCertificate | |
| AWS::ApiGateway::Deployment | |
| AWS::ApiGateway::DocumentationPart | |
| AWS::ApiGateway::DocumentationVersion |
0xdabbad00
/ security_assessment_access.template
Created
August 15, 2018 22:30
CloudFormation template used for security assessments
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: 'Provides Summit Route with the ability to perform a security assessment on this account. An IAM role is created to provide view-only access of the metadata in the account. Read and write access to the Athena and Glue services is also granted for CloudTrail log analysis, and if the S3 bucket for the CloudTrail logs is provided, then read access is granted to that bucket.' | |
| Parameters: | |
| S3Bucket: | |
| Description: 'S3 bucket for CloudTrail logs (optional). Example: For the bucket "s3://mycloudtrail", you would put "mycloudtrail" (without quotes) here.' | |
| Type: 'String' | |
| Conditions: | |
| HasS3Bucket: !Not [ !Equals ['', !Ref 'S3Bucket']] | |
| Resources: | |
| CFNSummitRouteRole: |