Update s3.py

s3/s3.py

@@ -1 +1,98 @@
 #s3 functions go here
+
+def get_s3bucket_policy(access_key, secret_key, bucket):
+    client = boto3.client(
+            's3',
+            aws_access_key_id=AWS_ACCESS_KEY_ID,
+            aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
+            region_name='us-east-1'
+    )
+    
+    try:
+        bucket = bucket
+        print('\n#### Trying to enumate s3 buckets and bucket policy & ACL for {} ####' .format(bucket))
+
+        try:
+            for key in client.list_objects(Bucket=bucket,MaxKeys=100)['Contents']:
+                print('[+] '+ key['Key'].encode('utf-8').strip())
+                #print(key['Key']) #first 100 results
+        except KeyError as e:
+            print "KeyError havent tracked down reason yet"
+        except botocore.exceptions.ClientError as e:
+            if e.response['Error']['Code'] == 'AccessDenied':
+                print('%s : cant list s3 bucket [AccessDenied]' % AWS_ACCESS_KEY_ID)
+            elif e.response['Error']['Code'] == 'NoSuchBucketPolicy':
+                print('%s: Has No S3 Policy!' % bucket['Name'])
+            elif e.response['Error']['Code'] == 'AllAccessDisabled':
+                print('%s : cant list s3 bucket [AllAccessDisabled]' % AWS_ACCESS_KEY_ID)
+            else:
+                print "Unexpected error: %s" % e
+            
+        try:
+            policy = client.get_bucket_policy(Bucket=bucket)
+            if policy:
+                print(bucket + " Policy: ")
+                pp.pprint(policy['Policy'])
+                print("\n")
+            else:
+                pass
+        except botocore.exceptions.ClientError as e:
+            if e.response['Error']['Code'] == 'AccessDenied':
+                print('%s : cant list s3 bucket policy [AccessDenied]' % AWS_ACCESS_KEY_ID)
+            elif e.response['Error']['Code'] == 'NoSuchBucketPolicy':
+                print('%s: Has No S3 Policy!' % bucket)
+                print("\n")
+            elif e.response['Error']['Code'] == 'AllAccessDisabled':
+                print('%s : cant list s3 bucket policy [AllAccessDisabled]' % AWS_ACCESS_KEY_ID)
+            else:
+                print "Unexpected error: %s" % e
+                    
+        try:
+            acl = client.get_bucket_acl(Bucket=bucket)
+            if acl:
+                print(bucket + " Grants: ")
+                pp.pprint(acl['Grants'])
+                print("\n")
+            else:
+                pass
+        except botocore.exceptions.ClientError as e:
+            if e.response['Error']['Code'] == 'AccessDenied':
+                print('%s : cant list s3 bucket acl [AccessDenied]' % AWS_ACCESS_KEY_ID)
+            elif e.response['Error']['Code'] == 'NoSuchBucketPolicy':
+                print('%s: Has No S3 Policy!' % bucket)
+                print("\n")
+            elif e.response['Error']['Code'] == 'AllAccessDisabled':
+                print('%s : cant list s3 bucket acl [AllAccessDisabled]' % AWS_ACCESS_KEY_ID)
+            else:
+                print "Unexpected error: %s" % e
+
+    except botocore.exceptions.ClientError as e:
+        if e.response['Error']['Code'] == 'InvalidClientTokenId':
+            sys.exit("The AWS KEY IS INVALID. Exiting")
+        elif e.response['Error']['Code'] == 'NotSignedUp':
+            print('%s : doesnt have s3 access' % AWS_ACCESS_KEY_ID)
+        else:
+            print "Unexpected error: %s" % e
+
+ def get_s3object_acl(access_key, secret_key, bucket, myfile):
+    client = boto3.client(
+            's3',
+            aws_access_key_id=AWS_ACCESS_KEY_ID,
+            aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
+            region_name='us-east-1'
+    )
+    
+    try:
+        bucket = bucket
+        myobject = myfile
+        print('#### Trying to enumate s3 ACL for %s:%s ####\n ' % (bucket, myfile))
+        acl = client.get_object_acl(Bucket=bucket,Key=myfile)
+        print acl
+        
+    except botocore.exceptions.ClientError as e:
+        if e.response['Error']['Code'] == 'InvalidClientTokenId':
+            sys.exit("The AWS KEY IS INVALID. Exiting")
+        elif e.response['Error']['Code'] == 'NotSignedUp':
+            print('%s : doesnt have s3 access' % AWS_ACCESS_KEY_ID)
+        else:
+            print "Unexpected error: %s" % e