dash/weirdAAL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pep8 and documentation

Browse Source
This commit is contained in:
carnal0wnage
2018-05-02 22:44:58 -04:00
parent 194bf3389a
commit 1c633fe216
48 changed files with 505 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
libs/ce.py
View File

@@ -9,7 +9,7 @@ import sys
pp = pprint.PrettyPrinter(indent=5, width=80)
#from http://docs.aws.amazon.com/general/latest/gr/rande.html
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', ]
'''
@@ -21,16 +21,20 @@ AWS_ACCESS_KEY_ID = credentials.access_key
def ce_get_cost_and_usage():
'''
Get cost and usage via cost explorer service - usually requires elevated prviliges
'''
try:
for region in regions:
client = boto3.client('ce', region_name=region)
response = client.get_cost_and_usage(TimePeriod={'Start': '2018-01-01', 'End': '2018-04-01'}, Granularity='MONTHLY', Metrics=["BlendedCost", "UnblendedCost", "UsageQuantity"],)
print(response)
#if response.get('Services') is None:
# This module needs to be further tested
# if response.get('Services') is None:
# print("{} likely does not have Pricing permissions\n" .format(AWS_ACCESS_KEY_ID))
#elif len(response['Services']) <= 0:
# elif len(response['Services']) <= 0:
# print("[-] Describe Pricing Services allowed for {} but no results [-]" .format(region))
#else:
# else:
# print("### {} Services ###" .format(region))
# for tables in response['ServiceCode']:
# pp.pprint(tables)
@@ -39,7 +43,7 @@ def ce_get_cost_and_usage():
if e.response['Error']['Code'] == 'UnauthorizedOperation':
print('{} : (UnauthorizedOperation) when calling the DescribeInstances -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'AccessDeniedException':
print('{} : (AccessDenied) when calling the Get Cost & Usage' .format(AWS_ACCESS_KEY_ID))
print('{} : (AccessDenied) when calling the Get Cost & Usage' .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
else:

9
libs/cloudfront.py
View File

@@ -22,7 +22,7 @@ AWS_ACCESS_KEY_ID = credentials.access_key
def cloudfront_list_distributions():
'''
cloudfront list distributions
CloudFront list distributions
'''
print("### Printing CloudFront Distributions ###")
try:
@@ -30,7 +30,7 @@ def cloudfront_list_distributions():
client = boto3.client('cloudfront', region_name=region)
response = client.list_distributions()
#print(response)
# print(response)
if response.get('DistributionList') is None:
print("{} likely does not have CloudFront permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['DistributionList']) <= 0:
@@ -39,8 +39,7 @@ def cloudfront_list_distributions():
print("### {} CloudFront Distributions ###" .format(region))
for dist in response['DistributionList']['Items']:
pp.pprint(dist)
#pp.pprint(dist['Items'][0])
# pp.pprint(dist['Items'][0])
print("\n")
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':
@@ -53,5 +52,3 @@ def cloudfront_list_distributions():
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")

21
libs/cloudtrail.py
View File

@@ -11,7 +11,7 @@ import sys
pp = pprint.PrettyPrinter(indent=5, width=80)
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1' ]
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1']
# 'cn-north-1', 'cn-northwest-1', 'us-gov-west-1' throwing An error occurred (UnrecognizedClientException) when calling the DescribeTrails operation: The security token included in the request is invalid.
'''
@@ -30,11 +30,8 @@ def describe_trails():
try:
for region in regions:
client = boto3.client('cloudtrail', region_name=region)
response = client.describe_trails()
# print (response)
# print(region)
if response['trailList'] is None:
print("{} likely does not have CloudTrail permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['trailList']) <= 0:
@@ -49,7 +46,7 @@ def describe_trails():
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
#elif e.response['Error']['Code'] == 'UnrecognizedClientException':
# elif e.response['Error']['Code'] == 'UnrecognizedClientException':
# print('{} : UnrecognizedClientException error' .format(AWS_ACCESS_KEY_ID))
# pass
elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
@@ -69,11 +66,8 @@ def list_public_keys():
try:
for region in regions:
client = boto3.client('cloudtrail', region_name=region)
response = client.list_public_keys()
# print (response)
# print(region)
if response['PublicKeyList'] is None:
print("{} likely does not have CloudTrail permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['PublicKeyList']) <= 0:
@@ -106,11 +100,8 @@ def stop_trail(TrailARN):
try:
for region in regions:
client = boto3.client('cloudtrail', region_name=region)
response = client.describe_trails()
# print(response)
if response['trailList'] is None:
print("{} likely does not have CloudTrail permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['trailList']) <= 0:
@@ -130,7 +121,7 @@ def stop_trail(TrailARN):
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
#elif e.response['Error']['Code'] == 'UnrecognizedClientException':
# elif e.response['Error']['Code'] == 'UnrecognizedClientException':
# print('{} : UnrecognizedClientException error' .format(AWS_ACCESS_KEY_ID))
# pass
elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
@@ -141,6 +132,7 @@ def stop_trail(TrailARN):
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
def delete_trail(TrailARN):
'''
Delete a specified trailARN
@@ -150,11 +142,8 @@ def delete_trail(TrailARN):
try:
for region in regions:
client = boto3.client('cloudtrail', region_name=region)
response = client.describe_trails()
# print(response)
if response['trailList'] is None:
print("{} likely does not have CloudTrail permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['trailList']) <= 0:
@@ -174,7 +163,7 @@ def delete_trail(TrailARN):
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
#elif e.response['Error']['Code'] == 'UnrecognizedClientException':
# elif e.response['Error']['Code'] == 'UnrecognizedClientException':
# print('{} : UnrecognizedClientException error' .format(AWS_ACCESS_KEY_ID))
# pass
elif e.response['Error']['Code'] == 'SubscriptionRequiredException':

47
libs/cloudwatch.py
View File

@@ -10,8 +10,8 @@ import sys
pp = pprint.PrettyPrinter(indent=5, width=80)
#from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2']
'''
Code to get the AWS_ACCESS_KEY_ID from boto3
@@ -21,14 +21,17 @@ credentials = session.get_credentials()
AWS_ACCESS_KEY_ID = credentials.access_key
def describe_alarms():
def cloudwatch_describe_alarms():
'''
Describe CloudWatch alarms
'''
print("### Printing Cloudwatch Alarm Information ###")
try:
for region in regions:
client = boto3.client('cloudwatch', region_name=region)
response = client.describe_alarms()
print ("### {} Alarms ###" .format(region))
print("### {} Alarms ###" .format(region))
for alarm in response['MetricAlarms']:
pp.pprint(alarm)
print("\n")
@@ -46,20 +49,24 @@ def describe_alarms():
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
def describe_alarm_history():
def cloudwatch_describe_alarm_history():
'''
Describe CloudWatch Alarm History
'''
print("### Printing Cloudwatch Alarm History Information ###")
try:
for region in regions:
client = boto3.client('cloudwatch', region_name=region)
response = client.describe_alarm_history()
#print response
# print(response)
if response.get('AlarmHistoryItems') is None:
print ("{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID))
print("{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['AlarmHistoryItems']) <= 0:
print ("[-] DecribeAlarmHistory allowed for {} but no results [-]" .format(region))
print("[-] DecribeAlarmHistory allowed for {} but no results [-]" .format(region))
else:
print ("### {} Alarm History ###" .format(region))
print("### {} Alarm History ###" .format(region))
for history_item in response['AlarmHistoryItems']:
pp.pprint(history_item)
print("\n")
@@ -67,7 +74,7 @@ def describe_alarm_history():
if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'AccessDenied':
print ('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'OptInRequired':
@@ -77,20 +84,24 @@ def describe_alarm_history():
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
def list_metrics():
def cloudwatch_list_metrics():
'''
List CloudWatch metrics
'''
print("### Printing Cloudwatch List Metrics ###")
try:
for region in regions:
client = boto3.client('cloudwatch', region_name=region)
response = client.list_metrics()
#print response
# print(response)
if response.get('Metrics') is None:
print ("{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID))
print("{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Metrics']) <= 0:
print ("[-] ListMetrics allowed for {} but no results [-]" .format(region))
print("[-] ListMetrics allowed for {} but no results [-]" .format(region))
else:
print ("### Listing Metrics for {} ###" .format(region))
print("### Listing Metrics for {} ###" .format(region))
for metrics in response['Metrics']:
pp.pprint(metrics)
print("\n")
@@ -98,12 +109,12 @@ def list_metrics():
if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'AccessDenied':
print ('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'OptInRequired':
print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
else:
print ("Unexpected error: {}" .format(e))
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print ("CTRL-C received, exiting...")
print("CTRL-C received, exiting...")

50
libs/config.py
View File

@@ -9,8 +9,8 @@ import sys
pp = pprint.PrettyPrinter(indent=5, width=80)
#from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2']
'''
Code to get the AWS_ACCESS_KEY_ID from boto3
@@ -21,6 +21,9 @@ AWS_ACCESS_KEY_ID = credentials.access_key
def describe_configuration_recorders(region):
'''
Describe Config recorders
'''
try:
client = boto3.client("config", region_name=region)
@@ -32,13 +35,13 @@ def describe_configuration_recorders(region):
print("No Recordings Found\n")
else:
for r in response['ConfigurationRecorders']:
for k,v in r.items():
print("%s: %s" % (k,v))
for k, v in r.items():
print("%s: %s" % (k, v))
print("\n")
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("The AWS KEY IS INVALID. Exiting")
elif e.response['Error']['Code'] == 'UnrecognizedClientException':
elif e.response['Error']['Code'] == 'UnrecognizedClientException':
sys.exit("The AWS KEY IS INVALID. Exiting")
elif e.response['Error']['Code'] == 'AccessDenied':
print('[-] {} : does not have config access. Did you check first?' .format(AWS_ACCESS_KEY_ID))
@@ -55,6 +58,9 @@ def describe_configuration_recorders(region):
def describe_configuration_rules(region):
'''
Describe Config rules
'''
try:
client = boto3.client("config", region_name=region)
@@ -66,13 +72,13 @@ def describe_configuration_rules(region):
print("No Rules Found\n")
else:
for r in response['ConfigRules']:
for k,v in r.items():
print("%s: %s" % (k,v))
for k, v in r.items():
print("%s: %s" % (k, v))
print("\n")
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("The AWS KEY IS INVALID. Exiting")
elif e.response['Error']['Code'] == 'UnrecognizedClientException':
elif e.response['Error']['Code'] == 'UnrecognizedClientException':
sys.exit("The AWS KEY IS INVALID. Exiting")
elif e.response['Error']['Code'] == 'AccessDenied':
print('[-] {} : does not have config access. Did you check first?' .format(AWS_ACCESS_KEY_ID))
@@ -87,7 +93,11 @@ def describe_configuration_rules(region):
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
def delete_rule(rule_name, region):
'''
Attempt to delete the specified Config Rule
'''
try:
client = boto3.client("config", region_name=region)
client.delete_config_rule(ConfigRuleName=rule_name)
@@ -95,7 +105,7 @@ def delete_rule(rule_name, region):
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("The AWS KEY IS INVALID. Exiting")
elif e.response['Error']['Code'] == 'UnrecognizedClientException':
elif e.response['Error']['Code'] == 'UnrecognizedClientException':
sys.exit("The AWS KEY IS INVALID. Exiting")
elif e.response['Error']['Code'] == 'AccessDenied':
print('[-] {} : does not have config access. Did you check first?' .format(AWS_ACCESS_KEY_ID))
@@ -110,7 +120,11 @@ def delete_rule(rule_name, region):
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
def delete_recorder(recorder_name, region):
'''
Attempt to delete the specified Config recorder
'''
try:
client = boto3.client("config", region_name=region)
client.delete_configuration_recorder(ConfigurationRecorderName=recorder_name)
@@ -118,7 +132,7 @@ def delete_recorder(recorder_name, region):
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("The AWS KEY IS INVALID. Exiting")
elif e.response['Error']['Code'] == 'UnrecognizedClientException':
elif e.response['Error']['Code'] == 'UnrecognizedClientException':
sys.exit("The AWS KEY IS INVALID. Exiting")
elif e.response['Error']['Code'] == 'AccessDenied':
print('[-] {} : does not have config access. Did you check first?' .format(AWS_ACCESS_KEY_ID))
@@ -133,18 +147,34 @@ def delete_recorder(recorder_name, region):
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
def list_all_config_rules():
'''
Get config rules for each region
'''
for region in regions:
describe_configuration_rules(region)
def list_all_config_recorders():
'''
Get recorders for each region
'''
for region in regions:
describe_configuration_recorders(region)
def delete_config_rule(rule_name, region):
'''
delete config rule (makes sure you passed a rule name)
'''
if rule_name:
delete_rule(rule_name, region)
def delete_config_recorder(recorder_name, region):
'''
delete config recorder (makes sure you passed a recorder name)
'''
if recorder_name:
delete_recorder(recorder_name, region)

2
libs/datapipeline.py
View File

@@ -25,7 +25,7 @@ credentials = session.get_credentials()
AWS_ACCESS_KEY_ID = credentials.access_key
def list_pipelines():
def datapipeline_list_pipelines():
'''
Function to use the datapipeline boto3 library to list available pipelines
'''

48
libs/ec2.py
View File

@@ -26,6 +26,9 @@ AWS_ACCESS_KEY_ID = credentials.access_key
def review_encrypted_volumes():
'''
EC2 review encrypted volumes (describe volumes and check to see if encrypted or not)
'''
print("Reviewing EC2 Volumes... This may take a few....")
not_encrypted = []
encrypted = []
@@ -72,12 +75,15 @@ def review_encrypted_volumes():
def describe_instances():
'''
EC2 Describe Instances
'''
try:
for region in regions:
try:
client = boto3.client('ec2', region_name=region)
response = client.describe_instances()
#print(response)
# print(response)
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'UnauthorizedOperation':
print('{} : (UnauthorizedOperation) when calling the DescribeInstances -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
@@ -113,6 +119,10 @@ def describe_instances():
def describe_instances_basic():
'''
Describe EC2 instances:
print("InstanceID: {}, InstanceType: {}, State: {}, Launchtime: {}".format(instanceid, instancetype, state, launchtime))
'''
try:
for region in regions:
try:
@@ -262,7 +272,7 @@ def ec2_list_launchable_ami():
def ec2_list_owner_ami():
'''
For each region list your AMI's Owners=['self']
For each region list your AMI's Owners=['self']
'''
try:
for region in regions:
@@ -365,6 +375,9 @@ def get_instance_volume_details2():
def describe_addresses():
'''
Describe EC2 addresses (loop through all regions)
'''
try:
for region in regions:
try:
@@ -397,6 +410,9 @@ def describe_addresses():
def describe_network_interfaces():
'''
Describe EC2 network interfaces (loop through all regions)
'''
try:
for region in regions:
try:
@@ -430,6 +446,9 @@ def describe_network_interfaces():
def describe_route_tables():
'''
Describe EC2 route tables (loop through all regions)
'''
try:
for region in regions:
try:
@@ -463,6 +482,9 @@ def describe_route_tables():
def get_console_screenshot(instanceid, region):
'''
Get console screenshot of the specified InstanceID in the specified region
'''
try:
client = boto3.client('ec2', region_name=region)
print("[INFO] Checking for required permissions to screenshot: {} on {} [INFO]" .format(instanceid, region))
@@ -488,6 +510,9 @@ def get_console_screenshot(instanceid, region):
def get_console_screenshot_all():
'''
loop through all regions and attempt to screenshot
'''
try:
for region in regions:
try:
@@ -543,6 +568,9 @@ def get_console_screenshot_all():
def get_console_screenshot_all_region(region):
'''
Attempt to get screenshots of all EC2 instances in a specified region
'''
try:
client = boto3.client('ec2', region_name=region)
response = client.describe_instances()
@@ -592,6 +620,10 @@ def get_console_screenshot_all_region(region):
def get_console_screenshot_all_region_list(file, region):
'''
Read a list of ec2 instanceIDs and attempt to screenshot them. They need to be in the same region
see write_instances_to_file to get a list of instances by region
'''
try:
client = boto3.client('ec2', region_name=region)
@@ -631,6 +663,9 @@ def get_console_screenshot_all_region_list(file, region):
def get_console_output(instanceid, region):
'''
Attempt to get console output for specified instanceID and region
'''
try:
client = boto3.client('ec2', region_name=region)
print("[INFO] Checking for required permissions to get console output: {} on {} [INFO]" .format(instanceid, region))
@@ -656,6 +691,9 @@ def get_console_output(instanceid, region):
def get_console_output_all():
'''
loop through all regions and attempt to get console output
'''
try:
for region in regions:
try:
@@ -714,6 +752,9 @@ def get_console_output_all():
def get_console_output_all_region(region):
'''
loop thorugh a region and attempt to get the console output
'''
try:
client = boto3.client('ec2', region_name=region)
response = client.describe_instances()
@@ -764,6 +805,9 @@ def get_console_output_all_region(region):
def get_console_output_all_region_list(file, region):
'''
read in a file of instanceIDs for a region and attempt ot get the console output
'''
try:
client = boto3.client('ec2', region_name=region)

7
libs/ecr.py
View File

@@ -11,7 +11,7 @@ import sys
pp = pprint.PrettyPrinter(indent=5, width=80)
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-southeast-1', 'ap-southeast-2', ]
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-southeast-1', 'ap-southeast-2']
'''
Code to get the AWS_ACCESS_KEY_ID from boto3
@@ -21,7 +21,7 @@ credentials = session.get_credentials()
AWS_ACCESS_KEY_ID = credentials.access_key
def describe_repositories():
def ecr_describe_repositories():
'''
Use ecr describe_repositories function to list available repositories
'''
@@ -29,11 +29,8 @@ def describe_repositories():
try:
for region in regions:
client = boto3.client('ecr', region_name=region)
response = client.describe_repositories()
# print (response)
if response.get('repositories') is None:
print("{} likely does not have ECR permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['repositories']) <= 0:

45
libs/elasticbeanstalk.py
View File

@@ -11,7 +11,7 @@ import sys
pp = pprint.PrettyPrinter(indent=5, width=80)
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2']
'''
Code to get the AWS_ACCESS_KEY_ID from boto3
@@ -21,15 +21,16 @@ credentials = session.get_credentials()
AWS_ACCESS_KEY_ID = credentials.access_key
def describe_applications():
def elasticbeanstalk_describe_applications():
'''
Elasticbeanstalk Describe Applications
'''
print("### Printing ElasticBeanstalk Applications ###")
try:
for region in regions:
client = boto3.client('elasticbeanstalk', region_name=region)
response = client.describe_applications()
# print response
# print(response)
if response.get('Applications') is None:
print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID))
@@ -54,15 +55,16 @@ def describe_applications():
print("CTRL-C received, exiting...")
def describe_application_versions():
def elasticbeanstalk_describe_application_versions():
'''
Elasticbeanstalk Describe Application versions
'''
print("### Printing ElasticBeanstalk Applications Versions ###")
try:
for region in regions:
client = boto3.client('elasticbeanstalk', region_name=region)
response = client.describe_application_versions()
# print response
# print(response)
if response.get('ApplicationVersions') is None:
print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID))
@@ -87,16 +89,17 @@ def describe_application_versions():
print("CTRL-C received, exiting...")
def describe_configuration_options():
def elasticbeanstalk_describe_configuration_options():
'''
Elasticbeanstalk Describe Configuration options
Currently not working
'''
print("### Printing ElasticBeanstalk Configuration Options ###")
try:
for region in regions:
client = boto3.client('elasticbeanstalk', region_name=region)
response = client.describe_configuration_options()
print(response)
# print response
# print(response)
if response.get('Options') is None:
print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID))
@@ -126,14 +129,15 @@ def describe_configuration_options():
print("CTRL-C received, exiting...")
def describe_environments():
def elasticbeanstalk_describe_environments():
'''
Elasticbeanstalk Describe Environments
'''
print("### Printing ElasticBeanstalk Environments ###")
try:
for region in regions:
client = boto3.client('elasticbeanstalk', region_name=region)
response = client.describe_environments()
# print response
if response.get('Environments') is None:
@@ -159,14 +163,15 @@ def describe_environments():
print("CTRL-C received, exiting...")
def describe_events():
def elasticbeanstalk_describe_events():
'''
Elasticbeanstalk Describe Events
'''
print("### Printing ElasticBeanstalk Environments ###")
try:
for region in regions:
client = boto3.client('elasticbeanstalk', region_name=region)
response = client.describe_events()
# print(response)
if response.get('Events') is None:

9
libs/emr.py
View File

@@ -22,11 +22,13 @@ AWS_ACCESS_KEY_ID = credentials.access_key
def list_clusters():
'''
List EMR Clusters
'''
print("### Printing EMR Clusters ###")
try:
for region in regions:
client = boto3.client('emr', region_name=region)
response = client.list_clusters()
if response.get('Clusters') is None:
@@ -53,13 +55,14 @@ def list_clusters():
def list_security_configurations():
'''
List EMR Security Configurations
'''
print("### Printing EMR Security Configuration ###")
try:
for region in regions:
client = boto3.client('emr', region_name=region)
response = client.list_security_configurations()
# print(response)
if response.get('SecurityConfigurations') is None:

8
libs/firehose.py
View File

@@ -29,7 +29,6 @@ def firehose_list_delivery_streams():
try:
for region in regions:
client = boto3.client('firehose', region_name=region)
response = client.list_delivery_streams()
# print(response)
@@ -63,7 +62,6 @@ def firehose_describe_delivery_streams():
try:
for region in regions:
client = boto3.client('firehose', region_name=region)
response = client.list_delivery_streams()
# print(response)
@@ -74,9 +72,9 @@ def firehose_describe_delivery_streams():
else:
print("### {} Firehose Delivery Streams ###" .format(region))
for stream in response['DeliveryStreamNames']:
details = client.describe_delivery_stream(DeliveryStreamName=stream)
# This just prints the blob, needs to be cleaned up
print(details)
details = client.describe_delivery_stream(DeliveryStreamName=stream)
# This just prints the blob, needs to be cleaned up
print(details)
print("\n")
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':

1
libs/iam.py
View File

@@ -129,6 +129,7 @@ def get_password_policy():
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
def get_account_authorization_details():
'''
Get the account authoirzation details

17
libs/opsworks.py
View File

@@ -10,7 +10,7 @@ pp = pprint.PrettyPrinter(indent=5, width=80)
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
# http://docs.aws.amazon.com/general/latest/gr/rande.html#opsworks_region
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-1', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1' ]
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-1', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1']
'''
Code to get the AWS_ACCESS_KEY_ID from boto3
@@ -21,6 +21,9 @@ AWS_ACCESS_KEY_ID = credentials.access_key
def describe_stacks():
'''
Opsworks decribe stacks
'''
print('#### Listing Stacks ####')
try:
for region in regions:
@@ -29,7 +32,6 @@ def describe_stacks():
region_name=region
)
response = client.describe_stacks()
# debug
# print(response)
if response.get('Stacks') is None:
print("{} likely does not have Opsworks permissions\n" .format(AWS_ACCESS_KEY_ID))
@@ -55,6 +57,9 @@ def describe_stacks():
def describe_user_profiles():
'''
Opsworks describe user profiles
'''
print('#### Listing User Profiles ####')
try:
for region in regions:
@@ -65,11 +70,11 @@ def describe_user_profiles():
response = client.describe_user_profiles()
# debug
print(response)
#if response.get('Stacks') is None:
# if response.get('Stacks') is None:
# print("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID))
#elif len(response['Stacks']) <= 0:
# elif len(response['Stacks']) <= 0:
# print("[-] DescribeStacks allowed for {} but no results (everyone seems to have this permission) [-]\n" .format(region))
#else: # THIS PART IS UNTESTED
# else: # THIS PART IS UNTESTED
# for r in response['Stacks']:
# pp.pprint(r)
except botocore.exceptions.EndpointConnectionError as e:
@@ -86,5 +91,3 @@ def describe_user_profiles():
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")

7
libs/pricing.py
View File

@@ -9,8 +9,8 @@ import sys
pp = pprint.PrettyPrinter(indent=5, width=80)
#from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'ap-south-1' ]
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'ap-south-1']
'''
Code to get the AWS_ACCESS_KEY_ID from boto3
@@ -21,6 +21,9 @@ AWS_ACCESS_KEY_ID = credentials.access_key
def pricing_describe_services():
'''
Using pricing service describe services
'''
try:
for region in regions:
client = boto3.client('pricing', region_name=region)

5
libs/rds.py
View File

@@ -9,7 +9,7 @@ import pprint
pp = pprint.PrettyPrinter(indent=5, width=80)
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2']
'''
Code to get the AWS_ACCESS_KEY_ID from boto3
@@ -20,6 +20,9 @@ AWS_ACCESS_KEY_ID = credentials.access_key
def describe_db_instances():
'''
RDS describe DB instances
'''
print("### Printing RDS DB instances ###")
try:
for region in regions:

13
libs/route53.py
View File

@@ -11,7 +11,7 @@ import sys
pp = pprint.PrettyPrinter(indent=5, width=80)
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2']
region_single = ['us-east-1']
@@ -24,15 +24,16 @@ AWS_ACCESS_KEY_ID = credentials.access_key
def list_geolocations():
'''
Route53 list geolocations
'''
print("### Printing Route53 GeoLocations ###")
try:
#cheating because they are all the same for this function call
# cheating because they are all the same for this function call
for region in region_single:
client = boto3.client('route53', region_name=region)
response = client.list_geo_locations()
#print response
# print(response)
if response.get('GeoLocationDetailsList') is None:
print("{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID))
@@ -56,4 +57,4 @@ def list_geolocations():
else:
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
print("CTRL-C received, exiting...")

3
libs/s3.py
View File

@@ -14,6 +14,7 @@ Code to get the AWS_ACCESS_KEY_ID from boto3
session = boto3.Session()
credentials = session.get_credentials()
AWS_ACCESS_KEY_ID = credentials.access_key
AWS_SECRET_ACCESS_KEY = credentials.secret_key
def get_s3bucket_policy(bucket):
@@ -161,7 +162,7 @@ def get_s3objects_for_account_detailed():
print('#### Trying to list s3 bucketsfor {} ####\n '.format(AWS_ACCESS_KEY_ID))
for bucket in client.buckets.all():
print(bucket.name)
get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,bucket.name)
get_s3bucket_policy(bucket.name)
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':

23
libs/ses.py
View File

@@ -9,7 +9,7 @@ import pprint
pp = pprint.PrettyPrinter(indent=5, width=80)
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-west-2', 'eu-west-1' ]
regions = ['us-east-1', 'us-west-2', 'eu-west-1']
'''
Code to get the AWS_ACCESS_KEY_ID from boto3
@@ -20,7 +20,10 @@ AWS_ACCESS_KEY_ID = credentials.access_key
def list_identities():
print("### Printing SES Identifies ###")
'''
SES List identities
'''
print("### Printing SES Identities ###")
try:
for region in regions:
client = boto3.client(
@@ -37,7 +40,6 @@ def list_identities():
else:
print("### {} SES Identities ###" .format(region))
for r in response['Identities']:
#for i in r['Instances']:
pp.pprint(r)
print("\n")
@@ -53,8 +55,12 @@ def list_identities():
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
def get_send_statistics():
print("### Printing SES Identifies ###")
'''
SES get send statistics
'''
print("### Printing SES Send Statistics ###")
try:
for region in regions:
client = boto3.client(
@@ -71,7 +77,6 @@ def get_send_statistics():
else:
print("### {} SES Send Statistics ###" .format(region))
for r in response['SendDataPoints']:
#for i in r['Instances']:
pp.pprint(r)
print("\n")
@@ -87,8 +92,12 @@ def get_send_statistics():
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
def list_configuration_sets():
print("### Printing SES Identifies ###")
'''
SES List configuration sets
'''
print("### Printing SES Configuration Sets ###")
try:
for region in regions:
client = boto3.client(
@@ -105,7 +114,6 @@ def list_configuration_sets():
else:
print("### {} SES Configuration Sets ###" .format(region))
for r in response['ConfigurationSets']:
#for i in r['Instances']:
pp.pprint(r)
print("\n")
@@ -120,4 +128,3 @@ def list_configuration_sets():
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")

36
libs/sql.py
View File

@@ -5,17 +5,17 @@ Custom SQL/database functions for WeirdAAL
import sqlite3
from sqlite3 import Error
def create_table(db_name,table_name,sql):
def create_table(db_name, table_name, sql):
'''
SQLite3 create table function
'''
with sqlite3.connect(db_name) as db:
cursor = db.cursor()
cursor.execute("""SELECT name FROM sqlite_master WHERE name=?""",(table_name,))
cursor.execute("""SELECT name FROM sqlite_master WHERE name=?""", (table_name,))
result = cursor.fetchall()
keep_table = True
if len(result) == 1:
#python 3
response = input("The table {} already exists, do you wish to recreate it? (y/n): ".format(table_name))
if response == "y":
keep_table = False
@@ -43,9 +43,9 @@ def create_recon_table(db_name, table_name):
target text,
checked_at timestamp,
PRIMARY KEY (ID))"""
#FOREIGN KEY (AWSKeyID) references AWSKey(ID))"""
create_table(db_name,table_name,sql)
print ("created table: {}".format(table_name))
# FOREIGN KEY (AWSKeyID) references AWSKey(ID))"""
create_table(db_name, table_name, sql)
print("created table: {}".format(table_name))
def create_awskey_table(db_name, table_name):
@@ -58,8 +58,8 @@ def create_awskey_table(db_name, table_name):
description text,
target text,
PRIMARY KEY(ID))"""
create_table(db_name,table_name,sql)
print ("created table: {}".format(table_name))
create_table(db_name, table_name, sql)
print("created table: {}".format(table_name))
def create_services_table(db_name, table_name):
@@ -75,8 +75,8 @@ def create_services_table(db_name, table_name):
checked_at timestamp,
target text,
PRIMARY KEY(ID))"""
create_table(db_name,table_name,sql)
print ("created table: {}".format(table_name))
create_table(db_name, table_name, sql)
print("created table: {}".format(table_name))
def insert_awskey_data(db_name, records):
@@ -85,7 +85,7 @@ def insert_awskey_data(db_name, records):
'''
sql = """INSERT INTO AWSKey(AWSKeyID, description, target) VALUES (?,?,?)"""
for record in records:
query(db_name, sql,record)
query(db_name, sql, record)
def insert_reconservice_data(db_name, records):
@@ -94,7 +94,7 @@ def insert_reconservice_data(db_name, records):
'''
sql = """INSERT INTO recon(service, sub_service, AWSKeyID, target, checked_at) VALUES (?,?,?,?,?)"""
for record in records:
query(db_name,sql,record)
query(db_name, sql, record)
def insert_sub_service_data(db_name, records):
@@ -103,26 +103,26 @@ def insert_sub_service_data(db_name, records):
'''
sql = """INSERT INTO services(service, sub_service, sub_service_data, AWSKeyID, target, checked_at) VALUES (?,?,?,?,?,?)"""
for record in records:
query(db_name,sql,record)
query(db_name, sql, record)
def search_recon_by_key(db_name,AWSKeyID):
def search_recon_by_key(db_name, AWSKeyID):
'''
Function to query services by AWSKey and order them by time
'''
with sqlite3.connect(db_name) as db:
cursor = db.cursor()
cursor.execute("""SELECT DISTINCT service, sub_service, checked_at FROM recon WHERE AWSKeyID=? ORDER BY datetime(checked_at)""",(AWSKeyID,))
cursor.execute("""SELECT DISTINCT service, sub_service, checked_at FROM recon WHERE AWSKeyID=? ORDER BY datetime(checked_at)""", (AWSKeyID,))
results = cursor.fetchall()
return results
def query(db_name,sql,data):
def query(db_name, sql, data):
'''
Generic query function
'''
with sqlite3.connect(db_name) as db:
cursor = db.cursor()
#cursor.execute("""PRAGMA foreign_keys = ON""")
cursor.execute(sql,data)
# cursor.execute("""PRAGMA foreign_keys = ON""")
cursor.execute(sql, data)
db.commit()

6
libs/sqs.py
View File

@@ -9,7 +9,7 @@ import pprint
pp = pprint.PrettyPrinter(indent=5, width=80)
# from https://docs.aws.amazon.com/general/latest/gr/rande.html#sqs_region
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', 'ca-central-1', 'cn-north-1', 'cn-northwest-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1', 'us-gov-west-1' ]
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', 'ca-central-1', 'cn-north-1', 'cn-northwest-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1', 'us-gov-west-1']
'''
Code to get the AWS_ACCESS_KEY_ID from boto3
@@ -20,6 +20,9 @@ AWS_ACCESS_KEY_ID = credentials.access_key
def sqs_list_queues():
'''
SQS List Queues
'''
try:
for region in regions:
client = boto3.client("sqs", region_name=region)
@@ -45,4 +48,3 @@ def sqs_list_queues():
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")

6
libs/sts.py
View File

@@ -54,8 +54,8 @@ def sts_get_accountid_all():
account_userid = client.get_caller_identity()["UserId"]
account_arn = client.get_caller_identity()["Arn"]
print("Account Id: {}" .format(account_id))
print("Account UserID: {}" .format(account_userid) )
print("Account ARN: {}" .format(account_arn) )
print("Account UserID: {}" .format(account_userid))
print("Account ARN: {}" .format(account_arn))
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
@@ -67,4 +67,4 @@ def sts_get_accountid_all():
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
return account_id
return account_id

8
libs/translate.py
View File

@@ -10,8 +10,8 @@ import sys
pp = pprint.PrettyPrinter(indent=5, width=80)
#from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-east-2', 'us-west-2', 'eu-west-1' ]
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-east-2', 'us-west-2', 'eu-west-1']
'''
Code to get the AWS_ACCESS_KEY_ID from boto3
@@ -20,6 +20,7 @@ session = boto3.Session()
credentials = session.get_credentials()
AWS_ACCESS_KEY_ID = credentials.access_key
def translate_text(text, source_lang, target_lang):
'''
Translate a block of text from source to target language
@@ -38,7 +39,6 @@ def translate_text(text, source_lang, target_lang):
else:
print("### {}: Translated Text ###\n" .format(region))
print("Translated Text: {}".format(response['TranslatedText']))
print("\n")
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'UnauthorizedOperation':
@@ -48,4 +48,4 @@ def translate_text(text, source_lang, target_lang):
else:
print(e)
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
print("CTRL-C received, exiting...")