{"id":13757425,"url":"https://github.com/crypsisgroup/ebs-direct-sec-tools","last_synced_at":"2026-01-14T23:09:34.529Z","repository":{"id":57635715,"uuid":"299208330","full_name":"crypsisgroup/ebs-direct-sec-tools","owner":"crypsisgroup","description":"Fun tools around the EBS Direct API","archived":false,"fork":false,"pushed_at":"2021-04-16T22:24:17.000Z","size":29045,"stargazers_count":18,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-05-10T05:34:09.841Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/crypsisgroup.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-09-28T06:19:26.000Z","updated_at":"2024-11-05T04:00:49.000Z","dependencies_parsed_at":"2022-09-11T21:35:05.165Z","dependency_job_id":null,"html_url":"https://github.com/crypsisgroup/ebs-direct-sec-tools","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/crypsisgroup/ebs-direct-sec-tools","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crypsisgroup%2Febs-direct-sec-tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crypsisgroup%2Febs-direct-sec-tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crypsisgroup%2Febs-direct-sec-tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crypsisgroup%2Febs-direct-sec-tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/crypsisgroup","download_url":"https://codeload.github.com/crypsisgroup/ebs-direct-sec-tools/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crypsisgroup%2Febs-direct-sec-tools/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28437930,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T22:37:52.437Z","status":"ssl_error","status_checked_at":"2026-01-14T22:37:31.496Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T12:00:37.684Z","updated_at":"2026-01-14T23:09:34.489Z","avatar_url":"https://github.com/crypsisgroup.png","language":"Go","funding_links":[],"categories":["Other Awesome Lists"],"sub_categories":["Secret Scanning"],"readme":"![Basic build](https://github.com/crypsisgroup/ebs-direct-sec-tools/workflows/Go/badge.svg)\n\n# EBS Direct API Security Tooling\n\nFun tools around the EBS Direct API. If you find this interesting, give it a star, repost the blog, etc so I know whether I should do more! I've yet to ask that of other stuff I've open sourced or blogged about.\n\n**All utilities have a build of latest for AMD64 Linux, Mac and Windows under Github Actions.**\n\n### Authentication\n\nUse native authentication. \n\nUse ~/.aws/credentials, environment variables, etc.\n\n### Todo/Wishlist\n\n- Flag enhancement - More options for end users\n- Modularize signatures\n- Multithreading: It's pretty slow. In my personal circumstances, still worth it, especially if you're doing it off a residential wifi+laptop and not your lab's datacenter, but slow.\n- Figure out what exactly should go where (e.g. it doesn't make sense, say, scansecrets has a dumpbytes param and not diffsecrets, but then diffsecrets having a dump param would deprecate diffblocks - I wouldn't be surprised to see this collapse down into a unified tool)\n\nNote: Some of these may be considered essential in some cases, however my priority is getting capabilities in the hands of users via \"better out than perfect\" principle.\n\n## DownloadSnap \n\nThis is a simple Go utility that can be used to download snapshots – This exists elsewhere but was written in Go for both performance and portability.\n\n**NOTE: Two months ago during the course of this research AWS Labs came out with development code for “coldsnap” which does this. Downloadsnap also doesn't paginate.** The DownloadSnap code is still being made available as historical/example code. Good to see they also came out with it in a compilable language :smile: \n\n```\n$ ./downloadsnap -h\nUsage of ./downloadsnap:\n  -id string\n    \tSnapshot ID of the desired image (default \"empty\")\n  -region string\n    \tSnapshot ID of the desired image (default \"us-east-1\")\n```\n\n## DumpBlocks \n\nGo utility to dump snapshot fragments in a folder based on the changed blocks. For instance, if 40MB continuous changes, then there’s another 60MB later on the disk that changed, it creates 40MB and 60MB files. This is useful for contextualizing interesting fragments.\n\n```\n$ ./diffblocks  -h\nUsage of ./diffblocks:\n  -bar\n    \tWhether you want a progress bar thrust upon you\n  -id string\n    \tSnapshot ID of the desired image (default \"empty\")\n  -region string\n    \tSnapshot ID of the desired image (default \"us-east-1\")\n  -second-id string\n    \tSnapshot ID of the desired image (default \"empty\")\n```\n\n## ScanSecrets \n\nGo utility augmenting Bishop Fox’s Dufflebag rules match function to scan a snapshot for potential hardcoded secrets. Amongst other things, this could be used to help enforce instance roles over hardcoded keys in a CI/CD environment.\n\n```\n$ ./scansecrets -h\nUsage of ./scansecrets:\n  -bar\n    \tWhether you want a progress bar thrust upon you\n  -dumpbytes\n    \tWhether or not to dump the bytes in question to disk. \n  -id string\n    \tSnapshot ID of the desired image (default \"empty\")\n  -region string\n    \tSnapshot ID of the desired image (default \"us-east-1\")\n```\n\n## DiffSecrets\n\nGo utility augmenting Bishop Fox’s Dufflebag rules and match function to scan two different snapshots for potential hardcoded secrets. Amongst other things, this could be used to help enforce instance roles over hardcoded keys in a CI/CD environment.\n\nThe ScanSecrets tool, but diffs two snapshots. This is a pretty niche but really valuable API (and, in my opinion, fun to play with). In testing this was able to sniff out hardcoded keys and backdoor /etc/shadow passwords left over after basic iterative AMI changes in seconds. On a home laptop on home WiFi.\n\n```\n$ ./diffsecrets -h\nUsage of ./diffsecrets:\n  -bar\n    \tWhether you want a progress bar thrust upon you\n  -id string\n    \tSnapshot ID of the desired image (default \"empty\")\n  -region string\n    \tSnapshot ID of the desired image (default \"us-east-1\")\n  -second-id string\n    \tSnapshot ID of the desired image (default \"empty\")\n```\nDiffSecrets Demo: \n\n[![asciicast](https://asciinema.org/a/urSwi8QSTNGV9IGn2efLhTKOi.svg)](https://asciinema.org/a/urSwi8QSTNGV9IGn2efLhTKOi)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrypsisgroup%2Febs-direct-sec-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrypsisgroup%2Febs-direct-sec-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrypsisgroup%2Febs-direct-sec-tools/lists"}