From 05276732f14f4362293e5ea7468700dd02951f01 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Thu, 29 Nov 2018 19:38:58 -0500 Subject: [PATCH] update ec2 lib to do an userdata instance attribute check --- libs/aws/ec2.py | 54 ++++++++++++++++++++++++++++++++++++++++++++-- modules/aws/ec2.py | 8 +++++++ 2 files changed, 60 insertions(+), 2 deletions(-) diff --git a/libs/aws/ec2.py b/libs/aws/ec2.py index 482b0b0..aef2fce 100644 --- a/libs/aws/ec2.py +++ b/libs/aws/ec2.py @@ -143,8 +143,8 @@ def describe_instances_basic(): print('{} : (AuthFailure) when calling the DescribeInstances in ({}) -- key is invalid or no permissions.' .format(AWS_ACCESS_KEY_ID, region)) continue elif e.response['Error']['Code'] == 'OptInRequired': - print('{} : (OptInRequired) Has permissions but isnt signed up for service in ({})- ' .format(AWS_ACCESS_KEY_ID, region)) - continue + print('{} : (OptInRequired) Has permissions but isnt signed up for service in ({})- ' .format(AWS_ACCESS_KEY_ID, region)) + continue else: print(e) continue @@ -354,6 +354,56 @@ def get_instance_volume_details(): print("CTRL-C received, exiting...") +def get_instance_userdata(): + ''' + show volumes sorted by instanceId ex: instanceID-->multiple volumes less detail than get_instance_volume_details2 + ''' + try: + for region in regions: + try: + client = boto3.client('ec2', region_name=region) + instances = client.describe_instances() + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'UnauthorizedOperation': + print('{} : (UnauthorizedOperation) when calling the DescribeInstances in ({}) -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID, region)) + continue + elif e.response['Error']['Code'] == 'AuthFailure': + print('{} : (AuthFailure) when calling the DescribeInstances in ({}) -- key is invalid or no permissions.' .format(AWS_ACCESS_KEY_ID, region)) + continue + elif e.response['Error']['Code'] == 'OptInRequired': + print('{} : (OptInRequired) Has permissions but isnt signed up for service in ({})- ' .format(AWS_ACCESS_KEY_ID, region)) + continue + else: + print(e) + continue + if len(instances['Reservations']) <= 0: + print("[-] List instances allowed for {} but no results [-]" .format(region)) + else: + for r in instances['Reservations']: + for i in r['Instances']: + try: + userData = client.describe_instance_attribute(InstanceId=i['InstanceId'], Attribute='userData') + print("Instance ID: {} \n" .format(i['InstanceId'])) + if len(userData['UserData']['Value']) >= 0: + print("Decoded Userdata values:") + pp.pprint(base64.b64decode(userData['UserData']['Value']).decode("utf-8")) + print("\n") + else: + print("no Userdata for: {}\n".format(i['InstanceId'])) + except KeyError: + next + + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'UnauthorizedOperation': + print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print(e) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + + def get_instance_volume_details2(): ''' show volumes by instanceId but instanceID->volume1 of ID, instanceID->volume2 of ID but more details. diff --git a/modules/aws/ec2.py b/modules/aws/ec2.py index 3681591..bfbe53c 100644 --- a/modules/aws/ec2.py +++ b/modules/aws/ec2.py @@ -40,6 +40,14 @@ def module_ec2_get_instance_volume_details(): get_instance_volume_details() +def module_ec2_get_instance_userdata(): + ''' + Show userData sorted by instanceId + python3 weirdAAL.py -m ec2_get_instance_userdata -t demo + ''' + get_instance_userdata() + + def module_ec2_get_instance_volume_details2(): ''' Show volumes by instanceId but instanceID->volume1 of ID, instanceID->volume2 of ID but more details.