From 5f27bcdfe64ebe183996ee96d93f2b649639b8a0 Mon Sep 17 00:00:00 2001
From: carnal0wnage <chris@carnal0wnage.com>
Date: Wed, 26 Sep 2018 16:54:49 -0400
Subject: [PATCH] gcp

---
 libs/gcp/gcp_bigquery.py | 28 ++++++++++++++++++++++++++++
 libs/gcp/gcp_storage.py  |  2 +-
 modules/gcp/gcp_recon.py | 39 ++++++++++++++++++++++++++++-----------
 requirements.txt         |  1 +
 weirdAAL.py              |  2 +-
 5 files changed, 59 insertions(+), 13 deletions(-)
 create mode 100644 libs/gcp/gcp_bigquery.py

diff --git a/libs/gcp/gcp_bigquery.py b/libs/gcp/gcp_bigquery.py
new file mode 100644
index 0000000..22c0fa1
--- /dev/null
+++ b/libs/gcp/gcp_bigquery.py
@@ -0,0 +1,28 @@
+'''
+GCP BigQuery functions for WeirdAAL
+'''
+
+import google.auth
+import googleapiclient.discovery
+import os
+import sys
+
+from google.oauth2 import service_account
+
+from googleapiclient.errors import HttpError
+
+from google.cloud import bigquery, exceptions
+from google.cloud.exceptions import *
+
+
+def gcp_bigquery_list_datasets(project_id, credentials):
+    bigquery_client = bigquery.Client(project=credentials.project_id)
+    datasets = list(bigquery_client.list_datasets())
+    project = bigquery_client.project
+
+    if datasets:
+        print('Datasets in project {}:'.format(project))
+        for dataset in datasets:  # API request(s)
+            print('\t{}'.format(dataset.dataset_id))
+    else:
+        print('{} project does not contain any datasets.'.format(project))
\ No newline at end of file
diff --git a/libs/gcp/gcp_storage.py b/libs/gcp/gcp_storage.py
index 25ba689..ac0352f 100644
--- a/libs/gcp/gcp_storage.py
+++ b/libs/gcp/gcp_storage.py
@@ -35,5 +35,5 @@ def gcp_storage_list_blobs(credentials, bucket_name):
     blobs = bucket.list_blobs()
 
     for blob in blobs:
-        print(blob.name)
+        print('\t{}'.format(blob.name))
     print('\n')
\ No newline at end of file
diff --git a/modules/gcp/gcp_recon.py b/modules/gcp/gcp_recon.py
index 2385518..193dad4 100644
--- a/modules/gcp/gcp_recon.py
+++ b/modules/gcp/gcp_recon.py
@@ -7,6 +7,7 @@ that have functions that done have arguments if we can access them :-)
 
 from libs.gcp.gcp_iam import *
 from libs.gcp.gcp_storage import *
+from libs.gcp.gcp_bigquery import *
 
 credentials = service_account.Credentials.from_service_account_file(
     filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
@@ -27,9 +28,9 @@ def module_gcp_recon_all():
     except HttpError as e:
         # print(e)
         if e.resp.status in [403, 500, 503]:
-            print("\tGCP IAM access denied for {}".format(credentials.service_account_email))
+            print("\tGCP IAM access denied for {}\n".format(credentials.service_account_email))
         else:
-            print(e)
+            print('{}\n'.format(e))
     except google.auth.exceptions.RefreshError as f:
         print(f)
         print("Service key is invalid exiting")
@@ -42,9 +43,9 @@ def module_gcp_recon_all():
     except HttpError as e:
         # print(e)
         if e.resp.status in [403, 500, 503]:
-            print("\tIAM access denied for {}".format(credentials.service_account_email))
+            print("\tIAM access denied for {}\n".format(credentials.service_account_email))
         else:
-            print(e)
+            print('{}\n'.format(e))
     except google.auth.exceptions.RefreshError as f:
         print(f)
         print("Service key is invalid exiting")
@@ -54,19 +55,35 @@ def module_gcp_recon_all():
     Storage bucket access checks
     '''
     try:
-        print("Checking for storage buckets")
+        print("GCP Storage check")
         buckets = gcp_storage_list_buckets(credentials)
         if buckets:
-            print("\nAttempting to list bucket contents")
+            print("\nAttempting to list bucket contents:")
             for a in buckets:
-                print(a)
+                print('Bucket: {}'.format(a))
                 gcp_storage_list_blobs(credentials, a)
     except googleapiclient.errors.HttpError as e:
-        print(e)
+        print('{}\n'.format(e))
     except exceptions.Forbidden as e:
-            print("Forbidden")
-            print(e)
+        print("\t Forbidden")
+        print('{}\n'.format(e))
     except exceptions.PermissionDenied as e:
-            print("PermissionDenied")
+        print("\t PermissionDenied")
+    except google.auth.exceptions.RefreshError as f:
+        print(f)
+
+    '''
+    BigQuery access checks
+    ''' 
+    try:
+        print("GCP BigQuery check")
+        gcp_bigquery_list_datasets(credentials.project_id, credentials)
+    except googleapiclient.errors.HttpError as e:
+        print('{}\n'.format(e))
+    except exceptions.Forbidden as e:
+        print("\t Forbidden")
+        print('{}\n'.format(e))
+    except exceptions.PermissionDenied as e:
+            print("\t PermissionDenied")
     except google.auth.exceptions.RefreshError as f:
         print(f)
diff --git a/requirements.txt b/requirements.txt
index 1b4477b..8cc89c4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -11,3 +11,4 @@ tabulate==0.8.2
 google-api-python-client==1.7.4
 google.cloud==0.34.0
 google-cloud-storage==1.12.0
+google-cloud-bigquery==1.5.1
diff --git a/weirdAAL.py b/weirdAAL.py
index 13cec75..0543bc2 100755
--- a/weirdAAL.py
+++ b/weirdAAL.py
@@ -29,7 +29,7 @@ from google.cloud.exceptions import *
 
 os.environ['AWS_SHARED_CREDENTIALS_FILE'] = '.env'
 
-os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = 'gcp_keys/4.json'
+os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = 'gcp_keys/34.json'
 
 # If you want to use a transparent + supports SSL proxy you can put it here
 # os.environ['HTTPS_PROXY'] = 'https://127.0.0.1:3128'