fix recon with new way of doing biz
This commit is contained in:
Chris Gates
396
libs/brute.py
396
libs/brute.py
File diff suppressed because it is too large
Load Diff
20
libs/s3.py
20
libs/s3.py
@@ -8,11 +8,13 @@ import pprint
|
|||||||
|
|
||||||
pp = pprint.PrettyPrinter(indent=5, width=80)
|
pp = pprint.PrettyPrinter(indent=5, width=80)
|
||||||
|
|
||||||
def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket):
|
session = boto3.Session()
|
||||||
|
credentials = session.get_credentials()
|
||||||
|
AWS_ACCESS_KEY_ID = credentials.access_key
|
||||||
|
|
||||||
|
def get_s3bucket_policy(bucket):
|
||||||
client = boto3.client(
|
client = boto3.client(
|
||||||
's3',
|
's3',
|
||||||
aws_access_key_id=AWS_ACCESS_KEY_ID,
|
|
||||||
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
|
|
||||||
region_name='us-east-1'
|
region_name='us-east-1'
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -93,11 +95,9 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket):
|
|||||||
print("CTRL-C received, exiting...")
|
print("CTRL-C received, exiting...")
|
||||||
|
|
||||||
#specifically get the acl on a file in a buckeet
|
#specifically get the acl on a file in a buckeet
|
||||||
def get_s3object_acl(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket, myfile):
|
def get_s3object_acl(bucket, myfile):
|
||||||
client = boto3.client(
|
client = boto3.client(
|
||||||
's3',
|
's3',
|
||||||
aws_access_key_id=AWS_ACCESS_KEY_ID,
|
|
||||||
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
|
|
||||||
region_name='us-east-1'
|
region_name='us-east-1'
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -121,11 +121,9 @@ def get_s3object_acl(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket, myfile):
|
|||||||
print("CTRL-C received, exiting...")
|
print("CTRL-C received, exiting...")
|
||||||
|
|
||||||
#given an aws keypair what s3 assets does it have permission to
|
#given an aws keypair what s3 assets does it have permission to
|
||||||
def get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
def get_s3objects_for_account():
|
||||||
client = boto3.resource(
|
client = boto3.resource(
|
||||||
's3',
|
's3',
|
||||||
aws_access_key_id=AWS_ACCESS_KEY_ID,
|
|
||||||
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
|
|
||||||
region_name='us-east-1'
|
region_name='us-east-1'
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -149,11 +147,9 @@ def get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
|||||||
print("CTRL-C received, exiting...")
|
print("CTRL-C received, exiting...")
|
||||||
|
|
||||||
|
|
||||||
def get_s3objects_for_account_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
def get_s3objects_for_account_detailed():
|
||||||
client = boto3.resource(
|
client = boto3.resource(
|
||||||
's3',
|
's3',
|
||||||
aws_access_key_id=AWS_ACCESS_KEY_ID,
|
|
||||||
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
|
|
||||||
region_name='us-east-1'
|
region_name='us-east-1'
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
178
modules/recon.py
178
modules/recon.py
@@ -3,89 +3,88 @@ from __future__ import print_function
|
|||||||
from libs.brute import *
|
from libs.brute import *
|
||||||
from libs.s3 import *
|
from libs.s3 import *
|
||||||
|
|
||||||
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
|
|
||||||
|
|
||||||
def step_recon_all():
|
def step_recon_all():
|
||||||
check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
check_root_account()
|
||||||
brute_acm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_acm_permissions()
|
||||||
# AlexaForBusiness
|
# AlexaForBusiness
|
||||||
brute_apigateway_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_apigateway_permissions()
|
||||||
# Application Auto Scaling - no usable functions
|
# Application Auto Scaling - no usable functions
|
||||||
brute_appstream_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_appstream_permissions()
|
||||||
# AppSync - no usable functions
|
# AppSync - no usable functions
|
||||||
brute_athena_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_athena_permissions()
|
||||||
brute_autoscaling_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_autoscaling_permissions()
|
||||||
brute_autoscaling_plans_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_autoscaling_plans_permissions()
|
||||||
brute_batch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_batch_permissions()
|
||||||
brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_budgets_permissions()
|
||||||
# CostExplorer
|
# CostExplorer
|
||||||
# brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) Was working now its not
|
# brute_cloud9_permissions() Was working now its not
|
||||||
brute_clouddirectory_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_clouddirectory_permissions()
|
||||||
brute_cloudformation_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_cloudformation_permissions()
|
||||||
brute_cloudfront_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_cloudfront_permissions()
|
||||||
brute_cloudhsm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_cloudhsm_permissions()
|
||||||
# cloudhsmv2
|
# cloudhsmv2
|
||||||
brute_cloudsearch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_cloudsearch_permissions()
|
||||||
# CloudSearchDomain
|
# CloudSearchDomain
|
||||||
brute_cloudtrail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_cloudtrail_permissions()
|
||||||
brute_cloudwatch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_cloudwatch_permissions()
|
||||||
brute_codebuild_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_codebuild_permissions()
|
||||||
brute_codecommit_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_codecommit_permissions()
|
||||||
brute_codedeploy_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_codedeploy_permissions()
|
||||||
brute_codepipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_codepipeline_permissions()
|
||||||
brute_codestar_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_codestar_permissions()
|
||||||
brute_cognitoidentity_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_cognitoidentity_permissions()
|
||||||
brute_cognitoidp_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_cognitoidp_permissions()
|
||||||
brute_cognitosync_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_cognitosync_permissions()
|
||||||
# Comprehend
|
# Comprehend
|
||||||
brute_configservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_configservice_permissions()
|
||||||
# brute_costandusagereportservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) #Could not connect to the endpoint URL: "https://cur.us-west-2.amazonaws.com/"
|
# brute_costandusagereportservice_permissions() #Could not connect to the endpoint URL: "https://cur.us-west-2.amazonaws.com/"
|
||||||
brute_datapipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_datapipeline_permissions()
|
||||||
# DAX
|
# DAX
|
||||||
brute_devicefarm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_devicefarm_permissions()
|
||||||
brute_directconnect_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_directconnect_permissions()
|
||||||
brute_applicationdiscoveryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_applicationdiscoveryservice_permissions()
|
||||||
brute_dms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_dms_permissions()
|
||||||
brute_directoryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_directoryservice_permissions()
|
||||||
brute_dynamodb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_dynamodb_permissions()
|
||||||
brute_dynamodbstreams_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_dynamodbstreams_permissions()
|
||||||
brute_ec2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_ec2_permissions()
|
||||||
brute_ecr_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_ecr_permissions()
|
||||||
brute_ecs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_ecs_permissions()
|
||||||
brute_efs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_efs_permissions()
|
||||||
brute_elasticache_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_elasticache_permissions()
|
||||||
brute_elasticbeanstalk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_elasticbeanstalk_permissions()
|
||||||
brute_elastictranscoder_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_elastictranscoder_permissions()
|
||||||
brute_elasticloadbalancing_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_elasticloadbalancing_permissions()
|
||||||
brute_elasticloadbalancingv2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_elasticloadbalancingv2_permissions()
|
||||||
brute_emr_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_emr_permissions()
|
||||||
brute_es_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_es_permissions()
|
||||||
brute_cloudwatchevents_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_cloudwatchevents_permissions()
|
||||||
brute_firehose_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_firehose_permissions()
|
||||||
brute_gamelift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_gamelift_permissions()
|
||||||
brute_glacier_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_glacier_permissions()
|
||||||
# Glue
|
# Glue
|
||||||
brute_greengrass_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_greengrass_permissions()
|
||||||
# GuardDuty
|
# GuardDuty
|
||||||
brute_health_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_health_permissions()
|
||||||
brute_iam_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_iam_permissions()
|
||||||
brute_importexport_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_importexport_permissions()
|
||||||
brute_inspector_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_inspector_permissions()
|
||||||
brute_iot_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_iot_permissions()
|
||||||
# IoTDataPlane no functions
|
# IoTDataPlane no functions
|
||||||
# IoTJobsDataPlane
|
# IoTJobsDataPlane
|
||||||
brute_kinesis_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_kinesis_permissions()
|
||||||
# KinesisVideoArchivedMedia
|
# KinesisVideoArchivedMedia
|
||||||
# KinesisVideoMedia
|
# KinesisVideoMedia
|
||||||
brute_kinesisanalytics_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_kinesisanalytics_permissions()
|
||||||
# KinesisVideo
|
# KinesisVideo
|
||||||
brute_kms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_kms_permissions()
|
||||||
brute_lambda_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_lambda_permissions()
|
||||||
brute_lexmodels_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_lexmodels_permissions()
|
||||||
# LexRuntimeService #no functions
|
# LexRuntimeService #no functions
|
||||||
brute_lightsail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_lightsail_permissions()
|
||||||
brute_cloudwatchlogs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_cloudwatchlogs_permissions()
|
||||||
brute_machinelearning_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_machinelearning_permissions()
|
||||||
# marketplace-entitlement no functions
|
# marketplace-entitlement no functions
|
||||||
# marketplacecommerceanalytics no functions
|
# marketplacecommerceanalytics no functions
|
||||||
# MediaConvert
|
# MediaConvert
|
||||||
@@ -97,37 +96,37 @@ def step_recon_all():
|
|||||||
# MigrationHub
|
# MigrationHub
|
||||||
# Mobile
|
# Mobile
|
||||||
# MQ
|
# MQ
|
||||||
brute_mturk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_mturk_permissions()
|
||||||
brute_opsworks_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_opsworks_permissions()
|
||||||
brute_opsworkscm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_opsworkscm_permissions()
|
||||||
brute_organizations_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_organizations_permissions()
|
||||||
# PinPoint no functions
|
# PinPoint no functions
|
||||||
brute_polly_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_polly_permissions()
|
||||||
# Pricing
|
# Pricing
|
||||||
brute_rds_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_rds_permissions()
|
||||||
brute_redshift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_redshift_permissions()
|
||||||
brute_rekognition_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_rekognition_permissions()
|
||||||
# ResourceGroups
|
# ResourceGroups
|
||||||
brute_resourcegroupstaggingapi_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_resourcegroupstaggingapi_permissions()
|
||||||
brute_route53_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_route53_permissions()
|
||||||
brute_route53domains_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_route53domains_permissions()
|
||||||
brute_s3_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_s3_permissions()
|
||||||
# SageMaker
|
# SageMaker
|
||||||
# SageMakerRuntime
|
# SageMakerRuntime
|
||||||
brute_sdb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_sdb_permissions()
|
||||||
# ServerlessApplicationRepository
|
# ServerlessApplicationRepository
|
||||||
brute_servicecatalog_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_servicecatalog_permissions()
|
||||||
# ServiceDiscovery
|
# ServiceDiscovery
|
||||||
brute_ses_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_ses_permissions()
|
||||||
brute_shield_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_shield_permissions()
|
||||||
brute_sms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_sms_permissions()
|
||||||
brute_snowball_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_snowball_permissions()
|
||||||
brute_sns_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_sns_permissions()
|
||||||
brute_sqs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_sqs_permissions()
|
||||||
# SSM
|
# SSM
|
||||||
brute_stepfunctions_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_stepfunctions_permissions()
|
||||||
# StorageGateway
|
# StorageGateway
|
||||||
brute_sts_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_sts_permissions()
|
||||||
# Support
|
# Support
|
||||||
# SWF
|
# SWF
|
||||||
# TranscribeService
|
# TranscribeService
|
||||||
@@ -136,8 +135,9 @@ def step_recon_all():
|
|||||||
# WAFRegional
|
# WAFRegional
|
||||||
# WorkDocs
|
# WorkDocs
|
||||||
# WorkMail
|
# WorkMail
|
||||||
brute_workspaces_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
brute_workspaces_permissions()
|
||||||
# XRay no functions
|
# XRay no functions
|
||||||
|
|
||||||
# S3 bucket's while we are here...
|
# S3 bucket's while we are here...
|
||||||
get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
#commented out until s3 id/key shit is fixed in all modules/libs
|
||||||
|
get_s3objects_for_account()
|
||||||
|
|||||||
Reference in New Issue
Block a user