From 886ba10e4954cef910949aabdd2b7e07e1030155 Mon Sep 17 00:00:00 2001 From: Chris Gates Date: Mon, 16 Apr 2018 16:25:44 -0400 Subject: [PATCH] fix recon with new way of doing biz --- libs/brute.py | 396 ++++++++++++++++++++++++----------------------- libs/s3.py | 20 +-- modules/recon.py | 178 ++++++++++----------- 3 files changed, 298 insertions(+), 296 deletions(-) diff --git a/libs/brute.py b/libs/brute.py index 0728312..72c2d60 100644 --- a/libs/brute.py +++ b/libs/brute.py @@ -4,6 +4,7 @@ import boto3 import botocore import json import logging +import os import pprint import sys import datetime @@ -23,9 +24,14 @@ regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', ' region = 'us-east-1' +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key +#print(AWS_ACCESS_KEY_ID) -def get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) + +def get_accountid(): + client = boto3.client('sts', region_name=region) account_id = client.get_caller_identity()["Account"] return account_id @@ -37,8 +43,8 @@ def get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # return username -def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) +def check_root_account(): + client = boto3.client('iam') try: acct_summary = client.get_account_summary() @@ -70,7 +76,7 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("Unexpected error: {}" .format(e)) except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': - sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + print("{} : Does not have IAM Permissions" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) else: @@ -79,16 +85,16 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("CTRL-C received, exiting...") -def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests): +def generic_permission_bruteforcer(service, tests): actions = [] try: - client = boto3.client(service, aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client(service, region_name=region) except Exception as e: # print('Failed to connect: "{}"' .format(e.error_message)) print('Failed to connect: "{}"' .format(e)) return actions - actions = generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests) + actions = generic_method_bruteforcer(service, tests) if actions: print("\n[+] {} Actions allowed are [+]" .format(service)) print(actions) @@ -116,16 +122,16 @@ def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, ser print("\n") return actions -def generic_permission_bruteforcer_region(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests, region_passed): +def generic_permission_bruteforcer_region(service, tests, region_passed): actions = [] try: - client = boto3.client(service, aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client(service, region_name=region) except Exception as e: # print('Failed to connect: "{}"' .format(e.error_message)) print('Failed to connect: "{}"' .format(e)) return actions - actions = generic_method_bruteforcer_region(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests, region_passed) + actions = generic_method_bruteforcer_region(service, tests, region_passed) if actions: print("\n[+] {} Actions allowed are [+]" .format(service)) print(actions) @@ -153,9 +159,9 @@ def generic_permission_bruteforcer_region(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_K print("\n") return actions -def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests): +def generic_method_bruteforcer(service, tests): actions = [] - client = boto3.client(service, aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client(service, region_name=region) for api_action, method_name, args, kwargs in tests: try: method = getattr(client, method_name) @@ -189,9 +195,9 @@ def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service actions.append(api_action) return actions -def generic_method_bruteforcer_region(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests, region_passed): +def generic_method_bruteforcer_region(service, tests, region_passed): actions = [] - client = boto3.client(service, aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region_passed) + client = boto3.client(service, region_name=region_passed) for api_action, method_name, args, kwargs in tests: try: method = getattr(client, method_name) @@ -226,10 +232,10 @@ def generic_method_bruteforcer_region(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, # http://boto3.readthedocs.io/en/latest/reference/services/acm.html -def brute_acm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_acm_permissions(): print("### Enumerating ACM Permissions ###") tests = [('ListCertificates', 'list_certificates', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'acm', tests) + return generic_permission_bruteforcer('acm', tests) # http://boto3.readthedocs.io/en/latest/reference/services/alexaforbusiness.html # TODO @@ -238,7 +244,7 @@ def brute_acm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/apigateway.html -def brute_apigateway_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_apigateway_permissions(): print("### Enumerating APIGateway Permissions ###") tests = [('GetAccount', 'get_account', (), {}, ), ('GetApiKeys', 'get_api_keys', (), {}, ), @@ -247,7 +253,7 @@ def brute_apigateway_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('GetRestApis', 'get_rest_apis', (), {}, ), ('GetSdkTypes', 'get_sdk_types', (), {}, ), ('GetUsagePlans', 'get_usage_plans', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'apigateway', tests) + return generic_permission_bruteforcer('apigateway', tests) # http://boto3.readthedocs.io/en/latest/reference/services/application-autoscaling.html # TODO @@ -256,12 +262,12 @@ def brute_apigateway_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/appstream.html -def brute_appstream_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_appstream_permissions(): print("### Enumerating APPStream Permissions ###") tests = [('DescribeFleets', 'describe_fleets', (), {}, ), ('DescribeImages', 'describe_images', (), {}, ), ('DescribeStacks', 'describe_stacks', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'appstream', tests) + return generic_permission_bruteforcer('appstream', tests) # http://boto3.readthedocs.io/en/latest/reference/services/appsync.html # TODO @@ -270,16 +276,16 @@ def brute_appstream_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/athena.html -def brute_athena_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_athena_permissions(): print("### Enumerating Athena Permissions ###") tests = [('ListNamedQueries', 'list_named_queries', (), {}, ), ('ListQueryExecutions', 'list_query_executions', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'athena', tests) + return generic_permission_bruteforcer('athena', tests) # http://boto3.readthedocs.io/en/latest/reference/services/autoscaling.html -def brute_autoscaling_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_autoscaling_permissions(): print("### Enumerating Autoscaling Permissions ###") tests = [('DescribeAccountLimits', 'describe_account_limits', (), {}, ), ('DescribeAdjustmentTypes', 'describe_adjustment_types', (), {}, ), @@ -290,34 +296,34 @@ def brute_autoscaling_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('DescribeTags', 'describe_tags', (), {}, ), ('DescribeTerminationPolicyTypes', 'describe_termination_policy_types', (), {}, ), ('DescribePolicies', 'describe_policies', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'autoscaling', tests) + return generic_permission_bruteforcer('autoscaling', tests) # http://boto3.readthedocs.io/en/latest/reference/services/autoscaling-plans.html -def brute_autoscaling_plans_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_autoscaling_plans_permissions(): print("### Enumerating Autoscaling-Plans Permissions ###") tests = [('DescribeScalingPlans', 'describe_scaling_plans', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'autoscaling-plans', tests) + return generic_permission_bruteforcer('autoscaling-plans', tests) # http://boto3.readthedocs.io/en/latest/reference/services/batch.html -def brute_batch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_batch_permissions(): print("### Enumerating Batch Permissions ###") tests = [('DescribeComputeEnvironments', 'describe_compute_environments', (), {}, ), ('DescribeJobDefinitions', 'describe_job_definitions', (), {}, ), ('DescribeJobQueues', 'describe_job_queues', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'batch', tests) + return generic_permission_bruteforcer('batch', tests) # http://boto3.readthedocs.io/en/latest/reference/services/budgets.html -def brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_budgets_permissions(): print("### Enumerating Budgets Permissions ###") - account_id = get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + account_id = get_accountid() tests = [('DescribeBudgets', 'describe_budgets', (), {'AccountId': account_id}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'budgets', tests) + return generic_permission_bruteforcer('budgets', tests) # http://boto3.readthedocs.io/en/latest/reference/services/ce.html # TODO @@ -327,24 +333,24 @@ def brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/cloud9.html -def brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_cloud9_permissions(): print("### Enumerating Cloud9 Permissions ###") tests = [('ListEnvironments', 'list_environments', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloud9', tests) + return generic_permission_bruteforcer('cloud9', tests) # http://boto3.readthedocs.io/en/latest/reference/services/clouddirectory.html -def brute_clouddirectory_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_clouddirectory_permissions(): print("### Enumerating CloudDirectory Permissions ###") tests = [('ListDirectories', 'list_directories', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'clouddirectory', tests) + return generic_permission_bruteforcer('clouddirectory', tests) # http://boto3.readthedocs.io/en/latest/reference/services/cloudformation.html -def brute_cloudformation_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_cloudformation_permissions(): print("### Enumerating CLoudFormation Permissions ###") tests = [('ListStacks', 'list_stacks', (), {}), ('DescribeStacks', 'describe_stacks', (), {}), @@ -352,28 +358,28 @@ def brute_cloudformation_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('DescribeStackResources', 'describe_stack_resources', (), {}), ('ListExports', 'list_exports', (), {}), ('DescribeAccountLimits', 'describe_account_limits', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudformation', tests) + return generic_permission_bruteforcer('cloudformation', tests) # http://boto3.readthedocs.io/en/latest/reference/services/cloudfront.html -def brute_cloudfront_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_cloudfront_permissions(): print("### Enumerating CLoudFront Permissions ###") tests = [('ListDistributions', 'list_distributions', (), {}), ('ListCloudFrontOriginAcessIdentities', 'list_cloud_front_origin_access_identities', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudfront', tests) + return generic_permission_bruteforcer('cloudfront', tests) # http://boto3.readthedocs.io/en/latest/reference/services/cloudhsm.html -def brute_cloudhsm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_cloudhsm_permissions(): print("### Enumerating CloudHSM Permissions ###") tests = [('DescribeHsm', 'describe_hsm', (), {}), ('ListHsms', 'list_hsms', (), {}), ('ListHapgs', 'list_hapgs', (), {}), ('DescribeLunaClient', 'describe_luna_client', (), {}), ('ListLunaClients', 'list_luna_clients', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudhsm', tests) + return generic_permission_bruteforcer('cloudhsm', tests) # http://boto3.readthedocs.io/en/latest/reference/services/cloudhsmv2.html # TODO @@ -381,11 +387,11 @@ def brute_cloudhsm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/cloudsearch.html -def brute_cloudsearch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_cloudsearch_permissions(): print("### Enumerating CloudSearch Permissions ###") tests = [('DescribeDomains', 'describe_domains', (), {}, ), ('ListDomainNames', 'list_domain_names', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudsearch', tests) + return generic_permission_bruteforcer('cloudsearch', tests) # http://boto3.readthedocs.io/en/latest/reference/services/cloudsearchdomain.html # TODO @@ -393,92 +399,92 @@ def brute_cloudsearch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/cloudtrail.html -def brute_cloudtrail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_cloudtrail_permissions(): print("### Enumerating CloudTrail Permissions ###") tests = [('DescribeTrails', 'describe_trails', (), {}, ), ('ListPublicKeys', 'list_public_keys', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudtrail', tests) + return generic_permission_bruteforcer('cloudtrail', tests) # http://boto3.readthedocs.io/en/latest/reference/services/cloudwatch.html -def brute_cloudwatch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_cloudwatch_permissions(): print("### Enumerating CloudWatch Permissions ###") tests = [('ListMetrics', 'list_metrics', (), {}, ), ('DescribeAlarmHistory', 'describe_alarm_history', (), {}, ), ('DescribeAlarms', 'describe_alarms', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudwatch', tests) + return generic_permission_bruteforcer('cloudwatch', tests) # http://boto3.readthedocs.io/en/latest/reference/services/codebuild.html -def brute_codebuild_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_codebuild_permissions(): print("### Enumerating CodeBuild Permissions ###") tests = [('ListBuilds', 'list_builds', (), {}, ), ('ListCuratedEnvironmentImages', 'list_curated_environment_images', (), {}, ), ('ListProjects', 'list_projects', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'codebuild', tests) + return generic_permission_bruteforcer('codebuild', tests) # http://boto3.readthedocs.io/en/latest/reference/services/codecommit.html -def brute_codecommit_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_codecommit_permissions(): print("### Enumerating CodeCommit Permissions ###") tests = [('ListRepositories', 'list_repositories', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'codecommit', tests) + return generic_permission_bruteforcer('codecommit', tests) # http://boto3.readthedocs.io/en/latest/reference/services/codedeploy.html -def brute_codedeploy_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_codedeploy_permissions(): print("### Enumerating CodeDeploy Permissions ###") tests = [('ListApplications', 'list_applications', (), {}, ), ('ListDeployments', 'list_deployments', (), {}, ), ('ListDeploymentsConfigs', 'list_deployment_configs', (), {}, ), # ('ListGitHubAccountTokenNames', 'list_git_hub_account_token_names', (), {}, ), #returning an error no function of that name ('ListOnPremisesInstances', 'list_on_premises_instances', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'codedeploy', tests) + return generic_permission_bruteforcer('codedeploy', tests) # http://boto3.readthedocs.io/en/latest/reference/services/codepipeline.html -def brute_codepipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_codepipeline_permissions(): print("### Enumerating CodePipeline Permissions ###") tests = [('ListPipelines', 'list_pipelines', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'codepipeline', tests) + return generic_permission_bruteforcer('codepipeline', tests) # http://boto3.readthedocs.io/en/latest/reference/services/codestar.html -def brute_codestar_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_codestar_permissions(): print("### Enumerating CodeStar Permissions ###") tests = [('ListProjects', 'list_projects', (), {}, ), ('ListUerProfiles', 'list_user_profiles', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'codestar', tests) + return generic_permission_bruteforcer('codestar', tests) # http://boto3.readthedocs.io/en/latest/reference/services/cognito-identity.html -def brute_cognitoidentity_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_cognitoidentity_permissions(): print("### Enumerating Cognito-Identity Permissions ###") tests = [('ListIdentityPools', 'list_identity_pools', (), {'MaxResults': 1}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cognito-identity', tests) + return generic_permission_bruteforcer('cognito-identity', tests) # http://boto3.readthedocs.io/en/latest/reference/services/cognito-idp.html -def brute_cognitoidp_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_cognitoidp_permissions(): print("### Enumerating CognitoIdentityProvider Permissions ###") tests = [('ListUserPools', 'list_user_pools', (), {'MaxResults': 1}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cognito-idp', tests) + return generic_permission_bruteforcer('cognito-idp', tests) # http://boto3.readthedocs.io/en/latest/reference/services/cognito-sync.html -def brute_cognitosync_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_cognitosync_permissions(): print("### Enumerating CognitoSync Permissions ###") tests = [('ListIdentityPoolUsage', 'list_identity_pool_usage', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cognito-sync', tests) + return generic_permission_bruteforcer('cognito-sync', tests) # http://boto3.readthedocs.io/en/latest/reference/services/comprehend.html # TODO @@ -486,7 +492,7 @@ def brute_cognitosync_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/config.html -def brute_configservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_configservice_permissions(): print("### Enumerating ConfigService Permissions ###") tests = [('DescribeComplianceByConfigRule', 'describe_compliance_by_config_rule', (), {}, ), ('DescribeComplianceByResource', 'describe_compliance_by_resource', (), {}, ), @@ -496,24 +502,24 @@ def brute_configservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('DescribeConfigurationRecorderStatus', 'describe_configuration_recorder_status', (), {}, ), ('DescribeDeliveryChannelStatus', 'describe_delivery_channel_status', (), {}, ), ('DescribeDeliveryChannels', 'describe_delivery_channels', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'config', tests) + return generic_permission_bruteforcer('config', tests) # http://boto3.readthedocs.io/en/latest/reference/services/cur.html # Doesnt seem to be working -def brute_costandusagereportservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_costandusagereportservice_permissions(): print("### Enumerating CostandUsageReportService Permissions ###") tests = [('DescribeReportDefinitions', 'describe_report_definitions', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cur', tests) + return generic_permission_bruteforcer('cur', tests) # http://boto3.readthedocs.io/en/latest/reference/services/datapipeline.html -def brute_datapipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_datapipeline_permissions(): print("### Enumerating DataPipeline Permissions ###") tests = [('ListPipelines', 'list_pipelines', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'datapipeline', tests) + return generic_permission_bruteforcer('datapipeline', tests) # http://boto3.readthedocs.io/en/latest/reference/services/dax.html # TODO @@ -522,69 +528,69 @@ def brute_datapipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://docs.aws.amazon.com/general/latest/gr/rande.html#devicefarm_region -def brute_devicefarm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_devicefarm_permissions(): print("### Enumerating DeviceFarm Permissions ###") tests = [('ListProjects', 'list_projects', (), {}, ), ('ListDevices', 'list_devices', (), {}, ), ] - return generic_permission_bruteforcer_region(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'devicefarm', tests, 'us-west-2') + return generic_permission_bruteforcer_region('devicefarm', tests, 'us-west-2') # http://boto3.readthedocs.io/en/latest/reference/services/directconnect.html -def brute_directconnect_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_directconnect_permissions(): print("### Enumerating DirectConnect Permissions ###") tests = [('DescribeConnections', 'describe_connections', (), {}, ), ('DescribeLags', 'describe_lags', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'directconnect', tests) + return generic_permission_bruteforcer('directconnect', tests) # http://boto3.readthedocs.io/en/latest/reference/services/discovery.html -def brute_applicationdiscoveryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_applicationdiscoveryservice_permissions(): print("### Enumerating ApplicationDiscoveryService Permissions ###") tests = [('DescribeAgents', 'describe_agents', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'discovery', tests) + return generic_permission_bruteforcer('discovery', tests) # http://boto3.readthedocs.io/en/latest/reference/services/dms.html -def brute_dms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_dms_permissions(): print("### Enumerating DatabaseMigrationService Permissions ###") tests = [('DescribeAccountAttributes', 'describe_account_attributes', (), {}, ), ('DescribeEvents', 'describe_events', (), {}, ), ('DescribeConnections', 'describe_connections', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'dms', tests) + return generic_permission_bruteforcer('dms', tests) # http://boto3.readthedocs.io/en/latest/reference/services/ds.html -def brute_directoryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_directoryservice_permissions(): print("### Enumerating DirectoryService Permissions ###") tests = [('DescribeDirectories', 'describe_directories', (), {}, ), ('DescribeSnapshots', 'describe_snapshots', (), {}, ), ('DescribeTrusts', 'describe_trusts', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'ds', tests) + return generic_permission_bruteforcer('ds', tests) # http://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html -def brute_dynamodb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_dynamodb_permissions(): print("### Enumerating DynamoDB Permissions ###") tests = [('ListTables', 'list_tables', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'dynamodb', tests) + return generic_permission_bruteforcer('dynamodb', tests) # http://boto3.readthedocs.io/en/latest/reference/services/dynamodbstreams.html -def brute_dynamodbstreams_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_dynamodbstreams_permissions(): print("### Enumerating DynamoDBStreamsPermissions ###") tests = [('ListStreams', 'list_streams', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'dynamodbstreams', tests) + return generic_permission_bruteforcer('dynamodbstreams', tests) # http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#client -def brute_ec2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_ec2_permissions(): print("### Enumerating EC2 Permissions ###") tests = [('DescribeInstances', 'describe_instances', (), {'DryRun': True}, ), ('DescribeInstanceStatus', 'describe_instance_status', (), {'DryRun': True}, ), @@ -644,20 +650,20 @@ def brute_ec2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('CreateVpc', 'create_vpc', (), {'CidrBlock': '10.0.0.0/16', 'DryRun': True}, ), ('DescribeVpnConnections', 'describe_vpn_connections', (), {'DryRun': True}, ), ('DescribeVpnGateways', 'describe_vpn_gateways', (), {'DryRun': True}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'ec2', tests) + return generic_permission_bruteforcer('ec2', tests) # http://boto3.readthedocs.io/en/latest/reference/services/ecr.html -def brute_ecr_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_ecr_permissions(): print("### Enumerating EC2 Container Registry (ECR) Permissions ###") tests = [('DescribeRepositories', 'describe_repositories', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'ecr', tests) + return generic_permission_bruteforcer('ecr', tests) # http://boto3.readthedocs.io/en/latest/reference/services/ecs.html -def brute_ecs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_ecs_permissions(): print("### Enumerating EC2 Container Service (ECS) Permissions ###") tests = [('ListClusters', 'list_clusters', (), {}), ('DescribeClusters', 'describe_clusters', (), {}), @@ -665,21 +671,21 @@ def brute_ecs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('ListTaskDefinitions', 'list_task_definitions', (), {}), # ('ListTasks', 'list_tasks', (), {}), #needs a cluster name ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'ecs', tests) + return generic_permission_bruteforcer('ecs', tests) # http://boto3.readthedocs.io/en/latest/reference/services/efs.html -def brute_efs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_efs_permissions(): print("### Enumerating Elastic File System (EFS) Permissions ###") tests = [('DescribeFileSystems', 'describe_file_systems', (), {}), ('DescribeMountTargets', 'describe_mount_targets', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'efs', tests) + return generic_permission_bruteforcer('efs', tests) # http://boto3.readthedocs.io/en/latest/reference/services/elasticache.html -def brute_elasticache_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_elasticache_permissions(): print("### Enumerating ElastiCache Permissions ###") tests = [('DescribeCacheClusters', 'describe_cache_clusters', (), {}), ('DescribeCacheEngineVersions', 'describe_cache_engine_versions', (), {}), @@ -690,12 +696,12 @@ def brute_elasticache_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('DescribeReservedCacheNodes', 'describe_reserved_cache_nodes', (), {}), ('DescribeReservedCacheNodesOfferings', 'describe_reserved_cache_nodes_offerings', (), {}), ('DescribeSnapshots', 'describe_snapshots', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elasticache', tests) + return generic_permission_bruteforcer('elasticache', tests) # http://boto3.readthedocs.io/en/latest/reference/services/elasticbeanstalk.html -def brute_elasticbeanstalk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_elasticbeanstalk_permissions(): print("### Enumerating ElasticBeanstalk Permissions ###") tests = [('DescribeApplications', 'describe_applications', (), {}), ('DescribeApplicationVersions', 'describe_application_versions', (), {}), @@ -706,75 +712,75 @@ def brute_elasticbeanstalk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) ('DescribeEnvironmentManagedActions', 'describe_environment_managed_actions', (), {}), ('DescribeEvents', 'describe_events', (), {}), ('DescribeInstancesHealth', 'describe_instances_health', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elasticbeanstalk', tests) + return generic_permission_bruteforcer('elasticbeanstalk', tests) # http://boto3.readthedocs.io/en/latest/reference/services/elastictranscoder.html -def brute_elastictranscoder_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_elastictranscoder_permissions(): print("### Enumerating ElasticTranscoder Permissions ###") tests = [('ListPipelines', 'list_pipelines', (), {}), ('ListPresets', 'list_presets', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elastictranscoder', tests) + return generic_permission_bruteforcer('elastictranscoder', tests) # http://boto3.readthedocs.io/en/latest/reference/services/elb.html -def brute_elasticloadbalancing_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_elasticloadbalancing_permissions(): print("### Enumerating ElasticLoadBalancing Permissions ###") tests = [('DescribeLoadBalancers', 'describe_load_balancers', (), {}), ('DescribeAccountLimits', 'describe_account_limits', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elb', tests) + return generic_permission_bruteforcer('elb', tests) # http://boto3.readthedocs.io/en/latest/reference/services/elbv2.html -def brute_elasticloadbalancingv2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_elasticloadbalancingv2_permissions(): print("### Enumerating ElasticLoadBalancing Permissions ###") tests = [('DescribeLoadBalancers', 'describe_load_balancers', (), {}), ('DescribeAccountLimits', 'describe_account_limits', (), {}), ('DescribeListeners', 'describe_listeners', (), {}), ('DescribeTargetGroups', 'describe_target_groups', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elbv2', tests) + return generic_permission_bruteforcer('elbv2', tests) # http://boto3.readthedocs.io/en/latest/reference/services/emr.html -def brute_emr_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_emr_permissions(): print("### Enumerating Elastic MapReduce (EMR) Permissions ###") tests = [('ListClusters', 'list_clusters', (), {}), ('ListSecurityConfigurations', 'list_security_configurations', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'emr', tests) + return generic_permission_bruteforcer('emr', tests) # http://boto3.readthedocs.io/en/latest/reference/services/es.html -def brute_es_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_es_permissions(): print("### Enumerating Elasticsearch Service Permissions ###") tests = [('ListDomainNames', 'list_domain_names', (), {}), ('ListElasticsearchVersions', 'list_elasticsearch_versions', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'es', tests) + return generic_permission_bruteforcer('es', tests) # http://boto3.readthedocs.io/en/latest/reference/services/events.html -def brute_cloudwatchevents_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_cloudwatchevents_permissions(): print("### Enumerating CloudWatch Events Permissions ###") tests = [('ListRules', 'list_rules', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'events', tests) + return generic_permission_bruteforcer('events', tests) # http://boto3.readthedocs.io/en/latest/reference/services/firehose.html -def brute_firehose_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_firehose_permissions(): print("### Enumerating Kinesis Firehose Permissions ###") tests = [('ListDeliveryStreams', 'list_delivery_streams', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'firehose', tests) + return generic_permission_bruteforcer('firehose', tests) # http://boto3.readthedocs.io/en/latest/reference/services/gamelift.html -def brute_gamelift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_gamelift_permissions(): print("### Enumerating GameLift Permissions ###") tests = [('ListAliases', 'list_aliases', (), {}), ('ListBuilds', 'list_builds', (), {}), @@ -786,15 +792,15 @@ def brute_gamelift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('DescribeGameSessionQueues', 'describe_game_session_queues', (), {}), ('DescribeGameSessions', 'describe_game_sessions', (), {}), ('DescribePlayerSessions', 'describe_player_sessions', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'gamelift', tests) + return generic_permission_bruteforcer('gamelift', tests) # http://boto3.readthedocs.io/en/latest/reference/services/glacier.html -def brute_glacier_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_glacier_permissions(): print("### Enumerating Glacier Permissions ###") tests = [('ListVaults', 'list_vaults', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'glacier', tests) + return generic_permission_bruteforcer('glacier', tests) # http://boto3.readthedocs.io/en/latest/reference/services/glue.html # TODO @@ -803,12 +809,12 @@ def brute_glacier_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # If this one doesnt work make sure boto3 is up to date -def brute_greengrass_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_greengrass_permissions(): print("### Enumerating Greegrass Permissions ###") tests = [('ListGroups', 'list_groups', (), {}), ('ListLoggerDefinitions', 'list_logger_definitions', (), {}), ('ListSubscriptionDefinitions', 'list_subscription_definitions', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'greengrass', tests) + return generic_permission_bruteforcer('greengrass', tests) # http://boto3.readthedocs.io/en/latest/reference/services/guardduty.html # TODO @@ -817,20 +823,20 @@ def brute_greengrass_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/health.html -def brute_health_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_health_permissions(): print("### Enumerating Health Permissions ###") tests = [('DescribeEvents', 'describe_events', (), {}), ('DescribeEntityAggregates', 'describe_entity_aggregates', (), {}), ('DescribeEventTypes', 'describe_event_types', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'health', tests) + return generic_permission_bruteforcer('health', tests) # http://boto3.readthedocs.io/en/latest/reference/services/iam.html # TODO chop out the ARN/username and make some more fun function calls must chop up ARN to get username -def brute_iam_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_iam_permissions(): print("### Enumerating IAM Permissions ###") - # account_username = get_username(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # account_username = get_username() tests = [('GetUser', 'get_user', (), {}), # ('ListUserPolicies', 'list_user_policies', (), {'UserName':'root'} ), ('ListGroups', 'list_groups', (), {}), @@ -841,45 +847,45 @@ def brute_iam_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('GetCredentialReport', 'get_credential_report', (), {}), ('GetAccountSummary', 'get_account_summary', (), {}), ('GetAccountAuthorizationDetails', 'get_account_authorization_details', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'iam', tests) + return generic_permission_bruteforcer('iam', tests) # http://boto3.readthedocs.io/en/latest/reference/services/importexport.html -def brute_importexport_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_importexport_permissions(): print("### Enumerating Import/Export Permissions ###") tests = [('ListJobs', 'list_jobs', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'importexport', tests) + return generic_permission_bruteforcer('importexport', tests) # http://boto3.readthedocs.io/en/latest/reference/services/inspector.html -def brute_inspector_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_inspector_permissions(): print("### Enumerating Inspector Permissions ###") tests = [('ListFindings', 'list_findings', (), {}), ('ListEventSubscriptions', 'list_event_subscriptions', (), {}), ('ListAssessmentRuns', 'list_assessment_runs', (), {}), ('ListAssessmentTargets', 'list_assessment_targets', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'inspector', tests) + return generic_permission_bruteforcer('inspector', tests) # http://boto3.readthedocs.io/en/latest/reference/services/iot.html -def brute_iot_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_iot_permissions(): print("### Enumerating IoT Permissions ###") tests = [('ListThings', 'list_things', (), {}), ('ListPolicies', 'list_policies', (), {}), ('ListCertificates', 'list_certificates', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'iot', tests) + return generic_permission_bruteforcer('iot', tests) # http://boto3.readthedocs.io/en/latest/reference/services/iot-data.html # NO functions to call without data -def brute_iotdata_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_iotdata_permissions(): print("### Enumerating IoT Data Plane Permissions ###") tests = [('', '', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'iot-data', tests) + return generic_permission_bruteforcer('iot-data', tests) # http://boto3.readthedocs.io/en/latest/reference/services/iot-jobs-data.html # TODO @@ -887,10 +893,10 @@ def brute_iotdata_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/kinesis.html -def brute_kinesis_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_kinesis_permissions(): print("### Enumerating Kinesis Permissions ###") tests = [('ListStreams', 'list_streams', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'kinesis', tests) + return generic_permission_bruteforcer('kinesis', tests) # http://boto3.readthedocs.io/en/latest/reference/services/kinesis-video-archived-media.html # TODO @@ -902,10 +908,10 @@ def brute_kinesis_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/kinesisanalytics.html -def brute_kinesisanalytics_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_kinesisanalytics_permissions(): print("### Enumerating Kinesis Analytics Permissions ###") tests = [('ListApplications', 'list_applications', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'kinesisanalytics', tests) + return generic_permission_bruteforcer('kinesisanalytics', tests) # http://boto3.readthedocs.io/en/latest/reference/services/kinesisvideo.html # TODO @@ -913,43 +919,43 @@ def brute_kinesisanalytics_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) # http://boto3.readthedocs.io/en/latest/reference/services/kms.html -def brute_kms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_kms_permissions(): print("### Enumerating Key Management Service (KMS) Permissions ###") tests = [('ListKeys', 'list_keys', (), {}), ('ListAliases', 'list_aliases', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'kms', tests) + return generic_permission_bruteforcer('kms', tests) # http://boto3.readthedocs.io/en/latest/reference/services/lambda.html -def brute_lambda_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_lambda_permissions(): print("### Enumerating Lambda Permissions ###") tests = [('ListFunctions', 'list_functions', (), {}, ), ('ListEventSourceMappings', 'list_event_source_mappings', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'lambda', tests) + return generic_permission_bruteforcer('lambda', tests) # http://boto3.readthedocs.io/en/latest/reference/services/lex-models.html -def brute_lexmodels_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_lexmodels_permissions(): print("### Enumerating Lex Model Building Service Permissions ###") tests = [('GetBots', 'get_bots', (), {}), ('GetIntents', 'get_intents', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'lex-models', tests) + return generic_permission_bruteforcer('lex-models', tests) # http://boto3.readthedocs.io/en/latest/reference/services/lex-runtime.html # NO functions to call without data -def brute_lexmruntime_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_lexmruntime_permissions(): print("### Enumerating Lex Runtime Permissions ###") tests = [('', '', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'lex-runtime', tests) + return generic_permission_bruteforcer('lex-runtime', tests) # http://boto3.readthedocs.io/en/latest/reference/services/lightsail.html -def brute_lightsail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_lightsail_permissions(): print("### Enumerating Lightsail Permissions ###") tests = [('GetDomains', 'get_domains', (), {}), ('GetBundles', 'get_bundles', (), {}), @@ -957,27 +963,27 @@ def brute_lightsail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('GetKeyPairs', 'get_key_pairs', (), {}), ('GetOperations', 'get_operations', (), {}), ('GetRegions', 'get_regions', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'lightsail', tests) + return generic_permission_bruteforcer('lightsail', tests) # http://boto3.readthedocs.io/en/latest/reference/services/logs.html -def brute_cloudwatchlogs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_cloudwatchlogs_permissions(): print("### Enumerating CloudWatch Logs Permissions ###") tests = [('DescribeDestinations', 'describe_destinations', (), {}), ('DescribeExportTasks', 'describe_export_tasks', (), {}), ('DescribeLogGroups', 'describe_log_groups', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'logs', tests) + return generic_permission_bruteforcer('logs', tests) # http://boto3.readthedocs.io/en/latest/reference/services/machinelearning.html # http://docs.aws.amazon.com/general/latest/gr/rande.html#machinelearning_region <--allowed regions for ML -def brute_machinelearning_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_machinelearning_permissions(): print("### Enumerating Machine Learning Permissions ###") tests = [('DescribeDataSources', 'describe_data_sources', (), {}), ('DescribeEvaluations', 'describe_evaluations', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'machinelearning', tests) + return generic_permission_bruteforcer('machinelearning', tests) # http://boto3.readthedocs.io/en/latest/reference/services/marketplace-entitlement.html # NO functions to call without arguements @@ -1015,37 +1021,37 @@ def brute_machinelearning_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/mturk.html -def brute_mturk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_mturk_permissions(): print("### Enumerating Mechanical Turk (MTurk) Permissions ###") tests = [('GetAccountBalance', 'get_account_balance', (), {}), ('ListHits', 'list_hits', (), {}), ('ListWorkerBlocks', 'list_worker_blocks', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'mturk', tests) + return generic_permission_bruteforcer('mturk', tests) # http://boto3.readthedocs.io/en/latest/reference/services/opsworks.html # Everything else requires a stackID to get the instance/app/volume info per stack -def brute_opsworks_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_opsworks_permissions(): print("### Enumerating OpsWorks Permissions ###") tests = [('DescribeUserProfiles', 'describe_user_profiles', (), {}), ('DescribeStacks', 'describe_stacks', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'opsworks', tests) + return generic_permission_bruteforcer('opsworks', tests) # http://boto3.readthedocs.io/en/latest/reference/services/opsworkscm.html -def brute_opsworkscm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_opsworkscm_permissions(): print("### Enumerating OpsWorks for Chef Automate Permissions ###") tests = [('DescribeAccountAttributes', 'describe_account_attributes', (), {}), ('DescribeBackups', 'describe_backups', (), {}), ('DescribeServers', 'describe_servers', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'opsworkscm', tests) + return generic_permission_bruteforcer('opsworkscm', tests) # http://boto3.readthedocs.io/en/latest/reference/services/organizations.html -def brute_organizations_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_organizations_permissions(): print("### Enumerating Organizations Permissions ###") tests = [('DescribeOrganization', 'describe_organization', (), {}), ('ListAccounts', 'list_accounts', (), {}), @@ -1054,7 +1060,7 @@ def brute_organizations_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('ListHandshakesForOrganization', 'list_handshakes_for_organization', (), {}), ('ListPolicies', 'list_policies', (), {'Filter': 'SERVICE_CONTROL_POLICY'}), ('ListRoots', 'list_roots', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'organizations', tests) + return generic_permission_bruteforcer('organizations', tests) # http://boto3.readthedocs.io/en/latest/reference/services/pinpoint.html # NO functions to call without arguements @@ -1062,11 +1068,11 @@ def brute_organizations_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/polly.html -def brute_polly_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_polly_permissions(): print("### Enumerating Polly Permissions ###") tests = [('DescribeVoices', 'describe_voices', (), {}), ('ListLexicons', 'list_lexicons', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'polly', tests) + return generic_permission_bruteforcer('polly', tests) # http://boto3.readthedocs.io/en/latest/reference/services/pricing.html # TODO @@ -1074,7 +1080,7 @@ def brute_polly_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/rds.html -def brute_rds_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_rds_permissions(): print("### Enumerating RDS Permissions ###") tests = [('DescribeDBInstances', 'describe_db_instances', (), {}), ('DescribeDBSecurityGroups', 'describe_db_security_groups', (), {}), @@ -1084,12 +1090,12 @@ def brute_rds_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('DescribeAccountAttributes', 'describe_account_attributes', (), {}), ('DescribeEvents', 'describe_events', (), {}), ('DescribeReservedDBInstances', 'describe_reserved_db_instances', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'rds', tests) + return generic_permission_bruteforcer('rds', tests) # http://boto3.readthedocs.io/en/latest/reference/services/redshift.html -def brute_redshift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_redshift_permissions(): print("### Enumerating Redshift Permissions ###") tests = [('DescribeClusters', 'describe_clusters', (), {}), ('DescribeClusterSecurityGroups', 'describe_cluster_security_groups', (), {}), @@ -1097,15 +1103,15 @@ def brute_redshift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('DescribeClusterParameterGroup', 'describe_cluster_parameter_groups', (), {}), ('DescribeEvents', 'describe_events', (), {}), ('DescribeHSMConfigurations', 'describe_hsm_configurations', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'redshift', tests) + return generic_permission_bruteforcer('redshift', tests) # http://boto3.readthedocs.io/en/latest/reference/services/rekognition.html -def brute_rekognition_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_rekognition_permissions(): print("### Enumerating Rekognition Permissions ###") tests = [('ListCollections', 'list_collections', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'rekognition', tests) + return generic_permission_bruteforcer('rekognition', tests) # http://boto3.readthedocs.io/en/latest/reference/services/resource-groups.html # TODO @@ -1113,39 +1119,39 @@ def brute_rekognition_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/resourcegroupstaggingapi.html -def brute_resourcegroupstaggingapi_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_resourcegroupstaggingapi_permissions(): print("### Enumerating Resource Groups Tagging API Permissions ###") tests = [('GetResources', 'get_resources', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'resourcegroupstaggingapi', tests) + return generic_permission_bruteforcer('resourcegroupstaggingapi', tests) # http://boto3.readthedocs.io/en/latest/reference/services/route53.html -def brute_route53_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_route53_permissions(): print("### Enumerating Route53 Permissions ###") tests = [('ListHostedZones', 'list_hosted_zones', (), {}), ('ListHostedZonesByName', 'list_hosted_zones_by_name', (), {}), ('ListGeoLocations', 'list_geo_locations', (), {}), ('ListHealthChecks', 'list_health_checks', (), {}), ('ListTrafficPolicies', 'list_traffic_policies', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'route53', tests) + return generic_permission_bruteforcer('route53', tests) # http://boto3.readthedocs.io/en/latest/reference/services/route53domains.html -def brute_route53domains_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_route53domains_permissions(): print("### Enumerating Route53 Domains Permissions ###") tests = [('ListDomains', 'list_domains', (), {}), ('ListOperations', 'list_operations', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'route53domains', tests) + return generic_permission_bruteforcer('route53domains', tests) # http://boto3.readthedocs.io/en/latest/reference/services/s3.html -def brute_s3_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_s3_permissions(): print("### Enumerating S3 Permissions ###") tests = [('ListBuckets', 'list_buckets', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 's3', tests) + return generic_permission_bruteforcer('s3', tests) # http://boto3.readthedocs.io/en/latest/reference/services/sagemaker.html # TODO @@ -1156,10 +1162,10 @@ def brute_s3_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/sdb.html -def brute_sdb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_sdb_permissions(): print("### Enumerating SimpleDB Permissions ###") tests = [('ListDomains', 'list_domains', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'sdb', tests) + return generic_permission_bruteforcer('sdb', tests) # http://boto3.readthedocs.io/en/latest/reference/services/serverlessrepo.html # TODO @@ -1167,12 +1173,12 @@ def brute_sdb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/servicecatalog.html -def brute_servicecatalog_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_servicecatalog_permissions(): print("### Enumerating Service Catalog Permissions ###") tests = [('ListPortfolios', 'list_portfolios', (), {}), ('ListRecordHistory', 'list_record_history', (), {}), ('ListAcceptedPortfolioShares', 'list_accepted_portfolio_shares', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'servicecatalog', tests) + return generic_permission_bruteforcer('servicecatalog', tests) # http://boto3.readthedocs.io/en/latest/reference/services/servicediscovery.html # TODO @@ -1180,62 +1186,62 @@ def brute_servicecatalog_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/ses.html -def brute_ses_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_ses_permissions(): print("### Enumerating Simple Email Service (SES) Permissions ###") tests = [('ListIdentities', 'list_identities', (), {}), ('GetSendStatistics', 'get_send_statistics', (), {}), ('ListConfigurationSets', 'list_configuration_sets', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'ses', tests) + return generic_permission_bruteforcer('ses', tests) # http://boto3.readthedocs.io/en/latest/reference/services/shield.html -def brute_shield_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_shield_permissions(): print("### Enumerating Shield Permissions ###") tests = [('ListAttacks', 'list_attacks', (), {}), ('ListProtections', 'list_protections', (), {}), ('DescribeSubscription', 'describe_subscription', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'shield', tests) + return generic_permission_bruteforcer('shield', tests) # http://boto3.readthedocs.io/en/latest/reference/services/sms.html -def brute_sms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_sms_permissions(): print("### Enumerating Server Migration Service (SMS) Permissions ###") tests = [('GetReplicationJobs', 'get_replication_jobs', (), {}), ('GetServers', 'get_servers', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'sms', tests) + return generic_permission_bruteforcer('sms', tests) # http://boto3.readthedocs.io/en/latest/reference/services/snowball.html -def brute_snowball_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_snowball_permissions(): print("### Enumerating Snowball Permissions ###") tests = [('GetSnowballUsage', 'get_snowball_usage', (), {}), ('ListClusters', 'list_clusters', (), {}), ('ListJobs', 'list_jobs', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'snowball', tests) + return generic_permission_bruteforcer('snowball', tests) # http://boto3.readthedocs.io/en/latest/reference/services/sns.html -def brute_sns_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_sns_permissions(): print("### Enumerating Simple Notification Service (SNS) Permissions ###") tests = [('ListPlatformApplications', 'list_platform_applications', (), {}), ('ListPhoneNumbersOptedOut', 'list_phone_numbers_opted_out', (), {}), ('ListSubscriptions', 'list_subscriptions', (), {}), ('ListTopics', 'list_topics', (), {}), ('GetSmsAttributes', 'get_sms_attributes', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'sns', tests) + return generic_permission_bruteforcer('sns', tests) # http://boto3.readthedocs.io/en/latest/reference/services/sqs.html -def brute_sqs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_sqs_permissions(): print("### Enumerating Simple Queue Service (SQS) Permissions ###") tests = [('ListQueues', 'list_queues', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'sqs', tests) + return generic_permission_bruteforcer('sqs', tests) # http://boto3.readthedocs.io/en/latest/reference/services/ssm.html # TODO @@ -1243,10 +1249,10 @@ def brute_sqs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/stepfunctions.html -def brute_stepfunctions_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_stepfunctions_permissions(): print("### Enumerating Step Functions (SFN) Permissions ###") tests = [('ListActivities', 'list_activities', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'stepfunctions', tests) + return generic_permission_bruteforcer('stepfunctions', tests) # http://boto3.readthedocs.io/en/latest/reference/services/storagegateway.html @@ -1255,10 +1261,10 @@ def brute_stepfunctions_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/sts.html -def brute_sts_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_sts_permissions(): print("### Enumerating Security Token Service (STS) Permissions ###") tests = [('GetCallerIdentity', 'get_caller_identity', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'sts', tests) + return generic_permission_bruteforcer('sts', tests) # http://boto3.readthedocs.io/en/latest/reference/services/support.html # TODO @@ -1287,20 +1293,20 @@ def brute_sts_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # http://boto3.readthedocs.io/en/latest/reference/services/workspaces.html -def brute_workspaces_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_workspaces_permissions(): print("### Enumerating WorkSpaces Permissions ###") tests = [('DescribeWorkspaceBundles', 'describe_workspace_bundles', (), {}), ('DescribeWorkspaceDirectories', 'describe_workspace_directories', (), {}), ('DescribeWorkspaces', 'describe_workspaces', (), {}), ('DescribeWorkspacesConnectionStatus', 'describe_workspaces_connection_status', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'workspaces', tests) + return generic_permission_bruteforcer('workspaces', tests) # http://boto3.readthedocs.io/en/latest/reference/services/xray.html # NO functions that dont take any arguements. GetTraceSummaries requires start/end times, We can # probably programatically add these - need to see what the service actually does -def brute_xray_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def brute_xray_permissions(): print("### Enumerating X-Ray Permissions ###") tests = [('GetTraceSummaries', 'get_trace_summaries', (), {}), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'xray', tests) + return generic_permission_bruteforcer('xray', tests) diff --git a/libs/s3.py b/libs/s3.py index 274f890..5d1623e 100644 --- a/libs/s3.py +++ b/libs/s3.py @@ -8,11 +8,13 @@ import pprint pp = pprint.PrettyPrinter(indent=5, width=80) -def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket): +session = boto3.Session() +credentials = session.get_credentials() +AWS_ACCESS_KEY_ID = credentials.access_key + +def get_s3bucket_policy(bucket): client = boto3.client( 's3', - aws_access_key_id=AWS_ACCESS_KEY_ID, - aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name='us-east-1' ) @@ -93,11 +95,9 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket): print("CTRL-C received, exiting...") #specifically get the acl on a file in a buckeet -def get_s3object_acl(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket, myfile): +def get_s3object_acl(bucket, myfile): client = boto3.client( 's3', - aws_access_key_id=AWS_ACCESS_KEY_ID, - aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name='us-east-1' ) @@ -121,11 +121,9 @@ def get_s3object_acl(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket, myfile): print("CTRL-C received, exiting...") #given an aws keypair what s3 assets does it have permission to -def get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def get_s3objects_for_account(): client = boto3.resource( 's3', - aws_access_key_id=AWS_ACCESS_KEY_ID, - aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name='us-east-1' ) @@ -149,11 +147,9 @@ def get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("CTRL-C received, exiting...") -def get_s3objects_for_account_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): +def get_s3objects_for_account_detailed(): client = boto3.resource( 's3', - aws_access_key_id=AWS_ACCESS_KEY_ID, - aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name='us-east-1' ) diff --git a/modules/recon.py b/modules/recon.py index 2ea4ab9..92a293a 100644 --- a/modules/recon.py +++ b/modules/recon.py @@ -3,89 +3,88 @@ from __future__ import print_function from libs.brute import * from libs.s3 import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY def step_recon_all(): - check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_acm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + check_root_account() + brute_acm_permissions() # AlexaForBusiness - brute_apigateway_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_apigateway_permissions() # Application Auto Scaling - no usable functions - brute_appstream_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_appstream_permissions() # AppSync - no usable functions - brute_athena_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_autoscaling_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_autoscaling_plans_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_batch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_athena_permissions() + brute_autoscaling_permissions() + brute_autoscaling_plans_permissions() + brute_batch_permissions() + brute_budgets_permissions() # CostExplorer - # brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) Was working now its not - brute_clouddirectory_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_cloudformation_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_cloudfront_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_cloudhsm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # brute_cloud9_permissions() Was working now its not + brute_clouddirectory_permissions() + brute_cloudformation_permissions() + brute_cloudfront_permissions() + brute_cloudhsm_permissions() # cloudhsmv2 - brute_cloudsearch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_cloudsearch_permissions() # CloudSearchDomain - brute_cloudtrail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_cloudwatch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_codebuild_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_codecommit_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_codedeploy_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_codepipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_codestar_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_cognitoidentity_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_cognitoidp_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_cognitosync_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_cloudtrail_permissions() + brute_cloudwatch_permissions() + brute_codebuild_permissions() + brute_codecommit_permissions() + brute_codedeploy_permissions() + brute_codepipeline_permissions() + brute_codestar_permissions() + brute_cognitoidentity_permissions() + brute_cognitoidp_permissions() + brute_cognitosync_permissions() # Comprehend - brute_configservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - # brute_costandusagereportservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) #Could not connect to the endpoint URL: "https://cur.us-west-2.amazonaws.com/" - brute_datapipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_configservice_permissions() + # brute_costandusagereportservice_permissions() #Could not connect to the endpoint URL: "https://cur.us-west-2.amazonaws.com/" + brute_datapipeline_permissions() # DAX - brute_devicefarm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_directconnect_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_applicationdiscoveryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_dms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_directoryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_dynamodb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_dynamodbstreams_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_ec2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_ecr_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_ecs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_efs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_elasticache_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_elasticbeanstalk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_elastictranscoder_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_elasticloadbalancing_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_elasticloadbalancingv2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_emr_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_es_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_cloudwatchevents_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_firehose_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_gamelift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_glacier_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_devicefarm_permissions() + brute_directconnect_permissions() + brute_applicationdiscoveryservice_permissions() + brute_dms_permissions() + brute_directoryservice_permissions() + brute_dynamodb_permissions() + brute_dynamodbstreams_permissions() + brute_ec2_permissions() + brute_ecr_permissions() + brute_ecs_permissions() + brute_efs_permissions() + brute_elasticache_permissions() + brute_elasticbeanstalk_permissions() + brute_elastictranscoder_permissions() + brute_elasticloadbalancing_permissions() + brute_elasticloadbalancingv2_permissions() + brute_emr_permissions() + brute_es_permissions() + brute_cloudwatchevents_permissions() + brute_firehose_permissions() + brute_gamelift_permissions() + brute_glacier_permissions() # Glue - brute_greengrass_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_greengrass_permissions() # GuardDuty - brute_health_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_iam_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_importexport_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_inspector_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_iot_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_health_permissions() + brute_iam_permissions() + brute_importexport_permissions() + brute_inspector_permissions() + brute_iot_permissions() # IoTDataPlane no functions # IoTJobsDataPlane - brute_kinesis_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_kinesis_permissions() # KinesisVideoArchivedMedia # KinesisVideoMedia - brute_kinesisanalytics_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_kinesisanalytics_permissions() # KinesisVideo - brute_kms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_lambda_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_lexmodels_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_kms_permissions() + brute_lambda_permissions() + brute_lexmodels_permissions() # LexRuntimeService #no functions - brute_lightsail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_cloudwatchlogs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_machinelearning_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_lightsail_permissions() + brute_cloudwatchlogs_permissions() + brute_machinelearning_permissions() # marketplace-entitlement no functions # marketplacecommerceanalytics no functions # MediaConvert @@ -97,37 +96,37 @@ def step_recon_all(): # MigrationHub # Mobile # MQ - brute_mturk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_opsworks_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_opsworkscm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_organizations_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_mturk_permissions() + brute_opsworks_permissions() + brute_opsworkscm_permissions() + brute_organizations_permissions() # PinPoint no functions - brute_polly_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_polly_permissions() # Pricing - brute_rds_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_redshift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_rekognition_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_rds_permissions() + brute_redshift_permissions() + brute_rekognition_permissions() # ResourceGroups - brute_resourcegroupstaggingapi_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_route53_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_route53domains_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_s3_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_resourcegroupstaggingapi_permissions() + brute_route53_permissions() + brute_route53domains_permissions() + brute_s3_permissions() # SageMaker # SageMakerRuntime - brute_sdb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_sdb_permissions() # ServerlessApplicationRepository - brute_servicecatalog_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_servicecatalog_permissions() # ServiceDiscovery - brute_ses_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_shield_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_sms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_snowball_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_sns_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - brute_sqs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_ses_permissions() + brute_shield_permissions() + brute_sms_permissions() + brute_snowball_permissions() + brute_sns_permissions() + brute_sqs_permissions() # SSM - brute_stepfunctions_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_stepfunctions_permissions() # StorageGateway - brute_sts_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_sts_permissions() # Support # SWF # TranscribeService @@ -136,8 +135,9 @@ def step_recon_all(): # WAFRegional # WorkDocs # WorkMail - brute_workspaces_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_workspaces_permissions() # XRay no functions # S3 bucket's while we are here... - get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) +#commented out until s3 id/key shit is fixed in all modules/libs + get_s3objects_for_account()