mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-12-22 09:05:06 +01:00
Added get-session-creds-in-config-format.sh and couple of repos to prepare-kali.sh
This commit is contained in:
parent
afbe57557a
commit
7aef456c20
@ -95,6 +95,8 @@ Afterwards, one should see following logs in CloudWatch traces for planted Lambd
|
||||
|
||||
- **`exfiltrateLambdaTasksDirectory.py`** - Script that creates an in-memory ZIP file from the entire directory `$LAMBDA_TASK_ROOT` (typically `/var/task`) and sends it out in a form of HTTP(S) POST request, within an `exfil` parameter. To be used for exfiltrating AWS Lambda's entire source code.
|
||||
|
||||
- **`get-session-creds-in-config-format.sh`** - Calls `aws sts assume-role` using MFA token in order to then retrieve session credentials and reformat it into `~/.aws/credentials` file format. Having that it's easy to copy-and-paste that script's output into credentials file. Then tools such as _s3tk_ that are unable to process MFA tokens may just use preconfigured profile creds.
|
||||
|
||||
- **`identifyS3Bucket.rb`** - This script attempts to identify passed name whether it resolves to a valid AWS S3 Bucket via different means. This script may come handy when revealing S3 buckets hidden behind HTTP proxies.
|
||||
|
||||
- **`pentest-ec2-instance`** - A set of utilities for quick starting, ssh-ing and stopping of a single temporary EC2 instance intended to be used for Web out-of-band tests (SSRF, reverse-shells, dns/http/other daemons).
|
||||
|
34
clouds/aws/get-session-creds-in-config-format.sh
Normal file
34
clouds/aws/get-session-creds-in-config-format.sh
Normal file
@ -0,0 +1,34 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# This script simply calls `aws sts assume-role` using hardcoded parameters, in order
|
||||
# to retrieve set of session credentials and reformat it into ~/.aws/credentials file format.
|
||||
#
|
||||
# Mariusz B., mgeeky '19
|
||||
#
|
||||
|
||||
|
||||
#
|
||||
# Configure below variables.
|
||||
#
|
||||
PROFILE_NAME=your-profile-name
|
||||
SERIAL_MFA=arn:aws:iam::<NUMBER>:mfa/<USER-NAME>
|
||||
ROLE_NAME=MWRAuditRole
|
||||
ROLE_ARN=arn:aws:iam::<NUMBER>:role/$ROLE_NAME
|
||||
DURATION=42000
|
||||
|
||||
#
|
||||
# ------------------------
|
||||
#
|
||||
|
||||
read -p "Type your AWS MFA Code: " code
|
||||
echo
|
||||
|
||||
out=$(aws sts assume-role --serial-number $SERIAL_MFA --role-arn $ROLE_ARN --role-session-name $ROLE_NAME --duration-seconds $DURATION --token-code $code)
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "[$PROFILE_NAME]"
|
||||
echo "$out" | python3 -c 'import sys,json; foo=json.loads(sys.stdin.read()); print("aws_access_key_id={}\naws_secret_access_key={}\naws_session_token={}".format(foo["Credentials"]["AccessKeyId"],foo["Credentials"]["SecretAccessKey"],foo["Credentials"]["SessionToken"]))'
|
||||
echo
|
||||
else
|
||||
echo $out
|
||||
fi
|
@ -98,6 +98,7 @@ cd aws
|
||||
git_clone https://github.com/RhinoSecurityLabs/pacu.git ; cd pacu ; bash install.sh ; cd ..
|
||||
git_clone https://github.com/Alfresco/prowler.git
|
||||
git_clone https://github.com/sa7mon/S3Scanner.git
|
||||
git_clone https://github.com/ankane/s3tk.git
|
||||
git_clone https://github.com/nahamsec/lazys3.git
|
||||
git_clone https://github.com/andresriancho/nimbostratus.git
|
||||
git_clone https://github.com/duo-labs/cloudmapper.git ; cd cloudmapper/ ; pipenv install --skip-lock ; pipenv shell ; cd ..
|
||||
@ -234,6 +235,7 @@ git_clone https://github.com/pentestgeek/phishing-frenzy.git
|
||||
git_clone https://github.com/trustedsec/social-engineer-toolkit.git
|
||||
git_clone https://github.com/bluscreenofjeff/Malleable-C2-Randomizer.git
|
||||
git_clone https://github.com/rsmudge/Malleable-C2-Profiles.git
|
||||
git_clone https://github.com/sense-of-security/ADRecon.git
|
||||
git_clone https://github.com/threatexpress/malleable-c2.git
|
||||
git_clone https://github.com/ropnop/kerbrute.git
|
||||
git_clone https://github.com/Raikia/CredNinja.git
|
||||
|
Loading…
Reference in New Issue
Block a user