Mo Beigi mobeigi

RHEL

Should work on Amazon Linux as well

needs-restarting -r ; echo $?

or

needs-restarting -r || shutdown -r

or

#!/bin/bash

UPDATE (March 2020, thanks @ic): I don't know the exact AMI version but yum install docker now works on the latest Amazon Linux 2. The instructions below may still be relevant depending on the vintage AMI you are using.

Amazon changed the install in Linux 2. One no-longer using 'yum' See: https://aws.amazon.com/amazon-linux-2/release-notes/

Docker CE Install

sudo amazon-linux-extras install docker
sudo service docker start

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output

Convert AWS IAM credentials to AWS SMTP credentials

If you do, or want to, use AWS to deploy your apps, you will end up using AWS SES via SMTP when you're launching an app that sends out emails of any kind (user registrations, email notifications, etc). For example, I have used this configuration on various Ruby on Rails apps, however, it is just basic SMTP configurations and crosses over to any framework that supports SMTP sendmail.

There are two ways to go about this:

EASY WAY: Create an SMTP user via AWS SES [http://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html#smtp-credentials-console]
NOT SO EASY WAY: Create an SMTP password for an existing IAM user [^^ Same link scroll down]

Luckily, you found this MD file and the NOT SO EASY WAY is suddenly copy-pasta... sudo yum....

	#!/usr/bin/env python3

	"""
	namecheap-dns.py - Export/import DNS records from/to Namecheap

	This script can export DNS records from a domain in Namecheap to a YAML file or
	import records from a YAML file in the same format into Namecheap. I use this
	script to maintain my Namecheap DNS records in a source repository with change
	history, i.e., "configuration as code" for my Namecheap DNS records.

	import base64
	import struct
	import datetime
	import binascii

	from urllib.parse import quote_plus

	# pip install pycryptodomex
	from Cryptodome import Random
	from Cryptodome.Cipher import AES

	#!/usr/bin/env python
	""" Short description of this Python module.

	Longer description of this module.

	This program is free software: you can redistribute it and/or modify it under
	the terms of the GNU General Public License as published by the Free Software
	Foundation, either version 3 of the License, or (at your option) any later
	version.

	<IfModule mod_rewrite.c>

	RewriteEngine On
	RewriteBase /
	RewriteRule ^index\.html$ - [L]
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond %{REQUEST_FILENAME} !-l
	RewriteRule . /index.html [L]

	# first we download the list of IP ranges from CloudFlare
	wget https://www.cloudflare.com/ips-v4

	# set the security group ID
	SG_ID="sg-00000000000000"

	# iterate over the IP ranges in the downloaded file
	# and allow access to ports 80 and 443
	while read p
	do

	URL="http://stackoverflow.com/"

	# store the whole response with the status at the and
	HTTP_RESPONSE=$(curl --silent --write-out "HTTPSTATUS:%{http_code}" -X POST $URL)

	# extract the body
	HTTP_BODY=$(echo $HTTP_RESPONSE \| sed -e 's/HTTPSTATUS\:.*//g')

	# extract the status
	HTTP_STATUS=$(echo $HTTP_RESPONSE \| tr -d '\n' \| sed -e 's/.*HTTPSTATUS://')