stab at ec2 log sub_service to db
This commit is contained in:
carnal0wnage
@@ -2,12 +2,13 @@ from __future__ import print_function
|
|||||||
|
|
||||||
import boto3
|
import boto3
|
||||||
import botocore
|
import botocore
|
||||||
|
import datetime
|
||||||
import json
|
import json
|
||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
import pprint
|
import pprint
|
||||||
import sys
|
import sys
|
||||||
import datetime
|
|
||||||
|
|
||||||
from libs.sql import *
|
from libs.sql import *
|
||||||
|
|
||||||
|
|||||||
30
libs/ec2.py
30
libs/ec2.py
@@ -1,7 +1,13 @@
|
|||||||
import boto3
|
import boto3
|
||||||
import botocore
|
import botocore
|
||||||
|
import datetime
|
||||||
import pprint
|
import pprint
|
||||||
|
|
||||||
|
from libs.sql import *
|
||||||
|
|
||||||
|
# we chould probably load this from one place in the future #TODO
|
||||||
|
db_name = "weirdAAL.db"
|
||||||
|
|
||||||
'''
|
'''
|
||||||
EC2 functions for WeirdAAL
|
EC2 functions for WeirdAAL
|
||||||
'''
|
'''
|
||||||
@@ -68,10 +74,19 @@ def describe_instances():
|
|||||||
print("[-] List instances allowed for {} but no results [-]" .format(region))
|
print("[-] List instances allowed for {} but no results [-]" .format(region))
|
||||||
else:
|
else:
|
||||||
print("[+] Listing instances for region: {} [+]" .format(region))
|
print("[+] Listing instances for region: {} [+]" .format(region))
|
||||||
|
db_logger = []
|
||||||
for r in response['Reservations']:
|
for r in response['Reservations']:
|
||||||
|
db_logger.append(['ec2', 'DescribeInstances', str(r), AWS_ACCESS_KEY_ID, datetime.datetime.now()])
|
||||||
for i in r['Instances']:
|
for i in r['Instances']:
|
||||||
pp.pprint(i)
|
pp.pprint(i)
|
||||||
|
# logging to db here
|
||||||
|
try:
|
||||||
|
# print(db_logger)
|
||||||
|
insert_sub_service_data(db_name, db_logger)
|
||||||
|
except sqlite3.OperationalError as e:
|
||||||
|
print(e)
|
||||||
|
print("You need to set up the database...exiting")
|
||||||
|
sys.exit()
|
||||||
except botocore.exceptions.ClientError as e:
|
except botocore.exceptions.ClientError as e:
|
||||||
if e.response['Error']['Code'] == 'UnauthorizedOperation':
|
if e.response['Error']['Code'] == 'UnauthorizedOperation':
|
||||||
print('{} : (UnauthorizedOperation) when calling the DescribeInstances -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
|
print('{} : (UnauthorizedOperation) when calling the DescribeInstances -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
|
||||||
@@ -93,14 +108,25 @@ def describe_instances_basic():
|
|||||||
else:
|
else:
|
||||||
# print (response)
|
# print (response)
|
||||||
print("[+] Listing instances for region: {} [+]" .format(region))
|
print("[+] Listing instances for region: {} [+]" .format(region))
|
||||||
|
db_logger = []
|
||||||
for r in response['Reservations']:
|
for r in response['Reservations']:
|
||||||
|
# logging the full blob
|
||||||
|
db_logger.append(['ec2', 'DescribeInstances', str(r), AWS_ACCESS_KEY_ID, datetime.datetime.now()])
|
||||||
for i in r['Instances']:
|
for i in r['Instances']:
|
||||||
launchtime = i['LaunchTime']
|
launchtime = i['LaunchTime']
|
||||||
instanceid = i['InstanceId']
|
instanceid = i['InstanceId']
|
||||||
instancetype = i['InstanceType']
|
instancetype = i['InstanceType']
|
||||||
state = i['State']
|
state = i['State']
|
||||||
print("InstanceID: {}, InstanceType: {}, State: {}, Launchtime: {}".format(instanceid, instancetype, state, launchtime))
|
print("InstanceID: {}, InstanceType: {}, State: {}, Launchtime: {}".format(instanceid, instancetype, state, launchtime))
|
||||||
|
# logging to db here
|
||||||
|
try:
|
||||||
|
# print(db_logger)
|
||||||
|
insert_sub_service_data(db_name, db_logger)
|
||||||
|
except sqlite3.OperationalError as e:
|
||||||
|
print(e)
|
||||||
|
print("You need to set up the database...exiting")
|
||||||
|
sys.exit()
|
||||||
|
print("\n")
|
||||||
except botocore.exceptions.ClientError as e:
|
except botocore.exceptions.ClientError as e:
|
||||||
if e.response['Error']['Code'] == 'UnauthorizedOperation':
|
if e.response['Error']['Code'] == 'UnauthorizedOperation':
|
||||||
print('{} : (UnauthorizedOperation) when calling the DescribeInstances -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
|
print('{} : (UnauthorizedOperation) when calling the DescribeInstances -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
|
||||||
|
|||||||
12
libs/sql.py
12
libs/sql.py
@@ -27,6 +27,7 @@ def create_table(db_name,table_name,sql):
|
|||||||
cursor.execute(sql)
|
cursor.execute(sql)
|
||||||
db.commit()
|
db.commit()
|
||||||
|
|
||||||
|
|
||||||
def create_recon_table(db_name, table_name):
|
def create_recon_table(db_name, table_name):
|
||||||
sql = """CREATE TABLE recon
|
sql = """CREATE TABLE recon
|
||||||
(ID integer,
|
(ID integer,
|
||||||
@@ -39,6 +40,7 @@ def create_recon_table(db_name, table_name):
|
|||||||
create_table(db_name,table_name,sql)
|
create_table(db_name,table_name,sql)
|
||||||
print ("created table: {}".format(table_name))
|
print ("created table: {}".format(table_name))
|
||||||
|
|
||||||
|
|
||||||
def create_awskey_table(db_name, table_name):
|
def create_awskey_table(db_name, table_name):
|
||||||
sql = """CREATE TABLE AWSKey
|
sql = """CREATE TABLE AWSKey
|
||||||
(ID integer,
|
(ID integer,
|
||||||
@@ -48,6 +50,7 @@ def create_awskey_table(db_name, table_name):
|
|||||||
create_table(db_name,table_name,sql)
|
create_table(db_name,table_name,sql)
|
||||||
print ("created table: {}".format(table_name))
|
print ("created table: {}".format(table_name))
|
||||||
|
|
||||||
|
|
||||||
def create_services_table(db_name, table_name):
|
def create_services_table(db_name, table_name):
|
||||||
sql = """CREATE TABLE services
|
sql = """CREATE TABLE services
|
||||||
(ID integer,
|
(ID integer,
|
||||||
@@ -66,11 +69,19 @@ def insert_awskey_data(db_name, records):
|
|||||||
for record in records:
|
for record in records:
|
||||||
query(db_name, sql,record)
|
query(db_name, sql,record)
|
||||||
|
|
||||||
|
|
||||||
def insert_reconservice_data(db_name, records):
|
def insert_reconservice_data(db_name, records):
|
||||||
sql = """INSERT INTO recon(service, sub_service, AWSKeyID, checked_at) VALUES (?,?,?,?)"""
|
sql = """INSERT INTO recon(service, sub_service, AWSKeyID, checked_at) VALUES (?,?,?,?)"""
|
||||||
for record in records:
|
for record in records:
|
||||||
query(db_name,sql,record)
|
query(db_name,sql,record)
|
||||||
|
|
||||||
|
|
||||||
|
def insert_sub_service_data(db_name, records):
|
||||||
|
sql = """INSERT INTO services(service, sub_service, sub_service_data, AWSKeyID, checked_at) VALUES (?,?,?,?,?)"""
|
||||||
|
for record in records:
|
||||||
|
query(db_name,sql,record)
|
||||||
|
|
||||||
|
|
||||||
def search_recon_by_key(db_name,AWSKeyID):
|
def search_recon_by_key(db_name,AWSKeyID):
|
||||||
with sqlite3.connect(db_name) as db:
|
with sqlite3.connect(db_name) as db:
|
||||||
cursor = db.cursor()
|
cursor = db.cursor()
|
||||||
@@ -78,6 +89,7 @@ def search_recon_by_key(db_name,AWSKeyID):
|
|||||||
results = cursor.fetchall()
|
results = cursor.fetchall()
|
||||||
return results
|
return results
|
||||||
|
|
||||||
|
|
||||||
def query(db_name,sql,data):
|
def query(db_name,sql,data):
|
||||||
with sqlite3.connect(db_name) as db:
|
with sqlite3.connect(db_name) as db:
|
||||||
cursor = db.cursor()
|
cursor = db.cursor()
|
||||||
|
|||||||
@@ -16,3 +16,6 @@ if __name__ == "__main__":
|
|||||||
|
|
||||||
test_service_data = [("ec2","DescribeInstances","AKIAIOSFODNN7EXAMPLE", timenow),("ecr","DescribeRepositories","AKIAIOSFODNN7EXAMPLE",timenow)]
|
test_service_data = [("ec2","DescribeInstances","AKIAIOSFODNN7EXAMPLE", timenow),("ecr","DescribeRepositories","AKIAIOSFODNN7EXAMPLE",timenow)]
|
||||||
insert_reconservice_data(db_name, test_service_data)
|
insert_reconservice_data(db_name, test_service_data)
|
||||||
|
|
||||||
|
test_sub_service_data = [("ec2","DescribeInstances","{'Groups': [], 'Instances': [{'AmiLaunchIndex': 0, 'ImageId': 'ami-90123455', 'InstanceId': 'i-04340cXXXXXXX', 'InstanceType': 't2.micro', 'KeyName': 'TEST THAT SHIT', 'LaunchTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'Monitoring': {'State': 'disabled'}, 'Placement': {'AvailabilityZone': 'us-east-1e', 'GroupName': '', 'Tenancy': 'default'}, 'Platform': 'windows', 'PrivateDnsName': 'ip-192-168-1-15.ec2.internal', 'PrivateIpAddress': '192.168.1.15', 'ProductCodes': [], 'PublicDnsName': '', 'State': {'Code': 16, 'Name': 'running'}, 'StateTransitionReason': '', 'SubnetId': 'subnet-12345a', 'VpcId': 'vpc-12345a', 'Architecture': 'x86_64', 'BlockDeviceMappings': [{'DeviceName': '/dev/sda1', 'Ebs': {'AttachTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'DeleteOnTermination': True, 'Status': 'attached', 'VolumeId': 'vol-123456'}}], 'ClientToken': '', 'EbsOptimized': False, 'EnaSupport': True, 'Hypervisor': 'xen', 'NetworkInterfaces': [{'Attachment': {'AttachTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'AttachmentId': 'eni-attach-12345', 'DeleteOnTermination': True, 'DeviceIndex': 0, 'Status': 'attached'}, 'Description': 'Primary network interface', 'Groups': [{'GroupName': 'INTERNAL', 'GroupId': 'sg-x12345c'}], 'Ipv6Addresses': [], 'MacAddress': 'ff:aa:ad:b1:c0:34', 'NetworkInterfaceId': 'eni-654321', 'OwnerId': 'xxxxxxxxxx', 'PrivateIpAddress': '192.168.1.15', 'PrivateIpAddresses': [{'Primary': True, 'PrivateIpAddress': '192.168.1.15'}], 'SourceDestCheck': True, 'Status': 'in-use', 'SubnetId': 'subnet-85d385ba', 'VpcId': 'vpc-deadbabe'}], 'RootDeviceName': '/dev/sda1', 'RootDeviceType': 'ebs', 'SecurityGroups': [{'GroupName': 'INTERNAL', 'GroupId': 'sg-12345'}], 'SourceDestCheck': True, 'Tags': [{'Key': 'Name', 'Value': 'INTERNAL'}], 'VirtualizationType': 'hvm'}], 'OwnerId': 'xxxxxxxxxx', 'ReservationId': 'r-00000000555555'}","AKIAIOSFODNN7EXAMPLE", datetime.datetime.now()),("ecr","DescribeRepositories","poop", "AKIAIOSFODNN7EXAMPLE",datetime.datetime.now())]
|
||||||
|
insert_sub_service_data(db_name, test_sub_service_data)
|
||||||
Reference in New Issue
Block a user