more db stuff, log recon results to db
This commit is contained in:
carnal0wnage
@@ -1,10 +1,22 @@
|
|||||||
import boto3
|
import boto3
|
||||||
import botocore
|
import botocore
|
||||||
|
import json
|
||||||
|
import logging
|
||||||
import pprint
|
import pprint
|
||||||
import sys
|
import sys
|
||||||
|
import datetime #change as required once we decide time format
|
||||||
|
|
||||||
|
from libs.sql import *
|
||||||
|
|
||||||
|
|
||||||
|
# we chould probably load this from one place in the future #TODO
|
||||||
|
db_name = "weirdAAL.db"
|
||||||
|
|
||||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||||
|
|
||||||
|
logging.basicConfig(level=logging.ERROR, format='%(message)s',filename='target.txt', filemode='w')
|
||||||
|
|
||||||
|
|
||||||
#from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
#from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
|
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
|
||||||
|
|
||||||
@@ -75,6 +87,24 @@ def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, ser
|
|||||||
if actions:
|
if actions:
|
||||||
print ("\n[+] {} Actions allowed are [+]" .format(service))
|
print ("\n[+] {} Actions allowed are [+]" .format(service))
|
||||||
print (actions)
|
print (actions)
|
||||||
|
timenow = datetime.datetime.now()
|
||||||
|
|
||||||
|
db_logger = []
|
||||||
|
for action in actions:
|
||||||
|
db_logger.append([service, action, AWS_ACCESS_KEY_ID, timenow])
|
||||||
|
#print (db_logger)
|
||||||
|
|
||||||
|
#scrapped the json logging idea but keeping it here just in case
|
||||||
|
#data = json.dumps({'time' : timenow, 'service' : service, 'actions' : actions, 'target' : 'passed_in_target'})
|
||||||
|
#logging.critical(data)
|
||||||
|
|
||||||
|
#logging to db here
|
||||||
|
try:
|
||||||
|
insert_reconservice_data(db_name, db_logger)
|
||||||
|
except sqlite3.OperationalError as e:
|
||||||
|
print (e)
|
||||||
|
print ("You need to set up the database...exiting")
|
||||||
|
sys.exit()
|
||||||
print ("\n")
|
print ("\n")
|
||||||
else:
|
else:
|
||||||
print ("\n[-] No {} actions allowed [-]" .format(service))
|
print ("\n[-] No {} actions allowed [-]" .format(service))
|
||||||
|
|||||||
12
libs/sql.py
12
libs/sql.py
@@ -29,6 +29,7 @@ def create_recon_table(db_name, table_name):
|
|||||||
service text,
|
service text,
|
||||||
sub_service text,
|
sub_service text,
|
||||||
AWSKeyID text,
|
AWSKeyID text,
|
||||||
|
checked_at text,
|
||||||
PRIMARY KEY (ID))"""
|
PRIMARY KEY (ID))"""
|
||||||
#FOREIGN KEY (AWSKeyID) references AWSKey(ID))"""
|
#FOREIGN KEY (AWSKeyID) references AWSKey(ID))"""
|
||||||
create_table(db_name,table_name,sql)
|
create_table(db_name,table_name,sql)
|
||||||
@@ -50,14 +51,21 @@ def insert_awskey_data(db_name, records):
|
|||||||
query(db_name, sql,record)
|
query(db_name, sql,record)
|
||||||
|
|
||||||
def insert_reconservice_data(db_name, records):
|
def insert_reconservice_data(db_name, records):
|
||||||
sql = """INSERT INTO recon(AWSKeyID, service, sub_service) VALUES (?,?,?)"""
|
sql = """INSERT INTO recon(service, sub_service, AWSKeyID, checked_at) VALUES (?,?,?,?)"""
|
||||||
for record in records:
|
for record in records:
|
||||||
query(db_name,sql,record)
|
query(db_name,sql,record)
|
||||||
|
|
||||||
|
def search_recon_by_key(db_name,AWSKeyID):
|
||||||
|
with sqlite3.connect(db_name) as db:
|
||||||
|
cursor = db.cursor()
|
||||||
|
cursor.execute("""SELECT service,sub_service FROM recon WHERE AWSKeyID=?""",(AWSKeyID,))
|
||||||
|
results = cursor.fetchall()
|
||||||
|
return results
|
||||||
|
|
||||||
def query(db_name,sql,data):
|
def query(db_name,sql,data):
|
||||||
with sqlite3.connect(db_name) as db:
|
with sqlite3.connect(db_name) as db:
|
||||||
cursor = db.cursor()
|
cursor = db.cursor()
|
||||||
cursor.execute("""PRAGMA foreign_keys = ON""")
|
#cursor.execute("""PRAGMA foreign_keys = ON""")
|
||||||
cursor.execute(sql,data)
|
cursor.execute(sql,data)
|
||||||
db.commit()
|
db.commit()
|
||||||
|
|
||||||
|
|||||||
@@ -1,7 +1,9 @@
|
|||||||
from libs.brute import *
|
from libs.brute import *
|
||||||
from libs.s3 import *
|
from libs.s3 import *
|
||||||
|
|
||||||
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
|
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
|
||||||
|
|
||||||
|
|
||||||
check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||||
brute_acm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_acm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||||
#AlexaForBusiness
|
#AlexaForBusiness
|
||||||
@@ -15,7 +17,7 @@ brute_autoscaling_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
|||||||
brute_batch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_batch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||||
brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||||
#CostExplorer
|
#CostExplorer
|
||||||
brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
#brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) Was working now its not
|
||||||
brute_clouddirectory_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_clouddirectory_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||||
brute_cloudformation_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_cloudformation_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||||
brute_cloudfront_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_cloudfront_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||||
|
|||||||
14
show_services_by_key.py
Normal file
14
show_services_by_key.py
Normal file
@@ -0,0 +1,14 @@
|
|||||||
|
import sqlite3
|
||||||
|
from sqlite3 import Error
|
||||||
|
|
||||||
|
from libs.sql import *
|
||||||
|
|
||||||
|
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
db_name = "weirdAAL.db"
|
||||||
|
results = search_recon_by_key(db_name,AWS_ACCESS_KEY_ID)
|
||||||
|
print("Services enumerated for {}".format(AWS_ACCESS_KEY_ID))
|
||||||
|
for result in results:
|
||||||
|
print("{}:{}".format(result[0],result[1]))
|
||||||
@@ -1,3 +1,4 @@
|
|||||||
|
import datetime
|
||||||
import sqlite3
|
import sqlite3
|
||||||
from sqlite3 import Error
|
from sqlite3 import Error
|
||||||
|
|
||||||
@@ -8,9 +9,10 @@ from libs.sql import *
|
|||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
db_name = "weirdAAL.db"
|
db_name = "weirdAAL.db"
|
||||||
|
timenow = datetime.datetime.now()
|
||||||
|
|
||||||
test_aws_key = [("AKIAIOSFODNN7EXAMPLE", "some test shit")]
|
test_aws_key = [("AKIAIOSFODNN7EXAMPLE", "some test shit")]
|
||||||
insert_awskey_data(db_name,test_aws_key)
|
insert_awskey_data(db_name,test_aws_key)
|
||||||
|
|
||||||
test_service_data = [("AKIAIOSFODNN7EXAMPLE","ec2","DescribeInstances"),("AKIAIOSFODNN7EXAMPLE","ecr","DescribeRepositories")]
|
test_service_data = [("ec2","DescribeInstances","AKIAIOSFODNN7EXAMPLE", timenow),("ecr","DescribeRepositories","AKIAIOSFODNN7EXAMPLE",timenow)]
|
||||||
insert_reconservice_data(db_name, test_service_data)
|
insert_reconservice_data(db_name, test_service_data)
|
||||||
Reference in New Issue
Block a user