From f2d3f385d484b6db6bd89f7ad82724813db37813 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Sat, 7 Apr 2018 14:01:06 -0400 Subject: [PATCH 01/16] move show services to modules/db.py --- modules/db.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 modules/db.py diff --git a/modules/db.py b/modules/db.py new file mode 100644 index 0000000..536f2f9 --- /dev/null +++ b/modules/db.py @@ -0,0 +1,15 @@ +import sqlite3 +from sqlite3 import Error + +from libs.sql import * + +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +#if __name__ == "__main__": +def step_show_services_by_key(): + db_name = "weirdAAL.db" + results = search_recon_by_key(db_name,AWS_ACCESS_KEY_ID) + print("Services enumerated for {}".format(AWS_ACCESS_KEY_ID)) + for result in results: + print("{}:{}".format(result[0],result[1])) \ No newline at end of file From e9acbdecd30ffab1d439874baf1284e7ed61450c Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Sat, 7 Apr 2018 14:06:31 -0400 Subject: [PATCH 02/16] moving stuff around --- modules/db.py | 8 ++++++-- modules/sts.py | 12 ++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 modules/sts.py diff --git a/modules/db.py b/modules/db.py index 536f2f9..348c759 100644 --- a/modules/db.py +++ b/modules/db.py @@ -1,3 +1,8 @@ +''' +queries that interact with db can go here +''' + + import sqlite3 from sqlite3 import Error @@ -5,8 +10,7 @@ from libs.sql import * from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - -#if __name__ == "__main__": +# for a key, what services does it have listed in the DB def step_show_services_by_key(): db_name = "weirdAAL.db" results = search_recon_by_key(db_name,AWS_ACCESS_KEY_ID) diff --git a/modules/sts.py b/modules/sts.py new file mode 100644 index 0000000..67a5ed3 --- /dev/null +++ b/modules/sts.py @@ -0,0 +1,12 @@ +''' +This file is used to perform some EMR actions +''' +from libs.sts import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +def step_sts_get_accountid(): + get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + +def step_sts_get_accountidall(): + get_accountid_all(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) \ No newline at end of file From 697659207d30f90ca52a59042f3211b57464451e Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Sat, 7 Apr 2018 14:24:13 -0400 Subject: [PATCH 03/16] cloudwatch stuff --- modules/cloudwatch.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 modules/cloudwatch.py diff --git a/modules/cloudwatch.py b/modules/cloudwatch.py new file mode 100644 index 0000000..25c255f --- /dev/null +++ b/modules/cloudwatch.py @@ -0,0 +1,15 @@ +''' +example calling cloudwatch functions +decribe alarms, describe alarm history, list metrics +''' +from libs.cloudwatch import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + +def step_cloudwatch_describe_alarms(): + describe_alarms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + +def step_cloudwatch_describe_alarm_history(): + describe_alarm_history(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + +def step_cloudwatch_list_metrics(): + list_metrics(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) From 961642af4ac8fbdb4f2ecaa7d75c800e9e785ec5 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Sat, 7 Apr 2018 14:25:19 -0400 Subject: [PATCH 04/16] rm some stuff that go moved to modules --- cloudwatch_describe_alarms_and_metrics.py | 10 ---------- show_services_by_key.py | 14 -------------- sts_get_account_id.py | 8 -------- 3 files changed, 32 deletions(-) delete mode 100644 cloudwatch_describe_alarms_and_metrics.py delete mode 100644 show_services_by_key.py delete mode 100644 sts_get_account_id.py diff --git a/cloudwatch_describe_alarms_and_metrics.py b/cloudwatch_describe_alarms_and_metrics.py deleted file mode 100644 index bdb7101..0000000 --- a/cloudwatch_describe_alarms_and_metrics.py +++ /dev/null @@ -1,10 +0,0 @@ -''' -example calling cloudwatch functions -decribe alarms, describe alarm history, list metrics -''' -from libs.cloudwatch import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - -describe_alarms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -describe_alarm_history(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -list_metrics(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/show_services_by_key.py b/show_services_by_key.py deleted file mode 100644 index e5aa37c..0000000 --- a/show_services_by_key.py +++ /dev/null @@ -1,14 +0,0 @@ -import sqlite3 -from sqlite3 import Error - -from libs.sql import * - -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - - -if __name__ == "__main__": - db_name = "weirdAAL.db" - results = search_recon_by_key(db_name,AWS_ACCESS_KEY_ID) - print("Services enumerated for {}".format(AWS_ACCESS_KEY_ID)) - for result in results: - print("{}:{}".format(result[0],result[1])) \ No newline at end of file diff --git a/sts_get_account_id.py b/sts_get_account_id.py deleted file mode 100644 index 487ac53..0000000 --- a/sts_get_account_id.py +++ /dev/null @@ -1,8 +0,0 @@ -''' -This file is used to perform some EMR actions -''' -from libs.sts import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - -get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -get_accountid_all(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) \ No newline at end of file From 2898c11afb3d7a9e32eec42c7c41738a29cef259 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Sat, 7 Apr 2018 17:15:38 -0400 Subject: [PATCH 05/16] moving stuff around, pep8 some stuff --- ec2_get_all_instances.py | 7 - libs/dynamodbstreams.py | 1 + libs/ec2.py | 213 ++++++++++-------- .../datapipeline.py | 4 +- modules/db.py | 8 + modules/dynamodb.py | 11 + modules/dynamodbstreams.py | 8 + modules/ec2.py | 13 ++ 8 files changed, 157 insertions(+), 108 deletions(-) delete mode 100644 ec2_get_all_instances.py rename datapipeline_list_pipelines.py => modules/datapipeline.py (54%) create mode 100644 modules/dynamodb.py create mode 100644 modules/dynamodbstreams.py create mode 100644 modules/ec2.py diff --git a/ec2_get_all_instances.py b/ec2_get_all_instances.py deleted file mode 100644 index 7989079..0000000 --- a/ec2_get_all_instances.py +++ /dev/null @@ -1,7 +0,0 @@ -''' -This file is used to list ec2 instances -''' -from libs.ec2 import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - -get_instance_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/libs/dynamodbstreams.py b/libs/dynamodbstreams.py index 2b55bb0..cdabf07 100644 --- a/libs/dynamodbstreams.py +++ b/libs/dynamodbstreams.py @@ -18,6 +18,7 @@ def list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): try: for region in regions: client = boto3.client('dynamodbstreams', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + response = client.list_streams() if response.get('Streams') is None: print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['Streams']) <= 0: diff --git a/libs/ec2.py b/libs/ec2.py index 5f9a070..dcc008a 100644 --- a/libs/ec2.py +++ b/libs/ec2.py @@ -1,4 +1,6 @@ -#ec2 functions go here +''' +ec2 functions go here +''' import boto3 import botocore @@ -6,117 +8,130 @@ import pprint pp = pprint.PrettyPrinter(indent=5, width=80) -#from http://docs.aws.amazon.com/general/latest/gr/rande.html -regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] +# from http://docs.aws.amazon.com/general/latest/gr/rande.html +regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2'] # we are past the enumeration stage at this point assume you have key that works + + def review_encrypted_volumes(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print("Reviewing EC2 Volumes... This may take a few....") - not_encrypted = [] - encrypted = [] - try: - with open("{}-volumes_list.txt" .format(AWS_ACCESS_KEY_ID), "w") as fout: - for region in regions: - client = boto3.client( - 'ec2', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, - region_name=region - ) + print("Reviewing EC2 Volumes... This may take a few....") + not_encrypted = [] + encrypted = [] + try: + with open("{}-volumes_list.txt" .format(AWS_ACCESS_KEY_ID), "w") as fout: + for region in regions: + client = boto3.client('ec2', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + response = client.describe_volumes(Filters=[{ + 'Name': 'status', + 'Values': ['in-use'] + }])['Volumes'] - response = client.describe_volumes(Filters=[{ - 'Name' : 'status', - 'Values' : ['in-use'] - }])['Volumes'] - - for volume in response: - if volume['Encrypted']: - encrypted.append(volume['VolumeId']) - else: - not_encrypted.append(volume['VolumeId']) - fout.write("\nEncrypted: " + str(volume['Encrypted'])) - for attachments in volume['Attachments']: - fout.write("\nInstance ID: " + attachments['InstanceId']) - fout.write("\nVolume ID: " + volume['VolumeId']) - fout.write("\nRegion: " + region) - fout.write("\n" + "-" * 40) - print("Writing out results") - fout.write("\nNot encrypted: " + str(len(not_encrypted)) + "\n") - fout.write(pprint.pformat(not_encrypted)) - fout.write("\nEncrypted: " + str(len(encrypted)) + "\n") - fout.write(pprint.pformat(encrypted)) - except botocore.exceptions.ClientError as e: - if e.response['Error']['Code'] == 'UnauthorizedOperation': - print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) - else: - print(e) - except KeyboardInterrupt: - print("CTRL-C received, exiting...") + for volume in response: + if volume['Encrypted']: + encrypted.append(volume['VolumeId']) + else: + not_encrypted.append(volume['VolumeId']) + fout.write("\nEncrypted: " + str(volume['Encrypted'])) + for attachments in volume['Attachments']: + fout.write("\nInstance ID: " + attachments['InstanceId']) + fout.write("\nVolume ID: " + volume['VolumeId']) + fout.write("\nRegion: " + region) + fout.write("\n" + "-" * 40) + print("Writing out results") + fout.write("\nNot encrypted: " + str(len(not_encrypted)) + "\n") + fout.write(pprint.pformat(not_encrypted)) + fout.write("\nEncrypted: " + str(len(encrypted)) + "\n") + fout.write(pprint.pformat(encrypted)) + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'UnauthorizedOperation': + print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) + else: + print(e) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") def get_instance_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - try: - for region in regions: - client = boto3.client( - 'ec2', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, - region_name=region - ) + try: + for region in regions: + client = boto3.client('ec2', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + response = client.describe_instances() + if len(response['Reservations']) <= 0: + print("[-] List instances allowed for {} but no results [-]" .format(region)) + else: + print("[+] Listing instances for region: {} [+]" .format(region)) + for r in response['Reservations']: + for i in r['Instances']: + pp.pprint(i) - instances = client.describe_instances() - for r in instances['Reservations']: - for i in r['Instances']: - pp.pprint(i) + except botocore.exceptions.ClientError as e: + print(e) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + + +def get_instance_details_basic(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + try: + for region in regions: + client = boto3.client('ec2', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + response = client.describe_instances() + if len(response['Reservations']) <= 0: + print("[-] List instances allowed for {} but no results [-]" .format(region)) + else: + # print (response) + print("[+] Listing instances for region: {} [+]" .format(region)) + for r in response['Reservations']: + for i in r['Instances']: + launchtime = i['LaunchTime'] + instanceid = i['InstanceId'] + instancetype = i['InstanceType'] + state = i['State'] + print("InstanceID: {}, InstanceType: {}, State: {}, Launchtime: {}".format(instanceid, instancetype, state, launchtime)) + + except botocore.exceptions.ClientError as e: + print(e) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + +# show volumes sorted by instanceId ex: instanceID-->multiple volumes less detail than get_instance_volume_details2 - except botocore.exceptions.ClientError as e: - print(e) - except KeyboardInterrupt: - print("CTRL-C received, exiting...") -#show volumes sorted by instanceId ex: instanceID-->multiple volumes less detail than get_instance_volume_details2 def get_instance_volume_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - try: - for region in regions: - client = boto3.client( - 'ec2', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, - region_name=region - ) + try: + for region in regions: + client = boto3.client('ec2', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) - instances = client.describe_instances() - for r in instances['Reservations']: - for i in r['Instances']: - volumes = client.describe_instance_attribute(InstanceId=i['InstanceId'], Attribute='blockDeviceMapping') - print ("Instance ID: {} \n" .format(i['InstanceId'])) - pp.pprint(volumes) + instances = client.describe_instances() + for r in instances['Reservations']: + for i in r['Instances']: + volumes = client.describe_instance_attribute(InstanceId=i['InstanceId'], Attribute='blockDeviceMapping') + print("Instance ID: {} \n" .format(i['InstanceId'])) + pp.pprint(volumes) + + except botocore.exceptions.ClientError as e: + print(e) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + +# show volumes by instanceId but instanceID->volume1 of ID, instanceID->volume2 of ID but more details. - except botocore.exceptions.ClientError as e: - print(e) - except KeyboardInterrupt: - print("CTRL-C received, exiting...") -#show volumes by instanceId but instanceID->volume1 of ID, instanceID->volume2 of ID but more details. def get_instance_volume_details2(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - try: - for region in regions: - client = boto3.client( - 'ec2', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, - region_name=region - ) - response = client.describe_volumes(Filters=[{ - 'Name' : 'status', - 'Values' : ['in-use'] - }])['Volumes'] - for volume in response: - print("InstandID:{} \n" .format(volume['Attachments'][0]['InstanceId'])) - pp.pprint(volume) - print("\n") + try: + for region in regions: + client = boto3.client('ec2', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) - except botocore.exceptions.ClientError as e: - print(e) - except KeyboardInterrupt: - print("CTRL-C received, exiting...") + response = client.describe_volumes(Filters=[{ + 'Name': 'status', + 'Values': ['in-use'] + }])['Volumes'] + for volume in response: + print("InstandID:{} \n" .format(volume['Attachments'][0]['InstanceId'])) + pp.pprint(volume) + print("\n") + + except botocore.exceptions.ClientError as e: + print(e) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") diff --git a/datapipeline_list_pipelines.py b/modules/datapipeline.py similarity index 54% rename from datapipeline_list_pipelines.py rename to modules/datapipeline.py index 6a2597b..c17366b 100644 --- a/datapipeline_list_pipelines.py +++ b/modules/datapipeline.py @@ -4,5 +4,5 @@ data pipeline example from libs.datapipeline import * from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - -list_pipelines(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) +def step_datapipeline_list_pipelines(): + list_pipelines(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/modules/db.py b/modules/db.py index 348c759..b5f9a99 100644 --- a/modules/db.py +++ b/modules/db.py @@ -12,6 +12,14 @@ from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY # for a key, what services does it have listed in the DB def step_show_services_by_key(): + db_name = "weirdAAL.db" + results = search_recon_by_key(db_name,AWS_ACCESS_KEY_ID) + print("Services enumerated for {}".format(AWS_ACCESS_KEY_ID)) + for result in results: + print("{}:{}".format(result[0],result[1])) + +#same as show_sevices +def step_list_services_by_key(): db_name = "weirdAAL.db" results = search_recon_by_key(db_name,AWS_ACCESS_KEY_ID) print("Services enumerated for {}".format(AWS_ACCESS_KEY_ID)) diff --git a/modules/dynamodb.py b/modules/dynamodb.py new file mode 100644 index 0000000..a9fdf2e --- /dev/null +++ b/modules/dynamodb.py @@ -0,0 +1,11 @@ +''' +dynamoDB examples +''' +from libs.dynamodb import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + +def step_dynamodb_list_tables(): + list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + +def step_dynamodb_list_tables_detailed(): + list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/modules/dynamodbstreams.py b/modules/dynamodbstreams.py new file mode 100644 index 0000000..0cda511 --- /dev/null +++ b/modules/dynamodbstreams.py @@ -0,0 +1,8 @@ +''' +dynamoDBstreams examples +''' +from libs.dynamodbstreams import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + +def step_dynamodbstreams_list_streams(): + list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) \ No newline at end of file diff --git a/modules/ec2.py b/modules/ec2.py new file mode 100644 index 0000000..33b4278 --- /dev/null +++ b/modules/ec2.py @@ -0,0 +1,13 @@ +''' +This file is used to list ec2 instances +''' +from libs.ec2 import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +def step_ec2_get_instances_basic(): + get_instance_details_basic(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +def step_ec2_get_instances_detailed(): + get_instance_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) From 7e78fa821ca5cca6b42912019d07c49cca29b280 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Sat, 7 Apr 2018 17:28:27 -0400 Subject: [PATCH 06/16] pep8 --- ec2_get_instance_volumes.py | 8 -------- libs/brute.py | 10 +++++----- libs/ec2.py | 20 ++++++++++++++++---- modules/ec2.py | 29 ++++++++++++++++++++++++++++- 4 files changed, 49 insertions(+), 18 deletions(-) delete mode 100644 ec2_get_instance_volumes.py diff --git a/ec2_get_instance_volumes.py b/ec2_get_instance_volumes.py deleted file mode 100644 index 56aba16..0000000 --- a/ec2_get_instance_volumes.py +++ /dev/null @@ -1,8 +0,0 @@ -''' -This file is used to list volumes of ec2 instances -''' -from libs.ec2 import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - -get_instance_volume_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -get_instance_volume_details2(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/libs/brute.py b/libs/brute.py index 11030b0..7c7eda8 100644 --- a/libs/brute.py +++ b/libs/brute.py @@ -103,13 +103,13 @@ def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, ser try: insert_reconservice_data(db_name, db_logger) except sqlite3.OperationalError as e: - print (e) - print ("You need to set up the database...exiting") + print(e) + print("You need to set up the database...exiting") sys.exit() - print ("\n") + print("\n") else: - print ("\n[-] No {} actions allowed [-]" .format(service)) - print ("\n") + print("\n[-] No {} actions allowed [-]" .format(service)) + print("\n") return actions def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests): diff --git a/libs/ec2.py b/libs/ec2.py index dcc008a..f2a2510 100644 --- a/libs/ec2.py +++ b/libs/ec2.py @@ -66,7 +66,10 @@ def get_instance_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): pp.pprint(i) except botocore.exceptions.ClientError as e: - print(e) + if e.response['Error']['Code'] == 'UnauthorizedOperation': + print('{} : (UnauthorizedOperation) when calling the DescribeInstances -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) + else: + print(e) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -90,7 +93,10 @@ def get_instance_details_basic(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("InstanceID: {}, InstanceType: {}, State: {}, Launchtime: {}".format(instanceid, instancetype, state, launchtime)) except botocore.exceptions.ClientError as e: - print(e) + if e.response['Error']['Code'] == 'UnauthorizedOperation': + print('{} : (UnauthorizedOperation) when calling the DescribeInstances-- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) + else: + print(e) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -110,7 +116,10 @@ def get_instance_volume_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): pp.pprint(volumes) except botocore.exceptions.ClientError as e: - print(e) + if e.response['Error']['Code'] == 'UnauthorizedOperation': + print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) + else: + print(e) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -132,6 +141,9 @@ def get_instance_volume_details2(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("\n") except botocore.exceptions.ClientError as e: - print(e) + if e.response['Error']['Code'] == 'UnauthorizedOperation': + print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have the required ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) + else: + print(e) except KeyboardInterrupt: print("CTRL-C received, exiting...") diff --git a/modules/ec2.py b/modules/ec2.py index 33b4278..0a22674 100644 --- a/modules/ec2.py +++ b/modules/ec2.py @@ -1,13 +1,40 @@ ''' -This file is used to list ec2 instances +This file is used to perform various EC2 operations ''' from libs.ec2 import * from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY +''' +Basic info about each instance +''' + def step_ec2_get_instances_basic(): get_instance_details_basic(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) +''' +All info about each instance +''' + + def step_ec2_get_instances_detailed(): get_instance_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +''' +show volumes sorted by instanceId ex: instanceID-->multiple volumes less detail than get_instance_volume_details2 +''' + + +def step_ec2_get_instance_volume_details(): + get_instance_volume_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +''' +show volumes by instanceId but instanceID->volume1 of ID, instanceID->volume2 of ID but more details. +''' + + +def step_ec2_get_instance_volume_details2(): + get_instance_volume_details2(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) From 93340dafb21920711e9919f82d7800f850270193 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Sat, 7 Apr 2018 18:42:44 -0400 Subject: [PATCH 07/16] pep8 mostly --- ec2_review_encrypted_volumes.py | 8 - libs/brute.py | 1282 +++++++++++++++++-------------- libs/dynamodb.py | 32 +- libs/dynamodbstreams.py | 9 +- modules/datapipeline.py | 2 + modules/ec2.py | 17 +- 6 files changed, 729 insertions(+), 621 deletions(-) delete mode 100644 ec2_review_encrypted_volumes.py diff --git a/ec2_review_encrypted_volumes.py b/ec2_review_encrypted_volumes.py deleted file mode 100644 index eb33724..0000000 --- a/ec2_review_encrypted_volumes.py +++ /dev/null @@ -1,8 +0,0 @@ - -''' -This file is used to list EBS volumes and whether or not they are encrypted. This is only for "in-use" (running) volumes. -''' -from libs.ec2 import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - -review_encrypted_volumes(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/libs/brute.py b/libs/brute.py index 7c7eda8..238f313 100644 --- a/libs/brute.py +++ b/libs/brute.py @@ -6,34 +6,37 @@ import json import logging import pprint import sys -import datetime #change as required once we decide time format +import datetime from libs.sql import * -# we chould probably load this from one place in the future #TODO +# we chould probably load this from one place in the future #TODO db_name = "weirdAAL.db" pp = pprint.PrettyPrinter(indent=5, width=80) -logging.basicConfig(level=logging.ERROR, format='%(message)s',filename='target.txt', filemode='w') +logging.basicConfig(level=logging.ERROR, format='%(message)s', filename='target.txt', filemode='w') -#from http://docs.aws.amazon.com/general/latest/gr/rande.html -regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] +# from http://docs.aws.amazon.com/general/latest/gr/rande.html +regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2'] region = 'us-east-1' + + def get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) account_id = client.get_caller_identity()["Account"] return account_id -#NOT QUITE WORKING YET -#def get_username(AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY): +# NOT QUITE WORKING YET +# def get_username(AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY): # client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) # username = client.get_caller_identity()["Arn"].split(':')[5] # print username # return username + def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) @@ -55,51 +58,52 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): try: profile = client.get_login_profile(UserName=user['UserName']) if profile: - print ('User {} likely has console access and the password can be reset :-)' .format(user['UserName'])) - print ("Checking for MFA on account") + print('User {} likely has console access and the password can be reset :-)' .format(user['UserName'])) + print("Checking for MFA on account") mfa = client.list_mfa_devices(UserName=user['UserName']) - print (mfa['MFADevices']) + print(mfa['MFADevices']) except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'NoSuchEntity': print("[-]: user '{}' likely doesnt have console access" .format(user['UserName'])) else: - print ("Unexpected error: {}" .format(e)) + print("Unexpected error: {}" .format(e)) except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) else: - print ("Unexpected error: {}" .format(e)) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") + def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests): actions = [] try: - client = boto3.client(service, aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client(service, aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) except Exception as e: - #print('Failed to connect: "{}"' .format(e.error_message)) + # print('Failed to connect: "{}"' .format(e.error_message)) print('Failed to connect: "{}"' .format(e)) return actions actions = generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests) if actions: - print ("\n[+] {} Actions allowed are [+]" .format(service)) - print (actions) + print("\n[+] {} Actions allowed are [+]" .format(service)) + print(actions) timenow = datetime.datetime.now() db_logger = [] for action in actions: db_logger.append([service, action, AWS_ACCESS_KEY_ID, timenow]) - #print (db_logger) + # print (db_logger) - #scrapped the json logging idea but keeping it here just in case - #data = json.dumps({'time' : timenow, 'service' : service, 'actions' : actions, 'target' : 'passed_in_target'}) - #logging.critical(data) + # scrapped the json logging idea but keeping it here just in case + # data = json.dumps({'time' : timenow, 'service' : service, 'actions' : actions, 'target' : 'passed_in_target'}) + # logging.critical(data) - #logging to db here + # logging to db here try: insert_reconservice_data(db_name, db_logger) except sqlite3.OperationalError as e: @@ -112,16 +116,17 @@ def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, ser print("\n") return actions + def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests): actions = [] - client = boto3.client(service, aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name=region) + client = boto3.client(service, aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) for api_action, method_name, args, kwargs in tests: try: method = getattr(client, method_name) method(*args, **kwargs) - #print method --wont return anything on dryrun + # print method --wont return anything on dryrun except botocore.exceptions.EndpointConnectionError as e: - print (e) + print(e) continue except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -132,67 +137,72 @@ def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service if e.response['Error']['Code'] == 'ClusterNotFoundException': print('{} IS allowed but you need to specify a cluster name' .format(api_action)) actions.append(api_action) - else: - print (e) + print(e) continue else: print('{} IS allowed' .format(api_action)) actions.append(api_action) return actions -#http://boto3.readthedocs.io/en/latest/reference/services/acm.html +# http://boto3.readthedocs.io/en/latest/reference/services/acm.html + + def brute_acm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating ACM Permissions ###") - tests = [('ListCertificates', 'list_certificates', (), {}, ), - ] + print("### Enumerating ACM Permissions ###") + tests = [('ListCertificates', 'list_certificates', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'acm', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/alexaforbusiness.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/alexaforbusiness.html +# TODO # search_devices with a filter of * might get it done -#http://boto3.readthedocs.io/en/latest/reference/services/apigateway.html +# http://boto3.readthedocs.io/en/latest/reference/services/apigateway.html + + def brute_apigateway_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating APIGateway Permissions ###") + print("### Enumerating APIGateway Permissions ###") tests = [('GetAccount', 'get_account', (), {}, ), ('GetApiKeys', 'get_api_keys', (), {}, ), ('GetClientCertificates', 'get_client_certificates', (), {}, ), ('GetDomainNames', 'get_domain_names', (), {}, ), ('GetRestApis', 'get_rest_apis', (), {}, ), ('GetSdkTypes', 'get_sdk_types', (), {}, ), - ('GetUsagePlans', 'get_usage_plans', (), {}, ), - ] + ('GetUsagePlans', 'get_usage_plans', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'apigateway', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/application-autoscaling.html -#TODO -#not seeing any functions that dont take args +# http://boto3.readthedocs.io/en/latest/reference/services/application-autoscaling.html +# TODO +# not seeing any functions that dont take args + +# http://boto3.readthedocs.io/en/latest/reference/services/appstream.html + -#http://boto3.readthedocs.io/en/latest/reference/services/appstream.html def brute_appstream_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating APPStream Permissions ###") + print("### Enumerating APPStream Permissions ###") tests = [('DescribeFleets', 'describe_fleets', (), {}, ), ('DescribeImages', 'describe_images', (), {}, ), - ('DescribeStacks', 'describe_stacks', (), {}, ), - ] + ('DescribeStacks', 'describe_stacks', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'appstream', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/appsync.html -#TODO -#not seeing any functions that dont take args +# http://boto3.readthedocs.io/en/latest/reference/services/appsync.html +# TODO +# not seeing any functions that dont take args + +# http://boto3.readthedocs.io/en/latest/reference/services/athena.html + -#http://boto3.readthedocs.io/en/latest/reference/services/athena.html def brute_athena_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Athena Permissions ###") + print("### Enumerating Athena Permissions ###") tests = [('ListNamedQueries', 'list_named_queries', (), {}, ), - ('ListQueryExecutions', 'list_query_executions', (), {}, ), - ] + ('ListQueryExecutions', 'list_query_executions', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'athena', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/autoscaling.html +# http://boto3.readthedocs.io/en/latest/reference/services/autoscaling.html + + def brute_autoscaling_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Autoscaling Permissions ###") + print("### Enumerating Autoscaling Permissions ###") tests = [('DescribeAccountLimits', 'describe_account_limits', (), {}, ), ('DescribeAdjustmentTypes', 'describe_adjustment_types', (), {}, ), ('DescribeAutoScalingInstances', 'describe_auto_scaling_instances', (), {}, ), @@ -201,181 +211,200 @@ def brute_autoscaling_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('DescribeScheduledActions', 'describe_scheduled_actions', (), {}), ('DescribeTags', 'describe_tags', (), {}, ), ('DescribeTerminationPolicyTypes', 'describe_termination_policy_types', (), {}, ), - ('DescribePolicies', 'describe_policies', (), {}, ), - ] + ('DescribePolicies', 'describe_policies', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'autoscaling', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/autoscaling-plans.html -#todo +# http://boto3.readthedocs.io/en/latest/reference/services/autoscaling-plans.html +# todo + +# http://boto3.readthedocs.io/en/latest/reference/services/batch.html + -#http://boto3.readthedocs.io/en/latest/reference/services/batch.html def brute_batch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Batch Permissions ###") + print("### Enumerating Batch Permissions ###") tests = [('DescribeComputeEnvironments', 'describe_compute_environments', (), {}, ), ('DescribeJobDefinitions', 'describe_job_definitions', (), {}, ), - ('DescribeJobQueues', 'describe_job_queues', (), {}, ), - ] + ('DescribeJobQueues', 'describe_job_queues', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'batch', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/budgets.html +# http://boto3.readthedocs.io/en/latest/reference/services/budgets.html + + def brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Budgets Permissions ###") + print("### Enumerating Budgets Permissions ###") account_id = get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - tests = [('DescribeBudgets', 'describe_budgets', (), {'AccountId':account_id}, ), - ] + tests = [('DescribeBudgets', 'describe_budgets', (), {'AccountId': account_id}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'budgets', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/ce.html -#TODO -#http://boto3.readthedocs.io/en/latest/reference/services/ce.html#CostExplorer.Client.get_cost_and_usage -#shoudl work we just need to generate start and end times each run +# http://boto3.readthedocs.io/en/latest/reference/services/ce.html +# TODO +# http://boto3.readthedocs.io/en/latest/reference/services/ce.html#CostExplorer.Client.get_cost_and_usage +# shoudl work we just need to generate start and end times each run + +# http://boto3.readthedocs.io/en/latest/reference/services/cloud9.html + -#http://boto3.readthedocs.io/en/latest/reference/services/cloud9.html def brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Cloud9 Permissions ###") - tests = [('ListEnvironments', 'list_environments', (), {}, ), - ] + print("### Enumerating Cloud9 Permissions ###") + tests = [('ListEnvironments', 'list_environments', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloud9', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/clouddirectory.html +# http://boto3.readthedocs.io/en/latest/reference/services/clouddirectory.html + + def brute_clouddirectory_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CloudDirectory Permissions ###") - tests = [('ListDirectories', 'list_directories', (), {}, ), - ] + print("### Enumerating CloudDirectory Permissions ###") + tests = [('ListDirectories', 'list_directories', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'clouddirectory', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/cloudformation.html +# http://boto3.readthedocs.io/en/latest/reference/services/cloudformation.html + + def brute_cloudformation_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CLoudFormation Permissions ###") - tests = [('ListStacks', 'list_stacks', (), {} ), - ('DescribeStacks', 'describe_stacks', (), {} ), - ('DescribeStackEvents', 'describe_stack_events', (), {} ), - ('DescribeStackResources', 'describe_stack_resources', (), {} ), - ('ListExports', 'list_exports', (), {} ), - ('DescribeAccountLimits', 'describe_account_limits', (), {} ), - ] + print("### Enumerating CLoudFormation Permissions ###") + tests = [('ListStacks', 'list_stacks', (), {}), + ('DescribeStacks', 'describe_stacks', (), {}), + ('DescribeStackEvents', 'describe_stack_events', (), {}), + ('DescribeStackResources', 'describe_stack_resources', (), {}), + ('ListExports', 'list_exports', (), {}), + ('DescribeAccountLimits', 'describe_account_limits', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudformation', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/cloudfront.html +# http://boto3.readthedocs.io/en/latest/reference/services/cloudfront.html + + def brute_cloudfront_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CLoudFront Permissions ###") + print("### Enumerating CLoudFront Permissions ###") tests = [('ListDistributions', 'list_distributions', (), {}), - ('ListCloudFrontOriginAcessIdentities', 'list_cloud_front_origin_access_identities', (), {}), - ] + ('ListCloudFrontOriginAcessIdentities', 'list_cloud_front_origin_access_identities', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudfront', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/cloudhsm.html +# http://boto3.readthedocs.io/en/latest/reference/services/cloudhsm.html + + def brute_cloudhsm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CloudHSM Permissions ###") + print("### Enumerating CloudHSM Permissions ###") tests = [('DescribeHsm', 'describe_hsm', (), {}), ('ListHsms', 'list_hsms', (), {}), ('ListHapgs', 'list_hapgs', (), {}), ('DescribeLunaClient', 'describe_luna_client', (), {}), - ('ListLunaClients', 'list_luna_clients', (), {}), - ] + ('ListLunaClients', 'list_luna_clients', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudhsm', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/cloudhsmv2.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/cloudhsmv2.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/cloudsearch.html + -#http://boto3.readthedocs.io/en/latest/reference/services/cloudsearch.html def brute_cloudsearch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CloudSearch Permissions ###") + print("### Enumerating CloudSearch Permissions ###") tests = [('DescribeDomains', 'describe_domains', (), {}, ), - ('ListDomainNames', 'list_domain_names', (), {}, ), - ] + ('ListDomainNames', 'list_domain_names', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudsearch', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/cloudsearchdomain.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/cloudsearchdomain.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/cloudtrail.html + -#http://boto3.readthedocs.io/en/latest/reference/services/cloudtrail.html def brute_cloudtrail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CloudTrail Permissions ###") + print("### Enumerating CloudTrail Permissions ###") tests = [('DescribeTrails', 'describe_trails', (), {}, ), - ('ListPublicKeys', 'list_public_keys', (), {}, ), - ] + ('ListPublicKeys', 'list_public_keys', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudtrail', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/cloudwatch.html +# http://boto3.readthedocs.io/en/latest/reference/services/cloudwatch.html + + def brute_cloudwatch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CloudWatch Permissions ###") + print("### Enumerating CloudWatch Permissions ###") tests = [('ListMetrics', 'list_metrics', (), {}, ), ('DescribeAlarmHistory', 'describe_alarm_history', (), {}, ), - ('DescribeAlarms', 'describe_alarms', (), {}, ), - ] + ('DescribeAlarms', 'describe_alarms', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudwatch', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/codebuild.html +# http://boto3.readthedocs.io/en/latest/reference/services/codebuild.html + + def brute_codebuild_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CodeBuild Permissions ###") + print("### Enumerating CodeBuild Permissions ###") tests = [('ListBuilds', 'list_builds', (), {}, ), ('ListCuratedEnvironmentImages', 'list_curated_environment_images', (), {}, ), - ('ListProjects', 'list_projects', (), {}, ), - ] + ('ListProjects', 'list_projects', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'codebuild', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/codecommit.html +# http://boto3.readthedocs.io/en/latest/reference/services/codecommit.html + + def brute_codecommit_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CodeCommit Permissions ###") - tests = [('ListRepositories', 'list_repositories', (), {}, ), - ] + print("### Enumerating CodeCommit Permissions ###") + tests = [('ListRepositories', 'list_repositories', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'codecommit', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/codedeploy.html +# http://boto3.readthedocs.io/en/latest/reference/services/codedeploy.html + + def brute_codedeploy_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CodeDeploy Permissions ###") + print("### Enumerating CodeDeploy Permissions ###") tests = [('ListApplications', 'list_applications', (), {}, ), ('ListDeployments', 'list_deployments', (), {}, ), ('ListDeploymentsConfigs', 'list_deployment_configs', (), {}, ), - #('ListGitHubAccountTokenNames', 'list_git_hub_account_token_names', (), {}, ), #returning an error no function of that name - ('ListOnPremisesInstances', 'list_on_premises_instances', (), {}, ), - ] + # ('ListGitHubAccountTokenNames', 'list_git_hub_account_token_names', (), {}, ), #returning an error no function of that name + ('ListOnPremisesInstances', 'list_on_premises_instances', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'codedeploy', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/codepipeline.html +# http://boto3.readthedocs.io/en/latest/reference/services/codepipeline.html + + def brute_codepipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CodePipeline Permissions ###") - tests = [('ListPipelines', 'list_pipelines', (), {}, ), - ] + print("### Enumerating CodePipeline Permissions ###") + tests = [('ListPipelines', 'list_pipelines', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'codepipeline', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/codestar.html +# http://boto3.readthedocs.io/en/latest/reference/services/codestar.html + + def brute_codestar_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CodeStar Permissions ###") + print("### Enumerating CodeStar Permissions ###") tests = [('ListProjects', 'list_projects', (), {}, ), - ('ListUerProfiles', 'list_user_profiles', (), {}, ), - ] + ('ListUerProfiles', 'list_user_profiles', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'codestar', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/cognito-identity.html +# http://boto3.readthedocs.io/en/latest/reference/services/cognito-identity.html + + def brute_cognitoidentity_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Cognito-Identity Permissions ###") - tests = [('ListIdentityPools', 'list_identity_pools', (), {'MaxResults':1}, ), - ] + print("### Enumerating Cognito-Identity Permissions ###") + tests = [('ListIdentityPools', 'list_identity_pools', (), {'MaxResults': 1}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cognito-identity', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/cognito-idp.html +# http://boto3.readthedocs.io/en/latest/reference/services/cognito-idp.html + + def brute_cognitoidp_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CognitoIdentityProvider Permissions ###") - tests = [('ListUserPools', 'list_user_pools', (), {'MaxResults':1}, ), - ] + print("### Enumerating CognitoIdentityProvider Permissions ###") + tests = [('ListUserPools', 'list_user_pools', (), {'MaxResults': 1}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cognito-idp', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/cognito-sync.html +# http://boto3.readthedocs.io/en/latest/reference/services/cognito-sync.html + + def brute_cognitosync_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CognitoSync Permissions ###") - tests = [('ListIdentityPoolUsage', 'list_identity_pool_usage', (), {}, ), - ] + print("### Enumerating CognitoSync Permissions ###") + tests = [('ListIdentityPoolUsage', 'list_identity_pool_usage', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cognito-sync', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/comprehend.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/comprehend.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/config.html + -#http://boto3.readthedocs.io/en/latest/reference/services/config.html def brute_configservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating ConfigService Permissions ###") + print("### Enumerating ConfigService Permissions ###") tests = [('DescribeComplianceByConfigRule', 'describe_compliance_by_config_rule', (), {}, ), ('DescribeComplianceByResource', 'describe_compliance_by_resource', (), {}, ), ('DescribeConfigRuleEvaluationStatus', 'describe_config_rule_evaluation_status', (), {}, ), @@ -383,177 +412,192 @@ def brute_configservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('DescribeConfigRules', 'describe_config_rules', (), {}, ), ('DescribeConfigurationRecorderStatus', 'describe_configuration_recorder_status', (), {}, ), ('DescribeDeliveryChannelStatus', 'describe_delivery_channel_status', (), {}, ), - ('DescribeDeliveryChannels', 'describe_delivery_channels', (), {}, ), - ] + ('DescribeDeliveryChannels', 'describe_delivery_channels', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'config', tests) -#Doesnt seem to be working -#http://boto3.readthedocs.io/en/latest/reference/services/cur.html +# http://boto3.readthedocs.io/en/latest/reference/services/cur.html +# Doesnt seem to be working + + def brute_costandusagereportservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CostandUsageReportService Permissions ###") - tests = [('DescribeReportDefinitions', 'describe_report_definitions', (), {}, ), - ] + print("### Enumerating CostandUsageReportService Permissions ###") + tests = [('DescribeReportDefinitions', 'describe_report_definitions', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cur', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/datapipeline.html +# http://boto3.readthedocs.io/en/latest/reference/services/datapipeline.html + + def brute_datapipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating DataPipeline Permissions ###") - tests = [('ListPipelines', 'list_pipelines', (), {}, ), - ] + print("### Enumerating DataPipeline Permissions ###") + tests = [('ListPipelines', 'list_pipelines', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'datapipeline', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/dax.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/dax.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/devicefarm.html +# http://docs.aws.amazon.com/general/latest/gr/rande.html#devicefarm_region + -#http://boto3.readthedocs.io/en/latest/reference/services/devicefarm.html -#http://docs.aws.amazon.com/general/latest/gr/rande.html#devicefarm_region def brute_devicefarm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating DeviceFarm Permissions ###") + print("### Enumerating DeviceFarm Permissions ###") tests = [('ListProjects', 'list_projects', (), {}, ), - ('ListDevices', 'list_devices', (), {}, ), - ] + ('ListDevices', 'list_devices', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'devicefarm', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/directconnect.html +# http://boto3.readthedocs.io/en/latest/reference/services/directconnect.html + + def brute_directconnect_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating DirectConnect Permissions ###") + print("### Enumerating DirectConnect Permissions ###") tests = [('DescribeConnections', 'describe_connections', (), {}, ), - ('DescribeLags', 'describe_lags', (), {}, ), - ] + ('DescribeLags', 'describe_lags', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'directconnect', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/discovery.html +# http://boto3.readthedocs.io/en/latest/reference/services/discovery.html + + def brute_applicationdiscoveryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating ApplicationDiscoveryService Permissions ###") - tests = [('DescribeAgents', 'describe_agents', (), {}, ), - ] + print("### Enumerating ApplicationDiscoveryService Permissions ###") + tests = [('DescribeAgents', 'describe_agents', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'discovery', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/dms.html +# http://boto3.readthedocs.io/en/latest/reference/services/dms.html + + def brute_dms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating DatabaseMigrationService Permissions ###") + print("### Enumerating DatabaseMigrationService Permissions ###") tests = [('DescribeAccountAttributes', 'describe_account_attributes', (), {}, ), ('DescribeEvents', 'describe_events', (), {}, ), - ('DescribeConnections', 'describe_connections', (), {}, ), - ] + ('DescribeConnections', 'describe_connections', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'dms', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/ds.html +# http://boto3.readthedocs.io/en/latest/reference/services/ds.html + + def brute_directoryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating DirectoryService Permissions ###") + print("### Enumerating DirectoryService Permissions ###") tests = [('DescribeDirectories', 'describe_directories', (), {}, ), ('DescribeSnapshots', 'describe_snapshots', (), {}, ), - ('DescribeTrusts', 'describe_trusts', (), {}, ), - ] + ('DescribeTrusts', 'describe_trusts', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'ds', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html +# http://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html + + def brute_dynamodb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating DynamoDB Permissions ###") - tests = [('ListTables', 'list_tables', (), {}, ), - ] + print("### Enumerating DynamoDB Permissions ###") + tests = [('ListTables', 'list_tables', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'dynamodb', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/dynamodbstreams.html +# http://boto3.readthedocs.io/en/latest/reference/services/dynamodbstreams.html + + def brute_dynamodbstreams_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating DynamoDBStreamsPermissions ###") - tests = [('ListStreams', 'list_streams', (), {}, ), - ] + print("### Enumerating DynamoDBStreamsPermissions ###") + tests = [('ListStreams', 'list_streams', (), {}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'dynamodbstreams', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#client -def brute_ec2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating EC2 Permissions ###") - tests = [('DescribeInstances', 'describe_instances', (), {'DryRun':True}, ), - ('DescribeInstanceStatus', 'describe_instance_status', (), {'DryRun':True}, ), - ('DescribeImages', 'describe_images', (), {'DryRun':True, 'Owners': ['self',]} ), - ('CreateImage', 'create_image', (), {'InstanceId':'i-0ffffeeeeaa11e111','Name':'testimage','DryRun':True}, ), - ('DescribeVolumes', 'describe_volumes', (), {'DryRun':True}, ), - ('CreateVolume', 'create_volume', (), {'AvailabilityZone':'us-east1','Size':8,'DryRun':True}, ), - ('DescribeSnapshots', 'describe_snapshots', (), {'DryRun':True, 'OwnerIds': ['self',]} ), - ('CreateSnapshot', 'create_snapshot', (), {'VolumeId':'vol-05777eab71bc97dcb', 'DryRun':True}, ), - ('DescribeAccountAttributes', 'describe_account_attributes', (), {'DryRun':True}, ), - ('DescribeAccounts', 'describe_addresses', (), {'DryRun':True}, ), - ('DescribeAddresses','describe_addresses', (), {'DryRun':True}, ), - ('DescribeAvailabilityZones', 'describe_availability_zones', (), {'DryRun':True}, ), - ('DescribeBundleTasks', 'describe_bundle_tasks', (), {'DryRun':True}, ), - ('DescribeClassicLinkInstances','describe_classic_link_instances', (), {'DryRun':True}, ), - ('DescribeConversionTasks', 'describe_conversion_tasks', (), {'DryRun':True}, ), - ('DescribeCustomerGateways', 'describe_customer_gateways', (), {'DryRun':True}, ), - ('DescribeDhcpOptions', 'describe_dhcp_options', (), {'DryRun':True}, ), - ('DescribeEgressOnlyInternetGateways','describe_egress_only_internet_gateways', (), {'DryRun':True}, ), +# http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#client - #The above is more than enough to decide that all/almost all EC2 permissions are there but - #I'm putting all of them so they can be used for infomration gathering later and i can keep the - #ec2 tests blocks consistent across modules + +def brute_ec2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + print("### Enumerating EC2 Permissions ###") + tests = [('DescribeInstances', 'describe_instances', (), {'DryRun': True}, ), + ('DescribeInstanceStatus', 'describe_instance_status', (), {'DryRun': True}, ), + ('DescribeImages', 'describe_images', (), {'DryRun': True, 'Owners': ['self', ]}, ), + ('CreateImage', 'create_image', (), {'InstanceId': 'i-0ffffeeeeaa11e111', 'Name': 'testimage', 'DryRun': True}, ), + ('DescribeVolumes', 'describe_volumes', (), {'DryRun': True}, ), + ('CreateVolume', 'create_volume', (), {'AvailabilityZone': 'us-east1', 'Size': 8, 'DryRun': True}, ), + ('DescribeSnapshots', 'describe_snapshots', (), {'DryRun': True, 'OwnerIds': ['self', ]}, ), + ('CreateSnapshot', 'create_snapshot', (), {'VolumeId': 'vol-05777eab71bc97dcb', 'DryRun': True}, ), + ('DescribeAccountAttributes', 'describe_account_attributes', (), {'DryRun': True}, ), + ('DescribeAccounts', 'describe_addresses', (), {'DryRun': True}, ), + ('DescribeAddresses', 'describe_addresses', (), {'DryRun': True}, ), + ('DescribeAvailabilityZones', 'describe_availability_zones', (), {'DryRun': True}, ), + ('DescribeBundleTasks', 'describe_bundle_tasks', (), {'DryRun': True}, ), + ('DescribeClassicLinkInstances', 'describe_classic_link_instances', (), {'DryRun': True}, ), + ('DescribeConversionTasks', 'describe_conversion_tasks', (), {'DryRun': True}, ), + ('DescribeCustomerGateways', 'describe_customer_gateways', (), {'DryRun': True}, ), + ('DescribeDhcpOptions', 'describe_dhcp_options', (), {'DryRun': True}, ), + ('DescribeEgressOnlyInternetGateways', 'describe_egress_only_internet_gateways', (), {'DryRun': True}, ), + + # The above is more than enough to decide that all/almost all EC2 permissions are there but + # I'm putting all of them so they can be used for infomration gathering later and i can keep the + # ec2 tests blocks consistent across modules ('DescribeExportTasks', 'describe_export_tasks', (), {}, ), ('DescribeFlowLogs', 'describe_flow_logs', (), {}, ), ('DescribeHostReservations', 'describe_host_reservations', (), {}, ), ('DescribeHosts', 'describe_hosts', (), {}, ), ('DescribeIamInstanceProfileAssociations', 'describe_iam_instance_profile_associations', (), {}, ), - ('DescribeImportImageTasks', 'describe_import_image_tasks', (), {'DryRun':True}, ), - ('DescribeImportSnapshotTasks', 'describe_import_snapshot_tasks', (), {'DryRun':True}, ), - ('DescribeInternetGateways', 'describe_internet_gateways', (), {'DryRun':True}, ), - ('DescribeKeyPairs', 'describe_key_pairs', (), {'DryRun':True}, ), - ('CreateKeyPair', 'create_key_pair', (), {'KeyName':'asdfg12345','DryRun':True}, ), - ('DescribeMovingAddresses', 'describe_moving_addresses', (), {'DryRun':True}, ), + ('DescribeImportImageTasks', 'describe_import_image_tasks', (), {'DryRun': True}, ), + ('DescribeImportSnapshotTasks', 'describe_import_snapshot_tasks', (), {'DryRun': True}, ), + ('DescribeInternetGateways', 'describe_internet_gateways', (), {'DryRun': True}, ), + ('DescribeKeyPairs', 'describe_key_pairs', (), {'DryRun': True}, ), + ('CreateKeyPair', 'create_key_pair', (), {'KeyName': 'asdfg12345', 'DryRun': True}, ), + ('DescribeMovingAddresses', 'describe_moving_addresses', (), {'DryRun': True}, ), ('DescribeNatGateways', 'describe_nat_gateways', (), {}, ), - ('DescribeNetworkAcls', 'describe_network_acls', (), {'DryRun':True}, ), - ('DescribeNetworkInterfaces', 'describe_network_interfaces', (), {'DryRun':True}, ), - ('DescribePlacementGroups', 'describe_placement_groups', (), {'DryRun':True}, ), - ('DescribePrefixLists', 'describe_prefix_lists', (), {'DryRun':True}, ), - ('DescribeReservedInstances', 'describe_reserved_instances', (), {'DryRun':True}, ), + ('DescribeNetworkAcls', 'describe_network_acls', (), {'DryRun': True}, ), + ('DescribeNetworkInterfaces', 'describe_network_interfaces', (), {'DryRun': True}, ), + ('DescribePlacementGroups', 'describe_placement_groups', (), {'DryRun': True}, ), + ('DescribePrefixLists', 'describe_prefix_lists', (), {'DryRun': True}, ), + ('DescribeReservedInstances', 'describe_reserved_instances', (), {'DryRun': True}, ), ('DescribeReservedInstancesListings', 'describe_reserved_instances_listings', (), {}, ), ('DescribeReservedInstancesModifications', 'describe_reserved_instances_modifications', (), {}, ), - ('DescribeRouteTables', 'describe_route_tables', (), {'DryRun':True}, ), - ('DescribeScheduledInstances', 'describe_scheduled_instances', (), {'DryRun':True}, ), - ('DescribeSecurityGroups', 'describe_security_groups', (), {'DryRun':True}, ), - ('DescribeSpotDatafeedSubscription', 'describe_spot_datafeed_subscription', (), {'DryRun':True}, ), - ('DescribeSubnets', 'describe_subnets', (), {'DryRun':True}, ), - ('DescribeTags', 'describe_tags', (), {'DryRun':True}, ), - ('DescribeVolumeStatus', 'describe_volume_status', (), {'DryRun':True}, ), - ('DescribeVpcClassicLink', 'describe_vpc_classic_link', (), {'DryRun':True}, ), + ('DescribeRouteTables', 'describe_route_tables', (), {'DryRun': True}, ), + ('DescribeScheduledInstances', 'describe_scheduled_instances', (), {'DryRun': True}, ), + ('DescribeSecurityGroups', 'describe_security_groups', (), {'DryRun': True}, ), + ('DescribeSpotDatafeedSubscription', 'describe_spot_datafeed_subscription', (), {'DryRun': True}, ), + ('DescribeSubnets', 'describe_subnets', (), {'DryRun': True}, ), + ('DescribeTags', 'describe_tags', (), {'DryRun': True}, ), + ('DescribeVolumeStatus', 'describe_volume_status', (), {'DryRun': True}, ), + ('DescribeVpcClassicLink', 'describe_vpc_classic_link', (), {'DryRun': True}, ), ('DescribeVpcClassicLinkDnsSupport', 'describe_vpc_classic_link_dns_support', (), {}, ), - ('DescribeVpcEndpointServices', 'describe_vpc_endpoint_services', (), {'DryRun':True}, ), - ('DescribeVpcEndpoints', 'describe_vpc_endpoints', (), {'DryRun':True}, ), - ('DescribeVpcPeeringConnections', 'describe_vpc_peering_connections', (), {'DryRun':True}, ), - ('DescribeVpcs', 'describe_vpcs', (), {'DryRun':True}, ), - ('CreateVpc', 'create_vpc', (), {'CidrBlock':'10.0.0.0/16','DryRun':True}, ), - ('DescribeVpnConnections', 'describe_vpn_connections', (), {'DryRun':True}, ), - ('DescribeVpnGateways', 'describe_vpn_gateways', (), {'DryRun':True}, ), - ] + ('DescribeVpcEndpointServices', 'describe_vpc_endpoint_services', (), {'DryRun': True}, ), + ('DescribeVpcEndpoints', 'describe_vpc_endpoints', (), {'DryRun': True}, ), + ('DescribeVpcPeeringConnections', 'describe_vpc_peering_connections', (), {'DryRun': True}, ), + ('DescribeVpcs', 'describe_vpcs', (), {'DryRun': True}, ), + ('CreateVpc', 'create_vpc', (), {'CidrBlock': '10.0.0.0/16', 'DryRun': True}, ), + ('DescribeVpnConnections', 'describe_vpn_connections', (), {'DryRun': True}, ), + ('DescribeVpnGateways', 'describe_vpn_gateways', (), {'DryRun': True}, ), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'ec2', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/ecr.html +# http://boto3.readthedocs.io/en/latest/reference/services/ecr.html + + def brute_ecr_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating EC2 Container Registry (ECR) Permissions ###") - tests = [('DescribeRepositories', 'describe_repositories', (), {}), - ] + print("### Enumerating EC2 Container Registry (ECR) Permissions ###") + tests = [('DescribeRepositories', 'describe_repositories', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'ecr', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/ecs.html +# http://boto3.readthedocs.io/en/latest/reference/services/ecs.html + + def brute_ecs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating EC2 Container Service (ECS) Permissions ###") + print("### Enumerating EC2 Container Service (ECS) Permissions ###") tests = [('ListClusters', 'list_clusters', (), {}), ('DescribeClusters', 'describe_clusters', (), {}), ('ListContainerInstances', 'list_container_instances', (), {}), ('ListTaskDefinitions', 'list_task_definitions', (), {}), - ('ListTasks', 'list_tasks', (), {}), #needs a cluster name - ] + # ('ListTasks', 'list_tasks', (), {}), #needs a cluster name + ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'ecs', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/efs.html +# http://boto3.readthedocs.io/en/latest/reference/services/efs.html + + def brute_efs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Elastic File System (EFS) Permissions ###") + print("### Enumerating Elastic File System (EFS) Permissions ###") tests = [('DescribeFileSystems', 'describe_file_systems', (), {}), - ('DescribeMountTargets', 'describe_mount_targets', (), {}), - ] + ('DescribeMountTargets', 'describe_mount_targets', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'efs', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/elasticache.html +# http://boto3.readthedocs.io/en/latest/reference/services/elasticache.html + + def brute_elasticache_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating ElastiCache Permissions ###") + print("### Enumerating ElastiCache Permissions ###") tests = [('DescribeCacheClusters', 'describe_cache_clusters', (), {}), ('DescribeCacheEngineVersions', 'describe_cache_engine_versions', (), {}), ('DescribeCacheSecurityGroups', 'describe_cache_security_groups', (), {}), @@ -562,83 +606,93 @@ def brute_elasticache_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('DescribeReplicationGroups', 'describe_replication_groups', (), {}), ('DescribeReservedCacheNodes', 'describe_reserved_cache_nodes', (), {}), ('DescribeReservedCacheNodesOfferings', 'describe_reserved_cache_nodes_offerings', (), {}), - ('DescribeSnapshots', 'describe_snapshots', (), {}), - ] + ('DescribeSnapshots', 'describe_snapshots', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elasticache', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/elasticbeanstalk.html +# http://boto3.readthedocs.io/en/latest/reference/services/elasticbeanstalk.html + + def brute_elasticbeanstalk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating ElasticBeanstalk Permissions ###") - tests = [('DescribeApplications', 'describe_applications', (), {}, ), + print("### Enumerating ElasticBeanstalk Permissions ###") + tests = [('DescribeApplications', 'describe_applications', (), {}), ('DescribeApplicationVersions', 'describe_application_versions', (), {}), ('DescribeConfigurationOptions', 'describe_configuration_options', (), {}), ('DescribeEnvironments', 'describe_environments', (), {}), - ('DescribeEnvironmentHealth', 'describe_environment_health', (), {}, ), + ('DescribeEnvironmentHealth', 'describe_environment_health', (), {}), ('DescribeEnvironmentManagedActionHistory', 'describe_environment_managed_action_history', (), {}), ('DescribeEnvironmentManagedActions', 'describe_environment_managed_actions', (), {}), ('DescribeEvents', 'describe_events', (), {}), - ('DescribeInstancesHealth', 'describe_instances_health', (), {}), - ] + ('DescribeInstancesHealth', 'describe_instances_health', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elasticbeanstalk', tests) +# http://boto3.readthedocs.io/en/latest/reference/services/elastictranscoder.html + + def brute_elastictranscoder_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating ElasticTranscoder Permissions ###") + print("### Enumerating ElasticTranscoder Permissions ###") tests = [('ListPipelines', 'list_pipelines', (), {}), - ('ListPresets', 'list_presets', (), {}), - ] + ('ListPresets', 'list_presets', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elastictranscoder', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/elb.html +# http://boto3.readthedocs.io/en/latest/reference/services/elb.html + + def brute_elasticloadbalancing_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating ElasticLoadBalancing Permissions ###") + print("### Enumerating ElasticLoadBalancing Permissions ###") tests = [('DescribeLoadBalancers', 'describe_load_balancers', (), {}), - ('DescribeAccountLimits', 'describe_account_limits', (), {}), - ] + ('DescribeAccountLimits', 'describe_account_limits', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elb', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/elbv2.html +# http://boto3.readthedocs.io/en/latest/reference/services/elbv2.html + + def brute_elasticloadbalancingv2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating ElasticLoadBalancing Permissions ###") + print("### Enumerating ElasticLoadBalancing Permissions ###") tests = [('DescribeLoadBalancers', 'describe_load_balancers', (), {}), ('DescribeAccountLimits', 'describe_account_limits', (), {}), ('DescribeListeners', 'describe_listeners', (), {}), - ('DescribeTargetGroups', 'describe_target_groups', (), {}), - ] + ('DescribeTargetGroups', 'describe_target_groups', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elbv2', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/emr.html +# http://boto3.readthedocs.io/en/latest/reference/services/emr.html + + def brute_emr_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Elastic MapReduce (EMR) Permissions ###") + print("### Enumerating Elastic MapReduce (EMR) Permissions ###") tests = [('ListClusters', 'list_clusters', (), {}), - ('ListSecurityConfigurations', 'list_security_configurations', (), {}), - ] + ('ListSecurityConfigurations', 'list_security_configurations', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'emr', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/es.html +# http://boto3.readthedocs.io/en/latest/reference/services/es.html + + def brute_es_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Elasticsearch Service Permissions ###") + print("### Enumerating Elasticsearch Service Permissions ###") tests = [('ListDomainNames', 'list_domain_names', (), {}), - ('ListElasticsearchVersions', 'list_elasticsearch_versions', (), {}), - ] + ('ListElasticsearchVersions', 'list_elasticsearch_versions', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'es', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/events.html +# http://boto3.readthedocs.io/en/latest/reference/services/events.html + + def brute_cloudwatchevents_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CloudWatch Events Permissions ###") - tests = [('ListRules', 'list_rules', (), {}), - ] + print("### Enumerating CloudWatch Events Permissions ###") + tests = [('ListRules', 'list_rules', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'events', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/firehose.html +# http://boto3.readthedocs.io/en/latest/reference/services/firehose.html + + def brute_firehose_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Kinesis Firehose Permissions ###") - tests = [('ListDeliveryStreams', 'list_delivery_streams', (), {}), - ] + print("### Enumerating Kinesis Firehose Permissions ###") + tests = [('ListDeliveryStreams', 'list_delivery_streams', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'firehose', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/gamelift.html +# http://boto3.readthedocs.io/en/latest/reference/services/gamelift.html + + def brute_gamelift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating GameLift Permissions ###") + print("### Enumerating GameLift Permissions ###") tests = [('ListAliases', 'list_aliases', (), {}), ('ListBuilds', 'list_builds', (), {}), ('ListFleets', 'list_fleets', (), {}), @@ -648,477 +702,519 @@ def brute_gamelift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ('DescribeGameSessionDetails', 'describe_game_session_details', (), {}), ('DescribeGameSessionQueues', 'describe_game_session_queues', (), {}), ('DescribeGameSessions', 'describe_game_sessions', (), {}), - ('DescribePlayerSessions', 'describe_player_sessions', (), {}), - ] + ('DescribePlayerSessions', 'describe_player_sessions', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'gamelift', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/glacier.html +# http://boto3.readthedocs.io/en/latest/reference/services/glacier.html + + def brute_glacier_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Glacier Permissions ###") - tests = [('ListVaults', 'list_vaults', (), {}), - ] + print("### Enumerating Glacier Permissions ###") + tests = [('ListVaults', 'list_vaults', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'glacier', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/glue.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/glue.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/greengrass.html +# If this one doesnt work make sure boto3 is up to date + -#http://boto3.readthedocs.io/en/latest/reference/services/greengrass.html -#If this one doesnt work make sure boto3 is up to date def brute_greengrass_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Greegrass Permissions ###") + print("### Enumerating Greegrass Permissions ###") tests = [('ListGroups', 'list_groups', (), {}), ('ListLoggerDefinitions', 'list_logger_definitions', (), {}), - ('ListSubscriptionDefinitions', 'list_subscription_definitions', (), {}), - ] + ('ListSubscriptionDefinitions', 'list_subscription_definitions', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'greengrass', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/guardduty.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/guardduty.html +# TODO + + +# http://boto3.readthedocs.io/en/latest/reference/services/health.html -#http://boto3.readthedocs.io/en/latest/reference/services/health.html def brute_health_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Health Permissions ###") + print("### Enumerating Health Permissions ###") tests = [('DescribeEvents', 'describe_events', (), {}), ('DescribeEntityAggregates', 'describe_entity_aggregates', (), {}), - ('DescribeEventTypes', 'describe_event_types', (), {}), - ] + ('DescribeEventTypes', 'describe_event_types', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'health', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/iam.html -#TODO chop out the ARN/username and make some more fun function calls must chop up ARN to get username +# http://boto3.readthedocs.io/en/latest/reference/services/iam.html +# TODO chop out the ARN/username and make some more fun function calls must chop up ARN to get username + + def brute_iam_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating IAM Permissions ###") - #account_username = get_username(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) - tests = [('GetUser', 'get_user', (), {} ), - #('ListUserPolicies', 'list_user_policies', (), {'UserName':'root'} ), - ('ListGroups', 'list_groups', (), {} ), - #('ListGroupsForUser', 'list_groups_for_user', (), {'UserName':account_username} ), - ('GetCredentialReport', 'get_credential_report', (), {}) , - ('GetAccountSummary', 'get_account_summary', (), {} ), - ('GetAccountAuthorizationDetails', 'get_account_authorization_details', (), {} ), - ] + print("### Enumerating IAM Permissions ###") + # account_username = get_username(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + tests = [('GetUser', 'get_user', (), {}), + # ('ListUserPolicies', 'list_user_policies', (), {'UserName':'root'} ), + ('ListGroups', 'list_groups', (), {}), + # ('ListGroupsForUser', 'list_groups_for_user', (), {'UserName':account_username} ), + ('GetCredentialReport', 'get_credential_report', (), {}), + ('GetAccountSummary', 'get_account_summary', (), {}), + ('GetAccountAuthorizationDetails', 'get_account_authorization_details', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'iam', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/importexport.html +# http://boto3.readthedocs.io/en/latest/reference/services/importexport.html + + def brute_importexport_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Import/Export Permissions ###") - tests = [('ListJobs', 'list_jobs', (), {} ), - ] + print("### Enumerating Import/Export Permissions ###") + tests = [('ListJobs', 'list_jobs', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'importexport', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/inspector.html +# http://boto3.readthedocs.io/en/latest/reference/services/inspector.html + + def brute_inspector_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Inspector Permissions ###") - tests = [('ListFindings', 'list_findings', (), {} ), - ('ListEventSubscriptions', 'list_event_subscriptions', (), {} ), - ('ListAssessmentRuns', 'list_assessment_runs', (), {} ), - ('ListAssessmentTargets', 'list_assessment_targets', (), {} ), - ] + print("### Enumerating Inspector Permissions ###") + tests = [('ListFindings', 'list_findings', (), {}), + ('ListEventSubscriptions', 'list_event_subscriptions', (), {}), + ('ListAssessmentRuns', 'list_assessment_runs', (), {}), + ('ListAssessmentTargets', 'list_assessment_targets', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'inspector', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/iot.html +# http://boto3.readthedocs.io/en/latest/reference/services/iot.html + + def brute_iot_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating IoT Permissions ###") - tests = [('ListThings', 'list_things', (), {} ), - ('ListPolicies', 'list_policies', (), {} ), - ('ListCertificates', 'list_certificates', (), {} ), - ] + print("### Enumerating IoT Permissions ###") + tests = [('ListThings', 'list_things', (), {}), + ('ListPolicies', 'list_policies', (), {}), + ('ListCertificates', 'list_certificates', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'iot', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/iot-data.html -#NO functions to call without data +# http://boto3.readthedocs.io/en/latest/reference/services/iot-data.html +# NO functions to call without data + + def brute_iotdata_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating IoT Data Plane Permissions ###") - tests = [('', '', (), {} ), - ] + print("### Enumerating IoT Data Plane Permissions ###") + tests = [('', '', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'iot-data', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/iot-jobs-data.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/iot-jobs-data.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/kinesis.html + -#http://boto3.readthedocs.io/en/latest/reference/services/kinesis.html def brute_kinesis_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Kinesis Permissions ###") - tests = [('ListStreams', 'list_streams', (), {}), - ] + print("### Enumerating Kinesis Permissions ###") + tests = [('ListStreams', 'list_streams', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'kinesis', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/kinesis-video-archived-media.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/kinesis-video-archived-media.html +# TODO -#http://boto3.readthedocs.io/en/latest/reference/services/kinesis-video-media.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/kinesis-video-media.html +# TODO + + +# http://boto3.readthedocs.io/en/latest/reference/services/kinesisanalytics.html -#http://boto3.readthedocs.io/en/latest/reference/services/kinesisanalytics.html def brute_kinesisanalytics_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Kinesis Analytics Permissions ###") - tests = [('ListApplications', 'list_applications', (), {}), - ] + print("### Enumerating Kinesis Analytics Permissions ###") + tests = [('ListApplications', 'list_applications', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'kinesisanalytics', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/kinesisvideo.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/kinesisvideo.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/kms.html + -#http://boto3.readthedocs.io/en/latest/reference/services/kms.html def brute_kms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Key Management Service (KMS) Permissions ###") + print("### Enumerating Key Management Service (KMS) Permissions ###") tests = [('ListKeys', 'list_keys', (), {}), - ('ListAliases', 'list_aliases', (), {}), - ] + ('ListAliases', 'list_aliases', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'kms', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/lambda.html +# http://boto3.readthedocs.io/en/latest/reference/services/lambda.html + + def brute_lambda_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Lambda Permissions ###") + print("### Enumerating Lambda Permissions ###") tests = [('ListFunctions', 'list_functions', (), {}, ), - ('ListEventSourceMappings', 'list_event_source_mappings', (), {}, ), - ] + ('ListEventSourceMappings', 'list_event_source_mappings', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'lambda', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/lex-models.html +# http://boto3.readthedocs.io/en/latest/reference/services/lex-models.html + + def brute_lexmodels_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Lex Model Building Service Permissions ###") - tests = [('GetBots', 'get_bots', (), {} ), - ('GetIntents', 'get_intents', (), {} ), - ] + print("### Enumerating Lex Model Building Service Permissions ###") + tests = [('GetBots', 'get_bots', (), {}), + ('GetIntents', 'get_intents', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'lex-models', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/lex-runtime.html -#NO functions to call without data +# http://boto3.readthedocs.io/en/latest/reference/services/lex-runtime.html +# NO functions to call without data + + def brute_lexmruntime_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Lex Runtime Permissions ###") - tests = [('', '', (), {} ), - ] + print("### Enumerating Lex Runtime Permissions ###") + tests = [('', '', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'lex-runtime', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/lightsail.html +# http://boto3.readthedocs.io/en/latest/reference/services/lightsail.html + + def brute_lightsail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Lightsail Permissions ###") - tests = [('GetDomains', 'get_domains', (), {} ), - ('GetBundles', 'get_bundles', (), {} ), - ('GetInstances', 'get_instances', (), {} ), - ('GetKeyPairs', 'get_key_pairs', (), {} ), - ('GetOperations', 'get_operations', (), {} ), - ('GetRegions', 'get_regions', (), {} ), - ] + print("### Enumerating Lightsail Permissions ###") + tests = [('GetDomains', 'get_domains', (), {}), + ('GetBundles', 'get_bundles', (), {}), + ('GetInstances', 'get_instances', (), {}), + ('GetKeyPairs', 'get_key_pairs', (), {}), + ('GetOperations', 'get_operations', (), {}), + ('GetRegions', 'get_regions', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'lightsail', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/logs.html +# http://boto3.readthedocs.io/en/latest/reference/services/logs.html + + def brute_cloudwatchlogs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating CloudWatch Logs Permissions ###") - tests = [('DescribeDestinations', 'describe_destinations', (), {} ), - ('DescribeExportTasks', 'describe_export_tasks', (), {} ), - ('DescribeLogGroups', 'describe_log_groups', (), {} ), - ] + print("### Enumerating CloudWatch Logs Permissions ###") + tests = [('DescribeDestinations', 'describe_destinations', (), {}), + ('DescribeExportTasks', 'describe_export_tasks', (), {}), + ('DescribeLogGroups', 'describe_log_groups', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'logs', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/machinelearning.html -#http://docs.aws.amazon.com/general/latest/gr/rande.html#machinelearning_region <--allowed regions for ML +# http://boto3.readthedocs.io/en/latest/reference/services/machinelearning.html +# http://docs.aws.amazon.com/general/latest/gr/rande.html#machinelearning_region <--allowed regions for ML + + def brute_machinelearning_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Machine Learning Permissions ###") - tests = [('DescribeDataSources', 'describe_data_sources', (), {} ), - ('DescribeEvaluations', 'describe_evaluations', (), {} ), - ] + print("### Enumerating Machine Learning Permissions ###") + tests = [('DescribeDataSources', 'describe_data_sources', (), {}), + ('DescribeEvaluations', 'describe_evaluations', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'machinelearning', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/marketplace-entitlement.html -#NO functions to call without arguements +# http://boto3.readthedocs.io/en/latest/reference/services/marketplace-entitlement.html +# NO functions to call without arguements -#http://boto3.readthedocs.io/en/latest/reference/services/marketplacecommerceanalytics.html -#NO functions to call without arguements +# http://boto3.readthedocs.io/en/latest/reference/services/marketplacecommerceanalytics.html +# NO functions to call without arguements -#http://boto3.readthedocs.io/en/latest/reference/services/mediaconvert.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/mediaconvert.html +# TODO -#http://boto3.readthedocs.io/en/latest/reference/services/medialive.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/medialive.html +# TODO -#http://boto3.readthedocs.io/en/latest/reference/services/mediapackage.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/mediapackage.html +# TODO -#http://boto3.readthedocs.io/en/latest/reference/services/mediastore.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/mediastore.html +# TODO -#http://boto3.readthedocs.io/en/latest/reference/services/mediastore-data.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/mediastore-data.html +# TODO -#http://boto3.readthedocs.io/en/latest/reference/services/meteringmarketplace.html -#NO functions to call without arguements +# http://boto3.readthedocs.io/en/latest/reference/services/meteringmarketplace.html +# NO functions to call without arguements -#http://boto3.readthedocs.io/en/latest/reference/services/mgh.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/mgh.html +# TODO -#http://boto3.readthedocs.io/en/latest/reference/services/mobile.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/mobile.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/mq.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/mturk.html -#http://boto3.readthedocs.io/en/latest/reference/services/mq.html -#TODO -#http://boto3.readthedocs.io/en/latest/reference/services/mturk.html def brute_mturk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Mechanical Turk (MTurk) Permissions ###") - tests = [('GetAccountBalance', 'get_account_balance', (), {} ), - ('ListHits', 'list_hits', (), {} ), - ('ListWorkerBlocks', 'list_worker_blocks', (), {} ), - ] + print("### Enumerating Mechanical Turk (MTurk) Permissions ###") + tests = [('GetAccountBalance', 'get_account_balance', (), {}), + ('ListHits', 'list_hits', (), {}), + ('ListWorkerBlocks', 'list_worker_blocks', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'mturk', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/opsworks.html -#Everything else requires a stackID to get the instance/app/volume info per stack +# http://boto3.readthedocs.io/en/latest/reference/services/opsworks.html +# Everything else requires a stackID to get the instance/app/volume info per stack + + def brute_opsworks_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating OpsWorks Permissions ###") - tests = [('DescribeUserProfiles', 'describe_user_profiles', (), {} ), - ('DescribeStacks', 'describe_stacks', (), {} ), - ] + print("### Enumerating OpsWorks Permissions ###") + tests = [('DescribeUserProfiles', 'describe_user_profiles', (), {}), + ('DescribeStacks', 'describe_stacks', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'opsworks', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/opsworkscm.html +# http://boto3.readthedocs.io/en/latest/reference/services/opsworkscm.html + + def brute_opsworkscm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating OpsWorks for Chef Automate Permissions ###") - tests = [('DescribeAccountAttributes', 'describe_account_attributes', (), {} ), - ('DescribeBackups', 'describe_backups', (), {} ), - ('DescribeServers', 'describe_servers', (), {} ), - ] + print("### Enumerating OpsWorks for Chef Automate Permissions ###") + tests = [('DescribeAccountAttributes', 'describe_account_attributes', (), {}), + ('DescribeBackups', 'describe_backups', (), {}), + ('DescribeServers', 'describe_servers', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'opsworkscm', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/organizations.html +# http://boto3.readthedocs.io/en/latest/reference/services/organizations.html + + def brute_organizations_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Organizations Permissions ###") - tests = [('DescribeOrganization', 'describe_organization', (), {} ), - ('ListAccounts', 'list_accounts', (), {} ), - ('ListCreateAccountStatus', 'list_create_account_status', (), {} ), - ('ListHandshakesForAccount', 'list_handshakes_for_account', (), {} ), - ('ListHandshakesForOrganization', 'list_handshakes_for_organization', (), {} ), - ('ListPolicies', 'list_policies', (), {'Filter':'SERVICE_CONTROL_POLICY'} ), - ('ListRoots', 'list_roots', (), {} ), - ] + print("### Enumerating Organizations Permissions ###") + tests = [('DescribeOrganization', 'describe_organization', (), {}), + ('ListAccounts', 'list_accounts', (), {}), + ('ListCreateAccountStatus', 'list_create_account_status', (), {}), + ('ListHandshakesForAccount', 'list_handshakes_for_account', (), {}), + ('ListHandshakesForOrganization', 'list_handshakes_for_organization', (), {}), + ('ListPolicies', 'list_policies', (), {'Filter': 'SERVICE_CONTROL_POLICY'}), + ('ListRoots', 'list_roots', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'organizations', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/pinpoint.html -#NO functions to call without arguements +# http://boto3.readthedocs.io/en/latest/reference/services/pinpoint.html +# NO functions to call without arguements + +# http://boto3.readthedocs.io/en/latest/reference/services/polly.html + -#http://boto3.readthedocs.io/en/latest/reference/services/polly.html def brute_polly_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Polly Permissions ###") - tests = [('DescribeVoices', 'describe_voices', (), {} ), - ('ListLexicons', 'list_lexicons', (), {} ), - ] + print("### Enumerating Polly Permissions ###") + tests = [('DescribeVoices', 'describe_voices', (), {}), + ('ListLexicons', 'list_lexicons', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'polly', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/pricing.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/pricing.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/rds.html + -#http://boto3.readthedocs.io/en/latest/reference/services/rds.html def brute_rds_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating RDS Permissions ###") - tests = [('DescribeDBInstances', 'describe_db_instances', (), {} ), - ('DescribeDBSecurityGroups', 'describe_db_security_groups', (), {} ), - ('DescribeDBSnapshots', 'describe_db_snapshots', (), {} ), - ('DescribeDBClusters', 'describe_db_clusters', (), {} ), - ('DescribeDBClusterSnapshots', 'describe_db_cluster_snapshots', (), {} ), - ('DescribeAccountAttributes', 'describe_account_attributes', (), {} ), - ('DescribeEvents', 'describe_events', (), {} ), - ('DescribeReservedDBInstances', 'describe_reserved_db_instances', (), {} ), - ] + print("### Enumerating RDS Permissions ###") + tests = [('DescribeDBInstances', 'describe_db_instances', (), {}), + ('DescribeDBSecurityGroups', 'describe_db_security_groups', (), {}), + ('DescribeDBSnapshots', 'describe_db_snapshots', (), {}), + ('DescribeDBClusters', 'describe_db_clusters', (), {}), + ('DescribeDBClusterSnapshots', 'describe_db_cluster_snapshots', (), {}), + ('DescribeAccountAttributes', 'describe_account_attributes', (), {}), + ('DescribeEvents', 'describe_events', (), {}), + ('DescribeReservedDBInstances', 'describe_reserved_db_instances', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'rds', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/redshift.html +# http://boto3.readthedocs.io/en/latest/reference/services/redshift.html + + def brute_redshift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Redshift Permissions ###") - tests = [('DescribeClusters', 'describe_clusters', (), {} ), - ('DescribeClusterSecurityGroups', 'describe_cluster_security_groups', (), {}) , - ('DescribeClusterSnapshots', 'describe_cluster_snapshots', (), {} ), - ('DescribeClusterParameterGroup', 'describe_cluster_parameter_groups', (), {} ), - ('DescribeEvents', 'describe_events', (), {} ), - ('DescribeHSMConfigurations', 'describe_hsm_configurations', (), {} ), - ] + print("### Enumerating Redshift Permissions ###") + tests = [('DescribeClusters', 'describe_clusters', (), {}), + ('DescribeClusterSecurityGroups', 'describe_cluster_security_groups', (), {}), + ('DescribeClusterSnapshots', 'describe_cluster_snapshots', (), {}), + ('DescribeClusterParameterGroup', 'describe_cluster_parameter_groups', (), {}), + ('DescribeEvents', 'describe_events', (), {}), + ('DescribeHSMConfigurations', 'describe_hsm_configurations', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'redshift', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/rekognition.html +# http://boto3.readthedocs.io/en/latest/reference/services/rekognition.html + + def brute_rekognition_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Rekognition Permissions ###") - tests = [('ListCollections', 'list_collections', (), {} ), - ] + print("### Enumerating Rekognition Permissions ###") + tests = [('ListCollections', 'list_collections', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'rekognition', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/resource-groups.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/resource-groups.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/resourcegroupstaggingapi.html + -#http://boto3.readthedocs.io/en/latest/reference/services/resourcegroupstaggingapi.html def brute_resourcegroupstaggingapi_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Resource Groups Tagging API Permissions ###") - tests = [('GetResources', 'get_resources', (), {} ), - ] + print("### Enumerating Resource Groups Tagging API Permissions ###") + tests = [('GetResources', 'get_resources', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'resourcegroupstaggingapi', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/route53.html +# http://boto3.readthedocs.io/en/latest/reference/services/route53.html + + def brute_route53_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Route53 Permissions ###") + print("### Enumerating Route53 Permissions ###") tests = [('ListHostedZones', 'list_hosted_zones', (), {}), ('ListHostedZonesByName', 'list_hosted_zones_by_name', (), {}), ('ListGeoLocations', 'list_geo_locations', (), {}), ('ListHealthChecks', 'list_health_checks', (), {}), - ('ListTrafficPolicies', 'list_traffic_policies', (), {}), - ] + ('ListTrafficPolicies', 'list_traffic_policies', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'route53', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/route53domains.html +# http://boto3.readthedocs.io/en/latest/reference/services/route53domains.html + + def brute_route53domains_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Route53 Domains Permissions ###") - tests = [('ListDomains', 'list_domains', (), {} ), - ('ListOperations', 'list_operations', (), {} ), - ] + print("### Enumerating Route53 Domains Permissions ###") + tests = [('ListDomains', 'list_domains', (), {}), + ('ListOperations', 'list_operations', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'route53domains', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/s3.html +# http://boto3.readthedocs.io/en/latest/reference/services/s3.html + + def brute_s3_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating S3 Permissions ###") - tests = [('ListBuckets', 'list_buckets', (), {} ), - ] + print("### Enumerating S3 Permissions ###") + tests = [('ListBuckets', 'list_buckets', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 's3', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/sagemaker.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/sagemaker.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/sagemaker-runtime.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/sdb.html -#http://boto3.readthedocs.io/en/latest/reference/services/sagemaker-runtime.html -#TODO -#http://boto3.readthedocs.io/en/latest/reference/services/sdb.html def brute_sdb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating SimpleDB Permissions ###") - tests = [('ListDomains', 'list_domains', (), {} ), - ] + print("### Enumerating SimpleDB Permissions ###") + tests = [('ListDomains', 'list_domains', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'sdb', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/serverlessrepo.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/serverlessrepo.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/servicecatalog.html + -#http://boto3.readthedocs.io/en/latest/reference/services/servicecatalog.html def brute_servicecatalog_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Service Catalog Permissions ###") - tests = [('ListPortfolios', 'list_portfolios', (), {} ), - ('ListRecordHistory', 'list_record_history', (), {} ), - ('ListAcceptedPortfolioShares', 'list_accepted_portfolio_shares', (), {} ), - ] + print("### Enumerating Service Catalog Permissions ###") + tests = [('ListPortfolios', 'list_portfolios', (), {}), + ('ListRecordHistory', 'list_record_history', (), {}), + ('ListAcceptedPortfolioShares', 'list_accepted_portfolio_shares', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'servicecatalog', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/servicediscovery.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/servicediscovery.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/ses.html + -#http://boto3.readthedocs.io/en/latest/reference/services/ses.html def brute_ses_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Simple Email Service (SES) Permissions ###") - tests = [('ListIdentities', 'list_identities', (), {} ), - ('GetSendStatistics', 'get_send_statistics', (), {} ), - ('ListConfigurationSets', 'list_configuration_sets', (), {}) , - ] + print("### Enumerating Simple Email Service (SES) Permissions ###") + tests = [('ListIdentities', 'list_identities', (), {}), + ('GetSendStatistics', 'get_send_statistics', (), {}), + ('ListConfigurationSets', 'list_configuration_sets', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'ses', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/shield.html +# http://boto3.readthedocs.io/en/latest/reference/services/shield.html + + def brute_shield_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Shield Permissions ###") - tests = [('ListAttacks', 'list_attacks', (), {} ), - ('ListProtections', 'list_protections', (), {} ), - ('DescribeSubscription', 'describe_subscription', (), {} ), - ] + print("### Enumerating Shield Permissions ###") + tests = [('ListAttacks', 'list_attacks', (), {}), + ('ListProtections', 'list_protections', (), {}), + ('DescribeSubscription', 'describe_subscription', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'shield', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/sms.html +# http://boto3.readthedocs.io/en/latest/reference/services/sms.html + + def brute_sms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Server Migration Service (SMS) Permissions ###") - tests = [('GetReplicationJobs', 'get_replication_jobs', (), {} ), - ('GetServers', 'get_servers', (), {} ), - ] + print("### Enumerating Server Migration Service (SMS) Permissions ###") + tests = [('GetReplicationJobs', 'get_replication_jobs', (), {}), + ('GetServers', 'get_servers', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'sms', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/snowball.html +# http://boto3.readthedocs.io/en/latest/reference/services/snowball.html + + def brute_snowball_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Snowball Permissions ###") - tests = [('GetSnowballUsage', 'get_snowball_usage', (), {} ), - ('ListClusters', 'list_clusters', (), {} ), - ('ListJobs', 'list_jobs', (), {} ), - ] + print("### Enumerating Snowball Permissions ###") + tests = [('GetSnowballUsage', 'get_snowball_usage', (), {}), + ('ListClusters', 'list_clusters', (), {}), + ('ListJobs', 'list_jobs', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'snowball', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/sns.html + +# http://boto3.readthedocs.io/en/latest/reference/services/sns.html + + def brute_sns_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Simple Notification Service (SNS) Permissions ###") - tests = [('ListPlatformApplications', 'list_platform_applications', (), {} ), - ('ListPhoneNumbersOptedOut', 'list_phone_numbers_opted_out', (), {} ), - ('ListSubscriptions', 'list_subscriptions', (), {} ), - ('ListTopics', 'list_topics', (), {} ), - ('GetSmsAttributes', 'get_sms_attributes', (), {} ), - ] + print("### Enumerating Simple Notification Service (SNS) Permissions ###") + tests = [('ListPlatformApplications', 'list_platform_applications', (), {}), + ('ListPhoneNumbersOptedOut', 'list_phone_numbers_opted_out', (), {}), + ('ListSubscriptions', 'list_subscriptions', (), {}), + ('ListTopics', 'list_topics', (), {}), + ('GetSmsAttributes', 'get_sms_attributes', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'sns', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/sqs.html +# http://boto3.readthedocs.io/en/latest/reference/services/sqs.html + + def brute_sqs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Simple Queue Service (SQS) Permissions ###") - tests = [('ListQueues', 'list_queues', (), {} ), - ] + print("### Enumerating Simple Queue Service (SQS) Permissions ###") + tests = [('ListQueues', 'list_queues', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'sqs', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/ssm.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/ssm.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/stepfunctions.html + -#http://boto3.readthedocs.io/en/latest/reference/services/stepfunctions.html def brute_stepfunctions_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Step Functions (SFN) Permissions ###") - tests = [('ListActivities', 'list_activities', (), {} ), - ] + print("### Enumerating Step Functions (SFN) Permissions ###") + tests = [('ListActivities', 'list_activities', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'stepfunctions', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/storagegateway.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/storagegateway.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/sts.html + -#http://boto3.readthedocs.io/en/latest/reference/services/sts.html def brute_sts_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating Security Token Service (STS) Permissions ###") - tests = [('GetCallerIdentity', 'get_caller_identity', (), {}), - ] + print("### Enumerating Security Token Service (STS) Permissions ###") + tests = [('GetCallerIdentity', 'get_caller_identity', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'sts', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/support.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/support.html +# TODO -#http://boto3.readthedocs.io/en/latest/reference/services/swf.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/swf.html +# TODO -#http://boto3.readthedocs.io/en/latest/reference/services/transcribe.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/transcribe.html +# TODO -#http://boto3.readthedocs.io/en/latest/reference/services/translate.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/translate.html +# TODO -#http://boto3.readthedocs.io/en/latest/reference/services/waf.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/waf.html +# TODO -#http://boto3.readthedocs.io/en/latest/reference/services/waf-regional.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/waf-regional.html +# TODO -#http://boto3.readthedocs.io/en/latest/reference/services/workdocs.html -#TODO +# http://boto3.readthedocs.io/en/latest/reference/services/workdocs.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/workmail.html +# TODO + +# http://boto3.readthedocs.io/en/latest/reference/services/workspaces.html -#http://boto3.readthedocs.io/en/latest/reference/services/workmail.html -#TODO -#http://boto3.readthedocs.io/en/latest/reference/services/workspaces.html def brute_workspaces_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating WorkSpaces Permissions ###") - tests = [('DescribeWorkspaceBundles', 'describe_workspace_bundles', (), {} ), - ('DescribeWorkspaceDirectories', 'describe_workspace_directories', (), {} ), - ('DescribeWorkspaces', 'describe_workspaces', (), {} ), - ('DescribeWorkspacesConnectionStatus', 'describe_workspaces_connection_status', (), {} ), - ] + print("### Enumerating WorkSpaces Permissions ###") + tests = [('DescribeWorkspaceBundles', 'describe_workspace_bundles', (), {}), + ('DescribeWorkspaceDirectories', 'describe_workspace_directories', (), {}), + ('DescribeWorkspaces', 'describe_workspaces', (), {}), + ('DescribeWorkspacesConnectionStatus', 'describe_workspaces_connection_status', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'workspaces', tests) -#http://boto3.readthedocs.io/en/latest/reference/services/xray.html -#NO functions that dont take any arguements +# http://boto3.readthedocs.io/en/latest/reference/services/xray.html +# NO functions that dont take any arguements. GetTraceSummaries requires start/end times, We can +# probably programatically add these - need to see what the service actually does + + def brute_xray_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Enumerating X-Ray Permissions ###") - tests = [('GetTraceSummaries', 'get_trace_summaries', (), {}), #requires start/end times - ] + print("### Enumerating X-Ray Permissions ###") + tests = [('GetTraceSummaries', 'get_trace_summaries', (), {}), ] return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'xray', tests) diff --git a/libs/dynamodb.py b/libs/dynamodb.py index 3d5e7c7..36f5f09 100644 --- a/libs/dynamodb.py +++ b/libs/dynamodb.py @@ -5,12 +5,14 @@ dynamoDB functions import boto3 import botocore import pprint -import sys,os +import sys +import os pp = pprint.PrettyPrinter(indent=5, width=80) -#from http://docs.aws.amazon.com/general/latest/gr/rande.html -regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] +# from http://docs.aws.amazon.com/general/latest/gr/rande.html +regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2'] + def list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing DynamoDB Tables ###") @@ -38,6 +40,7 @@ def list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") + def list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing DynamoDB Tables ###") try: @@ -64,25 +67,26 @@ def list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") + def describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, table, region): print("### Describing DynamoDB Table: {} ###" .format(table)) try: client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) response = client.describe_table(TableName=table) if response.get('Table') is None: - print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) + print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['Table']) <= 0: - print("[-] DescribeTable allowed for {} but no results [-]" .format(region)) + print("[-] DescribeTable allowed for {} but no results [-]" .format(region)) else: - print("TableArn: {}" .format(response['Table']['TableArn'])) - print("AttributeDefinitions: {}" .format(response['Table']['AttributeDefinitions'])) - print("ProvisionedThroughput: {}" .format(response['Table']['ProvisionedThroughput'])) - print("TableSizeBytes: {}" .format(response['Table']['TableSizeBytes'])) - print("TableName: {}" .format(response['Table']['TableName'])) - print("TableStatus: {}" .format(response['Table']['TableStatus'])) - print("KeySchema: {}" .format(response['Table']['KeySchema'])) - print("ItemCount: {}" .format(response['Table']['ItemCount'])) - print("CreationDateTime: {}" .format(response['Table']['CreationDateTime'])) + print("TableArn: {}" .format(response['Table']['TableArn'])) + print("AttributeDefinitions: {}" .format(response['Table']['AttributeDefinitions'])) + print("ProvisionedThroughput: {}" .format(response['Table']['ProvisionedThroughput'])) + print("TableSizeBytes: {}" .format(response['Table']['TableSizeBytes'])) + print("TableName: {}" .format(response['Table']['TableName'])) + print("TableStatus: {}" .format(response['Table']['TableStatus'])) + print("KeySchema: {}" .format(response['Table']['KeySchema'])) + print("ItemCount: {}" .format(response['Table']['ItemCount'])) + print("CreationDateTime: {}" .format(response['Table']['CreationDateTime'])) print("\n") except botocore.exceptions.ClientError as e: diff --git a/libs/dynamodbstreams.py b/libs/dynamodbstreams.py index cdabf07..cd5b817 100644 --- a/libs/dynamodbstreams.py +++ b/libs/dynamodbstreams.py @@ -1,16 +1,17 @@ ''' -dynamoDBstreams functions + dynamoDBstreams functions ''' import boto3 import botocore import pprint -import sys,os +import os +import sys pp = pprint.PrettyPrinter(indent=5, width=80) -#from http://docs.aws.amazon.com/general/latest/gr/rande.html -regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] +# from http://docs.aws.amazon.com/general/latest/gr/rande.html +regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2'] def list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): diff --git a/modules/datapipeline.py b/modules/datapipeline.py index c17366b..f5c5684 100644 --- a/modules/datapipeline.py +++ b/modules/datapipeline.py @@ -1,8 +1,10 @@ ''' data pipeline example ''' + from libs.datapipeline import * from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + def step_datapipeline_list_pipelines(): list_pipelines(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/modules/ec2.py b/modules/ec2.py index 0a22674..5e6a9c1 100644 --- a/modules/ec2.py +++ b/modules/ec2.py @@ -1,11 +1,15 @@ ''' This file is used to perform various EC2 operations ''' + from libs.ec2 import * from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY ''' -Basic info about each instance +Basic info about each EC2 instance +ex: +[+] Listing instances for region: us-west-2 [+] +InstanceID: i-XXXXXXXXXXXXXXX, InstanceType: t2.micro, State: {'Code': 80, 'Name': 'stopped'}, Launchtime: 2016-08-25 22:31:31+00:00 ''' @@ -14,7 +18,7 @@ def step_ec2_get_instances_basic(): ''' -All info about each instance +All info about each EC2 instance ''' @@ -38,3 +42,12 @@ show volumes by instanceId but instanceID->volume1 of ID, instanceID->volume2 of def step_ec2_get_instance_volume_details2(): get_instance_volume_details2(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +''' +This function is used to list EBS volumes and whether or not they are encrypted. This is only for "in-use" (running) volumes. +''' + + +def step_ec2_review_encrypted_volumes(): + review_encrypted_volumes(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) From 5de3e23dc470c4b54aab5b8c42f1da2f62b37322 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Sat, 7 Apr 2018 19:32:20 -0400 Subject: [PATCH 08/16] pep8, elasticbeanstalk fixes --- dynamodb_list_tables.py | 8 -------- libs/ecr.py | 2 +- libs/elasticbeanstalk.py | 29 ++++++++++++++++++----------- modules/ecr.py | 9 +++++++++ modules/elasticbeanstalk.py | 33 +++++++++++++++++++++++++++++++++ 5 files changed, 61 insertions(+), 20 deletions(-) delete mode 100644 dynamodb_list_tables.py create mode 100644 modules/ecr.py create mode 100644 modules/elasticbeanstalk.py diff --git a/dynamodb_list_tables.py b/dynamodb_list_tables.py deleted file mode 100644 index 06fc57f..0000000 --- a/dynamodb_list_tables.py +++ /dev/null @@ -1,8 +0,0 @@ -''' -dynamoDB examples -''' -from libs.dynamodb import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - -list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/libs/ecr.py b/libs/ecr.py index bfc4cce..60139b5 100644 --- a/libs/ecr.py +++ b/libs/ecr.py @@ -20,7 +20,7 @@ def describe_repositories(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): response = client.describe_repositories() - #print response + # print response if response.get('repositories') is None: print("{} likely does not have ECR permissions\n" .format(AWS_ACCESS_KEY_ID)) diff --git a/libs/elasticbeanstalk.py b/libs/elasticbeanstalk.py index b97caef..e8b80cf 100644 --- a/libs/elasticbeanstalk.py +++ b/libs/elasticbeanstalk.py @@ -4,13 +4,15 @@ ElasticBeanstalk functions import boto3 import botocore +import os import pprint -import sys,os +import sys pp = pprint.PrettyPrinter(indent=5, width=80) -#from http://docs.aws.amazon.com/general/latest/gr/rande.html -regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] +# from http://docs.aws.amazon.com/general/latest/gr/rande.html +regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] + def describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing ElasticBeanstalk Applications ###") @@ -20,7 +22,7 @@ def describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): response = client.describe_applications() - #print response + # print response if response.get('Applications') is None: print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID)) @@ -42,6 +44,7 @@ def describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") + def describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing ElasticBeanstalk Applications Versions ###") try: @@ -50,7 +53,7 @@ def describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): response = client.describe_application_versions() - #print response + # print response if response.get('ApplicationVersions') is None: print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID)) @@ -72,6 +75,7 @@ def describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") + def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing ElasticBeanstalk Configuration Options ###") try: @@ -79,8 +83,9 @@ def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): client = boto3.client('elasticbeanstalk', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) response = client.describe_configuration_options() + print(response) - #print response + # print response if response.get('Options') is None: print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID)) @@ -88,13 +93,13 @@ def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("[-] DescribeConfigurationOptions allowed for {} but no results [-]" .format(region)) else: print("### {} ElasticBeanstalk Configuration Options ###" .format(region)) - #if response['PlatformArn'] is None: + # if response['PlatformArn'] is None: # pass - #else: + # else: # print("PlatformArn: {}" .format(response['PlatformArn'])) print("SolutionStackName: {}" .format(response['SolutionStackName'])) - pp.pprint( "Options: {}" .format(response['Options'])) + pp.pprint("Options: {}" .format(response['Options'])) print("\n") except botocore.exceptions.ClientError as e: @@ -107,6 +112,7 @@ def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") + def describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing ElasticBeanstalk Environments ###") try: @@ -115,7 +121,7 @@ def describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): response = client.describe_environments() - #print response + # print response if response.get('Environments') is None: print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID)) @@ -137,6 +143,7 @@ def describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except KeyboardInterrupt: print("CTRL-C received, exiting...") + def describe_events(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing ElasticBeanstalk Environments ###") try: @@ -145,7 +152,7 @@ def describe_events(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): response = client.describe_events() - #print response + # print response if response.get('Events') is None: print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID)) diff --git a/modules/ecr.py b/modules/ecr.py new file mode 100644 index 0000000..0b1a9cf --- /dev/null +++ b/modules/ecr.py @@ -0,0 +1,9 @@ +''' +ECR functions +''' +from libs.ecr import * + +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + +def step_ecr_describe_repos(): + describe_repositories(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/modules/elasticbeanstalk.py b/modules/elasticbeanstalk.py new file mode 100644 index 0000000..a19ac98 --- /dev/null +++ b/modules/elasticbeanstalk.py @@ -0,0 +1,33 @@ +''' +This file is used to perform some ElasticBeanstalk actions +''' +from libs.elasticbeanstalk import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +''' +There is a weird issue that AWS says everyone has elasticbeanstalk permissions +despite not running any of these services - in other words it wont be abnormal +for recon to say it has elasticbeantalk permissions but nothing get returned +when you run these functions +''' + + +def step_elasticbeanstalk_describe_applications(): + describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +def step_elasticbeanstalk_describe_applications_versions(): + describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + +# not working +# def step_elasticbeanstalk_describe_configuration_options(): +# describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +def step_elasticbeanstalk_describe_environments(): + describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +def step_elasticbeanstalk_describe_events(): + describe_events(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) From 7c368b9a6275cea64656d7347b02e3d6e53f1ee8 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Sat, 7 Apr 2018 19:37:29 -0400 Subject: [PATCH 09/16] emr --- elasticbeanstalk_describe.py | 11 ----------- libs/emr.py | 17 ++++++++++------- modules/emr.py | 13 +++++++++++++ 3 files changed, 23 insertions(+), 18 deletions(-) delete mode 100644 elasticbeanstalk_describe.py create mode 100644 modules/emr.py diff --git a/elasticbeanstalk_describe.py b/elasticbeanstalk_describe.py deleted file mode 100644 index dcd9e1e..0000000 --- a/elasticbeanstalk_describe.py +++ /dev/null @@ -1,11 +0,0 @@ -''' -This file is used to perform some ElasticBeanstalk actions -''' -from libs.elasticbeanstalk import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - -#describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -describe_events(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/libs/emr.py b/libs/emr.py index 983bd4c..dfc42ed 100644 --- a/libs/emr.py +++ b/libs/emr.py @@ -4,13 +4,15 @@ EMR functions import boto3 import botocore +import os import pprint -import sys,os +import sys pp = pprint.PrettyPrinter(indent=5, width=80) -#from http://docs.aws.amazon.com/general/latest/gr/rande.html -regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] +# from http://docs.aws.amazon.com/general/latest/gr/rande.html +regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] + def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing EMR Clusters ###") @@ -20,7 +22,7 @@ def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): response = client.list_clusters() - #print response + # print response if response.get('Clusters') is None: print("{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID)) @@ -40,7 +42,8 @@ def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: - print("CTRL-C received, exiting...") + print("CTRL-C received, exiting...") + def list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing EMR Security Configuration ###") @@ -50,7 +53,7 @@ def list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): response = client.list_security_configurations() - #print response + # print response if response.get('SecurityConfigurations') is None: print("{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID)) @@ -70,4 +73,4 @@ def list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: - print("CTRL-C received, exiting...") + print("CTRL-C received, exiting...") diff --git a/modules/emr.py b/modules/emr.py new file mode 100644 index 0000000..ddb6a99 --- /dev/null +++ b/modules/emr.py @@ -0,0 +1,13 @@ +''' +This file is used to perform some EMR actions +''' +from libs.emr import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +def step_emr_list_clusters(): + list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +def step_emr_list_security_configurations(): + list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) From 76db8c3aea70ad82fc795c0c6852902e44f873a7 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Sat, 7 Apr 2018 19:46:38 -0400 Subject: [PATCH 10/16] lambda --- emr_list_clusters.py | 9 --- lambda_list_functions_and_mappings.py | 8 -- libs/aws_lambda.py | 101 +++++++++++++------------- modules/aws_lambda.py | 13 ++++ 4 files changed, 65 insertions(+), 66 deletions(-) delete mode 100644 emr_list_clusters.py delete mode 100644 lambda_list_functions_and_mappings.py create mode 100644 modules/aws_lambda.py diff --git a/emr_list_clusters.py b/emr_list_clusters.py deleted file mode 100644 index a1938c1..0000000 --- a/emr_list_clusters.py +++ /dev/null @@ -1,9 +0,0 @@ -''' -This file is used to perform some EMR actions -''' -from libs.emr import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - - -list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/lambda_list_functions_and_mappings.py b/lambda_list_functions_and_mappings.py deleted file mode 100644 index 9b6949e..0000000 --- a/lambda_list_functions_and_mappings.py +++ /dev/null @@ -1,8 +0,0 @@ -''' -This file is used to list lambda functions and event mappings -''' -from libs.aws_lambda import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - -list_functions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -list_event_source_mappings(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/libs/aws_lambda.py b/libs/aws_lambda.py index fabf78d..fa4f4eb 100644 --- a/libs/aws_lambda.py +++ b/libs/aws_lambda.py @@ -4,64 +4,67 @@ lamda functions import boto3 import botocore +import os import pprint -import sys,os +import sys pp = pprint.PrettyPrinter(indent=5, width=80) -#from http://docs.aws.amazon.com/general/latest/gr/rande.html -regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] +# from http://docs.aws.amazon.com/general/latest/gr/rande.html +regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] + def list_functions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Listing Lambda Functions ###") - try: - for region in regions: - client = boto3.client( - 'lambda', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, - region_name=region - ) + print("### Listing Lambda Functions ###") + try: + for region in regions: + client = boto3.client( + 'lambda', + aws_access_key_id=AWS_ACCESS_KEY_ID, + aws_secret_access_key=AWS_SECRET_ACCESS_KEY, + region_name=region + ) - response = client.list_functions() + response = client.list_functions() + + if response.get('Functions') is None: + print("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['Functions']) <= 0: + print("[-] ListFunctions allowed for {} but no results [-]" .format(region)) + else: # THIS PART IS UNTESTED + for r in response['Functions']: + # for i in r['Instances']: + pp.pprint(r) + print("\n") + except botocore.exceptions.ClientError as e: + print(e) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") - if response.get('Functions') is None: - print ("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID)) - elif len(response['Functions']) <= 0: - print ("[-] ListFunctions allowed for {} but no results [-]" .format(region)) - else: #THIS PART IS UNTESTED - for r in response['Functions']: - #for i in r['Instances']: - pp.pprint(r) - print ("\n") - except botocore.exceptions.ClientError as e: - print (e) - except KeyboardInterrupt: - print ("CTRL-C received, exiting...") def list_event_source_mappings(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print ("### Listing Lambda Event Source Mappings ###") - try: - for region in regions: - client = boto3.client( - 'lambda', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, - region_name=region - ) + print("### Listing Lambda Event Source Mappings ###") + try: + for region in regions: + client = boto3.client( + 'lambda', + aws_access_key_id=AWS_ACCESS_KEY_ID, + aws_secret_access_key=AWS_SECRET_ACCESS_KEY, + region_name=region + ) - response = client.list_event_source_mappings() + response = client.list_event_source_mappings() - if response.get('EventSourceMappings') is None: - print ("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID)) - elif len(response['EventSourceMappings']) <= 0: - print ("[-] ListEventSourceMappings allowed for {} but no results [-]" .format(region)) - else: - for r in response['EventSourceMappings']: - #for i in r['Instances']: - pp.pprint(r) - print ("\n") - except botocore.exceptions.ClientError as e: - print (e) - except KeyboardInterrupt: - print("CTRL-C received, exiting...") + if response.get('EventSourceMappings') is None: + print("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['EventSourceMappings']) <= 0: + print("[-] ListEventSourceMappings allowed for {} but no results [-]" .format(region)) + else: + for r in response['EventSourceMappings']: + # for i in r['Instances']: + pp.pprint(r) + print("\n") + except botocore.exceptions.ClientError as e: + print(e) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") diff --git a/modules/aws_lambda.py b/modules/aws_lambda.py new file mode 100644 index 0000000..525b031 --- /dev/null +++ b/modules/aws_lambda.py @@ -0,0 +1,13 @@ +''' +This file is used to list lambda functions and event mappings +''' +from libs.aws_lambda import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +def step_lambda_list_functions(): + list_functions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +def step_lambda_list_event_source_mappings(): + list_event_source_mappings(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) From 5c531effca3c0abed55ec9492786a15d2e4e6955 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Sat, 7 Apr 2018 19:52:02 -0400 Subject: [PATCH 11/16] opsworks --- libs/opsworks.py | 65 ++++++++++++++++++------------------- modules/opsworks.py | 6 ++++ opsworks_describe_stacks.py | 4 --- 3 files changed, 38 insertions(+), 37 deletions(-) create mode 100644 modules/opsworks.py delete mode 100644 opsworks_describe_stacks.py diff --git a/libs/opsworks.py b/libs/opsworks.py index 3e5aeaa..4e50a80 100644 --- a/libs/opsworks.py +++ b/libs/opsworks.py @@ -4,41 +4,40 @@ import pprint pp = pprint.PrettyPrinter(indent=5, width=80) -#from http://docs.aws.amazon.com/general/latest/gr/rande.html -#http://docs.aws.amazon.com/general/latest/gr/rande.html#opsworks_region +# from http://docs.aws.amazon.com/general/latest/gr/rande.html +# http://docs.aws.amazon.com/general/latest/gr/rande.html#opsworks_region regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', ] -#region = 'us-east-1' def describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print('#### Listing Stacks ####') - try: - for region in regions: - client = boto3.client( - 'opsworks', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, - region_name=region - ) - response = client.describe_stacks() - #debug - print(response) - if response.get('Stacks') is None: - print("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID)) - elif len(response['Stacks']) <= 0: - print("[-] DescribeStacks allowed for {} but no results (everyone seems to have this permission) [-]\n" .format(region)) - else: #THIS PART IS UNTESTED - for r in response['Stacks']: - pp.pprint(r) - except botocore.exceptions.EndpointConnectionError as e: - print("Unexpected error: {}" .format(e)) + print('#### Listing Stacks ####') + try: + for region in regions: + client = boto3.client( + 'opsworks', + aws_access_key_id=AWS_ACCESS_KEY_ID, + aws_secret_access_key=AWS_SECRET_ACCESS_KEY, + region_name=region + ) + response = client.describe_stacks() + # debug + # print(response) + if response.get('Stacks') is None: + print("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['Stacks']) <= 0: + print("[-] DescribeStacks allowed for {} but no results (everyone seems to have this permission) [-]\n" .format(region)) + else: # THIS PART IS UNTESTED + for r in response['Stacks']: + pp.pprint(r) + except botocore.exceptions.EndpointConnectionError as e: + print("Unexpected error: {}" .format(e)) - except botocore.exceptions.ClientError as e: - if e.response['Error']['Code'] == 'InvalidClientTokenId': - sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) - elif e.response['Error']['Code'] == 'EndpointConnectionError': - print("[-] Cant connect to the {} endpoint [-]" .format(region)) - else: - print("Unexpected error: {}" .format(e)) - except KeyboardInterrupt: - print("CTRL-C received, exiting...") + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'EndpointConnectionError': + print("[-] Cant connect to the {} endpoint [-]" .format(region)) + else: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") diff --git a/modules/opsworks.py b/modules/opsworks.py new file mode 100644 index 0000000..b6459c4 --- /dev/null +++ b/modules/opsworks.py @@ -0,0 +1,6 @@ +from libs.opsworks import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +def step_opsworkds_describe_stacks(): + describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/opsworks_describe_stacks.py b/opsworks_describe_stacks.py deleted file mode 100644 index b1a33de..0000000 --- a/opsworks_describe_stacks.py +++ /dev/null @@ -1,4 +0,0 @@ -from libs.opsworks import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - -describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) From 50a6902219b91134d8f70b5ced2849fc388a3511 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Sat, 7 Apr 2018 22:16:23 -0400 Subject: [PATCH 12/16] firehose, sqs updates, recon module, etc --- libs/dynamodb.py | 4 ++ libs/ecr.py | 5 +- libs/emr.py | 2 - libs/firehose.py | 73 ++++++++++++++++++++++ libs/sqs.py | 31 ++++++++++ libs/sts.py | 42 ++++++------- modules/firehose.py | 14 +++++ modules/opsworks.py | 2 +- modules/recon.py | 143 ++++++++++++++++++++++++++++++++++++++++++++ modules/sqs.py | 9 +++ 10 files changed, 300 insertions(+), 25 deletions(-) create mode 100644 libs/firehose.py create mode 100644 libs/sqs.py create mode 100644 modules/firehose.py create mode 100644 modules/recon.py create mode 100644 modules/sqs.py diff --git a/libs/dynamodb.py b/libs/dynamodb.py index 36f5f09..1fe885c 100644 --- a/libs/dynamodb.py +++ b/libs/dynamodb.py @@ -62,6 +62,8 @@ def list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDeniedException': + print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: @@ -94,6 +96,8 @@ def describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, table, region): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDeniedException': + print('{} : Does not have the required DescribeTable permissions' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: diff --git a/libs/ecr.py b/libs/ecr.py index 60139b5..f56d103 100644 --- a/libs/ecr.py +++ b/libs/ecr.py @@ -4,12 +4,13 @@ ECR functions import boto3 import botocore +import os import pprint -import sys,os +import sys pp = pprint.PrettyPrinter(indent=5, width=80) -#from http://docs.aws.amazon.com/general/latest/gr/rande.html +# from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-southeast-1', 'ap-southeast-2', ] def describe_repositories(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): diff --git a/libs/emr.py b/libs/emr.py index dfc42ed..c5860a9 100644 --- a/libs/emr.py +++ b/libs/emr.py @@ -22,8 +22,6 @@ def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): response = client.list_clusters() - # print response - if response.get('Clusters') is None: print("{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['Clusters']) <= 0: diff --git a/libs/firehose.py b/libs/firehose.py new file mode 100644 index 0000000..f65e941 --- /dev/null +++ b/libs/firehose.py @@ -0,0 +1,73 @@ +''' +Firehose functions +''' + +import boto3 +import botocore +import os +import pprint +import sys + +pp = pprint.PrettyPrinter(indent=5, width=80) + +# from http://docs.aws.amazon.com/general/latest/gr/rande.html +regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'eu-central-1', 'eu-west-1', 'ap-northeast-1', 'ap-southeast-1', 'ap-southeast-2', ] + +def firehose_list_delivery_streams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + print("### Printing Firehose Delivery Streams ###") + try: + for region in regions: + client = boto3.client('firehose', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + + response = client.list_delivery_streams() + + # print(response) + if response['DeliveryStreamNames'] is None: + print("{} likely does not have Firehose permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['DeliveryStreamNames']) <= 0: + print("[-] ListDeliveryStreams allowed for {} but no results [-]" .format(region)) + else: + print("### {} Firehose Delivery Streams ###" .format(region)) + for stream in response['DeliveryStreamNames']: + pp.pprint(stream) + print("\n") + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDenied': + print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + + +def firehose_describe_delivery_streams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + print("### Printing Firehose Delivery Streams & details ###") + try: + for region in regions: + client = boto3.client('firehose', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + + response = client.list_delivery_streams() + + # print(response) + if response['DeliveryStreamNames'] is None: + print("{} likely does not have Firehose permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['DeliveryStreamNames']) <= 0: + print("[-] ListDeliveryStreams allowed for {} but no results [-]" .format(region)) + else: + print("### {} Firehose Delivery Streams ###" .format(region)) + for stream in response['DeliveryStreamNames']: + details = client.describe_delivery_stream(DeliveryStreamName=stream) + # This just prints the blob, needs to be cleaned up + print(details) + print("\n") + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDenied': + print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") diff --git a/libs/sqs.py b/libs/sqs.py new file mode 100644 index 0000000..c2d5aba --- /dev/null +++ b/libs/sqs.py @@ -0,0 +1,31 @@ +import boto3 +import botocore +import pprint + +pp = pprint.PrettyPrinter(indent=5, width=80) + +# from https://docs.aws.amazon.com/general/latest/gr/rande.html#sqs_region +regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', 'ca-central-1', 'cn-north-1', 'cn-northwest-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1', 'us-gov-west-1' ] + + +def sqs_list_queues(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + try: + for region in regions: + client = boto3.client("sqs", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) + response = client.list_queues() + # THis isnt working need to test with one that works to get the QueueUrl attributes + # if len(response['QueueUrls']) <= 0: + # print("[-] ListQueues allowed for {} but no results [-]" .format(region)) + # else: + print("region: {} \n {}".format(region,response)) + + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDenied': + print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + diff --git a/libs/sts.py b/libs/sts.py index 5b29315..eba6ca2 100644 --- a/libs/sts.py +++ b/libs/sts.py @@ -4,29 +4,31 @@ import pprint pp = pprint.PrettyPrinter(indent=5, width=80) -#from http://docs.aws.amazon.com/general/latest/gr/rande.html +# from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] -def get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - try: - client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) - account_id = client.get_caller_identity()["Account"] - print("Account Id: {}" .format(account_id)) - except KeyboardInterrupt: - print("CTRL-C received, exiting...") - return account_id +def get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + try: + client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) + account_id = client.get_caller_identity()["Account"] + print("Account Id: {}" .format(account_id)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + + return account_id + def get_accountid_all(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - try: - client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) - account_id = client.get_caller_identity()["Account"] - account_userid = client.get_caller_identity()["UserId"] - account_arn = client.get_caller_identity()["Arn"] - print("Account Id: {}" .format(account_id)) - print("Account UserID: {}" .format(account_userid) ) - print("Account ARN: {}" .format(account_arn) ) - except KeyboardInterrupt: - print("CTRL-C received, exiting...") + try: + client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) + account_id = client.get_caller_identity()["Account"] + account_userid = client.get_caller_identity()["UserId"] + account_arn = client.get_caller_identity()["Arn"] + print("Account Id: {}" .format(account_id)) + print("Account UserID: {}" .format(account_userid) ) + print("Account ARN: {}" .format(account_arn) ) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") - return account_id \ No newline at end of file + return account_id \ No newline at end of file diff --git a/modules/firehose.py b/modules/firehose.py new file mode 100644 index 0000000..b9ad59b --- /dev/null +++ b/modules/firehose.py @@ -0,0 +1,14 @@ +''' +Firehose functions +''' +from libs.firehose import * + +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +def step_firehose_list_delivery_streams(): + firehose_list_delivery_streams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +def step_firehose_describe_delivery_streams(): + firehose_describe_delivery_streams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) \ No newline at end of file diff --git a/modules/opsworks.py b/modules/opsworks.py index b6459c4..2b65558 100644 --- a/modules/opsworks.py +++ b/modules/opsworks.py @@ -2,5 +2,5 @@ from libs.opsworks import * from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY -def step_opsworkds_describe_stacks(): +def step_opsworks_describe_stacks(): describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/modules/recon.py b/modules/recon.py new file mode 100644 index 0000000..b86793f --- /dev/null +++ b/modules/recon.py @@ -0,0 +1,143 @@ +from __future__ import print_function + +from libs.brute import * +from libs.s3 import * + +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + +def step_recon_all(): + check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_acm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # AlexaForBusiness + brute_apigateway_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # Application Auto Scaling + brute_appstream_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # AppSync no usable functions + brute_athena_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_autoscaling_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # AutoScalingPlans + brute_batch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # CostExplorer + # brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) Was working now its not + brute_clouddirectory_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_cloudformation_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_cloudfront_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_cloudhsm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # cloudhsmv2 + brute_cloudsearch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # CloudSearchDomain + brute_cloudtrail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_cloudwatch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_codebuild_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_codecommit_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_codedeploy_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_codepipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_codestar_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_cognitoidentity_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_cognitoidp_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_cognitosync_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # Comprehend + brute_configservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # brute_costandusagereportservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) #Could not connect to the endpoint URL: "https://cur.us-west-2.amazonaws.com/" + brute_datapipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # DAX + brute_devicefarm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_directconnect_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_applicationdiscoveryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_dms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_directoryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_dynamodb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_dynamodbstreams_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_ec2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_ecr_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_ecs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_efs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_elasticache_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_elasticbeanstalk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_elastictranscoder_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_elasticloadbalancing_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_elasticloadbalancingv2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_emr_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_es_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_cloudwatchevents_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_firehose_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_gamelift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_glacier_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # Glue + brute_greengrass_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # GuardDuty + brute_health_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_iam_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_importexport_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_inspector_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_iot_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # IoTDataPlane no functions + # IoTJobsDataPlane + brute_kinesis_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # KinesisVideoArchivedMedia + # KinesisVideoMedia + brute_kinesisanalytics_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # KinesisVideo + brute_kms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_lambda_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_lexmodels_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # LexRuntimeService #no functions + brute_lightsail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_cloudwatchlogs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_machinelearning_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # marketplace-entitlement no functions + # marketplacecommerceanalytics no functions + # MediaConvert + # MediaLive + # MediaPackage + # MediaStore + # MediaStore-Data + # MarketplaceMetering no functions + # MigrationHub + # Mobile + # MQ + brute_mturk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_opsworks_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_opsworkscm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_organizations_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # PinPoint no functions + brute_polly_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # Pricing + brute_rds_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_redshift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_rekognition_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # ResourceGroups + brute_resourcegroupstaggingapi_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_route53_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_route53domains_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_s3_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # SageMaker + # SageMakerRuntime + brute_sdb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # ServerlessApplicationRepository + brute_servicecatalog_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # ServiceDiscovery + brute_ses_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_shield_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_sms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_snowball_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_sns_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + brute_sqs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # SSM + brute_stepfunctions_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # StorageGateway + brute_sts_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # Support + # SWF + # TranscribeService + # Translate + # WAF + # WAFRegional + # WorkDocs + # WorkMail + brute_workspaces_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + # XRay no functions + +# S3 bucket's while we are here... + get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/modules/sqs.py b/modules/sqs.py new file mode 100644 index 0000000..5ab9cf4 --- /dev/null +++ b/modules/sqs.py @@ -0,0 +1,9 @@ +''' +SQS +''' +from libs.sqs import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +def step_sqs_list_queues(): + sqs_list_queues(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) From 9eb444dc3b74164794cea73b177298fabe6c8059 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Sat, 7 Apr 2018 22:16:53 -0400 Subject: [PATCH 13/16] sqs --- libs/sqs.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libs/sqs.py b/libs/sqs.py index c2d5aba..d8aa7d6 100644 --- a/libs/sqs.py +++ b/libs/sqs.py @@ -13,11 +13,13 @@ def sqs_list_queues(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): for region in regions: client = boto3.client("sqs", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) response = client.list_queues() + if response.get('QueueUrls') is None: + print("[-] ListQueues allowed for {} but no results [-]" .format(region)) # THis isnt working need to test with one that works to get the QueueUrl attributes # if len(response['QueueUrls']) <= 0: # print("[-] ListQueues allowed for {} but no results [-]" .format(region)) - # else: - print("region: {} \n {}".format(region,response)) + else: + print("region: {} \n {}".format(region,response)) except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': From c6802744f1b70e6525eb129c1ff7a32e9e018433 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Wed, 11 Apr 2018 22:45:33 -0400 Subject: [PATCH 14/16] fix device farm and other stuff --- libs/brute.py | 83 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 81 insertions(+), 2 deletions(-) diff --git a/libs/brute.py b/libs/brute.py index 238f313..1eebec5 100644 --- a/libs/brute.py +++ b/libs/brute.py @@ -116,6 +116,42 @@ def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, ser print("\n") return actions +def generic_permission_bruteforcer_region(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests, region_passed): + actions = [] + try: + client = boto3.client(service, aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + except Exception as e: + # print('Failed to connect: "{}"' .format(e.error_message)) + print('Failed to connect: "{}"' .format(e)) + return actions + + actions = generic_method_bruteforcer_region(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests, region_passed) + if actions: + print("\n[+] {} Actions allowed are [+]" .format(service)) + print(actions) + timenow = datetime.datetime.now() + + db_logger = [] + for action in actions: + db_logger.append([service, action, AWS_ACCESS_KEY_ID, timenow]) + # print (db_logger) + + # scrapped the json logging idea but keeping it here just in case + # data = json.dumps({'time' : timenow, 'service' : service, 'actions' : actions, 'target' : 'passed_in_target'}) + # logging.critical(data) + + # logging to db here + try: + insert_reconservice_data(db_name, db_logger) + except sqlite3.OperationalError as e: + print(e) + print("You need to set up the database...exiting") + sys.exit() + print("\n") + else: + print("\n[-] No {} actions allowed [-]" .format(service)) + print("\n") + return actions def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests): actions = [] @@ -134,9 +170,51 @@ def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service if e.response['Error']['Code'] == 'DryRunOperation': print('{} IS allowed' .format(api_action)) actions.append(api_action) - if e.response['Error']['Code'] == 'ClusterNotFoundException': + elif e.response['Error']['Code'] == 'ClusterNotFoundException': print('{} IS allowed but you need to specify a cluster name' .format(api_action)) actions.append(api_action) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('[-] {} IS allowed - but SubscriptionRequiredException - usually means you have an unconfigured root account [-]' .format(api_action)) + # If it's not configured, we are not adding it to services + # actions.append(api_action) + elif e.response['Error']['Code'] == 'OptInRequired': + print('[-] {} IS allowed - but OptInRequired - usually means you have an unconfigured root account [-]' .format(api_action)) + # If it's not configured, we are not adding it to services + # actions.append(api_action) + else: + print(e) + continue + else: + print('{} IS allowed' .format(api_action)) + actions.append(api_action) + return actions + +def generic_method_bruteforcer_region(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests, region_passed): + actions = [] + client = boto3.client(service, aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region_passed) + for api_action, method_name, args, kwargs in tests: + try: + method = getattr(client, method_name) + method(*args, **kwargs) + # print method --wont return anything on dryrun + except botocore.exceptions.EndpointConnectionError as e: + print(e) + continue + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'DryRunOperation': + print('{} IS allowed' .format(api_action)) + actions.append(api_action) + elif e.response['Error']['Code'] == 'ClusterNotFoundException': + print('{} IS allowed but you need to specify a cluster name' .format(api_action)) + actions.append(api_action) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('[-] {} IS allowed - but SubscriptionRequiredException - usually means you have an unconfigured root account [-]' .format(api_action)) + actions.append(api_action) + elif e.response['Error']['Code'] == 'OptInRequired': + print('[-] {} IS allowed - but OptInRequired - usually means you have an unconfigured root account [-]' .format(api_action)) + actions.append(api_action) else: print(e) continue @@ -443,7 +521,7 @@ def brute_devicefarm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Enumerating DeviceFarm Permissions ###") tests = [('ListProjects', 'list_projects', (), {}, ), ('ListDevices', 'list_devices', (), {}, ), ] - return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'devicefarm', tests) + return generic_permission_bruteforcer_region(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'devicefarm', tests, 'us-west-2') # http://boto3.readthedocs.io/en/latest/reference/services/directconnect.html @@ -751,6 +829,7 @@ def brute_iam_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): tests = [('GetUser', 'get_user', (), {}), # ('ListUserPolicies', 'list_user_policies', (), {'UserName':'root'} ), ('ListGroups', 'list_groups', (), {}), + ('ListUsers', 'list_users', (), {}), # ('ListGroupsForUser', 'list_groups_for_user', (), {'UserName':account_username} ), ('GetCredentialReport', 'get_credential_report', (), {}), ('GetAccountSummary', 'get_account_summary', (), {}), From 89e758a4cfa5d9420c104d2e1579af9eb9a2a6e2 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Wed, 11 Apr 2018 22:50:24 -0400 Subject: [PATCH 15/16] mostly fixes to handle a root key that has perms but shit isnt actually set up --- libs/aws_lambda.py | 18 +++++- libs/ce.py | 40 +++++++++++++ libs/cloudtrail.py | 84 ++++++++++++++++++++++++++ libs/cloudwatch.py | 16 ++++- libs/config.py | 4 ++ libs/datapipeline.py | 2 + libs/dynamodb.py | 6 ++ libs/dynamodbstreams.py | 2 + libs/ec2.py | 10 ++++ libs/ecr.py | 4 +- libs/elasticbeanstalk.py | 10 ++++ libs/emr.py | 4 ++ libs/firehose.py | 4 ++ libs/iam.py | 123 ++++++++++++++++++++++++++++++++++++++- libs/opsworks.py | 46 ++++++++++++++- libs/pricing.py | 39 +++++++++++++ libs/rds.py | 41 +++++++------ libs/route53.py | 4 ++ libs/s3.py | 24 ++++++-- libs/sqs.py | 2 + libs/sts.py | 19 ++++++ modules/ce.py | 12 ++++ modules/cloudtrail.py | 13 +++++ modules/iam.py | 22 +++++++ modules/opsworks.py | 4 ++ modules/pricing.py | 12 ++++ modules/route53.py | 10 ++++ 27 files changed, 543 insertions(+), 32 deletions(-) create mode 100644 libs/ce.py create mode 100644 libs/cloudtrail.py create mode 100644 libs/pricing.py create mode 100644 modules/ce.py create mode 100644 modules/cloudtrail.py create mode 100644 modules/iam.py create mode 100644 modules/pricing.py create mode 100644 modules/route53.py diff --git a/libs/aws_lambda.py b/libs/aws_lambda.py index fa4f4eb..d4299fb 100644 --- a/libs/aws_lambda.py +++ b/libs/aws_lambda.py @@ -37,7 +37,14 @@ def list_functions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): pp.pprint(r) print("\n") except botocore.exceptions.ClientError as e: - print(e) + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDenied': + print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -65,6 +72,13 @@ def list_event_source_mappings(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): pp.pprint(r) print("\n") except botocore.exceptions.ClientError as e: - print(e) + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDenied': + print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") diff --git a/libs/ce.py b/libs/ce.py new file mode 100644 index 0000000..3d61de3 --- /dev/null +++ b/libs/ce.py @@ -0,0 +1,40 @@ +''' +Cost Explorer Library +''' + +import boto3 +import botocore +import pprint +import sys + +pp = pprint.PrettyPrinter(indent=5, width=80) + +#from http://docs.aws.amazon.com/general/latest/gr/rande.html +regions = ['us-east-1', ] + +def ce_get_cost_and_usage(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + try: + for region in regions: + client = boto3.client('ce', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + response = client.get_cost_and_usage(TimePeriod={'Start': '2018-01-01', 'End': '2018-04-01'}, Granularity='MONTHLY', Metrics=["BlendedCost", "UnblendedCost", "UsageQuantity"],) + print(response) + #if response.get('Services') is None: + # print("{} likely does not have Pricing permissions\n" .format(AWS_ACCESS_KEY_ID)) + #elif len(response['Services']) <= 0: + # print("[-] Describe Pricing Services allowed for {} but no results [-]" .format(region)) + #else: + # print("### {} Services ###" .format(region)) + # for tables in response['ServiceCode']: + # pp.pprint(tables) + # print("\n") + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'UnauthorizedOperation': + print('{} : (UnauthorizedOperation) when calling the DescribeInstances -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDeniedException': + print('{} : (AccessDenied) when calling the Get Cost & Usage' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print(e) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") diff --git a/libs/cloudtrail.py b/libs/cloudtrail.py new file mode 100644 index 0000000..f1ce4ce --- /dev/null +++ b/libs/cloudtrail.py @@ -0,0 +1,84 @@ +''' +Cloudtrail functions +''' + +import boto3 +import botocore +import os +import pprint +import sys + +pp = pprint.PrettyPrinter(indent=5, width=80) + +# from http://docs.aws.amazon.com/general/latest/gr/rande.html +regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1' ] +# 'cn-north-1', 'cn-northwest-1', 'us-gov-west-1' throwing An error occurred (UnrecognizedClientException) when calling the DescribeTrails operation: The security token included in the request is invalid. + +def describe_trails(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + print("### Printing CloudTrail DescribeTrails ###") + try: + for region in regions: + client = boto3.client('cloudtrail', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + + response = client.describe_trails() + + # print (response) + # print(region) + if response['trailList'] is None: + print("{} likely does not have CloudTrail permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['trailList']) <= 0: + print("[-] ListTrails allowed for {} but no results [-]" .format(region)) + else: + print("### {} CloudTrail Trails ###" .format(region)) + for trail in response['trailList']: + pp.pprint(trail) + print("\n") + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDenied': + print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + #elif e.response['Error']['Code'] == 'UnrecognizedClientException': + # print('{} : UnrecognizedClientException error' .format(AWS_ACCESS_KEY_ID)) + # pass + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + pass + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + +def list_public_keys(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + print("### Printing CloudTrail DescribeTrails ###") + try: + for region in regions: + client = boto3.client('cloudtrail', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + + response = client.list_public_keys() + + # print (response) + # print(region) + if response['PublicKeyList'] is None: + print("{} likely does not have CloudTrail permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['PublicKeyList']) <= 0: + print("[-] PublicKeyList allowed for {} but no results [-]" .format(region)) + else: + print("### {} CloudTrail Public Keys ###" .format(region)) + for keys in response['PublicKeyList']: + pp.pprint(keys) + print("\n") + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDenied': + print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + pass + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + + diff --git a/libs/cloudwatch.py b/libs/cloudwatch.py index 9dc66c3..a718c77 100644 --- a/libs/cloudwatch.py +++ b/libs/cloudwatch.py @@ -28,8 +28,12 @@ def describe_alarms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'OptInRequired': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: - print ("Unexpected error: {}" .format(e)) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -55,8 +59,12 @@ def describe_alarm_history(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print ('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'OptInRequired': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: - print ("Unexpected error: {}" .format(e)) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -82,6 +90,10 @@ def list_metrics(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print ('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'OptInRequired': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print ("Unexpected error: {}" .format(e)) except KeyboardInterrupt: diff --git a/libs/config.py b/libs/config.py index 56915a2..5ce143b 100644 --- a/libs/config.py +++ b/libs/config.py @@ -31,6 +31,8 @@ def describe_configuration_recorders(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, r elif e.response['Error']['Code'] == 'AccessDeniedException': print('[-] {} : does not have config access. Did you check first?' .format(AWS_ACCESS_KEY_ID)) pass + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: @@ -56,6 +58,8 @@ def describe_configuration_rules(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, regio elif e.response['Error']['Code'] == 'AccessDeniedException': print('[-] {} : does not have config access. Did you check first?' .format(AWS_ACCESS_KEY_ID)) pass + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: diff --git a/libs/datapipeline.py b/libs/datapipeline.py index 2237938..d6343bb 100644 --- a/libs/datapipeline.py +++ b/libs/datapipeline.py @@ -34,6 +34,8 @@ def list_pipelines(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: diff --git a/libs/dynamodb.py b/libs/dynamodb.py index 1fe885c..be2f5dc 100644 --- a/libs/dynamodb.py +++ b/libs/dynamodb.py @@ -35,6 +35,8 @@ def list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: @@ -64,6 +66,8 @@ def list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDeniedException': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: @@ -98,6 +102,8 @@ def describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, table, region): print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDeniedException': print('{} : Does not have the required DescribeTable permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: diff --git a/libs/dynamodbstreams.py b/libs/dynamodbstreams.py index cd5b817..0821828 100644 --- a/libs/dynamodbstreams.py +++ b/libs/dynamodbstreams.py @@ -35,6 +35,8 @@ def list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: diff --git a/libs/ec2.py b/libs/ec2.py index f2a2510..5c0afd7 100644 --- a/libs/ec2.py +++ b/libs/ec2.py @@ -46,6 +46,8 @@ def review_encrypted_volumes(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'UnauthorizedOperation': print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print(e) except KeyboardInterrupt: @@ -68,6 +70,8 @@ def get_instance_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'UnauthorizedOperation': print('{} : (UnauthorizedOperation) when calling the DescribeInstances -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print(e) except KeyboardInterrupt: @@ -95,6 +99,8 @@ def get_instance_details_basic(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'UnauthorizedOperation': print('{} : (UnauthorizedOperation) when calling the DescribeInstances-- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print(e) except KeyboardInterrupt: @@ -118,6 +124,8 @@ def get_instance_volume_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'UnauthorizedOperation': print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print(e) except KeyboardInterrupt: @@ -143,6 +151,8 @@ def get_instance_volume_details2(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'UnauthorizedOperation': print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have the required ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print(e) except KeyboardInterrupt: diff --git a/libs/ecr.py b/libs/ecr.py index f56d103..99fab70 100644 --- a/libs/ecr.py +++ b/libs/ecr.py @@ -21,7 +21,7 @@ def describe_repositories(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): response = client.describe_repositories() - # print response + # print (response) if response.get('repositories') is None: print("{} likely does not have ECR permissions\n" .format(AWS_ACCESS_KEY_ID)) @@ -38,6 +38,8 @@ def describe_repositories(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: diff --git a/libs/elasticbeanstalk.py b/libs/elasticbeanstalk.py index e8b80cf..803c07f 100644 --- a/libs/elasticbeanstalk.py +++ b/libs/elasticbeanstalk.py @@ -39,6 +39,8 @@ def describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: @@ -70,6 +72,8 @@ def describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: @@ -107,6 +111,8 @@ def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: @@ -138,6 +144,8 @@ def describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: @@ -169,6 +177,8 @@ def describe_events(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: diff --git a/libs/emr.py b/libs/emr.py index c5860a9..82a84ea 100644 --- a/libs/emr.py +++ b/libs/emr.py @@ -37,6 +37,8 @@ def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: @@ -68,6 +70,8 @@ def list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: diff --git a/libs/firehose.py b/libs/firehose.py index f65e941..7bc6ed9 100644 --- a/libs/firehose.py +++ b/libs/firehose.py @@ -36,6 +36,8 @@ def firehose_list_delivery_streams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: @@ -67,6 +69,8 @@ def firehose_describe_delivery_streams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: diff --git a/libs/iam.py b/libs/iam.py index 80f1cc5..4a5b4ed 100644 --- a/libs/iam.py +++ b/libs/iam.py @@ -13,7 +13,7 @@ import pprint pp = pprint.PrettyPrinter(indent=5, width=80) -region = 'us-east-1' +regions = ['us-east-1'] def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region) @@ -51,6 +51,8 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("The AWS KEY IS INVALID. Exiting") if e.response['Error']['Code'] == 'AccessDenied': print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: @@ -194,3 +196,122 @@ def make_backdoor_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, pa print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") + +def iam_list_groups(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + print("### Printing IAM Groups ###") + try: + for region in regions: + client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + response = client.list_groups() + if response.get('Groups') is None: + print("{} likely does not have IAM permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['Groups']) <= 0: + print("[-] ListGroups allowed for {} but no results [-]\n" .format(region)) + else: + # print(response) + print ("### {} Groups ###" .format(region)) + for group in response['Groups']: + pp.pprint(group) + print("\n") + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDenied': + print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'OptInRequired': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + +def iam_get_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + print("### Printing IAM User Info ###") + try: + for region in regions: + client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + response = client.get_user() + print(response) + if response.get('User') is None: + print("{} likely does not have IAM permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['User']) <= 0: + print("[-] GetUser allowed for {} but no results [-]\n" .format(region)) + else: + # print(response) + print ("### {} User Account Info ###" .format(region)) + for key, value in response['User'].items(): + print(key,':', value) + print("\n") + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDenied': + print('{} : Is NOT a root/IAM key' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'OptInRequired': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + +def iam_get_account_summary(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + print("### Printing IAM Account Summary ###") + try: + for region in regions: + client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + + response = client.get_account_summary() + # print(response) + if response.get('SummaryMap') is None: + print("{} likely does not have IAM permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['SummaryMap']) <= 0: + print("[-] GetAccountSummary allowed for {} but no results [-]\n" .format(region)) + else: + pp.pprint(response['SummaryMap']) + # print(response) + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDenied': + print('{} : Is NOT a root/IAM key' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'OptInRequired': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + +def iam_list_users(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + print("### Printing IAM Users ###") + try: + for region in regions: + client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + + response = client.list_users() + # print(response) + if response.get('Users') is None: + print("{} likely does not have IAM permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['Users']) <= 0: + print("[-] ListUsers allowed for {} but no results [-]\n" .format(region)) + else: + pp.pprint(response['Users']) + # print(response) + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDenied': + print('{} : Is NOT a root/IAM key' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'OptInRequired': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") diff --git a/libs/opsworks.py b/libs/opsworks.py index 4e50a80..cabe0b5 100644 --- a/libs/opsworks.py +++ b/libs/opsworks.py @@ -6,7 +6,7 @@ pp = pprint.PrettyPrinter(indent=5, width=80) # from http://docs.aws.amazon.com/general/latest/gr/rande.html # http://docs.aws.amazon.com/general/latest/gr/rande.html#opsworks_region -regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', ] +regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-1', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1' ] def describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): @@ -23,9 +23,9 @@ def describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # debug # print(response) if response.get('Stacks') is None: - print("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID)) + print("{} likely does not have Opsworks permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['Stacks']) <= 0: - print("[-] DescribeStacks allowed for {} but no results (everyone seems to have this permission) [-]\n" .format(region)) + print("[-] DescribeStacks allowed for {} but no results [-]\n" .format(region)) else: # THIS PART IS UNTESTED for r in response['Stacks']: pp.pprint(r) @@ -37,7 +37,47 @@ def describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'EndpointConnectionError': print("[-] Cant connect to the {} endpoint [-]" .format(region)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") + + +def describe_user_profiles(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + print('#### Listing User Profiles ####') + try: + for region in regions: + client = boto3.client( + 'opsworks', + aws_access_key_id=AWS_ACCESS_KEY_ID, + aws_secret_access_key=AWS_SECRET_ACCESS_KEY, + region_name=region + ) + response = client.describe_user_profiles() + # debug + print(response) + #if response.get('Stacks') is None: + # print("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID)) + #elif len(response['Stacks']) <= 0: + # print("[-] DescribeStacks allowed for {} but no results (everyone seems to have this permission) [-]\n" .format(region)) + #else: # THIS PART IS UNTESTED + # for r in response['Stacks']: + # pp.pprint(r) + except botocore.exceptions.EndpointConnectionError as e: + print("Unexpected error: {}" .format(e)) + + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'EndpointConnectionError': + print("[-] Cant connect to the {} endpoint [-]" .format(region)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + + diff --git a/libs/pricing.py b/libs/pricing.py new file mode 100644 index 0000000..aace0ab --- /dev/null +++ b/libs/pricing.py @@ -0,0 +1,39 @@ +''' +Pricing Library +''' + +import boto3 +import botocore +import pprint +import sys + +pp = pprint.PrettyPrinter(indent=5, width=80) + +#from http://docs.aws.amazon.com/general/latest/gr/rande.html +regions = ['us-east-1', 'ap-south-1', ] + + +def pricing_describe_services(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + try: + for region in regions: + client = boto3.client('pricing', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + response = client.describe_services() + print(response) + if response.get('Services') is None: + print("{} likely does not have Pricing permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['Services']) <= 0: + print("[-] Describe Pricing Services allowed for {} but no results [-]" .format(region)) + else: + print("### {} Services ###" .format(region)) + for tables in response['ServiceCode']: + pp.pprint(tables) + print("\n") + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'UnauthorizedOperation': + print('{} : (UnauthorizedOperation) when calling the Pricing DescribeServices' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print(e) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") diff --git a/libs/rds.py b/libs/rds.py index 2bcbfa3..58ea635 100644 --- a/libs/rds.py +++ b/libs/rds.py @@ -9,22 +9,29 @@ regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', ' def describe_db_instances(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print("doing stuff") - try: - for region in regions: - client = boto3.client( - 'rds', - aws_access_key_id = AWS_ACCESS_KEY_ID, - aws_secret_access_key = AWS_SECRET_ACCESS_KEY, - region_name=region - ) + print("doing stuff") + try: + for region in regions: + client = boto3.client( + 'rds', + aws_access_key_id = AWS_ACCESS_KEY_ID, + aws_secret_access_key = AWS_SECRET_ACCESS_KEY, + region_name=region + ) - instances = client.describe_db_instances() - for r in instances['DBInstances']: - for i in r['Instances']: - pp.pprint(i) + instances = client.describe_db_instances() + for r in instances['DBInstances']: + for i in r['Instances']: + pp.pprint(i) - except botocore.exceptions.ClientError as e: - print(e) - except KeyboardInterrupt: - print("CTRL-C received, exiting...") + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDenied': + print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") diff --git a/libs/route53.py b/libs/route53.py index d173a78..609cd0a 100644 --- a/libs/route53.py +++ b/libs/route53.py @@ -40,6 +40,10 @@ def list_geolocations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'OptInRequired': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: diff --git a/libs/s3.py b/libs/s3.py index 1aec960..274f890 100644 --- a/libs/s3.py +++ b/libs/s3.py @@ -54,8 +54,10 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket): print("\n") elif e.response['Error']['Code'] == 'AllAccessDisabled': print('{} : cant list s3 bucket policy [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: - print ("Unexpected error: {}" .format(e)) + print("Unexpected error: {}" .format(e)) try: acl = client.get_bucket_acl(Bucket=bucket) @@ -73,16 +75,20 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket): print("\n") elif e.response['Error']['Code'] == 'AllAccessDisabled': print('{} : cant list s3 bucket acl [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: - print ("Unexpected error: {}" .format(e)) + print("Unexpected error: {}" .format(e)) except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("The AWS KEY IS INVALID. Exiting") elif e.response['Error']['Code'] == 'NotSignedUp': print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: - print ("Unexpected error: {}" .format(e)) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -107,8 +113,10 @@ def get_s3object_acl(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket, myfile): sys.exit("The AWS KEY IS INVALID. Exiting") elif e.response['Error']['Code'] == 'NotSignedUp': print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: - print ("Unexpected error: {}" .format(e)) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -133,8 +141,10 @@ def get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print('{} : cant list s3 bucket policy [AccessDenied]' .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'NotSignedUp': print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: - print ("Unexpected error: {}" .format(e)) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -158,7 +168,9 @@ def get_s3objects_for_account_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) sys.exit("The AWS KEY IS INVALID. Exiting") elif e.response['Error']['Code'] == 'NotSignedUp': print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: - print ("Unexpected error: {}" .format(e)) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") diff --git a/libs/sqs.py b/libs/sqs.py index d8aa7d6..c189778 100644 --- a/libs/sqs.py +++ b/libs/sqs.py @@ -26,6 +26,8 @@ def sqs_list_queues(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: diff --git a/libs/sts.py b/libs/sts.py index eba6ca2..3bd5bb3 100644 --- a/libs/sts.py +++ b/libs/sts.py @@ -13,6 +13,16 @@ def get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) account_id = client.get_caller_identity()["Account"] print("Account Id: {}" .format(account_id)) + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'EndpointConnectionError': + print("[-] Cant connect to the {} endpoint [-]" .format(region)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -28,6 +38,15 @@ def get_accountid_all(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("Account Id: {}" .format(account_id)) print("Account UserID: {}" .format(account_userid) ) print("Account ARN: {}" .format(account_arn) ) + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'EndpointConnectionError': + print("[-] Cant connect to the {} endpoint [-]" .format(region)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") diff --git a/modules/ce.py b/modules/ce.py new file mode 100644 index 0000000..35a5354 --- /dev/null +++ b/modules/ce.py @@ -0,0 +1,12 @@ +''' +This file is used to perform various Cost Explorer operations +usually have to be root or be specifically assigned the +permission to get anything from this +''' + +from libs.ce import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +def step_cost_explorer_get_cost_and_usage(): + ce_get_cost_and_usage(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) \ No newline at end of file diff --git a/modules/cloudtrail.py b/modules/cloudtrail.py new file mode 100644 index 0000000..3f6ce18 --- /dev/null +++ b/modules/cloudtrail.py @@ -0,0 +1,13 @@ +''' +This file is used to perform cloudtrail actions +''' +from libs.cloudtrail import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +def step_cloudtrail_describe_trails(): + describe_trails(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +def step_cloudtrail_list_public_keys(): + list_public_keys(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) \ No newline at end of file diff --git a/modules/iam.py b/modules/iam.py new file mode 100644 index 0000000..cdbc9a3 --- /dev/null +++ b/modules/iam.py @@ -0,0 +1,22 @@ +''' +IAM recon functions +''' +from libs.iam import * + +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +def step_iam_list_groups(): + iam_list_groups(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +def step_iam_get_user(): + iam_get_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +def step_iam_get_account_summary(): + iam_get_account_summary(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +def step_iam_list_users(): + iam_list_users(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) \ No newline at end of file diff --git a/modules/opsworks.py b/modules/opsworks.py index 2b65558..b51f3eb 100644 --- a/modules/opsworks.py +++ b/modules/opsworks.py @@ -4,3 +4,7 @@ from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY def step_opsworks_describe_stacks(): describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + + +def step_opsworks_describe_user_profiles(): + describe_user_profiles(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) \ No newline at end of file diff --git a/modules/pricing.py b/modules/pricing.py new file mode 100644 index 0000000..ea8d6d9 --- /dev/null +++ b/modules/pricing.py @@ -0,0 +1,12 @@ +''' +This file is used to perform various pricing operations +usually have to be root or be specifically assigned the +permission to get anything from this +''' + +from libs.pricing import * +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +def step_pricing_describe_services(): + pricing_describe_services(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/modules/route53.py b/modules/route53.py new file mode 100644 index 0000000..f8829a9 --- /dev/null +++ b/modules/route53.py @@ -0,0 +1,10 @@ +''' +route53 functions +''' +from libs.route53 import * + +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +def step_route53_list_geolocations(): + list_geolocations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) \ No newline at end of file From c917df7dde9cb6dda9579c5c1658867cca0a5a9f Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Thu, 12 Apr 2018 00:09:58 -0400 Subject: [PATCH 16/16] fix sqs lib to list_queues --- libs/sqs.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libs/sqs.py b/libs/sqs.py index c189778..2d2d965 100644 --- a/libs/sqs.py +++ b/libs/sqs.py @@ -16,10 +16,12 @@ def sqs_list_queues(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): if response.get('QueueUrls') is None: print("[-] ListQueues allowed for {} but no results [-]" .format(region)) # THis isnt working need to test with one that works to get the QueueUrl attributes - # if len(response['QueueUrls']) <= 0: - # print("[-] ListQueues allowed for {} but no results [-]" .format(region)) + elif len(response['QueueUrls']) <= 0: + print("[-] ListQueues allowed for {} but no results [-]" .format(region)) else: - print("region: {} \n {}".format(region,response)) + print("[+] Listing queuesfor region: {} [+]" .format(region)) + for r in response['QueueUrls']: + pp.pprint(r) except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId':