Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added cognito idp signup enabled check #164

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

added cognito idp signup enabled check #164

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
204 changes: 114 additions & 90 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,95 +9,105 @@ KeyHacks shows methods to validate different API keys found on a Bug Bounty Prog

# Table of Contents

- [ABTasty API Key](#ABTasty-API-Key)
- [Algolia API key](#Algolia-API-key)
- [Amplitude API Keys](#Amplitude-API-Keys)
- [Asana Access token](#Asana-Access-Token)
- [AWS Access Key ID and Secret](#AWS-Access-Key-ID-and-Secret)
- [Azure Application Insights APP ID and API Key](#Azure-Application-Insights-APP-ID-and-API-Key)
- [Bazaarvoice Passkey](#Bazaarvoice-Passkey)
- [Bing Maps API Key](#Bing-Maps-API-Key)
- [Bit.ly Access token](#Bitly-Access-token)
- [Branch.io Key and Secret](#BranchIO-Key-and-Secret)
- [BrowserStack Access Key](#BrowserStack-Access-Key)
- [Buildkite Access token](#Buildkite-Access-token)
- [ButterCMS API Key](#ButterCMS-API-Key)
- [Calendly API Key](#Calendly-API-Key)
- [Contentful Access Token](#Contentful-access-token)
- [CircleCI Access Token](#CircleCI-Access-Token)
- [Cloudflare API key](#cloudflare-api-key)
- [Cypress record key](#Cypress-record-key)
- [DataDog API key](#DataDog-API-key)
- [Delighted API key](#Delighted-api-key)
- [Deviant Art Access Token](#Deviant-Art-Access-Token)
- [Deviant Art Secret](#Deviant-Art-Secret)
- [Dropbox API](#Dropbox-API)
- [Facebook Access Token](#Facebook-Access-Token)
- [Facebook AppSecret](#Facebook-AppSecret)
- [Firebase](#Firebase)
- [Firebase Cloud Messaging (FCM)](#Firebase-Cloud-Messaging)
- [FreshDesk API Key](#FreshDesk-API-key)
- [Github client id and client secret](#Github-client-id-and-client-secret)
- [GitHub private SSH key](#GitHub-private-SSH-key)
- [Github Token](#Github-Token)
- [Gitlab personal access token](#Gitlab-personal-access-token)
- [GitLab runner registration token](#Gitlab-runner-registration-token)
- [Google Cloud Service Account credentials](#Google-Cloud-Service-Account-credentials)
- [Google Maps API key](#Google-Maps-API-key)
- [Google Recaptcha key](#Google-Recaptcha-key)
- [Grafana Access Token](#Grafana-Access-Token)
- [Help Scout OAUTH](#Help-Scout-OAUTH)
- [Heroku API key](#Heroku-API-key)
- [HubSpot API key](#Hubspot-API-key)
- [Infura API key](#Infura-API-key)
- [Instagram Access Token](#Instagram-Access-Token)
- [Instagram Basic Display API](#Instagram-Basic-Display-API-Access-Token)
- [Instagram Graph API](#Instagram-Graph-Api-Access-Token)
- [Ipstack API Key](#Ipstack-API-Key)
- [Iterable API Key](#Iterable-API-Key)
- [JumpCloud API Key](#JumpCloud-API-Key)
- [Keen.io API Key](#Keenio-API-Key)
- [LinkedIn OAUTH](#LinkedIn-OAUTH)
- [Lokalise API Key](#Lokalise-API-Key)
- [Loqate API Key](#Loqate-API-key)
- [MailChimp API Key](#MailChimp-API-Key)
- [MailGun Private Key](#MailGun-Private-Key)
- [Mapbox API key](#Mapbox-API-Key)
- [Microsoft Azure Tenant](#Microsoft-Azure-Tenant)
- [Microsoft Shared Access Signatures (SAS)](#Microsoft-Shared-Access-Signatures-(SAS))
- [Microsoft Teams Webhook](#Microsoft-Teams-Webhook)
- [New Relic Personal API Key (NerdGraph)](#New-Relic-Personal-API-Key-(NerdGraph))
- [New Relic REST API](#New-Relic-REST-API)
- [NPM token](#NPM-token)
- [OpsGenie API Key](#OpsGenie-API-Key)
- [Pagerduty API token](#Pagerduty-API-token)
- [Paypal client id and secret key](#Paypal-client-id-and-secret-key)
- [Pendo Integration Key](#Pendo-Integration-Key)
- [PivotalTracker API Token](#PivotalTracker-API-Token)
- [Razorpay API key and secret key](#Razorpay-keys)
- [Salesforce API key](#Salesforce-API-key)
- [SauceLabs Username and access Key](#SauceLabs-Username-and-access-Key)
- [SendGrid API Token](#SendGrid-API-Token)
- [Shodan.io](#Shodan-Api-Key)
- [Slack API token](#Slack-API-token)
- [Slack Webhook](#Slack-Webhook)
- [Sonarcloud](#Sonarcloud-Token)
- [Spotify Access Token](#Spotify-Access-Token)
- [Square](#Square)
- [Stripe Live Token](#Stripe-Live-Token)
- [Telegram Bot API Token](#Telegram-Bot-API-Token)
- [Travis CI API token](#Travis-CI-API-token)
- [Twilio Account_sid and Auth token](#Twilio-Account_sid-and-Auth-token)
- [Twitter API Secret](#Twitter-API-Secret)
- [Twitter Bearer token](#Twitter-Bearer-token)
- [Visual Studio App Center API Token](#Visual-Studio-App-Center-API-Token)
- [WakaTime API Key](#WakaTime-API-Key)
- [WeGlot Api Key](#weglot-api-key)
- [WPEngine API Key](#WPEngine-API-Key)
- [YouTube API Key](#YouTube-API-Key)
- [Zapier Webhook Token](#Zapier-Webhook-Token)
- [Zendesk Access token](#Zendesk-Access-Token)
- [Zendesk API key](#Zendesk-api-key)
- [Table of Contents](#table-of-contents)
- [Detailed Information](#detailed-information)
- [Slack Webhook](#slack-webhook)
- [Slack API token](#slack-api-token)
- [SauceLabs Username and access Key](#saucelabs-username-and-access-key)
- [Facebook AppSecret](#facebook-appsecret)
- [Facebook Access Token](#facebook-access-token)
- [Firebase](#firebase)
- [Github Token](#github-token)
- [Github client id and client secret](#github-client-id-and-client-secret)
- [Firebase Cloud Messaging](#firebase-cloud-messaging)
- [GitHub private SSH key](#github-private-ssh-key)
- [Twilio Account\_sid and Auth token](#twilio-account_sid-and-auth-token)
- [Twitter API Secret](#twitter-api-secret)
- [Twitter Bearer token](#twitter-bearer-token)
- [HubSpot API key](#hubspot-api-key)
- [Infura API key](#infura-api-key)
- [Deviant Art Secret](#deviant-art-secret)
- [Deviant Art Access Token](#deviant-art-access-token)
- [Pendo Integration Key](#pendo-integration-key)
- [SendGrid API Token](#sendgrid-api-token)
- [Square](#square)
- [Contentful Access Token](#contentful-access-token)
- [Dropbox API](#dropbox-api)
- [AWS Access Key ID and Secret](#aws-access-key-id-and-secret)
- [Lokalise API Key](#lokalise-api-key)
- [MailGun Private Key](#mailgun-private-key)
- [FreshDesk API Key](#freshdesk-api-key)
- [JumpCloud API Key](#jumpcloud-api-key)
- [v1](#v1)
- [v2](#v2)
- [Microsoft Azure Tenant](#microsoft-azure-tenant)
- [Microsoft Shared Access Signatures (SAS)](#microsoft-shared-access-signatures-sas)
- [Microsoft Teams Webhook](#microsoft-teams-webhook)
- [New Relic Personal API Key (NerdGraph)](#new-relic-personal-api-key-nerdgraph)
- [New Relic REST API](#new-relic-rest-api)
- [Heroku API key](#heroku-api-key)
- [Mapbox API key](#mapbox-api-key)
- [Salesforce API key](#salesforce-api-key)
- [Algolia API key](#algolia-api-key)
- [Zapier Webhook Token](#zapier-webhook-token)
- [Pagerduty API token](#pagerduty-api-token)
- [BrowserStack Access Key](#browserstack-access-key)
- [Google Maps API key](#google-maps-api-key)
- [Google Recaptcha key](#google-recaptcha-key)
- [Google Cloud Service Account credentials](#google-cloud-service-account-credentials)
- [Branch.IO Key and Secret](#branchio-key-and-secret)
- [Bing Maps API Key](#bing-maps-api-key)
- [Bit.ly Access token](#bitly-access-token)
- [Buildkite Access token](#buildkite-access-token)
- [ButterCMS-API-Key](#buttercms-api-key)
- [Asana Access token](#asana-access-token)
- [Zendesk Access token](#zendesk-access-token)
- [Zendesk Api Key](#zendesk-api-key)
- [MailChimp API Key](#mailchimp-api-key)
- [WPEngine API Key](#wpengine-api-key)
- [DataDog API key](#datadog-api-key)
- [Delighted API key](#delighted-api-key)
- [Travis CI API token](#travis-ci-api-token)
- [Telegram Bot API Token](#telegram-bot-api-token)
- [WakaTime API Key](#wakatime-api-key)
- [Sonarcloud Token](#sonarcloud-token)
- [Spotify Access Token](#spotify-access-token)
- [Instagram Basic Display API Access Token](#instagram-basic-display-api-access-token)
- [Instagram Graph API Access Token](#instagram-graph-api-access-token)
- [Gitlab personal access token](#gitlab-personal-access-token)
- [GitLab runner registration token](#gitlab-runner-registration-token)
- [Paypal client id and secret key](#paypal-client-id-and-secret-key)
- [Stripe Live Token](#stripe-live-token)
- [Razorpay API key and Secret key](#razorpay-api-key-and-secret-key)
- [CircleCI Access Token](#circleci-access-token)
- [Cloudflare API key](#cloudflare-api-key)
- [Loqate API key](#loqate-api-key)
- [Ipstack API Key](#ipstack-api-key)
- [NPM token](#npm-token)
- [OpsGenie API Key](#opsgenie-api-key)
- [Keen.io API Key](#keenio-api-key)
- [More info / complete docs: https://stripe.com/docs/api/authentication](#more-info--complete-docs-httpsstripecomdocsapiauthentication)
- [Calendly API Key](#calendly-api-key)
- [Azure Application Insights APP ID and API Key](#azure-application-insights-app-id-and-api-key)
- [Cypress record key](#cypress-record-key)
- [YouTube API Key](#youtube-api-key)
- [ABTasty API Key](#abtasty-api-key)
- [Iterable API Key](#iterable-api-key)
- [Amplitude API Keys](#amplitude-api-keys)
- [Visual Studio App Center API Token](#visual-studio-app-center-api-token)
- [WeGlot Api Key](#weglot-api-key)
- [PivotalTracker API Token](#pivotaltracker-api-token)
- [LinkedIn OAUTH](#linkedin-oauth)
- [Help Scout OAUTH](#help-scout-oauth)
- [Shodan Api Key](#shodan-api-key)
- [Bazaarvoice Passkey](#bazaarvoice-passkey)
- [Grafana Access Token](#grafana-access-token)
- [Cognito IDP Signup enabled](#cognito-idp-signup-enabled)
- [Contributing](#contributing)
- [Using the issue tracker 💡](#using-the-issue-tracker-)
- [Issues and labels 🏷](#issues-and-labels-)
- [Guidelines for bug reports 🐛](#guidelines-for-bug-reports-)
- [⚠ Legal Disclaimer](#-legal-disclaimer)


# Detailed Information
Expand Down Expand Up @@ -911,7 +921,6 @@ curl -XPOST -H "Content-type: application/x-www-form-urlencoded" -d 'grant_type=

```


## [Help Scout OAUTH](https://developer.helpscout.com/mailbox-api/overview/authentication/)
A successful access token request returns a JSON object containing token_type, access_token, expires_in.
```
Expand Down Expand Up @@ -945,6 +954,21 @@ Basic:
curl -u username:password http://your-grafana-server-url.com/api/user
```

## [Cognito IDP Signup enabled](https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/sign-up.html)
**Create a new user.**
```
aws cognito-idp sign-up --client-id <client-id> --username <username> --password <password> --user-attributes Name=email,Value=<email> --region <region>
```
**Confirm the user registration.**
```
aws cognito-idp confirm-sign-up --client-id <client-id> --username <username> --confirmation-code <code> --region <region>
```
**Initiate the authentication flow.** (Only if username/password authentication is enabled i.e. USER_PASSWORD_AUTH)
```
aws cognito-idp initiate-auth --client-id <client-id> --auth-flow USER_PASSWORD_AUTH --auth-parameters USERNAME=<username>,PASSWORD=<password> --region <region>
```


# Contributing

I welcome contributions from the public.
Expand Down