From 582c2c7d3870b263972ab40f957cb1068a65e6e3 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Mon, 16 Apr 2018 21:05:15 -0400 Subject: [PATCH] documentation and rm'ing the key piece --- libs/aws_lambda.py | 15 +++++-- libs/brute.py | 28 ++++++++++-- libs/ce.py | 20 ++++++--- libs/cloudtrail.py | 25 +++++++---- libs/cloudwatch.py | 31 +++++++++----- libs/config.py | 23 ++++++---- libs/datapipeline.py | 36 +++++++++++----- libs/dynamodb.py | 27 +++++++----- libs/dynamodbstreams.py | 19 +++++--- libs/ec2.py | 15 ++++--- libs/ecr.py | 20 ++++++--- libs/elasticbeanstalk.py | 35 +++++++++------ libs/emr.py | 23 ++++++---- libs/firehose.py | 24 +++++++---- libs/iam.py | 93 ++++++++++++++++++++++------------------ libs/opsworks.py | 19 +++++--- libs/pricing.py | 21 ++++++--- libs/rds.py | 17 ++++++-- libs/route53.py | 25 +++++++---- libs/s3.py | 12 ++++-- libs/ses.py | 29 +++++++------ libs/sql.py | 4 ++ libs/sqs.py | 15 ++++++- libs/sts.py | 25 +++++++---- modules/datapipeline.py | 8 ++-- modules/db.py | 6 ++- modules/recon.py | 1 + modules/sts.py | 6 +-- 28 files changed, 412 insertions(+), 210 deletions(-) diff --git a/libs/aws_lambda.py b/libs/aws_lambda.py index 5e8e632..3e2c78e 100644 --- a/libs/aws_lambda.py +++ b/libs/aws_lambda.py @@ -1,18 +1,25 @@ -''' -lamda functions -''' - import boto3 import botocore import os import pprint import sys +''' +lamda functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) # from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key + def list_functions(): print("### Listing Lambda Functions ###") diff --git a/libs/brute.py b/libs/brute.py index 72c2d60..ec27ca1 100644 --- a/libs/brute.py +++ b/libs/brute.py @@ -11,6 +11,13 @@ import datetime from libs.sql import * +''' +This is the main brute library so that we can get an idea what services a particular +key has access to. We do this by asking if we have permission on as many services & +subfunctions as we can. Printed to screen and logged to db. +''' + + # we chould probably load this from one place in the future #TODO db_name = "weirdAAL.db" @@ -24,15 +31,30 @@ regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', ' region = 'us-east-1' +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' session = boto3.Session() credentials = session.get_credentials() AWS_ACCESS_KEY_ID = credentials.access_key -#print(AWS_ACCESS_KEY_ID) def get_accountid(): - client = boto3.client('sts', region_name=region) - account_id = client.get_caller_identity()["Account"] + try: + client = boto3.client("sts") + account_id = client.get_caller_identity()["Account"] + print("Account Id: {}" .format(account_id)) + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'EndpointConnectionError': + print("[-] Cant connect to the {} endpoint [-]" .format(region)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") return account_id # NOT QUITE WORKING YET diff --git a/libs/ce.py b/libs/ce.py index 3d61de3..e0a40ca 100644 --- a/libs/ce.py +++ b/libs/ce.py @@ -1,21 +1,29 @@ -''' -Cost Explorer Library -''' - import boto3 import botocore import pprint import sys +''' +Cost Explorer functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) #from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', ] -def ce_get_cost_and_usage(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key + + +def ce_get_cost_and_usage(): try: for region in regions: - client = boto3.client('ce', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('ce', region_name=region) response = client.get_cost_and_usage(TimePeriod={'Start': '2018-01-01', 'End': '2018-04-01'}, Granularity='MONTHLY', Metrics=["BlendedCost", "UnblendedCost", "UsageQuantity"],) print(response) #if response.get('Services') is None: diff --git a/libs/cloudtrail.py b/libs/cloudtrail.py index f1ce4ce..f559927 100644 --- a/libs/cloudtrail.py +++ b/libs/cloudtrail.py @@ -1,24 +1,32 @@ -''' -Cloudtrail functions -''' - import boto3 import botocore import os import pprint import sys +''' +Cloudtrail functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) # from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1' ] # 'cn-north-1', 'cn-northwest-1', 'us-gov-west-1' throwing An error occurred (UnrecognizedClientException) when calling the DescribeTrails operation: The security token included in the request is invalid. -def describe_trails(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key + + +def describe_trails(): print("### Printing CloudTrail DescribeTrails ###") try: for region in regions: - client = boto3.client('cloudtrail', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('cloudtrail', region_name=region) response = client.describe_trails() @@ -49,11 +57,12 @@ def describe_trails(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") -def list_public_keys(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + +def list_public_keys(): print("### Printing CloudTrail DescribeTrails ###") try: for region in regions: - client = boto3.client('cloudtrail', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('cloudtrail', region_name=region) response = client.list_public_keys() diff --git a/libs/cloudwatch.py b/libs/cloudwatch.py index a718c77..7a79403 100644 --- a/libs/cloudwatch.py +++ b/libs/cloudwatch.py @@ -1,22 +1,31 @@ -''' -cloudwatch functions -''' - import boto3 import botocore +import os import pprint -import sys,os +import sys + +''' +Cloudwatch functions for WeirdAAL +''' pp = pprint.PrettyPrinter(indent=5, width=80) #from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] -def describe_alarms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key + + +def describe_alarms(): print("### Printing Cloudwatch Alarm Information ###") try: for region in regions: - client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('cloudwatch', region_name=region) response = client.describe_alarms() print ("### {} Alarms ###" .format(region)) @@ -37,11 +46,11 @@ def describe_alarms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") -def describe_alarm_history(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def describe_alarm_history(): print("### Printing Cloudwatch Alarm History Information ###") try: for region in regions: - client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region) + client = boto3.client('cloudwatch', region_name=region) response = client.describe_alarm_history() #print response @@ -68,11 +77,11 @@ def describe_alarm_history(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") -def list_metrics(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def list_metrics(): print("### Printing Cloudwatch List Metrics ###") try: for region in regions: - client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region) + client = boto3.client('cloudwatch', region_name=region) response = client.list_metrics() #print response diff --git a/libs/config.py b/libs/config.py index 5ce143b..de56124 100644 --- a/libs/config.py +++ b/libs/config.py @@ -1,22 +1,29 @@ -''' -Config Library -''' - import boto3 import botocore import pprint import sys +''' +Config functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) #from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key -def describe_configuration_recorders(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, region): + +def describe_configuration_recorders(region): response = {} try: - client = boto3.client("config", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region) + client = boto3.client("config", region_name=region) response = client.describe_configuration_recorders() #print response @@ -40,10 +47,10 @@ def describe_configuration_recorders(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, r return response -def describe_configuration_rules(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, region): +def describe_configuration_rules(region): response = [] try: - client = boto3.client("config", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region) + client = boto3.client("config", region_name=region) response = client.describe_config_rules() #print response diff --git a/libs/datapipeline.py b/libs/datapipeline.py index d6343bb..f78292c 100644 --- a/libs/datapipeline.py +++ b/libs/datapipeline.py @@ -1,22 +1,38 @@ -''' -datapipeline functions -''' - import boto3 import botocore +import os import pprint -import sys,os +import sys + +''' +Datapipleine functions for WeirdAAL +''' pp = pprint.PrettyPrinter(indent=5, width=80) -#from http://docs.aws.amazon.com/general/latest/gr/rande.html -regions = ['us-east-1', 'us-west-2', 'eu-west-1', 'ap-northeast-1', 'ap-southeast-2', ] +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key -def list_pipelines(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +# from http://docs.aws.amazon.com/general/latest/gr/rande.html +regions = ['us-east-1', 'us-west-2', 'eu-west-1', 'ap-northeast-1', 'ap-southeast-2', ] + +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key + + +def list_pipelines(): + ''' + Function to use the datapipeline boto3 library to list available pipelines + ''' print("### Printing Data Pipeline Pipelines ###") try: - for region in regions: - client = boto3.client('datapipeline', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + for region in regions: + client = boto3.client('datapipeline', region_name=region) response = client.list_pipelines() print("### {} Data Pipelines ###" .format(region)) if response.get('pipelineIdList') is None: diff --git a/libs/dynamodb.py b/libs/dynamodb.py index be2f5dc..5ce0929 100644 --- a/libs/dynamodb.py +++ b/libs/dynamodb.py @@ -1,24 +1,31 @@ -''' -dynamoDB functions -''' - import boto3 import botocore import pprint import sys import os +''' +dynamoDB functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) # from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2'] +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key -def list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + +def list_dynamodb_tables(): print("### Printing DynamoDB Tables ###") try: for region in regions: - client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('dynamodb', region_name=region) response = client.list_tables() if response.get('TableNames') is None: print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) @@ -43,11 +50,11 @@ def list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("CTRL-C received, exiting...") -def list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def list_dynamodb_tables_detailed(): print("### Printing DynamoDB Tables ###") try: for region in regions: - client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('dynamodb', region_name=region) response = client.list_tables() if response.get('TableNames') is None: print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) @@ -74,10 +81,10 @@ def list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("CTRL-C received, exiting...") -def describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, table, region): +def describe_table(table, region): print("### Describing DynamoDB Table: {} ###" .format(table)) try: - client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('dynamodb', region_name=region) response = client.describe_table(TableName=table) if response.get('Table') is None: print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) diff --git a/libs/dynamodbstreams.py b/libs/dynamodbstreams.py index 0821828..113ac5f 100644 --- a/libs/dynamodbstreams.py +++ b/libs/dynamodbstreams.py @@ -1,24 +1,31 @@ -''' - dynamoDBstreams functions -''' - import boto3 import botocore import pprint import os import sys +''' +dynamoDBstreams functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) # from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2'] +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key -def list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + +def list_dynamodbstreams(): print("### Printing DynamoDBstreams ###") try: for region in regions: - client = boto3.client('dynamodbstreams', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('dynamodbstreams', region_name=region) response = client.list_streams() if response.get('Streams') is None: print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) diff --git a/libs/ec2.py b/libs/ec2.py index d1d34f1..f2c18e1 100644 --- a/libs/ec2.py +++ b/libs/ec2.py @@ -1,17 +1,22 @@ -''' -ec2 functions go here -''' - import boto3 import botocore import pprint +''' +EC2 functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) # from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2'] -# we are past the enumeration stage at this point assume you have key that works +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key def review_encrypted_volumes(): diff --git a/libs/ecr.py b/libs/ecr.py index 99fab70..d612fee 100644 --- a/libs/ecr.py +++ b/libs/ecr.py @@ -1,23 +1,31 @@ -''' -ECR functions -''' - import boto3 import botocore import os import pprint import sys +''' +ECR functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) # from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-southeast-1', 'ap-southeast-2', ] -def describe_repositories(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key + + +def describe_repositories(): print("### Printing ECR Repositories ###") try: for region in regions: - client = boto3.client('ecr', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('ecr', region_name=region) response = client.describe_repositories() diff --git a/libs/elasticbeanstalk.py b/libs/elasticbeanstalk.py index 803c07f..26341cc 100644 --- a/libs/elasticbeanstalk.py +++ b/libs/elasticbeanstalk.py @@ -1,24 +1,31 @@ -''' -ElasticBeanstalk functions -''' - import boto3 import botocore import os import pprint import sys +''' +ElasticBeanstalk functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) # from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key -def describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + +def describe_applications(): print("### Printing ElasticBeanstalk Applications ###") try: for region in regions: - client = boto3.client('elasticbeanstalk', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('elasticbeanstalk', region_name=region) response = client.describe_applications() @@ -47,11 +54,11 @@ def describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("CTRL-C received, exiting...") -def describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def describe_application_versions(): print("### Printing ElasticBeanstalk Applications Versions ###") try: for region in regions: - client = boto3.client('elasticbeanstalk', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('elasticbeanstalk', region_name=region) response = client.describe_application_versions() @@ -80,11 +87,11 @@ def describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("CTRL-C received, exiting...") -def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def describe_configuration_options(): print("### Printing ElasticBeanstalk Configuration Options ###") try: for region in regions: - client = boto3.client('elasticbeanstalk', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('elasticbeanstalk', region_name=region) response = client.describe_configuration_options() print(response) @@ -119,11 +126,11 @@ def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("CTRL-C received, exiting...") -def describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def describe_environments(): print("### Printing ElasticBeanstalk Environments ###") try: for region in regions: - client = boto3.client('elasticbeanstalk', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('elasticbeanstalk', region_name=region) response = client.describe_environments() @@ -152,11 +159,11 @@ def describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("CTRL-C received, exiting...") -def describe_events(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def describe_events(): print("### Printing ElasticBeanstalk Environments ###") try: for region in regions: - client = boto3.client('elasticbeanstalk', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('elasticbeanstalk', region_name=region) response = client.describe_events() diff --git a/libs/emr.py b/libs/emr.py index 82a84ea..f124d09 100644 --- a/libs/emr.py +++ b/libs/emr.py @@ -1,24 +1,31 @@ -''' -EMR functions -''' - import boto3 import botocore import os import pprint import sys +''' +EMR functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) # from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key -def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + +def list_clusters(): print("### Printing EMR Clusters ###") try: for region in regions: - client = boto3.client('emr', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('emr', region_name=region) response = client.list_clusters() @@ -45,11 +52,11 @@ def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("CTRL-C received, exiting...") -def list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def list_security_configurations(): print("### Printing EMR Security Configuration ###") try: for region in regions: - client = boto3.client('emr', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('emr', region_name=region) response = client.list_security_configurations() diff --git a/libs/firehose.py b/libs/firehose.py index 7bc6ed9..56ebdb5 100644 --- a/libs/firehose.py +++ b/libs/firehose.py @@ -1,23 +1,31 @@ -''' -Firehose functions -''' - import boto3 import botocore import os import pprint import sys +''' +Firehose functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) # from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'eu-central-1', 'eu-west-1', 'ap-northeast-1', 'ap-southeast-1', 'ap-southeast-2', ] -def firehose_list_delivery_streams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key + + +def firehose_list_delivery_streams(): print("### Printing Firehose Delivery Streams ###") try: for region in regions: - client = boto3.client('firehose', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('firehose', region_name=region) response = client.list_delivery_streams() @@ -44,11 +52,11 @@ def firehose_list_delivery_streams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("CTRL-C received, exiting...") -def firehose_describe_delivery_streams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def firehose_describe_delivery_streams(): print("### Printing Firehose Delivery Streams & details ###") try: for region in regions: - client = boto3.client('firehose', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('firehose', region_name=region) response = client.list_delivery_streams() diff --git a/libs/iam.py b/libs/iam.py index ea5a988..c911e4f 100644 --- a/libs/iam.py +++ b/libs/iam.py @@ -1,7 +1,3 @@ -''' -IAM library -''' - import boto3 import botocore @@ -11,12 +7,25 @@ import logging import sys,os import pprint +''' +IAM functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) region = 'us-east-1' regions = ['us-east-1'] -def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name='us-east-1') + +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key + + +def check_root_account(): + client = boto3.client('iam',region_name=region) try: acct_summary = client.get_account_summary() @@ -58,8 +67,8 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") -def change_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, password): - client = boto3.client('iam', aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name=region) +def change_user_console_password(username, password): + client = boto3.client('iam', region_name=region) try: response = client.update_login_profile(UserName=username,Password=password, PasswordResetRequired=False) @@ -76,8 +85,8 @@ def change_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, usern print("CTRL-C received, exiting...") -def create_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, password): - client = boto3.client('iam', aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name=region) +def create_user_console_password(username, password): + client = boto3.client('iam', region_name=region) try: response = client.create_login_profile(UserName=username,Password=password, PasswordResetRequired=False) @@ -94,8 +103,8 @@ def create_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, usern print("CTRL-C received, exiting...") -def get_password_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - client = boto3.client('iam', aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name=region) +def get_password_policy(): + client = boto3.client('iam', region_name=region) try: pass_policy = client.get_account_password_policy() @@ -106,8 +115,8 @@ def get_password_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") -def create_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) +def create_user(username): + client = boto3.client('iam', region_name=region) try: print("Creating a new IAM user named: {}" .format(username)) @@ -123,8 +132,8 @@ def create_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): except KeyboardInterrupt: print("CTRL-C received, exiting...") -def create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) +def create_access_key( username): + client = boto3.client('iam', region_name=region) try: create_access_key = client.create_access_key(UserName=username) @@ -135,8 +144,8 @@ def create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): except KeyboardInterrupt: print("CTRL-C received, exiting...") -def delete_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, accesskey): - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) +def delete_access_key(username, accesskey): + client = boto3.client('iam', region_name=region) try: delete_access_key = client.delete_access_key(UserName=username, AccessKeyId=accesskey) @@ -151,8 +160,8 @@ def delete_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, access print("CTRL-C received, exiting...") #untested :-/ but should work #TODO -def delete_mfa_device(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, mfaserial): - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) +def delete_mfa_device(username, mfaserial): + client = boto3.client('iam', region_name=region) try: delete_mfa = client.deactivate_mfa_device(UserName=username, SerialNumber=mfaserial) print("Deleting a MFA device: {} for: {}" .format(mfaserial, username)) @@ -166,8 +175,8 @@ def delete_mfa_device(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, mfaser print("CTRL-C received, exiting...") -def make_admin(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) +def make_admin(username): + client = boto3.client('iam', region_name=region) try: make_admin = client.attach_user_policy(UserName=username, PolicyArn='arn:aws:iam::aws:policy/AdministratorAccess') @@ -182,8 +191,8 @@ def make_admin(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): except KeyboardInterrupt: print("CTRL-C received, exiting...") -def make_backdoor_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, password): - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) +def make_backdoor_account( username, password): + client = boto3.client('iam', region_name=region) try: print("making backdoor account with username: {}" .format(username)) @@ -197,11 +206,11 @@ def make_backdoor_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, pa except KeyboardInterrupt: print("CTRL-C received, exiting...") -def iam_list_groups(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def iam_list_groups(): print("### Printing IAM Groups ###") try: for region in regions: - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('iam', region_name=region) response = client.list_groups() if response.get('Groups') is None: print("{} likely does not have IAM permissions\n" .format(AWS_ACCESS_KEY_ID)) @@ -227,11 +236,11 @@ def iam_list_groups(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") -def iam_get_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def iam_get_user(): print("### Printing IAM User Info ###") try: for region in regions: - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('iam', region_name=region) response = client.get_user() print(response) if response.get('User') is None: @@ -258,11 +267,11 @@ def iam_get_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") -def iam_get_account_summary(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def iam_get_account_summary(): print("### Printing IAM Account Summary ###") try: for region in regions: - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('iam', region_name=region) response = client.get_account_summary() # print(response) @@ -287,11 +296,11 @@ def iam_get_account_summary(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") -def iam_list_users(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def iam_list_users(): print("### Printing IAM Users ###") try: for region in regions: - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('iam', region_name=region) response = client.list_users() # print(response) @@ -317,11 +326,11 @@ def iam_list_users(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("CTRL-C received, exiting...") -def iam_list_roles(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def iam_list_roles(): print("### Printing IAM Roles ###") try: for region in regions: - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('iam', region_name=region) response = client.list_roles() # print(response) @@ -350,11 +359,11 @@ def iam_list_roles(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("CTRL-C received, exiting...") -def iam_list_policies(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def iam_list_policies(): print("### Printing IAM Policies ###") try: for region in regions: - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('iam', region_name=region) response = client.list_policies() # print(response) @@ -383,11 +392,11 @@ def iam_list_policies(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("CTRL-C received, exiting...") # dont use see below -def iam_list_user_policies(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): +def iam_list_user_policies(username): print("### Printing IAM Policies for {} ###".format(username)) try: for region in regions: - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('iam', region_name=region) response = client.list_user_policies(UserName=username) # print(response) @@ -415,11 +424,11 @@ def iam_list_user_policies(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): except KeyboardInterrupt: print("CTRL-C received, exiting...") -def iam_list_attached_user_policies(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): +def iam_list_attached_user_policies(username): print("### Printing Attached IAM Policies for {} ###".format(username)) try: for region in regions: - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('iam', region_name=region) response = client.list_attached_user_policies(UserName=username) # print(response) @@ -447,11 +456,11 @@ def iam_list_attached_user_policies(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, us except KeyboardInterrupt: print("CTRL-C received, exiting...") -def iam_list_entities_for_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, policy_arn): +def iam_list_entities_for_policy(policy_arn): print("### Printing IAM Entity Policies for {} ###".format(policy_arn)) try: for region in regions: - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('iam', region_name=region) response = client.list_entities_for_policy(PolicyArn=policy_arn) print(response) diff --git a/libs/opsworks.py b/libs/opsworks.py index cabe0b5..750ca05 100644 --- a/libs/opsworks.py +++ b/libs/opsworks.py @@ -2,21 +2,30 @@ import boto3 import botocore import pprint +''' +Opsworks functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) # from http://docs.aws.amazon.com/general/latest/gr/rande.html # http://docs.aws.amazon.com/general/latest/gr/rande.html#opsworks_region regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-1', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1' ] +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key -def describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + +def describe_stacks(): print('#### Listing Stacks ####') try: for region in regions: client = boto3.client( 'opsworks', - aws_access_key_id=AWS_ACCESS_KEY_ID, - aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region ) response = client.describe_stacks() @@ -45,14 +54,12 @@ def describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("CTRL-C received, exiting...") -def describe_user_profiles(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def describe_user_profiles(): print('#### Listing User Profiles ####') try: for region in regions: client = boto3.client( 'opsworks', - aws_access_key_id=AWS_ACCESS_KEY_ID, - aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region ) response = client.describe_user_profiles() diff --git a/libs/pricing.py b/libs/pricing.py index aace0ab..fbd840a 100644 --- a/libs/pricing.py +++ b/libs/pricing.py @@ -1,22 +1,29 @@ -''' -Pricing Library -''' - import boto3 import botocore import pprint import sys +''' +Pricing functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) #from http://docs.aws.amazon.com/general/latest/gr/rande.html -regions = ['us-east-1', 'ap-south-1', ] +regions = ['us-east-1', 'ap-south-1' ] + +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key -def pricing_describe_services(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def pricing_describe_services(): try: for region in regions: - client = boto3.client('pricing', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('pricing', region_name=region) response = client.describe_services() print(response) if response.get('Services') is None: diff --git a/libs/rds.py b/libs/rds.py index 77ef53e..8c51857 100644 --- a/libs/rds.py +++ b/libs/rds.py @@ -2,20 +2,29 @@ import boto3 import botocore import pprint +''' +RDS functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) -#from http://docs.aws.amazon.com/general/latest/gr/rande.html +# from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key -def describe_db_instances(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + +def describe_db_instances(): print("### Printing RDS DB instances ###") try: for region in regions: client = boto3.client( 'rds', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name=region ) diff --git a/libs/route53.py b/libs/route53.py index 609cd0a..d626c61 100644 --- a/libs/route53.py +++ b/libs/route53.py @@ -1,25 +1,34 @@ -''' -Route53 functions -''' - import boto3 import botocore +import os import pprint -import sys,os +import sys + +''' +Route53 functions for WeirdAAL +''' pp = pprint.PrettyPrinter(indent=5, width=80) -#from http://docs.aws.amazon.com/general/latest/gr/rande.html +# from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] region_single = ['us-east-1'] -def list_geolocations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key + + +def list_geolocations(): print("### Printing Route53 GeoLocations ###") try: #cheating because they are all the same for this function call for region in region_single: - client = boto3.client('route53', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client('route53', region_name=region) response = client.list_geo_locations() diff --git a/libs/s3.py b/libs/s3.py index 5d1623e..6117106 100644 --- a/libs/s3.py +++ b/libs/s3.py @@ -1,17 +1,21 @@ -''' -S3 Library -''' - import boto3 import botocore import pprint +''' +S3 functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' session = boto3.Session() credentials = session.get_credentials() AWS_ACCESS_KEY_ID = credentials.access_key + def get_s3bucket_policy(bucket): client = boto3.client( 's3', diff --git a/libs/ses.py b/libs/ses.py index 97cf092..e106d37 100644 --- a/libs/ses.py +++ b/libs/ses.py @@ -1,25 +1,30 @@ -''' -SES functions -''' - - import boto3 import botocore import pprint +''' +SES functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) # from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-west-2', 'eu-west-1' ] -def list_identities(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key + + +def list_identities(): print("### Printing SES Identifies ###") try: for region in regions: client = boto3.client( 'ses', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name=region ) @@ -48,14 +53,12 @@ def list_identities(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") -def get_send_statistics(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def get_send_statistics(): print("### Printing SES Identifies ###") try: for region in regions: client = boto3.client( 'ses', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name=region ) @@ -84,14 +87,12 @@ def get_send_statistics(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") -def list_configuration_sets(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def list_configuration_sets(): print("### Printing SES Identifies ###") try: for region in regions: client = boto3.client( 'ses', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name=region ) diff --git a/libs/sql.py b/libs/sql.py index e2d609b..bf3fa58 100644 --- a/libs/sql.py +++ b/libs/sql.py @@ -1,6 +1,10 @@ import sqlite3 from sqlite3 import Error +''' +Custom SQL/database functions for WeirdAAL +''' + def create_table(db_name,table_name,sql): with sqlite3.connect(db_name) as db: cursor = db.cursor() diff --git a/libs/sqs.py b/libs/sqs.py index 2d2d965..3a8e23e 100644 --- a/libs/sqs.py +++ b/libs/sqs.py @@ -2,16 +2,27 @@ import boto3 import botocore import pprint +''' +SQS functions for WeirdAAL +''' + pp = pprint.PrettyPrinter(indent=5, width=80) # from https://docs.aws.amazon.com/general/latest/gr/rande.html#sqs_region regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', 'ca-central-1', 'cn-north-1', 'cn-northwest-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1', 'us-gov-west-1' ] +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key -def sqs_list_queues(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + +def sqs_list_queues(): try: for region in regions: - client = boto3.client("sqs", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) + client = boto3.client("sqs", region_name=region) response = client.list_queues() if response.get('QueueUrls') is None: print("[-] ListQueues allowed for {} but no results [-]" .format(region)) diff --git a/libs/sts.py b/libs/sts.py index 3bd5bb3..bb7989b 100644 --- a/libs/sts.py +++ b/libs/sts.py @@ -1,16 +1,28 @@ import boto3 import botocore import pprint +import sys + +''' +STS libs for WeirdAAL +''' pp = pprint.PrettyPrinter(indent=5, width=80) # from http://docs.aws.amazon.com/general/latest/gr/rande.html -regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] +# regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] + +''' +Code to get the AWS_ACCESS_KEY_ID from boto3 +''' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key -def get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def sts_get_accountid(): try: - client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) + client = boto3.client("sts") account_id = client.get_caller_identity()["Account"] print("Account Id: {}" .format(account_id)) except botocore.exceptions.ClientError as e: @@ -22,16 +34,14 @@ def get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) - except KeyboardInterrupt: print("CTRL-C received, exiting...") - return account_id -def get_accountid_all(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def sts_get_accountid_all(): try: - client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) + client = boto3.client("sts") account_id = client.get_caller_identity()["Account"] account_userid = client.get_caller_identity()["UserId"] account_arn = client.get_caller_identity()["Arn"] @@ -49,5 +59,4 @@ def get_accountid_all(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") - return account_id \ No newline at end of file diff --git a/modules/datapipeline.py b/modules/datapipeline.py index f5c5684..bd198d9 100644 --- a/modules/datapipeline.py +++ b/modules/datapipeline.py @@ -1,10 +1,12 @@ ''' -data pipeline example +datapipeline modules ''' from libs.datapipeline import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY def step_datapipeline_list_pipelines(): - list_pipelines(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + ''' + List Pipelines + ''' + list_pipelines() diff --git a/modules/db.py b/modules/db.py index b5f9a99..95b3974 100644 --- a/modules/db.py +++ b/modules/db.py @@ -2,13 +2,15 @@ queries that interact with db can go here ''' - +import boto3 import sqlite3 from sqlite3 import Error from libs.sql import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key # for a key, what services does it have listed in the DB def step_show_services_by_key(): diff --git a/modules/recon.py b/modules/recon.py index 92a293a..dc62c29 100644 --- a/modules/recon.py +++ b/modules/recon.py @@ -5,6 +5,7 @@ from libs.s3 import * def step_recon_all(): + get_accountid() check_root_account() brute_acm_permissions() # AlexaForBusiness diff --git a/modules/sts.py b/modules/sts.py index 67a5ed3..298cec6 100644 --- a/modules/sts.py +++ b/modules/sts.py @@ -2,11 +2,11 @@ This file is used to perform some EMR actions ''' from libs.sts import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + def step_sts_get_accountid(): - get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + get_accountid() def step_sts_get_accountidall(): - get_accountid_all(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) \ No newline at end of file + get_accountid_all() \ No newline at end of file