add the beginnings of brute.py / aws_enumerate port

brute/brute.py

@@ -0,0 +1,75 @@
+import boto3
+import botocore
+import pprint
+
+pp = pprint.PrettyPrinter(indent=5, width=80)
+
+
+
+#bruteforce EC2 access
+
+#from http://docs.aws.amazon.com/general/latest/gr/rande.html
+regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2',  ]
+
+def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, tests):
+    actions = []
+    try:
+        client = boto3.client('ec2', aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name='ap-southeast-1')
+    except Exception as e:
+        print('Failed to connect: "{}"' .format(e.error_message))
+        return actions
+    
+    actions = generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, tests)
+    if actions:
+    	print "\nActions allowed are:"
+        print actions
+
+    return actions
+
+def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, tests):
+    actions = []
+    client = boto3.client('ec2', aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name='ap-southeast-1')
+    for api_action, method_name, args, kwargs in tests:
+        try:
+            method = getattr(client, method_name)
+            method(*args, **kwargs)
+            #print method --wont return anything on dryrun
+        except botocore.exceptions.ClientError as e:
+        	if e.response['Error']['Code'] == 'DryRunOperation':
+        		print('{} IS allowed' .format(api_action))
+        		actions.append(api_action)
+        	else:
+        		print e   
+        else:
+            print('{} IS allowed' .format(api_action))
+            actions.append(api_action)
+    return actions
+
+#http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#client
+def brute_ec2_perms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
+	print ("### Enumerating EC2 Permissions ###")
+	perms =[]
+	tests = [('DescribeInstances', 'describe_instances', (), {'DryRun':True}, ),
+             ('DescribeInstanceStatus', 'describe_instance_status', (), {'DryRun':True}, ),
+             ('DescribeImages', 'describe_images', (), {'DryRun':True, 'Owners': ['self',]} ),
+             ('DescribeVolumes', 'describe_volumes', (), {'DryRun':True}, ),
+             ('DescribeSnapshots', 'describe_snapshots', (), {'DryRun':True, 'OwnerIds': ['self',]} ),
+             ('DescribeAccountAttributes', 'describe_account_attributes', (), {'DryRun':True}, ),
+             ('DescribeAccounts', 'describe_addresses', (), {'DryRun':True}, ),
+             ('DescribeAddresses','describe_addresses', (), {'DryRun':True}, ),
+             ('DescribeAvailabilityZones', 'describe_availability_zones', (), {'DryRun':True}, ),
+             ('DescribeBundleTasks', 'describe_bundle_tasks', (), {'DryRun':True}, ),
+             ('DescribeClassicLinkInstances','describe_classic_link_instances', (), {'DryRun':True}, ),
+             ('DescribeConversionTasks', 'describe_conversion_tasks', (), {'DryRun':True}, ),
+             ('DescribeCustomerGateways', 'describe_customer_gateways', (), {'DryRun':True}, ),
+             ('DescribeDhcpOptions', 'describe_dhcp_options', (), {'DryRun':True}, ),
+             ('DescribeEgressOnlyInternetGateways','describe_egress_only_internet_gateways', (), {'DryRun':True}, ),
+
+
+             #('', '', (), {'DryRun':True}, ),
+             ]
+	return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, tests)
+
+
+brute_ec2_perms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
+