firehose, sqs updates, recon module, etc

libs/dynamodb.py

@@ -62,6 +62,8 @@ def list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
             sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
         elif e.response['Error']['Code'] == 'AccessDenied':
             print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
+        elif e.response['Error']['Code'] == 'AccessDeniedException':
+            print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
         else:
             print("Unexpected error: {}" .format(e))
     except KeyboardInterrupt:
@@ -94,6 +96,8 @@ def describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, table, region):
             sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
         elif e.response['Error']['Code'] == 'AccessDenied':
             print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
+        elif e.response['Error']['Code'] == 'AccessDeniedException':
+            print('{} : Does not have the required DescribeTable permissions' .format(AWS_ACCESS_KEY_ID))
         else:
             print("Unexpected error: {}" .format(e))
     except KeyboardInterrupt:

libs/ecr.py

@@ -4,12 +4,13 @@ ECR functions
 
 import boto3
 import botocore
+import os
 import pprint
-import sys,os
+import sys
 
 pp = pprint.PrettyPrinter(indent=5, width=80)
 
-#from http://docs.aws.amazon.com/general/latest/gr/rande.html
+# from http://docs.aws.amazon.com/general/latest/gr/rande.html
 regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-southeast-1', 'ap-southeast-2',  ]
 
 def describe_repositories(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):

libs/emr.py

@@ -22,8 +22,6 @@ def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
 
             response = client.list_clusters()
 
-            # print response
-
             if response.get('Clusters') is None:
                 print("{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID))
             elif len(response['Clusters']) <= 0:

libs/firehose.py

@@ -0,0 +1,73 @@
+'''
+Firehose functions
+'''
+
+import boto3
+import botocore
+import os
+import pprint
+import sys
+
+pp = pprint.PrettyPrinter(indent=5, width=80)
+
+# from http://docs.aws.amazon.com/general/latest/gr/rande.html
+regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'eu-central-1', 'eu-west-1', 'ap-northeast-1', 'ap-southeast-1', 'ap-southeast-2', ]
+
+def firehose_list_delivery_streams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
+    print("### Printing Firehose Delivery Streams ###")
+    try:
+        for region in regions:
+            client = boto3.client('firehose', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
+
+            response = client.list_delivery_streams()
+
+            # print(response)
+            if response['DeliveryStreamNames'] is None:
+                print("{} likely does not have Firehose permissions\n" .format(AWS_ACCESS_KEY_ID))
+            elif len(response['DeliveryStreamNames']) <= 0:
+                print("[-] ListDeliveryStreams allowed for {} but no results [-]" .format(region))
+            else:
+                print("### {} Firehose Delivery Streams ###" .format(region))
+                for stream in response['DeliveryStreamNames']:
+                    pp.pprint(stream)
+        print("\n")
+    except botocore.exceptions.ClientError as e:
+        if e.response['Error']['Code'] == 'InvalidClientTokenId':
+            sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
+        elif e.response['Error']['Code'] == 'AccessDenied':
+            print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
+        else:
+            print("Unexpected error: {}" .format(e))
+    except KeyboardInterrupt:
+        print("CTRL-C received, exiting...")
+
+
+def firehose_describe_delivery_streams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
+    print("### Printing Firehose Delivery Streams & details ###")
+    try:
+        for region in regions:
+            client = boto3.client('firehose', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
+
+            response = client.list_delivery_streams()
+
+            # print(response)
+            if response['DeliveryStreamNames'] is None:
+                print("{} likely does not have Firehose permissions\n" .format(AWS_ACCESS_KEY_ID))
+            elif len(response['DeliveryStreamNames']) <= 0:
+                print("[-] ListDeliveryStreams allowed for {} but no results [-]" .format(region))
+            else:
+                print("### {} Firehose Delivery Streams ###" .format(region))
+                for stream in response['DeliveryStreamNames']:
+                	details = client.describe_delivery_stream(DeliveryStreamName=stream)
+                	# This just prints the blob, needs to be cleaned up
+                	print(details)
+        print("\n")
+    except botocore.exceptions.ClientError as e:
+        if e.response['Error']['Code'] == 'InvalidClientTokenId':
+            sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
+        elif e.response['Error']['Code'] == 'AccessDenied':
+            print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
+        else:
+            print("Unexpected error: {}" .format(e))
+    except KeyboardInterrupt:
+        print("CTRL-C received, exiting...")

libs/sqs.py

@@ -0,0 +1,31 @@
+import boto3
+import botocore
+import pprint
+
+pp = pprint.PrettyPrinter(indent=5, width=80)
+
+# from https://docs.aws.amazon.com/general/latest/gr/rande.html#sqs_region
+regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', 'ca-central-1', 'cn-north-1', 'cn-northwest-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1', 'us-gov-west-1'  ]
+
+
+def sqs_list_queues(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
+    try:
+        for region in regions:
+            client = boto3.client("sqs", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY)
+            response = client.list_queues()
+            # THis isnt working need to test with one that works to get the QueueUrl attributes
+            # if len(response['QueueUrls']) <= 0:
+            #    print("[-] ListQueues allowed for {} but no results [-]" .format(region))
+            # else:
+            print("region: {} \n {}".format(region,response))
+
+    except botocore.exceptions.ClientError as e:
+        if e.response['Error']['Code'] == 'InvalidClientTokenId':
+            sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
+        elif e.response['Error']['Code'] == 'AccessDenied':
+            print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
+        else:
+            print("Unexpected error: {}" .format(e))
+    except KeyboardInterrupt:
+        print("CTRL-C received, exiting...")
+

libs/sts.py

@@ -4,29 +4,31 @@ import pprint
 
 pp = pprint.PrettyPrinter(indent=5, width=80)
 
-#from http://docs.aws.amazon.com/general/latest/gr/rande.html
+# from http://docs.aws.amazon.com/general/latest/gr/rande.html
 regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2',  ]
 
-def get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
-	try:
-		client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY)
-		account_id = client.get_caller_identity()["Account"]
-		print("Account Id: {}" .format(account_id))
-	except KeyboardInterrupt:
-		print("CTRL-C received, exiting...")
 
-	return account_id
+def get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
+    try:
+        client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY)
+        account_id = client.get_caller_identity()["Account"]
+        print("Account Id: {}" .format(account_id))
+    except KeyboardInterrupt:
+        print("CTRL-C received, exiting...")
+
+    return account_id
+
 
 def get_accountid_all(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
-	try:
-		client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY)
-		account_id = client.get_caller_identity()["Account"]
-		account_userid = client.get_caller_identity()["UserId"]
-		account_arn = client.get_caller_identity()["Arn"]
-		print("Account Id: {}" .format(account_id))
-		print("Account UserID: {}" .format(account_userid) )
-		print("Account ARN: {}" .format(account_arn) )
-	except KeyboardInterrupt:
-		print("CTRL-C received, exiting...")
+    try:
+        client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY)
+        account_id = client.get_caller_identity()["Account"]
+        account_userid = client.get_caller_identity()["UserId"]
+        account_arn = client.get_caller_identity()["Arn"]
+        print("Account Id: {}" .format(account_id))
+        print("Account UserID: {}" .format(account_userid) )
+        print("Account ARN: {}" .format(account_arn) )
+    except KeyboardInterrupt:
+        print("CTRL-C received, exiting...")
 
-	return account_id
+    return account_id