more db stuff, log recon results to db
This commit is contained in:
carnal0wnage
@@ -1,10 +1,22 @@
|
||||
import boto3
|
||||
import botocore
|
||||
import json
|
||||
import logging
|
||||
import pprint
|
||||
import sys
|
||||
import datetime #change as required once we decide time format
|
||||
|
||||
from libs.sql import *
|
||||
|
||||
|
||||
# we chould probably load this from one place in the future #TODO
|
||||
db_name = "weirdAAL.db"
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
logging.basicConfig(level=logging.ERROR, format='%(message)s',filename='target.txt', filemode='w')
|
||||
|
||||
|
||||
#from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
|
||||
|
||||
@@ -75,6 +87,24 @@ def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, ser
|
||||
if actions:
|
||||
print ("\n[+] {} Actions allowed are [+]" .format(service))
|
||||
print (actions)
|
||||
timenow = datetime.datetime.now()
|
||||
|
||||
db_logger = []
|
||||
for action in actions:
|
||||
db_logger.append([service, action, AWS_ACCESS_KEY_ID, timenow])
|
||||
#print (db_logger)
|
||||
|
||||
#scrapped the json logging idea but keeping it here just in case
|
||||
#data = json.dumps({'time' : timenow, 'service' : service, 'actions' : actions, 'target' : 'passed_in_target'})
|
||||
#logging.critical(data)
|
||||
|
||||
#logging to db here
|
||||
try:
|
||||
insert_reconservice_data(db_name, db_logger)
|
||||
except sqlite3.OperationalError as e:
|
||||
print (e)
|
||||
print ("You need to set up the database...exiting")
|
||||
sys.exit()
|
||||
print ("\n")
|
||||
else:
|
||||
print ("\n[-] No {} actions allowed [-]" .format(service))
|
||||
|
||||
12
libs/sql.py
12
libs/sql.py
@@ -29,6 +29,7 @@ def create_recon_table(db_name, table_name):
|
||||
service text,
|
||||
sub_service text,
|
||||
AWSKeyID text,
|
||||
checked_at text,
|
||||
PRIMARY KEY (ID))"""
|
||||
#FOREIGN KEY (AWSKeyID) references AWSKey(ID))"""
|
||||
create_table(db_name,table_name,sql)
|
||||
@@ -50,14 +51,21 @@ def insert_awskey_data(db_name, records):
|
||||
query(db_name, sql,record)
|
||||
|
||||
def insert_reconservice_data(db_name, records):
|
||||
sql = """INSERT INTO recon(AWSKeyID, service, sub_service) VALUES (?,?,?)"""
|
||||
sql = """INSERT INTO recon(service, sub_service, AWSKeyID, checked_at) VALUES (?,?,?,?)"""
|
||||
for record in records:
|
||||
query(db_name,sql,record)
|
||||
|
||||
def search_recon_by_key(db_name,AWSKeyID):
|
||||
with sqlite3.connect(db_name) as db:
|
||||
cursor = db.cursor()
|
||||
cursor.execute("""SELECT service,sub_service FROM recon WHERE AWSKeyID=?""",(AWSKeyID,))
|
||||
results = cursor.fetchall()
|
||||
return results
|
||||
|
||||
def query(db_name,sql,data):
|
||||
with sqlite3.connect(db_name) as db:
|
||||
cursor = db.cursor()
|
||||
cursor.execute("""PRAGMA foreign_keys = ON""")
|
||||
#cursor.execute("""PRAGMA foreign_keys = ON""")
|
||||
cursor.execute(sql,data)
|
||||
db.commit()
|
||||
|
||||
|
||||
@@ -1,7 +1,9 @@
|
||||
from libs.brute import *
|
||||
from libs.s3 import *
|
||||
|
||||
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
|
||||
|
||||
|
||||
check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_acm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
#AlexaForBusiness
|
||||
@@ -15,7 +17,7 @@ brute_autoscaling_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_batch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
#CostExplorer
|
||||
brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
#brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) Was working now its not
|
||||
brute_clouddirectory_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_cloudformation_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_cloudfront_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
|
||||
14
show_services_by_key.py
Normal file
14
show_services_by_key.py
Normal file
@@ -0,0 +1,14 @@
|
||||
import sqlite3
|
||||
from sqlite3 import Error
|
||||
|
||||
from libs.sql import *
|
||||
|
||||
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
db_name = "weirdAAL.db"
|
||||
results = search_recon_by_key(db_name,AWS_ACCESS_KEY_ID)
|
||||
print("Services enumerated for {}".format(AWS_ACCESS_KEY_ID))
|
||||
for result in results:
|
||||
print("{}:{}".format(result[0],result[1]))
|
||||
@@ -1,3 +1,4 @@
|
||||
import datetime
|
||||
import sqlite3
|
||||
from sqlite3 import Error
|
||||
|
||||
@@ -8,9 +9,10 @@ from libs.sql import *
|
||||
|
||||
if __name__ == "__main__":
|
||||
db_name = "weirdAAL.db"
|
||||
timenow = datetime.datetime.now()
|
||||
|
||||
test_aws_key = [("AKIAIOSFODNN7EXAMPLE", "some test shit")]
|
||||
insert_awskey_data(db_name,test_aws_key)
|
||||
|
||||
test_service_data = [("AKIAIOSFODNN7EXAMPLE","ec2","DescribeInstances"),("AKIAIOSFODNN7EXAMPLE","ecr","DescribeRepositories")]
|
||||
test_service_data = [("ec2","DescribeInstances","AKIAIOSFODNN7EXAMPLE", timenow),("ecr","DescribeRepositories","AKIAIOSFODNN7EXAMPLE",timenow)]
|
||||
insert_reconservice_data(db_name, test_service_data)
|
||||
Reference in New Issue
Block a user