dash/weirdAAL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

global vars for db_name and target

Browse Source
This commit is contained in:
cktricky
2018-04-21 14:15:35 -04:00
parent bda996a3ce
commit 283bb147fe
6 changed files with 15 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
create_dbs.py
View File

@@ -7,7 +7,6 @@ from libs.sql import *
#create some tables to stick data in #create some tables to stick data in
if __name__ == "__main__": if __name__ == "__main__":
db_name = "weirdAAL.db"
create_awskey_table(db_name, "AWSKey") create_awskey_table(db_name, "AWSKey")
create_recon_table(db_name, "recon") create_recon_table(db_name, "recon")
create_services_table(db_name,"services") create_services_table(db_name,"services")

12
libs/brute.py
View File

@@ -2,7 +2,7 @@
Brute functions for WeirdAAL Brute functions for WeirdAAL
This is the main brute library so that we can get an idea what services a particular This is the main brute library so that we can get an idea what services a particular
key has access to. We do this by asking if we have permission on as many services & key has access to. We do this by asking if we have permission on as many services &
subfunctions as we can. Printed to screen and logged to db. subfunctions as we can. Printed to screen and logged to db.
''' '''
@@ -17,10 +17,6 @@ import sys
from libs.sql import * from libs.sql import *
#from conf.conf import *
# we chould probably load this from one place in the future #TODO
db_name = "weirdAAL.db"
pp = pprint.PrettyPrinter(indent=5, width=80) pp = pprint.PrettyPrinter(indent=5, width=80)
@@ -614,7 +610,7 @@ def brute_dax_permissions():
http://boto3.readthedocs.io/en/latest/reference/services/dax.html http://boto3.readthedocs.io/en/latest/reference/services/dax.html
''' '''
print("### Enumerating DynamoDB Accelerator (DAX) Permissions ###") print("### Enumerating DynamoDB Accelerator (DAX) Permissions ###")
tests = [('DescribeClusters', 'describe_clusters', (), {}, ), tests = [('DescribeClusters', 'describe_clusters', (), {}, ),
('DescribeDefaultParameters', 'describe_default_parameters', (), {}, ), ('DescribeDefaultParameters', 'describe_default_parameters', (), {}, ),
('DescribeEvents', 'describe_events', (), {}, ), ('DescribeEvents', 'describe_events', (), {}, ),
('DescribeParameterGroups', 'describe_parameter_groups', (), {}, ), ('DescribeParameterGroups', 'describe_parameter_groups', (), {}, ),
@@ -1624,7 +1620,7 @@ def brute_waf_permissions():
''' '''
print("### Enumerating AWS WAF Permissions ###") print("### Enumerating AWS WAF Permissions ###")
tests = [('ListRules', 'list_rules', (), {}), tests = [('ListRules', 'list_rules', (), {}),
('ListRuleGroups', 'list_rule_groups', (), {}), ('ListRuleGroups', 'list_rule_groups', (), {}),
#('ListActivatedRulesInRuleGroup', 'list_activated_rules_in_rule_group', (), {}), #('ListActivatedRulesInRuleGroup', 'list_activated_rules_in_rule_group', (), {}),
('ListIpSets', 'list_ip_sets', (), {}), ] ('ListIpSets', 'list_ip_sets', (), {}), ]
return generic_permission_bruteforcer('waf', tests) return generic_permission_bruteforcer('waf', tests)
@@ -1636,7 +1632,7 @@ def brute_waf_regional_permissions():
''' '''
print("### Enumerating AWS WAF Regional Permissions ###") print("### Enumerating AWS WAF Regional Permissions ###")
tests = [('ListRules', 'list_rules', (), {}), tests = [('ListRules', 'list_rules', (), {}),
('ListRuleGroups', 'list_rule_groups', (), {}), ('ListRuleGroups', 'list_rule_groups', (), {}),
#('ListActivatedRulesInRuleGroup', 'list_activated_rules_in_rule_group', (), {}), #('ListActivatedRulesInRuleGroup', 'list_activated_rules_in_rule_group', (), {}),
('ListIpSets', 'list_ip_sets', (), {}), ] ('ListIpSets', 'list_ip_sets', (), {}), ]
return generic_permission_bruteforcer('waf-regional', tests) return generic_permission_bruteforcer('waf-regional', tests)

7
libs/ec2.py
View File

@@ -11,9 +11,6 @@ import time
from libs.sql import * from libs.sql import *
# we chould probably load this from one place in the future #TODO
db_name = "weirdAAL.db"
pp = pprint.PrettyPrinter(indent=5, width=80) pp = pprint.PrettyPrinter(indent=5, width=80)
# from http://docs.aws.amazon.com/general/latest/gr/rande.html # from http://docs.aws.amazon.com/general/latest/gr/rande.html
@@ -423,7 +420,7 @@ def get_console_screenshot_all_region(region):
def get_console_screenshot_all_region_list(file,region): def get_console_screenshot_all_region_list(file,region):
try: try:
client = boto3.client('ec2', region_name=region) client = boto3.client('ec2', region_name=region)
alist = [line.rstrip() for line in open(file)] alist = [line.rstrip() for line in open(file)]
for line in alist: for line in alist:
try: try:
@@ -578,7 +575,7 @@ def get_console_output_all_region(region):
def get_console_output_all_region_list(file,region): def get_console_output_all_region_list(file,region):
try: try:
client = boto3.client('ec2', region_name=region) client = boto3.client('ec2', region_name=region)
alist = [line.rstrip() for line in open(file)] alist = [line.rstrip() for line in open(file)]
for line in alist: for line in alist:
try: try:

1
modules/db.py
View File

@@ -12,7 +12,6 @@ session = boto3.Session()
credentials = session.get_credentials() credentials = session.get_credentials()
AWS_ACCESS_KEY_ID = credentials.access_key AWS_ACCESS_KEY_ID = credentials.access_key
db_name = "weirdAAL.db"
# for a key, what services does it have listed in the DB # for a key, what services does it have listed in the DB

5
test_insert.py
View File

@@ -1,4 +1,4 @@
import datetime import datetime
import sqlite3 import sqlite3
from sqlite3 import Error from sqlite3 import Error
@@ -8,7 +8,6 @@ from libs.sql import *
#create some tables to stick data in #create some tables to stick data in
if __name__ == "__main__": if __name__ == "__main__":
db_name = "weirdAAL.db"
timenow = datetime.datetime.now() timenow = datetime.datetime.now()
test_aws_key = [("AKIAIOSFODNN7EXAMPLE", "some test shit")] test_aws_key = [("AKIAIOSFODNN7EXAMPLE", "some test shit")]
@@ -18,4 +17,4 @@ if __name__ == "__main__":
insert_reconservice_data(db_name, test_service_data) insert_reconservice_data(db_name, test_service_data)
test_sub_service_data = [("ec2","DescribeInstances","{'Groups': [], 'Instances': [{'AmiLaunchIndex': 0, 'ImageId': 'ami-90123455', 'InstanceId': 'i-04340cXXXXXXX', 'InstanceType': 't2.micro', 'KeyName': 'TEST THAT SHIT', 'LaunchTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'Monitoring': {'State': 'disabled'}, 'Placement': {'AvailabilityZone': 'us-east-1e', 'GroupName': '', 'Tenancy': 'default'}, 'Platform': 'windows', 'PrivateDnsName': 'ip-192-168-1-15.ec2.internal', 'PrivateIpAddress': '192.168.1.15', 'ProductCodes': [], 'PublicDnsName': '', 'State': {'Code': 16, 'Name': 'running'}, 'StateTransitionReason': '', 'SubnetId': 'subnet-12345a', 'VpcId': 'vpc-12345a', 'Architecture': 'x86_64', 'BlockDeviceMappings': [{'DeviceName': '/dev/sda1', 'Ebs': {'AttachTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'DeleteOnTermination': True, 'Status': 'attached', 'VolumeId': 'vol-123456'}}], 'ClientToken': '', 'EbsOptimized': False, 'EnaSupport': True, 'Hypervisor': 'xen', 'NetworkInterfaces': [{'Attachment': {'AttachTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'AttachmentId': 'eni-attach-12345', 'DeleteOnTermination': True, 'DeviceIndex': 0, 'Status': 'attached'}, 'Description': 'Primary network interface', 'Groups': [{'GroupName': 'INTERNAL', 'GroupId': 'sg-x12345c'}], 'Ipv6Addresses': [], 'MacAddress': 'ff:aa:ad:b1:c0:34', 'NetworkInterfaceId': 'eni-654321', 'OwnerId': 'xxxxxxxxxx', 'PrivateIpAddress': '192.168.1.15', 'PrivateIpAddresses': [{'Primary': True, 'PrivateIpAddress': '192.168.1.15'}], 'SourceDestCheck': True, 'Status': 'in-use', 'SubnetId': 'subnet-85d385ba', 'VpcId': 'vpc-deadbabe'}], 'RootDeviceName': '/dev/sda1', 'RootDeviceType': 'ebs', 'SecurityGroups': [{'GroupName': 'INTERNAL', 'GroupId': 'sg-12345'}], 'SourceDestCheck': True, 'Tags': [{'Key': 'Name', 'Value': 'INTERNAL'}], 'VirtualizationType': 'hvm'}], 'OwnerId': 'xxxxxxxxxx', 'ReservationId': 'r-00000000555555'}","AKIAIOSFODNN7EXAMPLE", datetime.datetime.now()),("ecr","DescribeRepositories","poop", "AKIAIOSFODNN7EXAMPLE",datetime.datetime.now())] test_sub_service_data = [("ec2","DescribeInstances","{'Groups': [], 'Instances': [{'AmiLaunchIndex': 0, 'ImageId': 'ami-90123455', 'InstanceId': 'i-04340cXXXXXXX', 'InstanceType': 't2.micro', 'KeyName': 'TEST THAT SHIT', 'LaunchTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'Monitoring': {'State': 'disabled'}, 'Placement': {'AvailabilityZone': 'us-east-1e', 'GroupName': '', 'Tenancy': 'default'}, 'Platform': 'windows', 'PrivateDnsName': 'ip-192-168-1-15.ec2.internal', 'PrivateIpAddress': '192.168.1.15', 'ProductCodes': [], 'PublicDnsName': '', 'State': {'Code': 16, 'Name': 'running'}, 'StateTransitionReason': '', 'SubnetId': 'subnet-12345a', 'VpcId': 'vpc-12345a', 'Architecture': 'x86_64', 'BlockDeviceMappings': [{'DeviceName': '/dev/sda1', 'Ebs': {'AttachTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'DeleteOnTermination': True, 'Status': 'attached', 'VolumeId': 'vol-123456'}}], 'ClientToken': '', 'EbsOptimized': False, 'EnaSupport': True, 'Hypervisor': 'xen', 'NetworkInterfaces': [{'Attachment': {'AttachTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'AttachmentId': 'eni-attach-12345', 'DeleteOnTermination': True, 'DeviceIndex': 0, 'Status': 'attached'}, 'Description': 'Primary network interface', 'Groups': [{'GroupName': 'INTERNAL', 'GroupId': 'sg-x12345c'}], 'Ipv6Addresses': [], 'MacAddress': 'ff:aa:ad:b1:c0:34', 'NetworkInterfaceId': 'eni-654321', 'OwnerId': 'xxxxxxxxxx', 'PrivateIpAddress': '192.168.1.15', 'PrivateIpAddresses': [{'Primary': True, 'PrivateIpAddress': '192.168.1.15'}], 'SourceDestCheck': True, 'Status': 'in-use', 'SubnetId': 'subnet-85d385ba', 'VpcId': 'vpc-deadbabe'}], 'RootDeviceName': '/dev/sda1', 'RootDeviceType': 'ebs', 'SecurityGroups': [{'GroupName': 'INTERNAL', 'GroupId': 'sg-12345'}], 'SourceDestCheck': True, 'Tags': [{'Key': 'Name', 'Value': 'INTERNAL'}], 'VirtualizationType': 'hvm'}], 'OwnerId': 'xxxxxxxxxx', 'ReservationId': 'r-00000000555555'}","AKIAIOSFODNN7EXAMPLE", datetime.datetime.now()),("ecr","DescribeRepositories","poop", "AKIAIOSFODNN7EXAMPLE",datetime.datetime.now())]
insert_sub_service_data(db_name, test_sub_service_data) insert_sub_service_data(db_name, test_sub_service_data)

6
weirdAAL.py
View File

@@ -12,6 +12,7 @@ import os
from botocore.exceptions import ClientError from botocore.exceptions import ClientError
from modules import * from modules import *
import sys import sys
import builtins
os.environ['AWS_SHARED_CREDENTIALS_FILE'] = '.env' os.environ['AWS_SHARED_CREDENTIALS_FILE'] = '.env'
@@ -28,6 +29,11 @@ parser.add_argument("-l", "--list", help="list modules", action="store_true")
parser.add_argument("-v", "--verbosity", help="increase output verbosity", action="store_true") parser.add_argument("-v", "--verbosity", help="increase output verbosity", action="store_true")
args = parser.parse_args() args = parser.parse_args()
# Provides us with a global var "db_name" we can access anywhere
builtins.db_name = "weirdAAL.py"
# Provides us with a global var "target" we can access anywhere
builtsins.target = args.target
def perform_credential_check(): def perform_credential_check():
''' '''