dash/weirdAAL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pep8 fixes

Browse Source
This commit is contained in:
carnal0wnage
2018-04-23 21:04:48 -04:00
parent f9dc173da3
commit 84fdf85a11
1 changed files with 34 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
libs/iam.py
View File

@@ -28,7 +28,7 @@ def check_root_account():
''' '''
Do various checks to see if the account has root or elevated IAM privs Do various checks to see if the account has root or elevated IAM privs
''' '''
client = boto3.client('iam',region_name=region) client = boto3.client('iam', region_name=region)
try: try:
acct_summary = client.get_account_summary() acct_summary = client.get_account_summary()
@@ -70,6 +70,7 @@ def check_root_account():
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def iam_change_user_console_password(username, password): def iam_change_user_console_password(username, password):
''' '''
Change the IAM console password of a specified user with the specified password Change the IAM console password of a specified user with the specified password
@@ -77,7 +78,7 @@ def iam_change_user_console_password(username, password):
client = boto3.client('iam', region_name=region) client = boto3.client('iam', region_name=region)
try: try:
response = client.update_login_profile(UserName=username,Password=password, PasswordResetRequired=False) response = client.update_login_profile(UserName=username, Password=password, PasswordResetRequired=False)
print('Changing password for user: {} to password: {}' .format(username, password)) print('Changing password for user: {} to password: {}' .format(username, password))
# print(response) # print(response)
print('Response to password change was: {}' .format(response['ResponseMetadata']['HTTPStatusCode'])) print('Response to password change was: {}' .format(response['ResponseMetadata']['HTTPStatusCode']))
@@ -99,7 +100,7 @@ def iam_create_user_console_password(username, password):
client = boto3.client('iam', region_name=region) client = boto3.client('iam', region_name=region)
try: try:
response = client.create_login_profile(UserName=username,Password=password, PasswordResetRequired=False) response = client.create_login_profile(UserName=username, Password=password, PasswordResetRequired=False)
print('Changing password for user: %s to password: {}' .format(username, password)) print('Changing password for user: %s to password: {}' .format(username, password))
print('Response to password change was: {}' .format(response['ResponseMetadata']['HTTPStatusCode'])) print('Response to password change was: {}' .format(response['ResponseMetadata']['HTTPStatusCode']))
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
@@ -128,6 +129,7 @@ def get_password_policy():
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def iam_create_user(username): def iam_create_user(username):
''' '''
This creates a IAM user, this does not set a password you need to call the This creates a IAM user, this does not set a password you need to call the
@@ -137,7 +139,7 @@ def iam_create_user(username):
try: try:
print("Creating a new IAM user named: {}" .format(username)) print("Creating a new IAM user named: {}" .format(username))
create_user = client.create_user(Path='/',UserName=username) create_user = client.create_user(Path='/', UserName=username)
print('Response to create user was: {}' .format(create_user['ResponseMetadata']['HTTPStatusCode'])) print('Response to create user was: {}' .format(create_user['ResponseMetadata']['HTTPStatusCode']))
print("New User Details") print("New User Details")
pp.pprint(create_user['User']) pp.pprint(create_user['User'])
@@ -149,6 +151,7 @@ def iam_create_user(username):
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def iam_create_access_key(username): def iam_create_access_key(username):
''' '''
Create a new access & secret key for the specified username Create a new access & secret key for the specified username
@@ -164,6 +167,7 @@ def iam_create_access_key(username):
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def iam_delete_access_key(username, accesskey): def iam_delete_access_key(username, accesskey):
''' '''
Delete the specified access key for the specified user and specified access key Delete the specified access key for the specified user and specified access key
@@ -200,6 +204,7 @@ def iam_delete_mfa_device(username, mfaserial):
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def iam_list_mfa_device(username): def iam_list_mfa_device(username):
''' '''
List MFA devices for a specified username List MFA devices for a specified username
@@ -230,6 +235,7 @@ def iam_list_mfa_device(username):
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def iam_make_admin(username): def iam_make_admin(username):
''' '''
Attach the builtin admin policy to the specified username Attach the builtin admin policy to the specified username
@@ -240,7 +246,7 @@ def iam_make_admin(username):
make_admin = client.attach_user_policy(UserName=username, PolicyArn='arn:aws:iam::aws:policy/AdministratorAccess') make_admin = client.attach_user_policy(UserName=username, PolicyArn='arn:aws:iam::aws:policy/AdministratorAccess')
print("Adding admin policy to: {}" .format(username)) print("Adding admin policy to: {}" .format(username))
print('Response to attaching admin policy was: {}' .format(make_admin['ResponseMetadata']['HTTPStatusCode'])) print('Response to attaching admin policy was: {}' .format(make_admin['ResponseMetadata']['HTTPStatusCode']))
#print('Response to delete key was: %s' % delete_access_key['ResponseMetadata']['HTTPStatusCode']) # print('Response to delete key was: %s' % delete_access_key['ResponseMetadata']['HTTPStatusCode'])
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'AccessDenied': if e.response['Error']['Code'] == 'AccessDenied':
print("ERROR: Account does not have permissions to add the policy") print("ERROR: Account does not have permissions to add the policy")
@@ -249,7 +255,8 @@ def iam_make_admin(username):
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def iam_make_backdoor_account( username, password):
def iam_make_backdoor_account(username, password):
client = boto3.client('iam', region_name=region) client = boto3.client('iam', region_name=region)
try: try:
@@ -264,6 +271,7 @@ def iam_make_backdoor_account( username, password):
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def iam_list_groups(): def iam_list_groups():
''' '''
List all IAM groups for the account List all IAM groups for the account
@@ -278,8 +286,8 @@ def iam_list_groups():
elif len(response['Groups']) <= 0: elif len(response['Groups']) <= 0:
print("[-] ListGroups allowed for {} but no results [-]\n" .format(region)) print("[-] ListGroups allowed for {} but no results [-]\n" .format(region))
else: else:
# print(response) # print(response)
print ("### {} Groups ###" .format(region)) print("### {} Groups ###" .format(region))
for group in response['Groups']: for group in response['Groups']:
pp.pprint(group) pp.pprint(group)
print("\n") print("\n")
@@ -297,6 +305,7 @@ def iam_list_groups():
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def iam_get_user(): def iam_get_user():
''' '''
Get user info: userid, arn, created date, password last used Get user info: userid, arn, created date, password last used
@@ -312,10 +321,10 @@ def iam_get_user():
elif len(response['User']) <= 0: elif len(response['User']) <= 0:
print("[-] GetUser allowed for {} but no results [-]\n" .format(region)) print("[-] GetUser allowed for {} but no results [-]\n" .format(region))
else: else:
# print(response) # print(response)
print ("### {} User Account Info ###" .format(region)) print("### {} User Account Info ###" .format(region))
for key, value in response['User'].items(): for key, value in response['User'].items():
print(key,':', value) print(key, ':', value)
print("\n") print("\n")
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
@@ -331,6 +340,7 @@ def iam_get_user():
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def iam_get_account_summary(): def iam_get_account_summary():
''' '''
calls get_account_summary(). This shows numbers of groups, polcies, MFA devices, etc calls get_account_summary(). This shows numbers of groups, polcies, MFA devices, etc
@@ -339,7 +349,6 @@ def iam_get_account_summary():
try: try:
for region in regions: for region in regions:
client = boto3.client('iam', region_name=region) client = boto3.client('iam', region_name=region)
response = client.get_account_summary() response = client.get_account_summary()
# print(response) # print(response)
if response.get('SummaryMap') is None: if response.get('SummaryMap') is None:
@@ -363,6 +372,7 @@ def iam_get_account_summary():
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def iam_list_users(): def iam_list_users():
''' '''
List users for the account List users for the account
@@ -371,7 +381,6 @@ def iam_list_users():
try: try:
for region in regions: for region in regions:
client = boto3.client('iam', region_name=region) client = boto3.client('iam', region_name=region)
response = client.list_users() response = client.list_users()
# print(response) # print(response)
if response.get('Users') is None: if response.get('Users') is None:
@@ -404,7 +413,6 @@ def iam_list_roles():
try: try:
for region in regions: for region in regions:
client = boto3.client('iam', region_name=region) client = boto3.client('iam', region_name=region)
response = client.list_roles() response = client.list_roles()
# print(response) # print(response)
if response.get('Roles') is None: if response.get('Roles') is None:
@@ -440,7 +448,6 @@ def iam_list_policies():
try: try:
for region in regions: for region in regions:
client = boto3.client('iam', region_name=region) client = boto3.client('iam', region_name=region)
response = client.list_policies() response = client.list_policies()
# print(response) # print(response)
if response.get('Policies') is None: if response.get('Policies') is None:
@@ -467,6 +474,7 @@ def iam_list_policies():
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def iam_list_policies_attached(): def iam_list_policies_attached():
''' '''
Lists all the managed policies that are available in your AWS account, including your own customer-defined managed policies and all AWS managed policies. Lists all the managed policies that are available in your AWS account, including your own customer-defined managed policies and all AWS managed policies.
@@ -476,7 +484,6 @@ def iam_list_policies_attached():
try: try:
for region in regions: for region in regions:
client = boto3.client('iam', region_name=region) client = boto3.client('iam', region_name=region)
response = client.list_policies(OnlyAttached=True) response = client.list_policies(OnlyAttached=True)
# print(response) # print(response)
if response.get('Policies') is None: if response.get('Policies') is None:
@@ -488,7 +495,7 @@ def iam_list_policies_attached():
print("Policy Name: {}".format(policy['PolicyName'])) print("Policy Name: {}".format(policy['PolicyName']))
pp.pprint(policy) pp.pprint(policy)
print('\n') print('\n')
# print(response) # print(response)
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
@@ -512,7 +519,6 @@ def iam_list_user_policies(username):
try: try:
for region in regions: for region in regions:
client = boto3.client('iam', region_name=region) client = boto3.client('iam', region_name=region)
response = client.list_user_policies(UserName=username) response = client.list_user_policies(UserName=username)
# print(response) # print(response)
if response.get('PolicyNames') is None: if response.get('PolicyNames') is None:
@@ -524,7 +530,7 @@ def iam_list_user_policies(username):
print("Policy Name: {}".format(policy['PolicyName'])) print("Policy Name: {}".format(policy['PolicyName']))
pp.pprint(policy) pp.pprint(policy)
print('\n') print('\n')
# print(response) # print(response)
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
@@ -539,6 +545,7 @@ def iam_list_user_policies(username):
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def iam_list_attached_user_policies(username): def iam_list_attached_user_policies(username):
''' '''
Lists all managed policies that are attached to the specified IAM user. Lists all managed policies that are attached to the specified IAM user.
@@ -547,7 +554,6 @@ def iam_list_attached_user_policies(username):
try: try:
for region in regions: for region in regions:
client = boto3.client('iam', region_name=region) client = boto3.client('iam', region_name=region)
response = client.list_attached_user_policies(UserName=username) response = client.list_attached_user_policies(UserName=username)
# print(response) # print(response)
if response.get('AttachedPolicies') is None: if response.get('AttachedPolicies') is None:
@@ -556,10 +562,10 @@ def iam_list_attached_user_policies(username):
print("[-] ListAttachedUserPolicies allowed for {} but no results [-]\n" .format(region)) print("[-] ListAttachedUserPolicies allowed for {} but no results [-]\n" .format(region))
else: else:
for policy in response['AttachedPolicies']: for policy in response['AttachedPolicies']:
#print("Policy Name: {}".format(policy['PolicyName'])) # print("Policy Name: {}".format(policy['PolicyName']))
pp.pprint(policy) pp.pprint(policy)
print('\n') print('\n')
# print(response) # print(response)
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
@@ -574,6 +580,7 @@ def iam_list_attached_user_policies(username):
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def iam_list_entities_for_policy(policy_arn): def iam_list_entities_for_policy(policy_arn):
''' '''
Lists all IAM users, groups, and roles that the specified managed policy is attached to. Lists all IAM users, groups, and roles that the specified managed policy is attached to.
@@ -582,17 +589,16 @@ def iam_list_entities_for_policy(policy_arn):
try: try:
for region in regions: for region in regions:
client = boto3.client('iam', region_name=region) client = boto3.client('iam', region_name=region)
response = client.list_entities_for_policy(PolicyArn=policy_arn) response = client.list_entities_for_policy(PolicyArn=policy_arn)
print(response) print(response)
#this needs a if data for PolicyGroups, PolicyUsers, PolicyRoles do stuff # this needs a if data for PolicyGroups, PolicyUsers, PolicyRoles do stuff
#if response.get('AttachedPolicies') is None: # if response.get('AttachedPolicies') is None:
# print("{} likely does not have IAM permissions\n" .format(AWS_ACCESS_KEY_ID)) # print("{} likely does not have IAM permissions\n" .format(AWS_ACCESS_KEY_ID))
#elif len(response['AttachedPolicies']) <= 0: # elif len(response['AttachedPolicies']) <= 0:
# print("[-] ListAttachedUserPolicies allowed for {} but no results [-]\n" .format(region)) # print("[-] ListAttachedUserPolicies allowed for {} but no results [-]\n" .format(region))
#else: # else:
# for policy in response['AttachedPolicies']: # for policy in response['AttachedPolicies']:
# #print("Policy Name: {}".format(policy['PolicyName'])) # #print("Policy Name: {}".format(policy['PolicyName']))
# pp.pprint(policy) # pp.pprint(policy)
@@ -610,4 +616,4 @@ def iam_list_entities_for_policy(policy_arn):
else: else:
print("Unexpected error: {}" .format(e)) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")