// Copy MyFile.txt in current directory to s3://my-bucket/path
$ aws s3 cp MyFile.txt s3://my-bucket/path/
// Move all .jpg files in s3://my-bucket/path to ./MyDirectory
$ aws s3 mv s3://my-bucket/path ./MyDirectory --exclude '*' --include '*.jpg' --recursive
sumgr0 sumgr0
sumgr0
/ DutchGov.txt
Last active
November 22, 2018 09:57
— forked from random-robbie/DutchGov.txt
Dutch Gov - bug bounty scope - feel free to add more if you know they are in scope
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0800-8051.nl | |
| 0900-8844.nl | |
| 09008844.nl | |
| 112test.nl | |
| 1813-2013.nl | |
| 1meter35.nl | |
| 2013russiaholland.nl | |
| 247bz.nl | |
| 8000488.nl | |
| 8007000.nl |
sumgr0
/ breachcompilation.txt
Created
December 14, 2018 09:07
1.4 billion password breach compilation wordlist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wordlist created from original 41G stash via: | |
| grep -rohP '(?<=:).*$' | uniq > breachcompilation.txt | |
| Then, compressed with: | |
| 7z a breachcompilation.txt.7z breachcompilation.txt | |
| Size: |
sumgr0
/ update_git_repos.sh
Created
December 27, 2018 10:00
— forked from douglas/update_git_repos.sh
Update all git repositories under a base directory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # store the current dir | |
| CUR_DIR=$(pwd) | |
| # Let the person running the script know what's going on. | |
| echo "\n\033[1mPulling in latest changes for all repositories...\033[0m\n" | |
| # Find all git repositories and update it to the master latest revision | |
| for i in $(find . -name ".git" | cut -c 3-); do |
sumgr0
/ all.txt
Created
February 28, 2019 18:53
— forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
sumgr0
/ s3tko.sh
Created
August 27, 2019 04:44
— forked from random-robbie/s3tko.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| touch index.html | |
| touch error.html | |
| aws s3api create-bucket --bucket my-bucket --region us-east-1 | |
| aws s3 website s3://my-bucket/ --index-document index.html --error-document error.html | |
| aws s3 cp index.html s3://mybucket --acl public-read |
sumgr0
/ s3-commands.md
Created
August 27, 2019 04:46
— forked from random-robbie/s3-commands.md
sumgr0
/ hostsbyasnname.py
Created
October 18, 2019 09:23
— forked from ziot/hostsbyasnname.py
Get hosts by ASN->CIDR->Hosts via company name
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests, json | |
| from requests.packages.urllib3.exceptions import InsecureRequestWarning, InsecurePlatformWarning, SNIMissingWarning | |
| from bs4 import BeautifulSoup | |
| requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
| requests.packages.urllib3.disable_warnings(InsecurePlatformWarning) | |
| requests.packages.urllib3.disable_warnings(SNIMissingWarning) | |
| # another source of cidrs by asn | |
| def getIPCidrs(asn): |
sumgr0
/ foxyproxy.json
Created
November 4, 2019 08:17
— forked from liamosaur/foxyproxy.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "mode": "patterns", | |
| "proxySettings": [ | |
| { | |
| "address": "127.0.0.1", | |
| "port": 8080, | |
| "username": "", | |
| "password": "", | |
| "type": 1, | |
| "title": "127.0.0.1:8080", |
sumgr0
/ gist:e7eb83bac6f54d89e809dbf972cd10f4
Created
January 7, 2020 04:04
— forked from the-xentropy/gist:05ab1c5efd7ae7651b14e0fb85c6312c
Use wfuzz or ffuf to enumerate s3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ffuf (faster): | |
| ffuf -u "https://s3.REGION.amazonaws.com/COMPANYDELIMITERENVIRONMENT" -w "aws-regions.txt:REGION" -w "company.txt:COMPANY" -w "delimiters.txt:DELIMITER" -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt:ENVIRONMENT" -mc 200 -v | |
| Wfuzz: | |
| wfuzz -u "https://s3.FUZZ.amazonaws.com/FUZ2ZFUZ3ZFUZ4Z" -w aws-regions.txt -w company.txt -w delimiters.txt -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt" --sc 200 -v -t 50 | |
| The files: |
sumgr0
/ ssrf.sh
Created
May 9, 2020 15:08
— forked from hussein98d/ssrf.sh
This script takes a domain name and a callback server, parses links , appends SSRF parameters and fire the requests.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d" | |
| echo "Usage: bash script.sh domain.com http://server-callbak" | |
| echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls" | |
| if [ -z "$1" ]; then | |
| echo >&2 "ERROR: Domain not set" | |
| exit 2 | |
| fi | |
| if [ -z "$2" ]; then | |
| echo >&2 "ERROR: Sever link not set" | |
| exit 2 |
OlderNewer