pep8 fixes

libs/aws_lambda.py

@@ -1,5 +1,5 @@
 '''
-lamda functions for WeirdAAL
+Lambda functions for WeirdAAL
 '''
 
 import boto3
@@ -96,7 +96,7 @@ def lambda_get_function(functionname, region):
         client = boto3.client('lambda', region_name=region)
 
         response = client.get_function(FunctionName=functionname)
-        #print(response)
+        # print(response)
 
         if response.get('Configuration') is None:
             print("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID))
@@ -106,7 +106,7 @@ def lambda_get_function(functionname, region):
             print(response['Configuration'])
             print("\n")
             # print(response['Code'])
-            print("Download link for {}:{}".format(functionname,response['Code']['Location']))
+            print("Download link for {}:{}".format(functionname, response['Code']['Location']))
     except botocore.exceptions.ClientError as e:
         if e.response['Error']['Code'] == 'InvalidClientTokenId':
             sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
@@ -117,4 +117,36 @@ def lambda_get_function(functionname, region):
         else:
             print("Unexpected error: {}" .format(e))
     except KeyboardInterrupt:
-        print("CTRL-C received, exiting...")
+        print("CTRL-C received, exiting...")
+
+
+def lambda_get_account_settings():
+    '''
+    Returns Lambda account info
+    '''
+    print("### Attempting to get account settings ###")
+    try:
+        client = boto3.client('lambda')
+        response = client.get_account_settings()
+        # print(response)
+        if response.get('AccountLimit') is None:
+            print("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID))
+        elif len(response['AccountLimit']) <= 0:
+            print("[-] GetAccountSettings allowed for {} but no results [-]" .format(region))
+        else:
+            print("AccountLimit:")
+            pp.pprint(response['AccountLimit'])
+            print("AccountUsage:")
+            pp.pprint(response['AccountUsage'])
+            print("\n")
+    except botocore.exceptions.ClientError as e:
+        if e.response['Error']['Code'] == 'InvalidClientTokenId':
+            sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
+        elif e.response['Error']['Code'] == 'AccessDenied':
+            print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
+        elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
+            print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
+        else:
+            print("Unexpected error: {}" .format(e))
+    except KeyboardInterrupt:
+        print("CTRL-C received, exiting...")

libs/brute.py

@@ -146,6 +146,7 @@ def generic_permission_bruteforcer(service, tests):
         print("\n")
     return actions
 
+
 def generic_permission_bruteforcer_region(service, tests, region_passed):
     actions = []
     try:
@@ -183,6 +184,7 @@ def generic_permission_bruteforcer_region(service, tests, region_passed):
         print("\n")
     return actions
 
+
 def generic_method_bruteforcer(service, tests):
     actions = []
     client = boto3.client(service, region_name=region)
@@ -219,6 +221,7 @@ def generic_method_bruteforcer(service, tests):
             actions.append(api_action)
     return actions
 
+
 def generic_method_bruteforcer_region(service, tests, region_passed):
     actions = []
     client = boto3.client(service, region_name=region_passed)
@@ -277,7 +280,7 @@ def brute_alexaforbusiness_permissions():
     http://boto3.readthedocs.io/en/latest/reference/services/alexaforbusiness.html
     '''
     print("### Enumerating Alexa For Business Permissions ###")
-    tests = [('CreateAddressBook', 'create_address_book', (), {'Name' : 'Test'}, ), ]
+    tests = [('CreateAddressBook', 'create_address_book', (), {'Name': 'Test'}, ), ]
     return generic_permission_bruteforcer('alexaforbusiness', tests)
 
 
@@ -400,8 +403,8 @@ def brute_cloudformation_permissions():
     print("### Enumerating CloudFormation Permissions ###")
     tests = [('ListStacks', 'list_stacks', (), {}),
              ('DescribeStacks', 'describe_stacks', (), {}),
-             #('DescribeStackEvents', 'describe_stack_events', (), {}),
+             # ('DescribeStackEvents', 'describe_stack_events', (), {}),
-             #('DescribeStackResources', 'describe_stack_resources', (), {}),
+             # ('DescribeStackResources', 'describe_stack_resources', (), {}),
              ('ListExports', 'list_exports', (), {}),
              ('DescribeAccountLimits', 'describe_account_limits', (), {}), ]
     return generic_permission_bruteforcer('cloudformation', tests)
@@ -456,7 +459,7 @@ def brute_cloudsearchdomain_permissions():
     Disabled---requires a custom search domain from cloudsearch describe_domains results
     '''
     print("### Enumerating Amazon CloudSearch Domain Permissions ###")
-    tests = [('Search', 'search', (), {'query':'*'}, ), ]
+    tests = [('Search', 'search', (), {'query': '*'}, ), ]
     return generic_permission_bruteforcer('cloudsearchdomain', tests)
 
 
@@ -509,7 +512,7 @@ def brute_codedeploy_permissions():
     tests = [('ListApplications', 'list_applications', (), {}, ),
              ('ListDeployments', 'list_deployments', (), {}, ),
              ('ListDeploymentsConfigs', 'list_deployment_configs', (), {}, ),
-             ('ListGitHubAccountTokenNames', 'list_git_hub_account_token_names', (), {}, ), #returning an error no function of that name
+             ('ListGitHubAccountTokenNames', 'list_git_hub_account_token_names', (), {}, ),
              ('ListOnPremisesInstances', 'list_on_premises_instances', (), {}, ), ]
     return generic_permission_bruteforcer('codedeploy', tests)
 
@@ -587,6 +590,7 @@ def brute_configservice_permissions():
 # http://boto3.readthedocs.io/en/latest/reference/services/connect.html
 # no functions
 
+
 def brute_costandusagereportservice_permissions():
     '''
     http://boto3.readthedocs.io/en/latest/reference/services/cur.html
@@ -703,7 +707,7 @@ def brute_ec2_permissions():
              ('DescribeVolumes', 'describe_volumes', (), {'DryRun': True}, ),
              ('CreateVolume', 'create_volume', (), {'AvailabilityZone': 'us-east-1a', 'Size': 8, 'DryRun': True}, ),
              ('DescribeSnapshots', 'describe_snapshots', (), {'DryRun': True, 'OwnerIds': ['self', ]}, ),
-             #('CreateSnapshot', 'create_snapshot', (), {'VolumeId': 'vol-05777eab71bc97dcb', 'DryRun': True}, ),
+             # ('CreateSnapshot', 'create_snapshot', (), {'VolumeId': 'vol-05777eab71bc97dcb', 'DryRun': True}, ),
              ('DescribeAccountAttributes', 'describe_account_attributes', (), {'DryRun': True}, ),
              ('DescribeAddresses', 'describe_addresses', (), {'DryRun': True}, ),
              ('DescribeAvailabilityZones', 'describe_availability_zones', (), {'DryRun': True}, ),
@@ -914,10 +918,7 @@ def brute_gamelift_permissions():
              ('DescribeEC2InstanceLimits', 'describe_ec2_instance_limits', (), {}),
              ('DescribeFleetAttributes', 'describe_fleet_attributes', (), {}),
              ('DescribeFleetCapacity', 'describe_fleet_capacity', (), {}),
-             #('DescribeGameSessionDetails', 'describe_game_session_details', (), {}),
              ('DescribeGameSessionQueues', 'describe_game_session_queues', (), {}), ]
-             #('DescribeGameSessions', 'describe_game_sessions', (), {}),
-             #('DescribePlayerSessions', 'describe_player_sessions', (), {}), ]
     return generic_permission_bruteforcer('gamelift', tests)
 
 
@@ -1094,6 +1095,7 @@ def brute_lambda_permissions():
     '''
     print("### Enumerating Lambda Permissions ###")
     tests = [('ListFunctions', 'list_functions', (), {}, ),
+             ('GetAccountSettings', 'get_account_settings', (), {}),
              ('ListEventSourceMappings', 'list_event_source_mappings', (), {}), ]
     return generic_permission_bruteforcer('lambda', tests)
 
@@ -1540,7 +1542,7 @@ def brute_ssm_permissions():
     '''
     print("### Enumerating Amazon Simple Systems Manager (SSM) Permissions ###")
     tests = [('DescribeActivations', 'describe_activations', (), {}),
-             #('DescribeAssociation', 'describe_association', (), {}),
+             # ('DescribeAssociation', 'describe_association', (), {}),
              ('ListDocuments', 'list_documents', (), {}),
              ('ListResourceComplianceSummaries', 'list_resource_compliance_summaries', (), {}), ]
     return generic_permission_bruteforcer('ssm', tests)
@@ -1591,7 +1593,7 @@ def brute_swf_permissions():
     http://boto3.readthedocs.io/en/latest/reference/services/swf.html
     '''
     print("### Enumerating Amazon Simple Workflow Service (SWF) Permissions ###")
-    tests = [('ListDomains', 'list_domains', (), {'registrationStatus':'REGISTERED'}), ]
+    tests = [('ListDomains', 'list_domains', (), {'registrationStatus': 'REGISTERED'}), ]
     return generic_permission_bruteforcer('swf', tests)
 
 
@@ -1610,7 +1612,7 @@ def brute_translate_permissions():
     http://boto3.readthedocs.io/en/latest/reference/services/translate.html
     '''
     print("### Enumerating  Amazon Translate Permissions ###")
-    tests = [('TranslateText', 'translate_text', (), {'Text': 'secure your shit', 'SourceLanguageCode': 'en' ,'TargetLanguageCode': 'es' }), ]
+    tests = [('TranslateText', 'translate_text', (), {'Text': 'secure your shit', 'SourceLanguageCode': 'en', 'TargetLanguageCode': 'es'}), ]
     return generic_permission_bruteforcer('translate', tests)
 
 
@@ -1621,7 +1623,7 @@ def brute_waf_permissions():
     print("### Enumerating AWS WAF Permissions ###")
     tests = [('ListRules', 'list_rules', (), {}),
              ('ListRuleGroups', 'list_rule_groups', (), {}),
-             #('ListActivatedRulesInRuleGroup', 'list_activated_rules_in_rule_group', (), {}),
+             # ('ListActivatedRulesInRuleGroup', 'list_activated_rules_in_rule_group', (), {}),
              ('ListIpSets', 'list_ip_sets', (), {}), ]
     return generic_permission_bruteforcer('waf', tests)
 
@@ -1633,7 +1635,7 @@ def brute_waf_regional_permissions():
     print("### Enumerating AWS WAF Regional Permissions ###")
     tests = [('ListRules', 'list_rules', (), {}),
              ('ListRuleGroups', 'list_rule_groups', (), {}),
-             #('ListActivatedRulesInRuleGroup', 'list_activated_rules_in_rule_group', (), {}),
+             # ('ListActivatedRulesInRuleGroup', 'list_activated_rules_in_rule_group', (), {}),
              ('ListIpSets', 'list_ip_sets', (), {}), ]
     return generic_permission_bruteforcer('waf-regional', tests)
 

modules/aws_lambda.py

@@ -13,8 +13,15 @@ def module_lambda_list_event_source_mappings():
 
 
 def module_lambda_get_function(*text):
-	'''
+    '''
-	get specfied function. Takes function name from list_functions and region the function exists in
+    get specfied function. Takes function name from list_functions and region the function exists in
+    python3 weirdAAL.py -m lambda_get_function -a 'MY_LAMBDA_FUNCTION','us-west-2' -t yolo
+    '''
+    lambda_get_function(text[0][0], text[0][1])
 
-	'''
+
-	lambda_get_function(text[0][0], text[0][1])
+def module_lambda_get_account_settings():
+    '''
+    Returns a customer's account settings.
+    '''
+    lambda_get_account_settings()