fix recon with new way of doing biz
This commit is contained in:
Chris Gates
396
libs/brute.py
396
libs/brute.py
File diff suppressed because it is too large
Load Diff
20
libs/s3.py
20
libs/s3.py
@@ -8,11 +8,13 @@ import pprint
|
||||
|
||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||
|
||||
def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket):
|
||||
session = boto3.Session()
|
||||
credentials = session.get_credentials()
|
||||
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||
|
||||
def get_s3bucket_policy(bucket):
|
||||
client = boto3.client(
|
||||
's3',
|
||||
aws_access_key_id=AWS_ACCESS_KEY_ID,
|
||||
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
|
||||
region_name='us-east-1'
|
||||
)
|
||||
|
||||
@@ -93,11 +95,9 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket):
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
#specifically get the acl on a file in a buckeet
|
||||
def get_s3object_acl(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket, myfile):
|
||||
def get_s3object_acl(bucket, myfile):
|
||||
client = boto3.client(
|
||||
's3',
|
||||
aws_access_key_id=AWS_ACCESS_KEY_ID,
|
||||
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
|
||||
region_name='us-east-1'
|
||||
)
|
||||
|
||||
@@ -121,11 +121,9 @@ def get_s3object_acl(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket, myfile):
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
#given an aws keypair what s3 assets does it have permission to
|
||||
def get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def get_s3objects_for_account():
|
||||
client = boto3.resource(
|
||||
's3',
|
||||
aws_access_key_id=AWS_ACCESS_KEY_ID,
|
||||
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
|
||||
region_name='us-east-1'
|
||||
)
|
||||
|
||||
@@ -149,11 +147,9 @@ def get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
print("CTRL-C received, exiting...")
|
||||
|
||||
|
||||
def get_s3objects_for_account_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
||||
def get_s3objects_for_account_detailed():
|
||||
client = boto3.resource(
|
||||
's3',
|
||||
aws_access_key_id=AWS_ACCESS_KEY_ID,
|
||||
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
|
||||
region_name='us-east-1'
|
||||
)
|
||||
|
||||
|
||||
178
modules/recon.py
178
modules/recon.py
@@ -3,89 +3,88 @@ from __future__ import print_function
|
||||
from libs.brute import *
|
||||
from libs.s3 import *
|
||||
|
||||
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
|
||||
|
||||
def step_recon_all():
|
||||
check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_acm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
check_root_account()
|
||||
brute_acm_permissions()
|
||||
# AlexaForBusiness
|
||||
brute_apigateway_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_apigateway_permissions()
|
||||
# Application Auto Scaling - no usable functions
|
||||
brute_appstream_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_appstream_permissions()
|
||||
# AppSync - no usable functions
|
||||
brute_athena_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_autoscaling_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_autoscaling_plans_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_batch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_athena_permissions()
|
||||
brute_autoscaling_permissions()
|
||||
brute_autoscaling_plans_permissions()
|
||||
brute_batch_permissions()
|
||||
brute_budgets_permissions()
|
||||
# CostExplorer
|
||||
# brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) Was working now its not
|
||||
brute_clouddirectory_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_cloudformation_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_cloudfront_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_cloudhsm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
# brute_cloud9_permissions() Was working now its not
|
||||
brute_clouddirectory_permissions()
|
||||
brute_cloudformation_permissions()
|
||||
brute_cloudfront_permissions()
|
||||
brute_cloudhsm_permissions()
|
||||
# cloudhsmv2
|
||||
brute_cloudsearch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_cloudsearch_permissions()
|
||||
# CloudSearchDomain
|
||||
brute_cloudtrail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_cloudwatch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_codebuild_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_codecommit_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_codedeploy_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_codepipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_codestar_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_cognitoidentity_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_cognitoidp_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_cognitosync_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_cloudtrail_permissions()
|
||||
brute_cloudwatch_permissions()
|
||||
brute_codebuild_permissions()
|
||||
brute_codecommit_permissions()
|
||||
brute_codedeploy_permissions()
|
||||
brute_codepipeline_permissions()
|
||||
brute_codestar_permissions()
|
||||
brute_cognitoidentity_permissions()
|
||||
brute_cognitoidp_permissions()
|
||||
brute_cognitosync_permissions()
|
||||
# Comprehend
|
||||
brute_configservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
# brute_costandusagereportservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) #Could not connect to the endpoint URL: "https://cur.us-west-2.amazonaws.com/"
|
||||
brute_datapipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_configservice_permissions()
|
||||
# brute_costandusagereportservice_permissions() #Could not connect to the endpoint URL: "https://cur.us-west-2.amazonaws.com/"
|
||||
brute_datapipeline_permissions()
|
||||
# DAX
|
||||
brute_devicefarm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_directconnect_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_applicationdiscoveryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_dms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_directoryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_dynamodb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_dynamodbstreams_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_ec2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_ecr_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_ecs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_efs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_elasticache_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_elasticbeanstalk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_elastictranscoder_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_elasticloadbalancing_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_elasticloadbalancingv2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_emr_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_es_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_cloudwatchevents_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_firehose_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_gamelift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_glacier_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_devicefarm_permissions()
|
||||
brute_directconnect_permissions()
|
||||
brute_applicationdiscoveryservice_permissions()
|
||||
brute_dms_permissions()
|
||||
brute_directoryservice_permissions()
|
||||
brute_dynamodb_permissions()
|
||||
brute_dynamodbstreams_permissions()
|
||||
brute_ec2_permissions()
|
||||
brute_ecr_permissions()
|
||||
brute_ecs_permissions()
|
||||
brute_efs_permissions()
|
||||
brute_elasticache_permissions()
|
||||
brute_elasticbeanstalk_permissions()
|
||||
brute_elastictranscoder_permissions()
|
||||
brute_elasticloadbalancing_permissions()
|
||||
brute_elasticloadbalancingv2_permissions()
|
||||
brute_emr_permissions()
|
||||
brute_es_permissions()
|
||||
brute_cloudwatchevents_permissions()
|
||||
brute_firehose_permissions()
|
||||
brute_gamelift_permissions()
|
||||
brute_glacier_permissions()
|
||||
# Glue
|
||||
brute_greengrass_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_greengrass_permissions()
|
||||
# GuardDuty
|
||||
brute_health_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_iam_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_importexport_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_inspector_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_iot_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_health_permissions()
|
||||
brute_iam_permissions()
|
||||
brute_importexport_permissions()
|
||||
brute_inspector_permissions()
|
||||
brute_iot_permissions()
|
||||
# IoTDataPlane no functions
|
||||
# IoTJobsDataPlane
|
||||
brute_kinesis_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_kinesis_permissions()
|
||||
# KinesisVideoArchivedMedia
|
||||
# KinesisVideoMedia
|
||||
brute_kinesisanalytics_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_kinesisanalytics_permissions()
|
||||
# KinesisVideo
|
||||
brute_kms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_lambda_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_lexmodels_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_kms_permissions()
|
||||
brute_lambda_permissions()
|
||||
brute_lexmodels_permissions()
|
||||
# LexRuntimeService #no functions
|
||||
brute_lightsail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_cloudwatchlogs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_machinelearning_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_lightsail_permissions()
|
||||
brute_cloudwatchlogs_permissions()
|
||||
brute_machinelearning_permissions()
|
||||
# marketplace-entitlement no functions
|
||||
# marketplacecommerceanalytics no functions
|
||||
# MediaConvert
|
||||
@@ -97,37 +96,37 @@ def step_recon_all():
|
||||
# MigrationHub
|
||||
# Mobile
|
||||
# MQ
|
||||
brute_mturk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_opsworks_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_opsworkscm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_organizations_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_mturk_permissions()
|
||||
brute_opsworks_permissions()
|
||||
brute_opsworkscm_permissions()
|
||||
brute_organizations_permissions()
|
||||
# PinPoint no functions
|
||||
brute_polly_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_polly_permissions()
|
||||
# Pricing
|
||||
brute_rds_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_redshift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_rekognition_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_rds_permissions()
|
||||
brute_redshift_permissions()
|
||||
brute_rekognition_permissions()
|
||||
# ResourceGroups
|
||||
brute_resourcegroupstaggingapi_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_route53_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_route53domains_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_s3_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_resourcegroupstaggingapi_permissions()
|
||||
brute_route53_permissions()
|
||||
brute_route53domains_permissions()
|
||||
brute_s3_permissions()
|
||||
# SageMaker
|
||||
# SageMakerRuntime
|
||||
brute_sdb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_sdb_permissions()
|
||||
# ServerlessApplicationRepository
|
||||
brute_servicecatalog_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_servicecatalog_permissions()
|
||||
# ServiceDiscovery
|
||||
brute_ses_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_shield_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_sms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_snowball_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_sns_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_sqs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_ses_permissions()
|
||||
brute_shield_permissions()
|
||||
brute_sms_permissions()
|
||||
brute_snowball_permissions()
|
||||
brute_sns_permissions()
|
||||
brute_sqs_permissions()
|
||||
# SSM
|
||||
brute_stepfunctions_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_stepfunctions_permissions()
|
||||
# StorageGateway
|
||||
brute_sts_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_sts_permissions()
|
||||
# Support
|
||||
# SWF
|
||||
# TranscribeService
|
||||
@@ -136,8 +135,9 @@ def step_recon_all():
|
||||
# WAFRegional
|
||||
# WorkDocs
|
||||
# WorkMail
|
||||
brute_workspaces_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
brute_workspaces_permissions()
|
||||
# XRay no functions
|
||||
|
||||
# S3 bucket's while we are here...
|
||||
get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
#commented out until s3 id/key shit is fixed in all modules/libs
|
||||
get_s3objects_for_account()
|
||||
|
||||
Reference in New Issue
Block a user