documentation and rm'ing the key piece
This commit is contained in:
carnal0wnage
@@ -1,18 +1,25 @@
|
||||
'''
|
||||
lamda functions
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import os
|
||||
import pprint
|
||||
import sys
|
||||
|
||||
'''
|
||||
lamda functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
|
||||
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
|
||||
def list_functions():
|
||||
print("### Listing Lambda Functions ###")
|
||||
|
||||
@@ -11,6 +11,13 @@ import datetime
|
||||
|
||||
from libs.sql import *
|
||||
|
||||
'''
|
||||
This is the main brute library so that we can get an idea what services a particular
|
||||
key has access to. We do this by asking if we have permission on as many services &
|
||||
subfunctions as we can. Printed to screen and logged to db.
|
||||
'''
|
||||
|
||||
|
||||
# we chould probably load this from one place in the future #TODO
|
||||
db_name = "weirdAAL.db"
|
||||
|
||||
@@ -24,15 +31,30 @@ regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', '
|
||||
|
||||
region = 'us-east-1'
|
||||
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
#print(AWS_ACCESS_KEY_ID)
|
||||
|
||||
|
||||
def get_accountid():
|
||||
client = boto3.client('sts', region_name=region)
|
||||
try:
|
||||
client = boto3.client("sts")
|
||||
account_id = client.get_caller_identity()["Account"]
|
||||
print("Account Id: {}" .format(account_id))
|
||||
except botocore.exceptions.ClientError as e:
|
||||
if e.response['Error']['Code'] == 'InvalidClientTokenId':
|
||||
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
|
||||
elif e.response['Error']['Code'] == 'EndpointConnectionError':
|
||||
print("[-] Cant connect to the {} endpoint [-]" .format(region))
|
||||
elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
|
||||
print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
|
||||
else:
|
||||
print("Unexpected error: {}" .format(e))
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
return account_id
|
||||
|
||||
# NOT QUITE WORKING YET
|
||||
|
||||
20
libs/ce.py
20
libs/ce.py
@@ -1,21 +1,29 @@
|
||||
'''
|
||||
Cost Explorer Library
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import pprint
|
||||
import sys
|
||||
|
||||
'''
|
||||
Cost Explorer functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
#from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', ]
|
||||
|
||||
def ce_get_cost_and_usage(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
|
||||
def ce_get_cost_and_usage():
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('ce', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('ce', region_name=region)
|
||||
response = client.get_cost_and_usage(TimePeriod={'Start': '2018-01-01', 'End': '2018-04-01'}, Granularity='MONTHLY', Metrics=["BlendedCost", "UnblendedCost", "UsageQuantity"],)
|
||||
print(response)
|
||||
#if response.get('Services') is None:
|
||||
|
||||
@@ -1,24 +1,32 @@
|
||||
'''
|
||||
Cloudtrail functions
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import os
|
||||
import pprint
|
||||
import sys
|
||||
|
||||
'''
|
||||
Cloudtrail functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1' ]
|
||||
# 'cn-north-1', 'cn-northwest-1', 'us-gov-west-1' throwing An error occurred (UnrecognizedClientException) when calling the DescribeTrails operation: The security token included in the request is invalid.
|
||||
|
||||
def describe_trails(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
|
||||
def describe_trails():
|
||||
print("### Printing CloudTrail DescribeTrails ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('cloudtrail', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('cloudtrail', region_name=region)
|
||||
|
||||
response = client.describe_trails()
|
||||
|
||||
@@ -49,11 +57,12 @@ def describe_trails(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def list_public_keys(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
|
||||
def list_public_keys():
|
||||
print("### Printing CloudTrail DescribeTrails ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('cloudtrail', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('cloudtrail', region_name=region)
|
||||
|
||||
response = client.list_public_keys()
|
||||
|
||||
|
||||
@@ -1,22 +1,31 @@
|
||||
'''
|
||||
cloudwatch functions
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import os
|
||||
import pprint
|
||||
import sys,os
|
||||
import sys
|
||||
|
||||
'''
|
||||
Cloudwatch functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
#from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
|
||||
|
||||
def describe_alarms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
|
||||
def describe_alarms():
|
||||
print("### Printing Cloudwatch Alarm Information ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('cloudwatch', region_name=region)
|
||||
|
||||
response = client.describe_alarms()
|
||||
print ("### {} Alarms ###" .format(region))
|
||||
@@ -37,11 +46,11 @@ def describe_alarms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def describe_alarm_history(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def describe_alarm_history():
|
||||
print("### Printing Cloudwatch Alarm History Information ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region)
|
||||
client = boto3.client('cloudwatch', region_name=region)
|
||||
|
||||
response = client.describe_alarm_history()
|
||||
#print response
|
||||
@@ -68,11 +77,11 @@ def describe_alarm_history(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def list_metrics(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def list_metrics():
|
||||
print("### Printing Cloudwatch List Metrics ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region)
|
||||
client = boto3.client('cloudwatch', region_name=region)
|
||||
|
||||
response = client.list_metrics()
|
||||
#print response
|
||||
|
||||
@@ -1,22 +1,29 @@
|
||||
'''
|
||||
Config Library
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import pprint
|
||||
import sys
|
||||
|
||||
'''
|
||||
Config functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
#from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
|
||||
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
def describe_configuration_recorders(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, region):
|
||||
|
||||
def describe_configuration_recorders(region):
|
||||
response = {}
|
||||
try:
|
||||
client = boto3.client("config", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region)
|
||||
client = boto3.client("config", region_name=region)
|
||||
|
||||
response = client.describe_configuration_recorders()
|
||||
#print response
|
||||
@@ -40,10 +47,10 @@ def describe_configuration_recorders(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, r
|
||||
|
||||
return response
|
||||
|
||||
def describe_configuration_rules(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, region):
|
||||
def describe_configuration_rules(region):
|
||||
response = []
|
||||
try:
|
||||
client = boto3.client("config", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region)
|
||||
client = boto3.client("config", region_name=region)
|
||||
|
||||
response = client.describe_config_rules()
|
||||
#print response
|
||||
|
||||
@@ -1,22 +1,38 @@
|
||||
'''
|
||||
datapipeline functions
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import os
|
||||
import pprint
|
||||
import sys,os
|
||||
import sys
|
||||
|
||||
'''
|
||||
Datapipleine functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-west-2', 'eu-west-1', 'ap-northeast-1', 'ap-southeast-2', ]
|
||||
|
||||
def list_pipelines(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
|
||||
def list_pipelines():
|
||||
'''
|
||||
Function to use the datapipeline boto3 library to list available pipelines
|
||||
'''
|
||||
print("### Printing Data Pipeline Pipelines ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('datapipeline', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('datapipeline', region_name=region)
|
||||
response = client.list_pipelines()
|
||||
print("### {} Data Pipelines ###" .format(region))
|
||||
if response.get('pipelineIdList') is None:
|
||||
|
||||
@@ -1,24 +1,31 @@
|
||||
'''
|
||||
dynamoDB functions
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import pprint
|
||||
import sys
|
||||
import os
|
||||
|
||||
'''
|
||||
dynamoDB functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2']
|
||||
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
def list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
|
||||
def list_dynamodb_tables():
|
||||
print("### Printing DynamoDB Tables ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('dynamodb', region_name=region)
|
||||
response = client.list_tables()
|
||||
if response.get('TableNames') is None:
|
||||
print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID))
|
||||
@@ -43,11 +50,11 @@ def list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
|
||||
def list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def list_dynamodb_tables_detailed():
|
||||
print("### Printing DynamoDB Tables ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('dynamodb', region_name=region)
|
||||
response = client.list_tables()
|
||||
if response.get('TableNames') is None:
|
||||
print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID))
|
||||
@@ -74,10 +81,10 @@ def list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
|
||||
def describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, table, region):
|
||||
def describe_table(table, region):
|
||||
print("### Describing DynamoDB Table: {} ###" .format(table))
|
||||
try:
|
||||
client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('dynamodb', region_name=region)
|
||||
response = client.describe_table(TableName=table)
|
||||
if response.get('Table') is None:
|
||||
print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID))
|
||||
|
||||
@@ -1,24 +1,31 @@
|
||||
'''
|
||||
dynamoDBstreams functions
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import pprint
|
||||
import os
|
||||
import sys
|
||||
|
||||
'''
|
||||
dynamoDBstreams functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2']
|
||||
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
def list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
|
||||
def list_dynamodbstreams():
|
||||
print("### Printing DynamoDBstreams ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('dynamodbstreams', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('dynamodbstreams', region_name=region)
|
||||
response = client.list_streams()
|
||||
if response.get('Streams') is None:
|
||||
print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID))
|
||||
|
||||
15
libs/ec2.py
15
libs/ec2.py
@@ -1,17 +1,22 @@
|
||||
'''
|
||||
ec2 functions go here
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import pprint
|
||||
|
||||
'''
|
||||
EC2 functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2']
|
||||
|
||||
# we are past the enumeration stage at this point assume you have key that works
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
|
||||
def review_encrypted_volumes():
|
||||
|
||||
20
libs/ecr.py
20
libs/ecr.py
@@ -1,23 +1,31 @@
|
||||
'''
|
||||
ECR functions
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import os
|
||||
import pprint
|
||||
import sys
|
||||
|
||||
'''
|
||||
ECR functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-southeast-1', 'ap-southeast-2', ]
|
||||
|
||||
def describe_repositories(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
|
||||
def describe_repositories():
|
||||
print("### Printing ECR Repositories ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('ecr', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('ecr', region_name=region)
|
||||
|
||||
response = client.describe_repositories()
|
||||
|
||||
|
||||
@@ -1,24 +1,31 @@
|
||||
'''
|
||||
ElasticBeanstalk functions
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import os
|
||||
import pprint
|
||||
import sys
|
||||
|
||||
'''
|
||||
ElasticBeanstalk functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
|
||||
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
def describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
|
||||
def describe_applications():
|
||||
print("### Printing ElasticBeanstalk Applications ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('elasticbeanstalk', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('elasticbeanstalk', region_name=region)
|
||||
|
||||
response = client.describe_applications()
|
||||
|
||||
@@ -47,11 +54,11 @@ def describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
|
||||
def describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def describe_application_versions():
|
||||
print("### Printing ElasticBeanstalk Applications Versions ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('elasticbeanstalk', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('elasticbeanstalk', region_name=region)
|
||||
|
||||
response = client.describe_application_versions()
|
||||
|
||||
@@ -80,11 +87,11 @@ def describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
|
||||
def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def describe_configuration_options():
|
||||
print("### Printing ElasticBeanstalk Configuration Options ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('elasticbeanstalk', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('elasticbeanstalk', region_name=region)
|
||||
|
||||
response = client.describe_configuration_options()
|
||||
print(response)
|
||||
@@ -119,11 +126,11 @@ def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
|
||||
def describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def describe_environments():
|
||||
print("### Printing ElasticBeanstalk Environments ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('elasticbeanstalk', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('elasticbeanstalk', region_name=region)
|
||||
|
||||
response = client.describe_environments()
|
||||
|
||||
@@ -152,11 +159,11 @@ def describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
|
||||
def describe_events(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def describe_events():
|
||||
print("### Printing ElasticBeanstalk Environments ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('elasticbeanstalk', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('elasticbeanstalk', region_name=region)
|
||||
|
||||
response = client.describe_events()
|
||||
|
||||
|
||||
23
libs/emr.py
23
libs/emr.py
@@ -1,24 +1,31 @@
|
||||
'''
|
||||
EMR functions
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import os
|
||||
import pprint
|
||||
import sys
|
||||
|
||||
'''
|
||||
EMR functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
|
||||
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
|
||||
def list_clusters():
|
||||
print("### Printing EMR Clusters ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('emr', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('emr', region_name=region)
|
||||
|
||||
response = client.list_clusters()
|
||||
|
||||
@@ -45,11 +52,11 @@ def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
|
||||
def list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def list_security_configurations():
|
||||
print("### Printing EMR Security Configuration ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('emr', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('emr', region_name=region)
|
||||
|
||||
response = client.list_security_configurations()
|
||||
|
||||
|
||||
@@ -1,23 +1,31 @@
|
||||
'''
|
||||
Firehose functions
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import os
|
||||
import pprint
|
||||
import sys
|
||||
|
||||
'''
|
||||
Firehose functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'eu-central-1', 'eu-west-1', 'ap-northeast-1', 'ap-southeast-1', 'ap-southeast-2', ]
|
||||
|
||||
def firehose_list_delivery_streams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
|
||||
def firehose_list_delivery_streams():
|
||||
print("### Printing Firehose Delivery Streams ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('firehose', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('firehose', region_name=region)
|
||||
|
||||
response = client.list_delivery_streams()
|
||||
|
||||
@@ -44,11 +52,11 @@ def firehose_list_delivery_streams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
|
||||
def firehose_describe_delivery_streams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def firehose_describe_delivery_streams():
|
||||
print("### Printing Firehose Delivery Streams & details ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('firehose', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('firehose', region_name=region)
|
||||
|
||||
response = client.list_delivery_streams()
|
||||
|
||||
|
||||
93
libs/iam.py
93
libs/iam.py
@@ -1,7 +1,3 @@
|
||||
'''
|
||||
IAM library
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
|
||||
@@ -11,12 +7,25 @@ import logging
|
||||
import sys,os
|
||||
import pprint
|
||||
|
||||
'''
|
||||
IAM functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
region = 'us-east-1'
|
||||
regions = ['us-east-1']
|
||||
def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name='us-east-1')
|
||||
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
|
||||
def check_root_account():
|
||||
client = boto3.client('iam',region_name=region)
|
||||
|
||||
try:
|
||||
acct_summary = client.get_account_summary()
|
||||
@@ -58,8 +67,8 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def change_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, password):
|
||||
client = boto3.client('iam', aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
def change_user_console_password(username, password):
|
||||
client = boto3.client('iam', region_name=region)
|
||||
|
||||
try:
|
||||
response = client.update_login_profile(UserName=username,Password=password, PasswordResetRequired=False)
|
||||
@@ -76,8 +85,8 @@ def change_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, usern
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
|
||||
def create_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, password):
|
||||
client = boto3.client('iam', aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
def create_user_console_password(username, password):
|
||||
client = boto3.client('iam', region_name=region)
|
||||
|
||||
try:
|
||||
response = client.create_login_profile(UserName=username,Password=password, PasswordResetRequired=False)
|
||||
@@ -94,8 +103,8 @@ def create_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, usern
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
|
||||
def get_password_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
client = boto3.client('iam', aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
def get_password_policy():
|
||||
client = boto3.client('iam', region_name=region)
|
||||
|
||||
try:
|
||||
pass_policy = client.get_account_password_policy()
|
||||
@@ -106,8 +115,8 @@ def get_password_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def create_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username):
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
def create_user(username):
|
||||
client = boto3.client('iam', region_name=region)
|
||||
|
||||
try:
|
||||
print("Creating a new IAM user named: {}" .format(username))
|
||||
@@ -123,8 +132,8 @@ def create_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username):
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username):
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
def create_access_key( username):
|
||||
client = boto3.client('iam', region_name=region)
|
||||
|
||||
try:
|
||||
create_access_key = client.create_access_key(UserName=username)
|
||||
@@ -135,8 +144,8 @@ def create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username):
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def delete_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, accesskey):
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
def delete_access_key(username, accesskey):
|
||||
client = boto3.client('iam', region_name=region)
|
||||
|
||||
try:
|
||||
delete_access_key = client.delete_access_key(UserName=username, AccessKeyId=accesskey)
|
||||
@@ -151,8 +160,8 @@ def delete_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, access
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
#untested :-/ but should work #TODO
|
||||
def delete_mfa_device(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, mfaserial):
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
def delete_mfa_device(username, mfaserial):
|
||||
client = boto3.client('iam', region_name=region)
|
||||
try:
|
||||
delete_mfa = client.deactivate_mfa_device(UserName=username, SerialNumber=mfaserial)
|
||||
print("Deleting a MFA device: {} for: {}" .format(mfaserial, username))
|
||||
@@ -166,8 +175,8 @@ def delete_mfa_device(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, mfaser
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
|
||||
def make_admin(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username):
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
def make_admin(username):
|
||||
client = boto3.client('iam', region_name=region)
|
||||
|
||||
try:
|
||||
make_admin = client.attach_user_policy(UserName=username, PolicyArn='arn:aws:iam::aws:policy/AdministratorAccess')
|
||||
@@ -182,8 +191,8 @@ def make_admin(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username):
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def make_backdoor_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, password):
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
def make_backdoor_account( username, password):
|
||||
client = boto3.client('iam', region_name=region)
|
||||
|
||||
try:
|
||||
print("making backdoor account with username: {}" .format(username))
|
||||
@@ -197,11 +206,11 @@ def make_backdoor_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, pa
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def iam_list_groups(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def iam_list_groups():
|
||||
print("### Printing IAM Groups ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('iam', region_name=region)
|
||||
response = client.list_groups()
|
||||
if response.get('Groups') is None:
|
||||
print("{} likely does not have IAM permissions\n" .format(AWS_ACCESS_KEY_ID))
|
||||
@@ -227,11 +236,11 @@ def iam_list_groups(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def iam_get_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def iam_get_user():
|
||||
print("### Printing IAM User Info ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('iam', region_name=region)
|
||||
response = client.get_user()
|
||||
print(response)
|
||||
if response.get('User') is None:
|
||||
@@ -258,11 +267,11 @@ def iam_get_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def iam_get_account_summary(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def iam_get_account_summary():
|
||||
print("### Printing IAM Account Summary ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('iam', region_name=region)
|
||||
|
||||
response = client.get_account_summary()
|
||||
# print(response)
|
||||
@@ -287,11 +296,11 @@ def iam_get_account_summary(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def iam_list_users(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def iam_list_users():
|
||||
print("### Printing IAM Users ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('iam', region_name=region)
|
||||
|
||||
response = client.list_users()
|
||||
# print(response)
|
||||
@@ -317,11 +326,11 @@ def iam_list_users(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
|
||||
def iam_list_roles(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def iam_list_roles():
|
||||
print("### Printing IAM Roles ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('iam', region_name=region)
|
||||
|
||||
response = client.list_roles()
|
||||
# print(response)
|
||||
@@ -350,11 +359,11 @@ def iam_list_roles(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
|
||||
def iam_list_policies(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def iam_list_policies():
|
||||
print("### Printing IAM Policies ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('iam', region_name=region)
|
||||
|
||||
response = client.list_policies()
|
||||
# print(response)
|
||||
@@ -383,11 +392,11 @@ def iam_list_policies(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
# dont use see below
|
||||
def iam_list_user_policies(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username):
|
||||
def iam_list_user_policies(username):
|
||||
print("### Printing IAM Policies for {} ###".format(username))
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('iam', region_name=region)
|
||||
|
||||
response = client.list_user_policies(UserName=username)
|
||||
# print(response)
|
||||
@@ -415,11 +424,11 @@ def iam_list_user_policies(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username):
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def iam_list_attached_user_policies(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username):
|
||||
def iam_list_attached_user_policies(username):
|
||||
print("### Printing Attached IAM Policies for {} ###".format(username))
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('iam', region_name=region)
|
||||
|
||||
response = client.list_attached_user_policies(UserName=username)
|
||||
# print(response)
|
||||
@@ -447,11 +456,11 @@ def iam_list_attached_user_policies(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, us
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def iam_list_entities_for_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, policy_arn):
|
||||
def iam_list_entities_for_policy(policy_arn):
|
||||
print("### Printing IAM Entity Policies for {} ###".format(policy_arn))
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('iam', region_name=region)
|
||||
|
||||
response = client.list_entities_for_policy(PolicyArn=policy_arn)
|
||||
print(response)
|
||||
|
||||
@@ -2,21 +2,30 @@ import boto3
|
||||
import botocore
|
||||
import pprint
|
||||
|
||||
'''
|
||||
Opsworks functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
# http://docs.aws.amazon.com/general/latest/gr/rande.html#opsworks_region
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-1', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1' ]
|
||||
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
def describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
|
||||
def describe_stacks():
|
||||
print('#### Listing Stacks ####')
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client(
|
||||
'opsworks',
|
||||
aws_access_key_id=AWS_ACCESS_KEY_ID,
|
||||
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
|
||||
region_name=region
|
||||
)
|
||||
response = client.describe_stacks()
|
||||
@@ -45,14 +54,12 @@ def describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
|
||||
def describe_user_profiles(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def describe_user_profiles():
|
||||
print('#### Listing User Profiles ####')
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client(
|
||||
'opsworks',
|
||||
aws_access_key_id=AWS_ACCESS_KEY_ID,
|
||||
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
|
||||
region_name=region
|
||||
)
|
||||
response = client.describe_user_profiles()
|
||||
|
||||
@@ -1,22 +1,29 @@
|
||||
'''
|
||||
Pricing Library
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import pprint
|
||||
import sys
|
||||
|
||||
'''
|
||||
Pricing functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
#from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'ap-south-1', ]
|
||||
regions = ['us-east-1', 'ap-south-1' ]
|
||||
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
|
||||
def pricing_describe_services(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def pricing_describe_services():
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client('pricing', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('pricing', region_name=region)
|
||||
response = client.describe_services()
|
||||
print(response)
|
||||
if response.get('Services') is None:
|
||||
|
||||
15
libs/rds.py
15
libs/rds.py
@@ -2,20 +2,29 @@ import boto3
|
||||
import botocore
|
||||
import pprint
|
||||
|
||||
'''
|
||||
RDS functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
|
||||
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
def describe_db_instances(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
|
||||
def describe_db_instances():
|
||||
print("### Printing RDS DB instances ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client(
|
||||
'rds',
|
||||
aws_access_key_id = AWS_ACCESS_KEY_ID,
|
||||
aws_secret_access_key = AWS_SECRET_ACCESS_KEY,
|
||||
region_name=region
|
||||
)
|
||||
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
'''
|
||||
Route53 functions
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import os
|
||||
import pprint
|
||||
import sys,os
|
||||
import sys
|
||||
|
||||
'''
|
||||
Route53 functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
@@ -14,12 +15,20 @@ regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', '
|
||||
|
||||
region_single = ['us-east-1']
|
||||
|
||||
def list_geolocations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
|
||||
def list_geolocations():
|
||||
print("### Printing Route53 GeoLocations ###")
|
||||
try:
|
||||
#cheating because they are all the same for this function call
|
||||
for region in region_single:
|
||||
client = boto3.client('route53', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||
client = boto3.client('route53', region_name=region)
|
||||
|
||||
response = client.list_geo_locations()
|
||||
|
||||
|
||||
12
libs/s3.py
12
libs/s3.py
@@ -1,17 +1,21 @@
|
||||
'''
|
||||
S3 Library
|
||||
'''
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import pprint
|
||||
|
||||
'''
|
||||
S3 functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
|
||||
def get_s3bucket_policy(bucket):
|
||||
client = boto3.client(
|
||||
's3',
|
||||
|
||||
29
libs/ses.py
29
libs/ses.py
@@ -1,25 +1,30 @@
|
||||
'''
|
||||
SES functions
|
||||
'''
|
||||
|
||||
|
||||
import boto3
|
||||
import botocore
|
||||
import pprint
|
||||
|
||||
'''
|
||||
SES functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-west-2', 'eu-west-1' ]
|
||||
|
||||
def list_identities(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
|
||||
def list_identities():
|
||||
print("### Printing SES Identifies ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client(
|
||||
'ses',
|
||||
aws_access_key_id = AWS_ACCESS_KEY_ID,
|
||||
aws_secret_access_key = AWS_SECRET_ACCESS_KEY,
|
||||
region_name=region
|
||||
)
|
||||
|
||||
@@ -48,14 +53,12 @@ def list_identities(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def get_send_statistics(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def get_send_statistics():
|
||||
print("### Printing SES Identifies ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client(
|
||||
'ses',
|
||||
aws_access_key_id = AWS_ACCESS_KEY_ID,
|
||||
aws_secret_access_key = AWS_SECRET_ACCESS_KEY,
|
||||
region_name=region
|
||||
)
|
||||
|
||||
@@ -84,14 +87,12 @@ def get_send_statistics(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
def list_configuration_sets(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def list_configuration_sets():
|
||||
print("### Printing SES Identifies ###")
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client(
|
||||
'ses',
|
||||
aws_access_key_id = AWS_ACCESS_KEY_ID,
|
||||
aws_secret_access_key = AWS_SECRET_ACCESS_KEY,
|
||||
region_name=region
|
||||
)
|
||||
|
||||
|
||||
@@ -1,6 +1,10 @@
|
||||
import sqlite3
|
||||
from sqlite3 import Error
|
||||
|
||||
'''
|
||||
Custom SQL/database functions for WeirdAAL
|
||||
'''
|
||||
|
||||
def create_table(db_name,table_name,sql):
|
||||
with sqlite3.connect(db_name) as db:
|
||||
cursor = db.cursor()
|
||||
|
||||
15
libs/sqs.py
15
libs/sqs.py
@@ -2,16 +2,27 @@ import boto3
|
||||
import botocore
|
||||
import pprint
|
||||
|
||||
'''
|
||||
SQS functions for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
# from https://docs.aws.amazon.com/general/latest/gr/rande.html#sqs_region
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', 'ca-central-1', 'cn-north-1', 'cn-northwest-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1', 'us-gov-west-1' ]
|
||||
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
def sqs_list_queues(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
|
||||
def sqs_list_queues():
|
||||
try:
|
||||
for region in regions:
|
||||
client = boto3.client("sqs", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY)
|
||||
client = boto3.client("sqs", region_name=region)
|
||||
response = client.list_queues()
|
||||
if response.get('QueueUrls') is None:
|
||||
print("[-] ListQueues allowed for {} but no results [-]" .format(region))
|
||||
|
||||
25
libs/sts.py
25
libs/sts.py
@@ -1,16 +1,28 @@
|
||||
import boto3
|
||||
import botocore
|
||||
import pprint
|
||||
import sys
|
||||
|
||||
'''
|
||||
STS libs for WeirdAAL
|
||||
'''
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
# from http://docs.aws.amazon.com/general/latest/gr/rande.html
|
||||
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
|
||||
# regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
|
||||
|
||||
'''
|
||||
Code to get the AWS_ACCESS_KEY_ID from boto3
|
||||
'''
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
|
||||
def get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def sts_get_accountid():
|
||||
try:
|
||||
client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY)
|
||||
client = boto3.client("sts")
|
||||
account_id = client.get_caller_identity()["Account"]
|
||||
print("Account Id: {}" .format(account_id))
|
||||
except botocore.exceptions.ClientError as e:
|
||||
@@ -22,16 +34,14 @@ def get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
|
||||
else:
|
||||
print("Unexpected error: {}" .format(e))
|
||||
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
return account_id
|
||||
|
||||
|
||||
def get_accountid_all(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def sts_get_accountid_all():
|
||||
try:
|
||||
client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY)
|
||||
client = boto3.client("sts")
|
||||
account_id = client.get_caller_identity()["Account"]
|
||||
account_userid = client.get_caller_identity()["UserId"]
|
||||
account_arn = client.get_caller_identity()["Arn"]
|
||||
@@ -49,5 +59,4 @@ def get_accountid_all(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
print("Unexpected error: {}" .format(e))
|
||||
except KeyboardInterrupt:
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
return account_id
|
||||
@@ -1,10 +1,12 @@
|
||||
'''
|
||||
data pipeline example
|
||||
datapipeline modules
|
||||
'''
|
||||
|
||||
from libs.datapipeline import *
|
||||
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
|
||||
|
||||
|
||||
def step_datapipeline_list_pipelines():
|
||||
list_pipelines(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
'''
|
||||
List Pipelines
|
||||
'''
|
||||
list_pipelines()
|
||||
|
||||
@@ -2,13 +2,15 @@
|
||||
queries that interact with db can go here
|
||||
'''
|
||||
|
||||
|
||||
import boto3
|
||||
import sqlite3
|
||||
from sqlite3 import Error
|
||||
|
||||
from libs.sql import *
|
||||
|
||||
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
# for a key, what services does it have listed in the DB
|
||||
def step_show_services_by_key():
|
||||
|
||||
@@ -5,6 +5,7 @@ from libs.s3 import *
|
||||
|
||||
|
||||
def step_recon_all():
|
||||
get_accountid()
|
||||
check_root_account()
|
||||
brute_acm_permissions()
|
||||
# AlexaForBusiness
|
||||
|
||||
@@ -2,11 +2,11 @@
|
||||
This file is used to perform some EMR actions
|
||||
'''
|
||||
from libs.sts import *
|
||||
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
|
||||
|
||||
|
||||
|
||||
def step_sts_get_accountid():
|
||||
get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
get_accountid()
|
||||
|
||||
def step_sts_get_accountidall():
|
||||
get_accountid_all(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
get_accountid_all()
|
||||
Reference in New Issue
Block a user