diff --git a/ec2_get_all_instances.py b/ec2_get_all_instances.py deleted file mode 100644 index 7989079..0000000 --- a/ec2_get_all_instances.py +++ /dev/null @@ -1,7 +0,0 @@ -''' -This file is used to list ec2 instances -''' -from libs.ec2 import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - -get_instance_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/libs/dynamodbstreams.py b/libs/dynamodbstreams.py index 2b55bb0..cdabf07 100644 --- a/libs/dynamodbstreams.py +++ b/libs/dynamodbstreams.py @@ -18,6 +18,7 @@ def list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): try: for region in regions: client = boto3.client('dynamodbstreams', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + response = client.list_streams() if response.get('Streams') is None: print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['Streams']) <= 0: diff --git a/libs/ec2.py b/libs/ec2.py index 5f9a070..dcc008a 100644 --- a/libs/ec2.py +++ b/libs/ec2.py @@ -1,4 +1,6 @@ -#ec2 functions go here +''' +ec2 functions go here +''' import boto3 import botocore @@ -6,117 +8,130 @@ import pprint pp = pprint.PrettyPrinter(indent=5, width=80) -#from http://docs.aws.amazon.com/general/latest/gr/rande.html -regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] +# from http://docs.aws.amazon.com/general/latest/gr/rande.html +regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2'] # we are past the enumeration stage at this point assume you have key that works + + def review_encrypted_volumes(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print("Reviewing EC2 Volumes... This may take a few....") - not_encrypted = [] - encrypted = [] - try: - with open("{}-volumes_list.txt" .format(AWS_ACCESS_KEY_ID), "w") as fout: - for region in regions: - client = boto3.client( - 'ec2', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, - region_name=region - ) + print("Reviewing EC2 Volumes... This may take a few....") + not_encrypted = [] + encrypted = [] + try: + with open("{}-volumes_list.txt" .format(AWS_ACCESS_KEY_ID), "w") as fout: + for region in regions: + client = boto3.client('ec2', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + response = client.describe_volumes(Filters=[{ + 'Name': 'status', + 'Values': ['in-use'] + }])['Volumes'] - response = client.describe_volumes(Filters=[{ - 'Name' : 'status', - 'Values' : ['in-use'] - }])['Volumes'] - - for volume in response: - if volume['Encrypted']: - encrypted.append(volume['VolumeId']) - else: - not_encrypted.append(volume['VolumeId']) - fout.write("\nEncrypted: " + str(volume['Encrypted'])) - for attachments in volume['Attachments']: - fout.write("\nInstance ID: " + attachments['InstanceId']) - fout.write("\nVolume ID: " + volume['VolumeId']) - fout.write("\nRegion: " + region) - fout.write("\n" + "-" * 40) - print("Writing out results") - fout.write("\nNot encrypted: " + str(len(not_encrypted)) + "\n") - fout.write(pprint.pformat(not_encrypted)) - fout.write("\nEncrypted: " + str(len(encrypted)) + "\n") - fout.write(pprint.pformat(encrypted)) - except botocore.exceptions.ClientError as e: - if e.response['Error']['Code'] == 'UnauthorizedOperation': - print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) - else: - print(e) - except KeyboardInterrupt: - print("CTRL-C received, exiting...") + for volume in response: + if volume['Encrypted']: + encrypted.append(volume['VolumeId']) + else: + not_encrypted.append(volume['VolumeId']) + fout.write("\nEncrypted: " + str(volume['Encrypted'])) + for attachments in volume['Attachments']: + fout.write("\nInstance ID: " + attachments['InstanceId']) + fout.write("\nVolume ID: " + volume['VolumeId']) + fout.write("\nRegion: " + region) + fout.write("\n" + "-" * 40) + print("Writing out results") + fout.write("\nNot encrypted: " + str(len(not_encrypted)) + "\n") + fout.write(pprint.pformat(not_encrypted)) + fout.write("\nEncrypted: " + str(len(encrypted)) + "\n") + fout.write(pprint.pformat(encrypted)) + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'UnauthorizedOperation': + print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) + else: + print(e) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") def get_instance_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - try: - for region in regions: - client = boto3.client( - 'ec2', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, - region_name=region - ) + try: + for region in regions: + client = boto3.client('ec2', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + response = client.describe_instances() + if len(response['Reservations']) <= 0: + print("[-] List instances allowed for {} but no results [-]" .format(region)) + else: + print("[+] Listing instances for region: {} [+]" .format(region)) + for r in response['Reservations']: + for i in r['Instances']: + pp.pprint(i) - instances = client.describe_instances() - for r in instances['Reservations']: - for i in r['Instances']: - pp.pprint(i) + except botocore.exceptions.ClientError as e: + print(e) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + + +def get_instance_details_basic(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + try: + for region in regions: + client = boto3.client('ec2', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + response = client.describe_instances() + if len(response['Reservations']) <= 0: + print("[-] List instances allowed for {} but no results [-]" .format(region)) + else: + # print (response) + print("[+] Listing instances for region: {} [+]" .format(region)) + for r in response['Reservations']: + for i in r['Instances']: + launchtime = i['LaunchTime'] + instanceid = i['InstanceId'] + instancetype = i['InstanceType'] + state = i['State'] + print("InstanceID: {}, InstanceType: {}, State: {}, Launchtime: {}".format(instanceid, instancetype, state, launchtime)) + + except botocore.exceptions.ClientError as e: + print(e) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + +# show volumes sorted by instanceId ex: instanceID-->multiple volumes less detail than get_instance_volume_details2 - except botocore.exceptions.ClientError as e: - print(e) - except KeyboardInterrupt: - print("CTRL-C received, exiting...") -#show volumes sorted by instanceId ex: instanceID-->multiple volumes less detail than get_instance_volume_details2 def get_instance_volume_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - try: - for region in regions: - client = boto3.client( - 'ec2', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, - region_name=region - ) + try: + for region in regions: + client = boto3.client('ec2', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) - instances = client.describe_instances() - for r in instances['Reservations']: - for i in r['Instances']: - volumes = client.describe_instance_attribute(InstanceId=i['InstanceId'], Attribute='blockDeviceMapping') - print ("Instance ID: {} \n" .format(i['InstanceId'])) - pp.pprint(volumes) + instances = client.describe_instances() + for r in instances['Reservations']: + for i in r['Instances']: + volumes = client.describe_instance_attribute(InstanceId=i['InstanceId'], Attribute='blockDeviceMapping') + print("Instance ID: {} \n" .format(i['InstanceId'])) + pp.pprint(volumes) + + except botocore.exceptions.ClientError as e: + print(e) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + +# show volumes by instanceId but instanceID->volume1 of ID, instanceID->volume2 of ID but more details. - except botocore.exceptions.ClientError as e: - print(e) - except KeyboardInterrupt: - print("CTRL-C received, exiting...") -#show volumes by instanceId but instanceID->volume1 of ID, instanceID->volume2 of ID but more details. def get_instance_volume_details2(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - try: - for region in regions: - client = boto3.client( - 'ec2', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, - region_name=region - ) - response = client.describe_volumes(Filters=[{ - 'Name' : 'status', - 'Values' : ['in-use'] - }])['Volumes'] - for volume in response: - print("InstandID:{} \n" .format(volume['Attachments'][0]['InstanceId'])) - pp.pprint(volume) - print("\n") + try: + for region in regions: + client = boto3.client('ec2', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) - except botocore.exceptions.ClientError as e: - print(e) - except KeyboardInterrupt: - print("CTRL-C received, exiting...") + response = client.describe_volumes(Filters=[{ + 'Name': 'status', + 'Values': ['in-use'] + }])['Volumes'] + for volume in response: + print("InstandID:{} \n" .format(volume['Attachments'][0]['InstanceId'])) + pp.pprint(volume) + print("\n") + + except botocore.exceptions.ClientError as e: + print(e) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") diff --git a/datapipeline_list_pipelines.py b/modules/datapipeline.py similarity index 54% rename from datapipeline_list_pipelines.py rename to modules/datapipeline.py index 6a2597b..c17366b 100644 --- a/datapipeline_list_pipelines.py +++ b/modules/datapipeline.py @@ -4,5 +4,5 @@ data pipeline example from libs.datapipeline import * from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - -list_pipelines(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) +def step_datapipeline_list_pipelines(): + list_pipelines(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/modules/db.py b/modules/db.py index 348c759..b5f9a99 100644 --- a/modules/db.py +++ b/modules/db.py @@ -12,6 +12,14 @@ from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY # for a key, what services does it have listed in the DB def step_show_services_by_key(): + db_name = "weirdAAL.db" + results = search_recon_by_key(db_name,AWS_ACCESS_KEY_ID) + print("Services enumerated for {}".format(AWS_ACCESS_KEY_ID)) + for result in results: + print("{}:{}".format(result[0],result[1])) + +#same as show_sevices +def step_list_services_by_key(): db_name = "weirdAAL.db" results = search_recon_by_key(db_name,AWS_ACCESS_KEY_ID) print("Services enumerated for {}".format(AWS_ACCESS_KEY_ID)) diff --git a/modules/dynamodb.py b/modules/dynamodb.py new file mode 100644 index 0000000..a9fdf2e --- /dev/null +++ b/modules/dynamodb.py @@ -0,0 +1,11 @@ +''' +dynamoDB examples +''' +from libs.dynamodb import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + +def step_dynamodb_list_tables(): + list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + +def step_dynamodb_list_tables_detailed(): + list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/modules/dynamodbstreams.py b/modules/dynamodbstreams.py new file mode 100644 index 0000000..0cda511 --- /dev/null +++ b/modules/dynamodbstreams.py @@ -0,0 +1,8 @@ +''' +dynamoDBstreams examples +''' +from libs.dynamodbstreams import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + +def step_dynamodbstreams_list_streams(): + list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) \ No newline at end of file diff --git a/modules/ec2.py b/modules/ec2.py new file mode 100644 index 0000000..33b4278 --- /dev/null +++ b/modules/ec2.py @@ -0,0 +1,13 @@ +''' +This file is used to list ec2 instances +''' +from libs.ec2 import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +def step_ec2_get_instances_basic(): + get_instance_details_basic(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +def step_ec2_get_instances_detailed(): + get_instance_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)