dash/weirdAAL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more shuffling

Browse Source
This commit is contained in:
cktricky
2018-09-13 20:09:26 -04:00
committed by Kenneth Toler
parent 34d22d77be
commit 8e0ded67d3
30 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
modules/aws/aws_lambda.py Normal file
View File

@@ -0,0 +1,36 @@
'''
This file is used to list lambda functions and event mappings
'''
from libs.aws_lambda import *
def module_lambda_list_functions():
'''
List Lambda functions
python3 weirdAAL.py -m lambda_list_functions -t demo
'''
list_functions()
def module_lambda_list_event_source_mappings():
'''
List Lambda event source mappings
python3 weirdAAL.py -m lambda_list_event_source_mappings -t demo
'''
list_event_source_mappings()
def module_lambda_get_function(*text):
'''
get specfied function. Takes function name from list_functions and region the function exists in
python3 weirdAAL.py -m lambda_get_function -a 'MY_LAMBDA_FUNCTION','us-west-2' -t yolo
'''
lambda_get_function(text[0][0], text[0][1])
def module_lambda_get_account_settings():
'''
Returns a customer's account settings.
python3 weirdAAL.py -m lambda_get_account_settings -t demo
'''
lambda_get_account_settings()

15
modules/aws/ce.py Normal file
View File

@@ -0,0 +1,15 @@
'''
This file is used to perform various Cost Explorer operations
usually have to be root or be specifically assigned the
permission to get anything from this
'''
from libs.ce import *
def module_costexplorer_get_cost_and_usage():
'''
Attempt to list cost and usage via the Cost Explorer service
python3 weirdAAL.py -m costexplorer_get_cost_and_usage -t demo
'''
ce_get_cost_and_usage()

13
modules/aws/cloudfront.py Normal file
View File

@@ -0,0 +1,13 @@
'''
This file is used to perform some EMR actions
'''
from libs.cloudfront import *
def module_cloudfront_list_distributions():
'''
List CloudFront distributions
python3 weirdAAL.py -m cloudfront_list_distributions -t demo
'''
cloudfront_list_distributions()

36
modules/aws/cloudtrail.py Normal file
View File

@@ -0,0 +1,36 @@
'''
This file is used to perform cloudtrail actions
'''
from libs.cloudtrail import *
def module_cloudtrail_describe_trails():
'''
Describe CloudTrail trails
python3 weirdAAL.py -m cloudtrail_describe_trails -t demo
'''
describe_trails()
def module_cloudtrail_list_public_keys():
'''
List public keys associated with the CloudTrail account
python3 weirdAAL.py -m cloudtrail_list_public_keys -t demo
'''
list_public_keys()
def module_cloudtrail_stop_trail(TrailARN):
'''
Stop a specified CloudTrail ARN
python3 weirdAAL.py -m cloudtrail_stop_trail -a arn:aws:cloudtrail:us-east-1... -t demo
'''
stop_trail(TrailARN)
def module_cloudtrail_delete_trail(TrailARN):
'''
Delete a specified CloudTrail ARN
python3 weirdAAL.py -m cloudtrail_delete_trail -a arn:aws:cloudtrail:us-east-1... -t demo
'''
delete_trail(TrailARN)

29
modules/aws/cloudwatch.py Normal file
View File

@@ -0,0 +1,29 @@
'''
example calling cloudwatch functions
decribe alarms, describe alarm history, list metrics
'''
from libs.cloudwatch import *
def module_cloudwatch_describe_alarms():
'''
Describe CloudWatch Alarms
python3 weirdAAL.py -m cloudwatch_describe_alarms -t demo
'''
cloudwatch_describe_alarms()
def module_cloudwatch_describe_alarm_history():
'''
Describe CloudWatch Alarm History
python3 weirdAAL.py -m cloudwatch_describe_alarm_history -t demo
'''
cloudwatch_describe_alarm_history()
def module_cloudwatch_list_metrics():
'''
CloudWatch List Metrics
python3 weirdAAL.py -m cloudwatch_list_metrics -t demo
'''
cloudwatch_list_metrics()

45
modules/aws/config.py Normal file
View File

@@ -0,0 +1,45 @@
'''
Module for interacting with the config service
'''
from libs.config import *
def module_config_list_all_rules():
'''
Config list all rules
python3 weirdAAL.py -m config_list_all_rules -t demo
'''
list_all_config_rules()
def module_config_list_all_recorders():
'''
Config list all recorders
python3 weirdAAL.py -m config_list_all_recorders -t demo
'''
list_all_config_recorders()
def module_config_delete_rule(*args):
'''
Config delete the specified rule
python3 weirdAAL.py -m config_delete_rule -a someRuleName,us-east-1 -t demo
'''
try:
if args[0][0] and args[0][1]:
delete_config_rule(args[0][0], args[0][1])
except IndexError:
print("You must provide the rule name and region name: -a someRuleName,us-east-1")
def module_config_delete_recorder(*args):
'''
Config delete the specified recorder
python3 weirdAAL.py -m config_delete_recorder -a someRecorderName,us-east-1 -t demo
'''
try:
if args[0][0] and args[0][1]:
delete_config_recorder(args[0][0], args[0][1])
except IndexError:
print("You must provide the recorder name and region name: -a someRecorderName,us-east-1")

13
modules/aws/datapipeline.py Normal file
View File

@@ -0,0 +1,13 @@
'''
datapipeline modules
'''
from libs.datapipeline import *
def module_datapipeline_list_pipelines():
'''
List DataPileLine pipelines
python3 weirdAAL.py -m datapipeline_list_pipelines -t demo
'''
datapipeline_list_pipelines()

65
modules/aws/db.py Normal file
View File

@@ -0,0 +1,65 @@
'''
Queries that interact with the db
'''
import boto3
import sqlite3
from sqlite3 import Error
from libs.sql import *
session = boto3.Session()
credentials = session.get_credentials()
AWS_ACCESS_KEY_ID = credentials.access_key
# for a key, what services does it have listed in the DB
def module_show_services_by_key():
'''
Show services for a given key service:sub_service
example: elasticbeanstalk:DescribeEvents
'''
results = ["{}.{}".format(r[0], r[1]) for r in search_recon_by_key(db_name, AWS_ACCESS_KEY_ID)]
print("Services enumerated for {}".format(AWS_ACCESS_KEY_ID))
for result in sorted(results):
print(result)
def module_show_services_by_key_with_date():
'''
Show services for a given key service:sub_service
example: elasticbeanstalk:DescribeEvents -> Date: 2018-04-18 20:36:41.791780
'''
results = [("{}.{}".format(r[0], r[1]), r[2]) for r in search_recon_by_key(db_name, AWS_ACCESS_KEY_ID)]
print("Services enumerated for {}".format(AWS_ACCESS_KEY_ID))
for result, date in sorted(results, key=lambda r: r[0]):
print("{} -> Date: {}".format(result, date))
# same as show_sevices
def module_list_services_by_key():
'''
Show services for a given key service:sub_service
example: elasticbeanstalk:DescribeEvents
'''
results = ["{}.{}".format(r[0], r[1]) for r in search_recon_by_key(db_name, AWS_ACCESS_KEY_ID)]
print("Services enumerated for {}".format(AWS_ACCESS_KEY_ID))
for result in sorted(results):
print(result)
# for a key, what services does it have listed in the DB and the date
def module_list_services_by_key_with_date():
'''
Show services for a given key service:sub_service with date
example: elasticbeanstalk:DescribeEvents -> Date: 2018-04-18 20:36:41.791780
'''
results = [("{}.{}".format(r[0], r[1]), r[2]) for r in search_recon_by_key(db_name, AWS_ACCESS_KEY_ID)]
print("Services enumerated for {}".format(AWS_ACCESS_KEY_ID))
for result, date in sorted(results, key=lambda r: r[0]):
print("{} -> Date: {}".format(result, date))

20
modules/aws/dynamodb.py Normal file
View File

@@ -0,0 +1,20 @@
'''
dynamoDB examples
'''
from libs.dynamodb import *
def module_dynamodb_list_tables():
'''
DynamoDB list tables
python3 weirdAAL.py -m dynamodb_list_tables -t demo
'''
list_dynamodb_tables()
def module_dynamodb_list_tables_detailed():
'''
DynamoDB list tables detailed - also tries decribe_tables on each table
python3 weirdAAL.py -m dynamodb_list_tables_detailed -t demo
'''
list_dynamodb_tables_detailed()

12
modules/aws/dynamodbstreams.py Normal file
View File

@@ -0,0 +1,12 @@
'''
dynamoDBstreams examples
'''
from libs.dynamodbstreams import *
def module_dynamodbstreams_list_streams():
'''
List dynamodbstream streams
python3 weirdAAL.py -m dynamodbstreams_list_streams -t demo
'''
list_dynamodbstreams()

178
modules/aws/ec2.py Normal file
View File

@@ -0,0 +1,178 @@
'''
This file is used to perform various EC2 operations
'''
from libs.ec2 import *
def module_ec2_describe_instances_basic():
'''
Basic info about each EC2 instance
ex:
[+] Listing instances for region: us-west-2 [+]
InstanceID: i-XXXXXXXXXXXXXXX, InstanceType: t2.micro, State: {'Code': 80, 'Name': 'stopped'}, Launchtime: 2016-08-25 22:31:31+00:00
python3 weirdAAL.py -m ec2_describe_instances_basic -t demo
'''
describe_instances_basic()
def module_ec2_describe_instances():
'''
All info about each EC2 instance
python3 weirdAAL.py -m ec2_describe_instances -t demo
'''
describe_instances()
def module_ec2_write_instances_to_file():
'''
For each region write the instanceIDs to a file by region ex (AWSKEYID-region.txt)
python3 weirdAAL.py -m ec2_write_instances_to_file -t demo
'''
write_instances_to_file()
def module_ec2_get_instance_volume_details():
'''
Show volumes sorted by instanceId ex: instanceID-->multiple volumes less detail than get_instance_volume_details2
python3 weirdAAL.py -m ec2_get_instance_volume_details -t demo
'''
get_instance_volume_details()
def module_ec2_get_instance_volume_details2():
'''
Show volumes by instanceId but instanceID->volume1 of ID, instanceID->volume2 of ID but more details.
python3 weirdAAL.py -m ec2_get_instance_volume_details2 -t demo
'''
get_instance_volume_details2()
def module_ec2_review_encrypted_volumes():
'''
This function is used to list EBS volumes and whether or not they are encrypted. This is only for "in-use" (running) volumes.
python3 weirdAAL.py -m ec2_review_encrypted_volumes -t demo
'''
review_encrypted_volumes()
def module_ec2_describe_addresses():
'''
This function is used to describe ec2 network addresses.
python3 weirdAAL.py -m ec2_describe_addresses -t demo
'''
describe_addresses()
def module_ec2_describe_network_interfaces():
'''
This function is used to describe ec2 network interfaces.
python3 weirdAAL.py -m ec2_describe_network_interfaces -t demo
'''
describe_network_interfaces()
def module_ec2_describe_route_tables():
'''
This function describes route tables for each ec2 instance
python3 weirdAAL.py -m ec2_describe_route_tables -t demo
'''
describe_route_tables()
def module_ec2_stop_instance_dryrun(*text):
'''
This function attempt to stop the specified InstanceID and region
passes dry run command so shouldnt "actually" stop it. nice to prove access
python3 weirdAAL.py -m ec2_stop_instance_dryrun -a 'i-0321f4EXAMPLE','us-east-1' -t yolo
'''
ec2_stop_instance_dryrun(text[0][0], text[0][1])
def module_ec2_get_console_screenshot(*text):
'''
This function gets a screenshot for the specified InstanceID and region
python3 weirdAAL.py -m ec2_get_console_screenshot -a 'i-0321f4EXAMPLE','us-east-1' -t yolo
'''
get_console_screenshot(text[0][0], text[0][1])
def module_ec2_get_console_output(*text):
'''
This function gets the console output for the specified InstanceID and region
python3 weirdAAL.py -m ec2_get_console_output -a 'i-0321f4EXAMPLE','us-east-1' -t yolo
'''
get_console_output(text[0][0], text[0][1])
def module_ec2_get_console_screenshot_all():
'''
This function will attempt to screenshot all EC2 instances (loops through all regions)
python3 weirdAAL.py -m ec2_get_console_screenshot_all -t demo
'''
get_console_screenshot_all()
def module_ec2_get_console_output_all():
'''
This function will attempt to get the console output all EC2 instances (loops through all regions)
python3 weirdAAL.py -m ec2_get_console_output_all -t demo
'''
get_console_output_all()
def module_ec2_get_console_screenshot_all_region(*text):
'''
This function gets a screenshot for all EC2 instances in the specified region
python3 weirdAAL.py -m ec2_get_console_screenshot_all_region -a us-west-2 -t yolo
'''
get_console_screenshot_all_region(text[0][0])
def module_ec2_get_console_output_all_region(*text):
'''
This function gets the console output for all EC2 instances in the specified region
python3 weirdAAL.py -m ec2_get_console_output_all_region -a us-west-2 -t yolo
'''
get_console_output_all_region(text[0][0])
def module_ec2_get_console_screenshot_all_region_list(*text):
'''
This function gets a screenshot for all EC2 instances in the specified list & region
useful if for some reason one instance-id wont screenshot, pass it a list of instance-ids for a region
-See module_ec2_write_instances_to_file to create the list
python3 weirdAAL.py -m ec2_get_console_screenshot_all_region_list -a 'ASIAJEXAMPLEKEY-us-west-2.txt','us-west-2' -t yolo
'''
get_console_screenshot_all_region_list(text[0][0], text[0][1])
def module_ec2_get_console_output_all_region_list(*text):
'''
This function gets the console output for all EC2 instances in the specified list & region
useful if for some reason one instance-id wont screenshot, pass it a list of instance-ids for a region
-See module_ec2_write_instances_to_file to create the list
python3 weirdAAL.py -m ec2_get_console_output_all_region_list -a 'ASIAJEXAMPLEKEY-us-west-2.txt','us-west-2' -t yolo
'''
get_console_output_all_region_list(text[0][0], text[0][1])
def module_ec2_list_launchable_ami():
'''
This function will attempt to get launchable AMIs for the key owner (loops through all regions)
For each region list launchable AMIs - equivalent to aws ec2 describe-images --executable-users self
per documentation this doenst list AMIs you own.
"The following command lists the AMIs for which you have explicit launch permissions. This list does not include any AMIs that you own."
run ec2_list_owner_ami also to get a list of YOUR account's AMIs
python3 weirdAAL.py -m ec2_list_launchable_ami -t demo
'''
ec2_list_launchable_ami()
def module_ec2_list_owner_ami():
'''
This function will attempt to get all AMIs for the key owner (loops through all regions)
python3 weirdAAL.py -m ec2_list_owner_ami -t demo
'''
ec2_list_owner_ami()

13
modules/aws/ecr.py Normal file
View File

@@ -0,0 +1,13 @@
'''
ECR functions
'''
from libs.ecr import *
def module_ecr_describe_repos():
'''
Describe ECR repositories
python3 weirdAAL.py -m ecr_describe_repos -t demo
'''
ecr_describe_repositories()

59
modules/aws/elasticbeanstalk.py Normal file
View File

@@ -0,0 +1,59 @@
'''
This file is used to perform some ElasticBeanstalk actions
'''
from libs.elasticbeanstalk import *
'''
There is a weird issue that AWS says everyone has elasticbeanstalk permissions
despite not running any of these services - in other words it won't be abnormal
for recon to say it has elasticbeantalk permissions but nothing gets returned
when you run these functions
'''
def module_elasticbeanstalk_describe_applications():
'''
Elasticbeanstalk Describe Applications
python3 weirdAAL.py -m elasticbeanstalk_describe_applications -t demo
'''
elasticbeanstalk_describe_applications()
def module_elasticbeanstalk_describe_applications_versions():
'''
Elasticbeanstalk Describe Application versions
python3 weirdAAL.py -m elasticbeanstalk_describe_applications_versions -t demo
'''
elasticbeanstalk_describe_application_versions()
# not working
# def module_elasticbeanstalk_describe_configuration_options():
# elasticbeanstalk_describe_configuration_options()
def module_elasticbeanstalk_describe_environments():
'''
Elasticbeanstalk Describe Environments
python3 weirdAAL.py -m elasticbeanstalk_describe_environments -t demo
'''
elasticbeanstalk_describe_environments()
def module_elasticbeanstalk_describe_events():
'''
Elasticbeanstalk describe events
python3 weirdAAL.py -m elasticbeanstalk_describe_events -t demo
'''
elasticbeanstalk_describe_events()
def module_elasticbeanstalk_check_defaults():
'''
Test for all 4 of the deault elasticbeanstalk permissions
python3 weirdAAL.py -m elasticbeanstalk_check_defaults -t demo
'''
elasticbeanstalk_describe_applications()
elasticbeanstalk_describe_application_versions()
elasticbeanstalk_describe_environments()
elasticbeanstalk_describe_events()

21
modules/aws/emr.py Normal file
View File

@@ -0,0 +1,21 @@
'''
This file is used to perform some EMR actions
'''
from libs.emr import *
def module_emr_list_clusters():
'''
EMR List Clusters
python3 weirdAAL.py -m emr_list_clusters -t demo
'''
list_clusters()
def module_emr_list_security_configurations():
'''
EMR List Security Configuration
python3 weirdAAL.py -m emr_list_security_configurations -t demo
'''
list_security_configurations()

20
modules/aws/firehose.py Normal file
View File

@@ -0,0 +1,20 @@
'''
Firehose functions
'''
from libs.firehose import *
def module_firehose_list_delivery_streams():
'''
Firehose list delivery streams
python3 weirdAAL.py -m firehose_list_delivery_streams -t demo
'''
firehose_list_delivery_streams()
def module_firehose_describe_delivery_streams():
'''
Firehose describe delivery streams
python3 weirdAAL.py -m firehose_describe_delivery_streams -t demo
'''
firehose_describe_delivery_streams()

115
modules/aws/iam.py Normal file
View File

@@ -0,0 +1,115 @@
'''
IAM recon functions
'''
from libs.iam import *
def module_iam_list_groups():
'''
Lists the IAM groups.
python3 weirdAAL.py -m iam_list_groups -t yolo
'''
iam_list_groups()
def module_iam_get_user():
'''
Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN.
python3 weirdAAL.py -m iam_get_user -t yolo
'''
iam_get_user()
def module_iam_get_account_summary():
'''
Retrieves information about IAM entity usage and IAM quotas in the AWS account
python3 weirdAAL.py -m iam_get_account_summary -t yolo
'''
iam_get_account_summary()
def module_iam_list_users():
'''
Lists the IAM users that have the specified path prefix. If no path prefix is specified, the operation returns all users in the AWS account. If there are none, the operation returns an empty list.
python3 weirdAAL.py -m iam_list_users -t yolo
'''
iam_list_users()
def module_iam_check_root_account():
'''
Attempts to call a few IAM functions to see if the account has root or IAM [elevated] permissions
python3 weirdAAL.py -m iam_check_root_account -t yolo
'''
check_root_account()
def module_iam_get_password_policy():
'''
Retrieves the password policy for the AWS account.
python3 weirdAAL.py -m iam_get_password_policy -t yolo
'''
get_password_policy()
def module_iam_list_roles():
'''
Lists the IAM roles that have the specified path prefix. If there are none, the operation returns an empty list.
python3 weirdAAL.py -m iam_list_roles -t yolo
'''
iam_list_roles()
def module_iam_list_roles_assumable():
'''
Lists the IAM roles that have the specified path prefix that are assumable by AWS principals and excludes roles assumable by AWS services. If there are none, the operation returns an empty list.
python3 weirdAAL.py -m iam_list_roles_assumable -t yolo
'''
iam_list_roles_assumable()
def module_iam_list_policies():
'''
Lists all the managed policies that are available in your AWS account, including your own customer-defined managed policies and all AWS managed policies.
python3 weirdAAL.py -m iam_list_policies -t yolo
'''
iam_list_policies()
def module_iam_list_policies_attached():
'''
Lists all the managed policies that are available in your AWS account, including your own customer-defined managed policies and all AWS managed policies.
adds the OnlyAttached=True flag (you probably want to run this one to see what's actually applied to the account)
python3 weirdAAL.py -m iam_list_policies_attached -t yolo
'''
iam_list_policies_attached()
def module_iam_list_user_policies(*text):
'''
Lists the names of the inline policies embedded in the specified IAM user.
python3 weirdAAL.py -m iam_list_user_policies -a python -t yolo
'''
iam_list_user_policies(text[0][0])
def module_iam_list_attached_user_policies(*text):
'''
List attached user policies for specified user
python3 weirdAAL.py -m iam_list_attached_user_policies -a python -t yolo
'''
iam_list_attached_user_policies(text[0][0])
def module_iam_list_entities_for_policy(*text):
'''
python3 weirdAAL.py -m iam_list_entities_for_policy -a 'arn:aws:iam::...' -t yolo
'''
iam_list_entities_for_policy(text[0][0])
def module_iam_get_account_authorization_details():
'''
Retrieves information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another. Use this API to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account.
python3 weirdAAL.py -m iam_get_account_authorization_details -t yolo
'''
get_account_authorization_details()

98
modules/aws/iam_pwn.py Normal file
View File

@@ -0,0 +1,98 @@
'''
Functions specifically related to IAM account takeover if you have root or IAM access gather user info,
manipulate access keys or passwords, make backdoor account
'''
from libs.iam import *
from libs.sts import *
def module_iam_get_account_summary():
'''
Get account summmary for current user get_account_summary()
python3 weirdAAL.py -m iam_get_account_summary -t yolo
'''
iam_get_account_summary()
def module_iam_check_root_account():
'''
runs get_account_summary, list_users, for each user list_login_profiles() & list_mfa_devices()
python3 weirdAAL.py -m iam_check_root_account -t yolo
'''
check_root_account()
def module_iam_get_password_policy():
'''
runs IAM get_account_password_policy for the current user
python3 weirdAAL.py -m iam_get_password_policy -t yolo
'''
get_password_policy()
def module_iam_list_mfa_device(*text):
'''
List MFA device for specified user
python3 weirdAAL.py -m iam_list_mfa_device -a python -t yolo
'''
iam_list_mfa_device(text[0][0])
def module_iam_delete_mfa_device(*text):
'''
delete specified MFA device for specified user - username,serialnum
python3 weirdAAL.py -m iam_delete_mfa_device -a 'python','arn:aws:iam::XXXXXXXXX:mfa/python' -t yolo
'''
iam_delete_mfa_device(text[0][0], text[0][1])
def module_iam_change_user_console_password(*text):
'''
change the console password for the specified user
python3 weirdAAL.py -m iam_change_user_console_password -a 'python','HackTh3Planet!' -t yolo
'''
iam_change_user_console_password(text[0][0], text[0][1])
def module_iam_create_access_key(*text):
'''
create an access key for specfied user
python3 weirdAAL.py -m iam_create_access_key -a 'python' -t yolo
'''
iam_create_access_key(text[0][0])
def module_iam_delete_access_key(*text):
'''
delete the specified access key for a specified user username,accesskeyid
python3 weirdAAL.py -m iam_delete_access_key -a 'python','AKIAEXAMPLEQ' -t yolo
'''
iam_delete_access_key(text[0][0], text[0][1])
def module_iam_create_user(*text):
'''
create a IAM user with the specified username
python3 weirdAAL.py -m iam_delete_access_key -a 'urpwned' -t yolo
'''
iam_create_user(text[0][0])
def module_iam_make_admin(*text):
'''
attach the admin policy ['arn:aws:iam::aws:policy/AdministratorAccess'] to the specified user
python3 weirdAAL.py -m iam_delete_access_key -a 'urpwned' -t yolo
'''
iam_make_admin(text[0][0])
def module_iam_make_backdoor_account(*text):
'''
calls the following functions:
iam_create_user(username)
iam_make_admin(username)
iam_create_user_console_password(username, password)
iam_create_access_key(username)
python3 weirdAAL.py -m iam_make_backdoor_account -a 'secureyershit','HackTh3Planet!' -t yolo
'''
iam_make_backdoor_account(text[0][0], text[0][1])

13
modules/aws/lightsail.py Normal file
View File

@@ -0,0 +1,13 @@
'''
Module for interacting with the lightsail
'''
from libs.lightsail import *
def module_lightsail_get_instances():
'''
Lightsail get_instances
python3 weirdAAL.py -m lightsail_get_instances -t demo
'''
lightsail_get_instances()

17
modules/aws/opsworks.py Normal file
View File

@@ -0,0 +1,17 @@
from libs.opsworks import *
def module_opsworks_describe_stacks():
'''
Opsworks Describe stacks
python3 weirdAAL.py -m opsworks_describe_stacks -t yolo
'''
opsworks_describe_stacks()
def module_opsworks_describe_user_profiles():
'''
Opsworks describe user profiles
python3 weirdAAL.py -m opsworks_describe_user_profiles -t yolo
'''
opsworks_describe_user_profiles()

15
modules/aws/pricing.py Normal file
View File

@@ -0,0 +1,15 @@
'''
This file is used to perform various pricing operations
usually have to be root or be specifically assigned the
permission to get anything from this
'''
from libs.pricing import *
def module_pricing_describe_services():
'''
Pricing describe services
python3 weirdAAL.py -m pricing_describe_services -t yolo
'''
pricing_describe_services()

13
modules/aws/rds.py Normal file
View File

@@ -0,0 +1,13 @@
'''
RDS module
'''
from libs.rds import *
def module_rds_describe_db_instances():
'''
RDS Describe Instances
python3 weirdAAL.py -m rds_describe_db_instances -t yolo
'''
describe_db_instances()

176
modules/aws/recon.py Normal file
View File

@@ -0,0 +1,176 @@
'''
This module handles the core recon functionality by asking all the services
that have functions that done have arguments if we can access them :-)
'''
from libs.brute import *
from libs.s3 import *
# for recon_defaults
from libs.elasticbeanstalk import *
from libs.opsworks import *
from libs.route53 import *
from libs.sts import *
# maps to available services in boto 1.7.4
def module_recon_all():
'''
Main recon all module - attempt to connect to each of the services to see if we have some privs
python3 weirdAAL.py -m recon_all -t demo
'''
get_accountid()
check_root_account()
brute_acm_permissions()
brute_acm_pca_permissions()
brute_alexaforbusiness_permissions()
brute_apigateway_permissions()
# Application Auto Scaling - no usable functions
brute_appstream_permissions()
# AppSync - no usable functions
brute_athena_permissions()
brute_autoscaling_permissions()
brute_autoscaling_plans_permissions()
brute_batch_permissions()
brute_budgets_permissions()
# CostExplorer
brute_cloud9_permissions()
brute_clouddirectory_permissions()
brute_cloudformation_permissions()
brute_cloudfront_permissions()
brute_cloudhsm_permissions()
brute_cloudhsmv2_permissions()
brute_cloudsearch_permissions()
# brute_cloudsearchdomain_permissions() requires a valid cloudsearch domain
brute_cloudtrail_permissions()
brute_cloudwatch_permissions()
brute_codebuild_permissions()
brute_codecommit_permissions()
brute_codedeploy_permissions()
brute_codepipeline_permissions()
brute_codestar_permissions()
brute_cognitoidentity_permissions()
brute_cognitoidp_permissions()
brute_cognitosync_permissions()
brute_comprehend_permissions()
brute_configservice_permissions()
# connect no functions
brute_costandusagereportservice_permissions()
brute_datapipeline_permissions()
brute_dax_permissions()
brute_devicefarm_permissions()
brute_directconnect_permissions()
brute_applicationdiscoveryservice_permissions()
brute_dms_permissions()
brute_directoryservice_permissions()
brute_dynamodb_permissions()
brute_dynamodbstreams_permissions()
brute_ec2_permissions()
brute_ecr_permissions()
brute_ecs_permissions()
brute_efs_permissions()
brute_elasticache_permissions()
brute_elasticbeanstalk_permissions()
brute_elastictranscoder_permissions()
brute_elasticloadbalancing_permissions()
brute_elasticloadbalancingv2_permissions()
brute_emr_permissions()
brute_es_permissions()
brute_cloudwatchevents_permissions()
brute_firehose_permissions()
brute_fms_permissions()
brute_gamelift_permissions()
brute_glacier_permissions()
brute_glue_permissions()
brute_greengrass_permissions()
brute_guardduty_permissions()
brute_health_permissions()
brute_iam_permissions()
brute_importexport_permissions()
brute_inspector_permissions()
brute_iot_permissions()
# IoTDataPlane no functions
# IoTJobsDataPlane no functions
brute_kinesis_permissions()
# KinesisVideoArchivedMedia no functions
# KinesisVideoMedia no functions
brute_kinesisanalytics_permissions()
brute_kinesisvideo_permissions()
brute_kms_permissions()
brute_lambda_permissions()
brute_lexmodels_permissions()
# LexRuntimeService #no functions
brute_lightsail_permissions()
brute_cloudwatchlogs_permissions()
brute_machinelearning_permissions()
# marketplace-entitlement no functions
# marketplacecommerceanalytics no functions
brute_mediaconvert_permissions()
brute_medialive_permissions()
brute_mediapackage_permissions()
brute_mediastore_permissions()
brute_mediastore_data_permissions()
# MarketplaceMetering no functions
brute_mgh_permissions()
brute_mobile_permissions()
brute_mq_permissions()
brute_mturk_permissions()
brute_opsworks_permissions()
brute_opsworkscm_permissions()
brute_organizations_permissions()
# PinPoint no functions
brute_polly_permissions()
brute_pricing_permissions()
brute_rds_permissions()
brute_redshift_permissions()
brute_rekognition_permissions()
brute_resource_groups_permissions()
brute_resourcegroupstaggingapi_permissions()
brute_route53_permissions()
brute_route53domains_permissions()
brute_s3_permissions()
brute_sagemaker_permissions()
# SageMakerRuntime no functions
brute_sdb_permissions()
brute_secretsmanager_permissions()
brute_serverlessrepo_permissions()
brute_servicecatalog_permissions()
brute_servicediscovery_permissions()
brute_ses_permissions()
brute_shield_permissions()
brute_sms_permissions()
brute_snowball_permissions()
brute_sns_permissions()
brute_sqs_permissions()
brute_ssm_permissions()
brute_stepfunctions_permissions()
brute_storagegateway_permissions()
brute_sts_permissions()
brute_support_permissions()
brute_swf_permissions()
brute_transcribe_permissions()
brute_translate_permissions()
brute_waf_permissions()
brute_waf_regional_permissions()
brute_workdocs_permissions()
brute_workmail_permissions()
brute_workspaces_permissions()
# XRay no functions
# S3 bucket's while we are here...
s3_get_objects_for_account()
def module_recon_defaults():
'''
Recon defaults that every account seems to have minus route53_geolocations (static data)
python3 weirdAAL.py -m recon_defaults -t demo
'''
elasticbeanstalk_describe_applications()
elasticbeanstalk_describe_application_versions()
elasticbeanstalk_describe_environments()
elasticbeanstalk_describe_events()
opsworks_describe_stacks()
# list_geolocations() # not work looking at, it's static data
sts_get_accountid_all()

14
modules/aws/route53.py Normal file
View File

@@ -0,0 +1,14 @@
'''
route53 functions
'''
from libs.route53 import *
def module_route53_list_geolocations():
'''
Route53 list geolocations
python3 weirdAAL.py -m route53_list_geolocations -t demo
'''
list_geolocations()

69
modules/aws/s3.py Normal file
View File

@@ -0,0 +1,69 @@
'''
S3 module
'''
from libs.s3 import *
def module_s3_get_bucket_policy(*args):
'''
S3 list specific bucket contents, acl and policy
python3 weirdAAL.py -m s3_get_bucket_policy -a 'bucket' -t yolo
'''
s3_get_bucket_policy(args[0][0])
def module_s3_download_file(*args):
'''
S3 download a file from specified bucket
python3 weirdAAL.py -m s3_download_file -a 'bucket','file' -t yolo
'''
s3_download_file(args[0][0], args[0][1])
def module_s3_upload_file(*args):
'''
S3 upload a file to the specified bucket
python3 weirdAAL.py -m s3_upload_file -a 'bucket','source_file', 'dest_file' -t yolo
'''
s3_upload_file(args[0][0], args[0][1], args[0][2])
def module_s3_list_buckets():
'''
S3 list buckets for account
python3 weirdAAL.py -m s3_list_buckets -t yolo
'''
s3_get_objects_for_account()
def module_s3_list_bucket_contents(*args):
'''
S3 list specific bucket contents
python3 weirdAAL.py -m s3_list_bucket_contents -a "mybucket" -t yolo
'''
s3_list_bucket_contents(args[0][0])
def module_s3_list_buckets_and_policies():
'''
S3 list all buckets contents and their policies
python3 weirdAAL.py -m s3_list_buckets_and_policies -t yolo
'''
s3_get_objects_for_account_detailed()
def module_s3_list_buckets_from_file(*args):
'''
S3 list buckets
python3 weirdAAL.py -m s3_list_buckets_from_file -a 'bucket_list.txt' -t yolo
'''
s3_get_bucket_objects_from_file(args[0][0])
def module_s3_get_file_acl(*args):
'''
S3 get the ACL on a file
python3 weirdAAL.py -m s3_get_file_acl -a 'bucket','file' -t yolo
'''
s3_get_file_acl(args[0][0], args[0][1])

32
modules/aws/ses.py Normal file
View File

@@ -0,0 +1,32 @@
'''
SES module
'''
from libs.ses import *
def module_ses_list_identities():
'''
SES List identities
python3 weirdAAL.py -m ses_list_identities -t demo
'''
list_identities()
def module_ses_get_send_statistics():
'''
SES get send statistics
python3 weirdAAL.py -m ses_get_send_statistics -t demo
'''
get_send_statistics()
def module_ses_list_configuration_sets():
'''
SES list configuration sets
python3 weirdAAL.py -m ses_list_configuration_sets -t demo
'''
list_configuration_sets()

53
modules/aws/sns.py Normal file
View File

@@ -0,0 +1,53 @@
'''
SNS module
'''
from libs.sns import *
def module_sns_list_topics():
'''
SNS list all topics
python3 weirdAAL.py -m sns_list_topics -t demo
'''
list_sns_topics()
def module_sns_list_subscribers(*args):
'''
SNS list subscribers for a topic. Takes two arguments - the topic arn and then the region.
python3 weirdAAL.py -m sns_list_subscribers -a arn:aws:sns:us-east-1:123456789123:sometopic,us-east-1
'''
try:
if args[0][0] and args[0][1]:
list_sns_subscribers(args[0][0], args[0][1])
except IndexError:
print("Please provide a topic arn *AND* region, ex: -a arn:aws:sns:us-east-1:123456789123:sometopic,us-east-1")
def module_sns_list_all_subscribers():
'''
Rather than listing a single topics subscribers, we'll list all topics and all subscribersself.
python3 weirdAAL.py -m sns_list_all_subscribers
'''
list_all_sns_subscribers()
def module_sns_delete_topic(*args):
'''
SNS delete a topic. Takes two arguments - the topic arn and the region.
python3 weirdAAL.py -m sns_delete_topic -a arn:aws:sns:us-east-1:123456789123:sometopic,us-east-1
'''
try:
if args[0][0] and args[0][1]:
delete_sns_topic(args[0][0], args[0][1])
except IndexError:
print("Please provide a topic arn *AND* region, ex: -a arn:aws:sns:us-east-1:123456789123:sometopic,us-east-1")
# Shit is broke atm
#def module_sns_delete_subscriber(*args):
# '''
# SNS delete a subscriber. Takes two arguments - the subscriber arn and the region.
# python3 weirdAAL.py -m sns_delete_subscriber -a arn:aws:sns:us-east-1:123456789123:pwned-topic:05ac3eaa-703a-4bda-83ad-6861893f7542,us-east-1
# '''
# try:
# if args[0][0] and args[0][1]:
# delete_sns_subscriber(args[0][0], args[0][1])
# except IndexError:
# print("Please provide a subscriber arn *AND* region, ex: -a arn:aws:sns:us-east-1:123456789123:pwned-topic:05ac3eaa-703a-4bda-83ad-6861893f7542,us-east-1")

14
modules/aws/sqs.py Normal file
View File

@@ -0,0 +1,14 @@
'''
SQS Modules
'''
from libs.sqs import *
def module_sqs_list_queues():
'''
SQS List Queues
python3 weirdAAL.py -m sqs_list_queues -t demo
'''
sqs_list_queues()

23
modules/aws/sts.py Normal file
View File

@@ -0,0 +1,23 @@
'''
This file is used to perform some EMR actions
'''
from libs.sts import *
def module_sts_get_accountid():
'''
STS get account ID - just ID
python3 weirdAAL.py -m sts_get_accountid -t demo
'''
sts_get_accountid()
def module_sts_get_accountid_all():
'''
STS get as much info as possible - prints AccountID, UserID, ARN
python3 weirdAAL.py -m sts_get_accountid_all -t demo
'''
sts_get_accountid_all()

14
modules/aws/translate.py Normal file
View File

@@ -0,0 +1,14 @@
'''
Translate module
'''
from libs.translate import *
def module_translate_translate_text(*text):
'''
translate text ==> text, source_language, target_language
python3 weirdAAL.py -m translate_translate_text -a 'secure your shit','en','fr' -t demo
'''
translate_text(text[0][0], text[0][1], text[0][2])