From 04e2fb230f4ab756bf1e9bfc5a26e1497bc8b91e Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Wed, 18 Apr 2018 21:49:59 -0400 Subject: [PATCH] stab at ec2 log sub_service to db --- libs/brute.py | 3 ++- libs/ec2.py | 32 +++++++++++++++++++++++++++++--- libs/sql.py | 12 ++++++++++++ test_insert.py | 5 ++++- 4 files changed, 47 insertions(+), 5 deletions(-) diff --git a/libs/brute.py b/libs/brute.py index b79631d..a37c0ff 100644 --- a/libs/brute.py +++ b/libs/brute.py @@ -2,12 +2,13 @@ from __future__ import print_function import boto3 import botocore +import datetime import json import logging import os import pprint import sys -import datetime + from libs.sql import * diff --git a/libs/ec2.py b/libs/ec2.py index f2c18e1..c491b98 100644 --- a/libs/ec2.py +++ b/libs/ec2.py @@ -1,7 +1,13 @@ import boto3 import botocore +import datetime import pprint +from libs.sql import * + +# we chould probably load this from one place in the future #TODO +db_name = "weirdAAL.db" + ''' EC2 functions for WeirdAAL ''' @@ -68,10 +74,19 @@ def describe_instances(): print("[-] List instances allowed for {} but no results [-]" .format(region)) else: print("[+] Listing instances for region: {} [+]" .format(region)) + db_logger = [] for r in response['Reservations']: + db_logger.append(['ec2', 'DescribeInstances', str(r), AWS_ACCESS_KEY_ID, datetime.datetime.now()]) for i in r['Instances']: pp.pprint(i) - + # logging to db here + try: + # print(db_logger) + insert_sub_service_data(db_name, db_logger) + except sqlite3.OperationalError as e: + print(e) + print("You need to set up the database...exiting") + sys.exit() except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'UnauthorizedOperation': print('{} : (UnauthorizedOperation) when calling the DescribeInstances -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) @@ -93,17 +108,28 @@ def describe_instances_basic(): else: # print (response) print("[+] Listing instances for region: {} [+]" .format(region)) + db_logger = [] for r in response['Reservations']: + # logging the full blob + db_logger.append(['ec2', 'DescribeInstances', str(r), AWS_ACCESS_KEY_ID, datetime.datetime.now()]) for i in r['Instances']: launchtime = i['LaunchTime'] instanceid = i['InstanceId'] instancetype = i['InstanceType'] state = i['State'] print("InstanceID: {}, InstanceType: {}, State: {}, Launchtime: {}".format(instanceid, instancetype, state, launchtime)) - + # logging to db here + try: + # print(db_logger) + insert_sub_service_data(db_name, db_logger) + except sqlite3.OperationalError as e: + print(e) + print("You need to set up the database...exiting") + sys.exit() + print("\n") except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'UnauthorizedOperation': - print('{} : (UnauthorizedOperation) when calling the DescribeInstances-- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) + print('{} : (UnauthorizedOperation) when calling the DescribeInstances -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'SubscriptionRequiredException': print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: diff --git a/libs/sql.py b/libs/sql.py index ce259c9..479611c 100644 --- a/libs/sql.py +++ b/libs/sql.py @@ -27,6 +27,7 @@ def create_table(db_name,table_name,sql): cursor.execute(sql) db.commit() + def create_recon_table(db_name, table_name): sql = """CREATE TABLE recon (ID integer, @@ -39,6 +40,7 @@ def create_recon_table(db_name, table_name): create_table(db_name,table_name,sql) print ("created table: {}".format(table_name)) + def create_awskey_table(db_name, table_name): sql = """CREATE TABLE AWSKey (ID integer, @@ -48,6 +50,7 @@ def create_awskey_table(db_name, table_name): create_table(db_name,table_name,sql) print ("created table: {}".format(table_name)) + def create_services_table(db_name, table_name): sql = """CREATE TABLE services (ID integer, @@ -66,11 +69,19 @@ def insert_awskey_data(db_name, records): for record in records: query(db_name, sql,record) + def insert_reconservice_data(db_name, records): sql = """INSERT INTO recon(service, sub_service, AWSKeyID, checked_at) VALUES (?,?,?,?)""" for record in records: query(db_name,sql,record) + +def insert_sub_service_data(db_name, records): + sql = """INSERT INTO services(service, sub_service, sub_service_data, AWSKeyID, checked_at) VALUES (?,?,?,?,?)""" + for record in records: + query(db_name,sql,record) + + def search_recon_by_key(db_name,AWSKeyID): with sqlite3.connect(db_name) as db: cursor = db.cursor() @@ -78,6 +89,7 @@ def search_recon_by_key(db_name,AWSKeyID): results = cursor.fetchall() return results + def query(db_name,sql,data): with sqlite3.connect(db_name) as db: cursor = db.cursor() diff --git a/test_insert.py b/test_insert.py index 83c14cf..d7f654d 100644 --- a/test_insert.py +++ b/test_insert.py @@ -15,4 +15,7 @@ if __name__ == "__main__": insert_awskey_data(db_name,test_aws_key) test_service_data = [("ec2","DescribeInstances","AKIAIOSFODNN7EXAMPLE", timenow),("ecr","DescribeRepositories","AKIAIOSFODNN7EXAMPLE",timenow)] - insert_reconservice_data(db_name, test_service_data) \ No newline at end of file + insert_reconservice_data(db_name, test_service_data) + + test_sub_service_data = [("ec2","DescribeInstances","{'Groups': [], 'Instances': [{'AmiLaunchIndex': 0, 'ImageId': 'ami-90123455', 'InstanceId': 'i-04340cXXXXXXX', 'InstanceType': 't2.micro', 'KeyName': 'TEST THAT SHIT', 'LaunchTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'Monitoring': {'State': 'disabled'}, 'Placement': {'AvailabilityZone': 'us-east-1e', 'GroupName': '', 'Tenancy': 'default'}, 'Platform': 'windows', 'PrivateDnsName': 'ip-192-168-1-15.ec2.internal', 'PrivateIpAddress': '192.168.1.15', 'ProductCodes': [], 'PublicDnsName': '', 'State': {'Code': 16, 'Name': 'running'}, 'StateTransitionReason': '', 'SubnetId': 'subnet-12345a', 'VpcId': 'vpc-12345a', 'Architecture': 'x86_64', 'BlockDeviceMappings': [{'DeviceName': '/dev/sda1', 'Ebs': {'AttachTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'DeleteOnTermination': True, 'Status': 'attached', 'VolumeId': 'vol-123456'}}], 'ClientToken': '', 'EbsOptimized': False, 'EnaSupport': True, 'Hypervisor': 'xen', 'NetworkInterfaces': [{'Attachment': {'AttachTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'AttachmentId': 'eni-attach-12345', 'DeleteOnTermination': True, 'DeviceIndex': 0, 'Status': 'attached'}, 'Description': 'Primary network interface', 'Groups': [{'GroupName': 'INTERNAL', 'GroupId': 'sg-x12345c'}], 'Ipv6Addresses': [], 'MacAddress': 'ff:aa:ad:b1:c0:34', 'NetworkInterfaceId': 'eni-654321', 'OwnerId': 'xxxxxxxxxx', 'PrivateIpAddress': '192.168.1.15', 'PrivateIpAddresses': [{'Primary': True, 'PrivateIpAddress': '192.168.1.15'}], 'SourceDestCheck': True, 'Status': 'in-use', 'SubnetId': 'subnet-85d385ba', 'VpcId': 'vpc-deadbabe'}], 'RootDeviceName': '/dev/sda1', 'RootDeviceType': 'ebs', 'SecurityGroups': [{'GroupName': 'INTERNAL', 'GroupId': 'sg-12345'}], 'SourceDestCheck': True, 'Tags': [{'Key': 'Name', 'Value': 'INTERNAL'}], 'VirtualizationType': 'hvm'}], 'OwnerId': 'xxxxxxxxxx', 'ReservationId': 'r-00000000555555'}","AKIAIOSFODNN7EXAMPLE", datetime.datetime.now()),("ecr","DescribeRepositories","poop", "AKIAIOSFODNN7EXAMPLE",datetime.datetime.now())] + insert_sub_service_data(db_name, test_sub_service_data) \ No newline at end of file