From cfe398373b025bb11f74d9b4fb9e7ead680bc543 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Thu, 19 Apr 2018 18:17:15 -0400 Subject: [PATCH] ALL the services...finally...if you dont like it...fuck u :-) --- libs/brute.py | 862 +++++++++++++++++++++++++++++++++-------------- modules/recon.py | 84 ++--- 2 files changed, 649 insertions(+), 297 deletions(-) diff --git a/libs/brute.py b/libs/brute.py index a37c0ff..6512b39 100644 --- a/libs/brute.py +++ b/libs/brute.py @@ -11,6 +11,7 @@ import sys from libs.sql import * +#from conf.conf import * ''' This is the main brute library so that we can get an idea what services a particular @@ -19,7 +20,7 @@ subfunctions as we can. Printed to screen and logged to db. ''' -# we chould probably load this from one place in the future #TODO +# we chould probably load this from one place in the future #TODO db_name = "weirdAAL.db" pp = pprint.PrettyPrinter(indent=5, width=80) @@ -252,22 +253,38 @@ def generic_method_bruteforcer_region(service, tests, region_passed): actions.append(api_action) return actions -# http://boto3.readthedocs.io/en/latest/reference/services/acm.html - def brute_acm_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/acm.html + ''' print("### Enumerating ACM Permissions ###") tests = [('ListCertificates', 'list_certificates', (), {}, ), ] return generic_permission_bruteforcer('acm', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/alexaforbusiness.html -# TODO -# search_devices with a filter of * might get it done -# http://boto3.readthedocs.io/en/latest/reference/services/apigateway.html +def brute_acm_pca_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/acm-pca.html + ''' + print("### Enumerating AWS Certificate Manager Private Certificate Authority (ACM-PCA) Permissions ###") + tests = [('ListCertificateAuthorities', 'list_certificate_authorities', (), {}, ), ] + return generic_permission_bruteforcer('acm-pca', tests) + + +def brute_alexaforbusiness_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/alexaforbusiness.html + ''' + print("### Enumerating Alexa For Business Permissions ###") + tests = [('ListSkills', 'list_skills', (), {}, ), ] + return generic_permission_bruteforcer('alexaforbusiness', tests) def brute_apigateway_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/apigateway.html + ''' print("### Enumerating APIGateway Permissions ###") tests = [('GetAccount', 'get_account', (), {}, ), ('GetApiKeys', 'get_api_keys', (), {}, ), @@ -279,13 +296,13 @@ def brute_apigateway_permissions(): return generic_permission_bruteforcer('apigateway', tests) # http://boto3.readthedocs.io/en/latest/reference/services/application-autoscaling.html -# TODO # not seeing any functions that dont take args -# http://boto3.readthedocs.io/en/latest/reference/services/appstream.html - def brute_appstream_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/appstream.html + ''' print("### Enumerating APPStream Permissions ###") tests = [('DescribeFleets', 'describe_fleets', (), {}, ), ('DescribeImages', 'describe_images', (), {}, ), @@ -293,22 +310,23 @@ def brute_appstream_permissions(): return generic_permission_bruteforcer('appstream', tests) # http://boto3.readthedocs.io/en/latest/reference/services/appsync.html -# TODO # not seeing any functions that dont take args -# http://boto3.readthedocs.io/en/latest/reference/services/athena.html - def brute_athena_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/athena.html + ''' print("### Enumerating Athena Permissions ###") tests = [('ListNamedQueries', 'list_named_queries', (), {}, ), ('ListQueryExecutions', 'list_query_executions', (), {}, ), ] return generic_permission_bruteforcer('athena', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/autoscaling.html - def brute_autoscaling_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/autoscaling.html + ''' print("### Enumerating Autoscaling Permissions ###") tests = [('DescribeAccountLimits', 'describe_account_limits', (), {}, ), ('DescribeAdjustmentTypes', 'describe_adjustment_types', (), {}, ), @@ -321,28 +339,31 @@ def brute_autoscaling_permissions(): ('DescribePolicies', 'describe_policies', (), {}, ), ] return generic_permission_bruteforcer('autoscaling', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/autoscaling-plans.html - def brute_autoscaling_plans_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/autoscaling-plans.html + ''' print("### Enumerating Autoscaling-Plans Permissions ###") tests = [('DescribeScalingPlans', 'describe_scaling_plans', (), {}, ), ] return generic_permission_bruteforcer('autoscaling-plans', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/batch.html - def brute_batch_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/batch.html + ''' print("### Enumerating Batch Permissions ###") tests = [('DescribeComputeEnvironments', 'describe_compute_environments', (), {}, ), ('DescribeJobDefinitions', 'describe_job_definitions', (), {}, ), ('DescribeJobQueues', 'describe_job_queues', (), {}, ), ] return generic_permission_bruteforcer('batch', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/budgets.html - def brute_budgets_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/budgets.html + ''' print("### Enumerating Budgets Permissions ###") account_id = get_accountid() tests = [('DescribeBudgets', 'describe_budgets', (), {'AccountId': account_id}, ), ] @@ -353,49 +374,53 @@ def brute_budgets_permissions(): # http://boto3.readthedocs.io/en/latest/reference/services/ce.html#CostExplorer.Client.get_cost_and_usage # shoudl work we just need to generate start and end times each run -# http://boto3.readthedocs.io/en/latest/reference/services/cloud9.html - def brute_cloud9_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/cloud9.html + ''' print("### Enumerating Cloud9 Permissions ###") tests = [('ListEnvironments', 'list_environments', (), {}, ), ] return generic_permission_bruteforcer('cloud9', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/clouddirectory.html - def brute_clouddirectory_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/clouddirectory.html + ''' print("### Enumerating CloudDirectory Permissions ###") tests = [('ListDirectories', 'list_directories', (), {}, ), ] return generic_permission_bruteforcer('clouddirectory', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/cloudformation.html - - def brute_cloudformation_permissions(): - print("### Enumerating CLoudFormation Permissions ###") + ''' + http://boto3.readthedocs.io/en/latest/reference/services/cloudformation.html + ''' + print("### Enumerating CloudFormation Permissions ###") tests = [('ListStacks', 'list_stacks', (), {}), ('DescribeStacks', 'describe_stacks', (), {}), - ('DescribeStackEvents', 'describe_stack_events', (), {}), - ('DescribeStackResources', 'describe_stack_resources', (), {}), + #('DescribeStackEvents', 'describe_stack_events', (), {}), + #('DescribeStackResources', 'describe_stack_resources', (), {}), ('ListExports', 'list_exports', (), {}), ('DescribeAccountLimits', 'describe_account_limits', (), {}), ] return generic_permission_bruteforcer('cloudformation', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/cloudfront.html - def brute_cloudfront_permissions(): - print("### Enumerating CLoudFront Permissions ###") + ''' + http://boto3.readthedocs.io/en/latest/reference/services/cloudfront.html + ''' + print("### Enumerating CloudFront Permissions ###") tests = [('ListDistributions', 'list_distributions', (), {}), ('ListCloudFrontOriginAcessIdentities', 'list_cloud_front_origin_access_identities', (), {}), ] return generic_permission_bruteforcer('cloudfront', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/cloudhsm.html - def brute_cloudhsm_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/cloudhsm.html + ''' print("### Enumerating CloudHSM Permissions ###") tests = [('DescribeHsm', 'describe_hsm', (), {}), ('ListHsms', 'list_hsms', (), {}), @@ -404,118 +429,150 @@ def brute_cloudhsm_permissions(): ('ListLunaClients', 'list_luna_clients', (), {}), ] return generic_permission_bruteforcer('cloudhsm', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/cloudhsmv2.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/cloudsearch.html +def brute_cloudhsmv2_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/cloudhsmv2.html + ''' + print("### Enumerating CloudHSMv2 Permissions ###") + tests = [('DescribeBackups', 'describe_backups', (), {}), + ('DescribeClusters', 'describe_clusters', (), {}), ] + return generic_permission_bruteforcer('cloudhsmv2', tests) def brute_cloudsearch_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/cloudsearch.html + ''' print("### Enumerating CloudSearch Permissions ###") tests = [('DescribeDomains', 'describe_domains', (), {}, ), ('ListDomainNames', 'list_domain_names', (), {}, ), ] return generic_permission_bruteforcer('cloudsearch', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/cloudsearchdomain.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/cloudtrail.html +def brute_cloudsearchdomain_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/cloudsearchdomain.html + Disabled---requires a custom search domain from cloudsearch describe_domains results + ''' + print("### Enumerating Amazon CloudSearch Domain Permissions ###") + tests = [('Search', 'search', (), {'query':'*'}, ), ] + return generic_permission_bruteforcer('cloudsearchdomain', tests) def brute_cloudtrail_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/cloudtrail.html + ''' print("### Enumerating CloudTrail Permissions ###") tests = [('DescribeTrails', 'describe_trails', (), {}, ), ('ListPublicKeys', 'list_public_keys', (), {}, ), ] return generic_permission_bruteforcer('cloudtrail', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/cloudwatch.html - def brute_cloudwatch_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/cloudwatch.html + ''' print("### Enumerating CloudWatch Permissions ###") tests = [('ListMetrics', 'list_metrics', (), {}, ), ('DescribeAlarmHistory', 'describe_alarm_history', (), {}, ), ('DescribeAlarms', 'describe_alarms', (), {}, ), ] return generic_permission_bruteforcer('cloudwatch', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/codebuild.html - def brute_codebuild_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/codebuild.html + ''' print("### Enumerating CodeBuild Permissions ###") tests = [('ListBuilds', 'list_builds', (), {}, ), ('ListCuratedEnvironmentImages', 'list_curated_environment_images', (), {}, ), ('ListProjects', 'list_projects', (), {}, ), ] return generic_permission_bruteforcer('codebuild', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/codecommit.html - def brute_codecommit_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/codecommit.html + ''' print("### Enumerating CodeCommit Permissions ###") tests = [('ListRepositories', 'list_repositories', (), {}, ), ] return generic_permission_bruteforcer('codecommit', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/codedeploy.html - def brute_codedeploy_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/codedeploy.html + ''' print("### Enumerating CodeDeploy Permissions ###") tests = [('ListApplications', 'list_applications', (), {}, ), ('ListDeployments', 'list_deployments', (), {}, ), ('ListDeploymentsConfigs', 'list_deployment_configs', (), {}, ), - # ('ListGitHubAccountTokenNames', 'list_git_hub_account_token_names', (), {}, ), #returning an error no function of that name + ('ListGitHubAccountTokenNames', 'list_git_hub_account_token_names', (), {}, ), #returning an error no function of that name ('ListOnPremisesInstances', 'list_on_premises_instances', (), {}, ), ] return generic_permission_bruteforcer('codedeploy', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/codepipeline.html - def brute_codepipeline_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/codepipeline.html + ''' print("### Enumerating CodePipeline Permissions ###") tests = [('ListPipelines', 'list_pipelines', (), {}, ), ] return generic_permission_bruteforcer('codepipeline', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/codestar.html - def brute_codestar_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/codestar.html + ''' print("### Enumerating CodeStar Permissions ###") tests = [('ListProjects', 'list_projects', (), {}, ), ('ListUerProfiles', 'list_user_profiles', (), {}, ), ] return generic_permission_bruteforcer('codestar', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/cognito-identity.html - def brute_cognitoidentity_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/cognito-identity.html + ''' print("### Enumerating Cognito-Identity Permissions ###") tests = [('ListIdentityPools', 'list_identity_pools', (), {'MaxResults': 1}, ), ] return generic_permission_bruteforcer('cognito-identity', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/cognito-idp.html - def brute_cognitoidp_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/cognito-idp.html + ''' print("### Enumerating CognitoIdentityProvider Permissions ###") tests = [('ListUserPools', 'list_user_pools', (), {'MaxResults': 1}, ), ] return generic_permission_bruteforcer('cognito-idp', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/cognito-sync.html - def brute_cognitosync_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/cognito-sync.html + ''' print("### Enumerating CognitoSync Permissions ###") tests = [('ListIdentityPoolUsage', 'list_identity_pool_usage', (), {}, ), ] return generic_permission_bruteforcer('cognito-sync', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/comprehend.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/config.html +def brute_comprehend_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/comprehend.html + ''' + print("### Enumerating Comprehend Permissions ###") + tests = [('ListTopicsDetectionJobs', 'list_topics_detection_jobs', (), {}, ), ] + return generic_permission_bruteforcer('comprehend', tests) def brute_configservice_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/config.html + ''' print("### Enumerating ConfigService Permissions ###") tests = [('DescribeComplianceByConfigRule', 'describe_compliance_by_config_rule', (), {}, ), ('DescribeComplianceByResource', 'describe_compliance_by_resource', (), {}, ), @@ -527,100 +584,124 @@ def brute_configservice_permissions(): ('DescribeDeliveryChannels', 'describe_delivery_channels', (), {}, ), ] return generic_permission_bruteforcer('config', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/cur.html -# Doesnt seem to be working - +# http://boto3.readthedocs.io/en/latest/reference/services/connect.html +# no functions def brute_costandusagereportservice_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/cur.html + ''' print("### Enumerating CostandUsageReportService Permissions ###") tests = [('DescribeReportDefinitions', 'describe_report_definitions', (), {}, ), ] return generic_permission_bruteforcer('cur', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/datapipeline.html - def brute_datapipeline_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/datapipeline.html + ''' print("### Enumerating DataPipeline Permissions ###") tests = [('ListPipelines', 'list_pipelines', (), {}, ), ] return generic_permission_bruteforcer('datapipeline', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/dax.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/devicefarm.html -# http://docs.aws.amazon.com/general/latest/gr/rande.html#devicefarm_region +def brute_dax_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/dax.html + ''' + print("### Enumerating DynamoDB Accelerator (DAX) Permissions ###") + tests = [('DescribeClusters', 'describe_clusters', (), {}, ), + ('DescribeDefaultParameters', 'describe_default_parameters', (), {}, ), + ('DescribeEvents', 'describe_events', (), {}, ), + ('DescribeParameterGroups', 'describe_parameter_groups', (), {}, ), + ('DescribeSubnetGroups', 'describe_subnet_groups', (), {}, ), ] + return generic_permission_bruteforcer('dax', tests) def brute_devicefarm_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/devicefarm.html + http://docs.aws.amazon.com/general/latest/gr/rande.html#devicefarm_region + ''' print("### Enumerating DeviceFarm Permissions ###") tests = [('ListProjects', 'list_projects', (), {}, ), ('ListDevices', 'list_devices', (), {}, ), ] return generic_permission_bruteforcer_region('devicefarm', tests, 'us-west-2') -# http://boto3.readthedocs.io/en/latest/reference/services/directconnect.html - def brute_directconnect_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/directconnect.html + ''' print("### Enumerating DirectConnect Permissions ###") tests = [('DescribeConnections', 'describe_connections', (), {}, ), ('DescribeLags', 'describe_lags', (), {}, ), ] return generic_permission_bruteforcer('directconnect', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/discovery.html - def brute_applicationdiscoveryservice_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/discovery.html + ''' print("### Enumerating ApplicationDiscoveryService Permissions ###") tests = [('DescribeAgents', 'describe_agents', (), {}, ), ] - return generic_permission_bruteforcer('discovery', tests) - -# http://boto3.readthedocs.io/en/latest/reference/services/dms.html + return generic_permission_bruteforcer_region('discovery', tests, 'us-west-2') def brute_dms_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/dms.html + ''' print("### Enumerating DatabaseMigrationService Permissions ###") tests = [('DescribeAccountAttributes', 'describe_account_attributes', (), {}, ), ('DescribeEvents', 'describe_events', (), {}, ), ('DescribeConnections', 'describe_connections', (), {}, ), ] return generic_permission_bruteforcer('dms', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/ds.html - def brute_directoryservice_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/ds.html + ''' print("### Enumerating DirectoryService Permissions ###") tests = [('DescribeDirectories', 'describe_directories', (), {}, ), ('DescribeSnapshots', 'describe_snapshots', (), {}, ), ('DescribeTrusts', 'describe_trusts', (), {}, ), ] return generic_permission_bruteforcer('ds', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html - def brute_dynamodb_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html + ''' print("### Enumerating DynamoDB Permissions ###") - tests = [('ListTables', 'list_tables', (), {}, ), ] + tests = [('ListTables', 'list_tables', (), {}, ), + ('DescribeLimits', 'describe_limits', (), {}, ), + ('ListBackups', 'list_backups', (), {}, ), + ('ListGlobalTables', 'list_global_tables', (), {}, ), ] return generic_permission_bruteforcer('dynamodb', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/dynamodbstreams.html - def brute_dynamodbstreams_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/dynamodbstreams.html + ''' print("### Enumerating DynamoDBStreamsPermissions ###") tests = [('ListStreams', 'list_streams', (), {}, ), ] return generic_permission_bruteforcer('dynamodbstreams', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#client - def brute_ec2_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#client + ''' print("### Enumerating EC2 Permissions ###") tests = [('DescribeInstances', 'describe_instances', (), {'DryRun': True}, ), ('DescribeInstanceStatus', 'describe_instance_status', (), {'DryRun': True}, ), ('DescribeImages', 'describe_images', (), {'DryRun': True, 'Owners': ['self', ]}, ), ('CreateImage', 'create_image', (), {'InstanceId': 'i-0ffffeeeeaa11e111', 'Name': 'testimage', 'DryRun': True}, ), ('DescribeVolumes', 'describe_volumes', (), {'DryRun': True}, ), - ('CreateVolume', 'create_volume', (), {'AvailabilityZone': 'us-east-1', 'Size': 8, 'DryRun': True}, ), + ('CreateVolume', 'create_volume', (), {'AvailabilityZone': 'us-east-2', 'Size': 8, 'DryRun': True}, ), ('DescribeSnapshots', 'describe_snapshots', (), {'DryRun': True, 'OwnerIds': ['self', ]}, ), ('CreateSnapshot', 'create_snapshot', (), {'VolumeId': 'vol-05777eab71bc97dcb', 'DryRun': True}, ), ('DescribeAccountAttributes', 'describe_account_attributes', (), {'DryRun': True}, ), @@ -675,18 +756,20 @@ def brute_ec2_permissions(): ('DescribeVpnGateways', 'describe_vpn_gateways', (), {'DryRun': True}, ), ] return generic_permission_bruteforcer('ec2', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/ecr.html - def brute_ecr_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/ecr.html + ''' print("### Enumerating EC2 Container Registry (ECR) Permissions ###") tests = [('DescribeRepositories', 'describe_repositories', (), {}), ] return generic_permission_bruteforcer('ecr', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/ecs.html - def brute_ecs_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/ecs.html + ''' print("### Enumerating EC2 Container Service (ECS) Permissions ###") tests = [('ListClusters', 'list_clusters', (), {}), ('DescribeClusters', 'describe_clusters', (), {}), @@ -696,19 +779,21 @@ def brute_ecs_permissions(): ] return generic_permission_bruteforcer('ecs', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/efs.html - def brute_efs_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/efs.html + ''' print("### Enumerating Elastic File System (EFS) Permissions ###") tests = [('DescribeFileSystems', 'describe_file_systems', (), {}), ('DescribeMountTargets', 'describe_mount_targets', (), {}), ] return generic_permission_bruteforcer('efs', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/elasticache.html - def brute_elasticache_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/elasticache.html + ''' print("### Enumerating ElastiCache Permissions ###") tests = [('DescribeCacheClusters', 'describe_cache_clusters', (), {}), ('DescribeCacheEngineVersions', 'describe_cache_engine_versions', (), {}), @@ -721,10 +806,11 @@ def brute_elasticache_permissions(): ('DescribeSnapshots', 'describe_snapshots', (), {}), ] return generic_permission_bruteforcer('elasticache', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/elasticbeanstalk.html - def brute_elasticbeanstalk_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/elasticbeanstalk.html + ''' print("### Enumerating ElasticBeanstalk Permissions ###") tests = [('DescribeApplications', 'describe_applications', (), {}), ('DescribeApplicationVersions', 'describe_application_versions', (), {}), @@ -737,28 +823,31 @@ def brute_elasticbeanstalk_permissions(): ('DescribeInstancesHealth', 'describe_instances_health', (), {}), ] return generic_permission_bruteforcer('elasticbeanstalk', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/elastictranscoder.html - def brute_elastictranscoder_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/elastictranscoder.html + ''' print("### Enumerating ElasticTranscoder Permissions ###") tests = [('ListPipelines', 'list_pipelines', (), {}), ('ListPresets', 'list_presets', (), {}), ] return generic_permission_bruteforcer('elastictranscoder', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/elb.html - def brute_elasticloadbalancing_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/elb.html + ''' print("### Enumerating ElasticLoadBalancing Permissions ###") tests = [('DescribeLoadBalancers', 'describe_load_balancers', (), {}), ('DescribeAccountLimits', 'describe_account_limits', (), {}), ] return generic_permission_bruteforcer('elb', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/elbv2.html - def brute_elasticloadbalancingv2_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/elbv2.html + ''' print("### Enumerating ElasticLoadBalancing Permissions ###") tests = [('DescribeLoadBalancers', 'describe_load_balancers', (), {}), ('DescribeAccountLimits', 'describe_account_limits', (), {}), @@ -766,44 +855,58 @@ def brute_elasticloadbalancingv2_permissions(): ('DescribeTargetGroups', 'describe_target_groups', (), {}), ] return generic_permission_bruteforcer('elbv2', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/emr.html - def brute_emr_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/emr.html + ''' print("### Enumerating Elastic MapReduce (EMR) Permissions ###") tests = [('ListClusters', 'list_clusters', (), {}), ('ListSecurityConfigurations', 'list_security_configurations', (), {}), ] return generic_permission_bruteforcer('emr', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/es.html - def brute_es_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/es.html + ''' print("### Enumerating Elasticsearch Service Permissions ###") tests = [('ListDomainNames', 'list_domain_names', (), {}), ('ListElasticsearchVersions', 'list_elasticsearch_versions', (), {}), ] return generic_permission_bruteforcer('es', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/events.html - def brute_cloudwatchevents_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/events.html + ''' print("### Enumerating CloudWatch Events Permissions ###") tests = [('ListRules', 'list_rules', (), {}), ] return generic_permission_bruteforcer('events', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/firehose.html - def brute_firehose_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/firehose.html + ''' print("### Enumerating Kinesis Firehose Permissions ###") tests = [('ListDeliveryStreams', 'list_delivery_streams', (), {}), ] return generic_permission_bruteforcer('firehose', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/gamelift.html + +def brute_fms_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/fms.html + ''' + print("### Enumerating Firewall Management Service (FMS) Permissions ###") + tests = [('ListPolicies', 'list_policies', (), {}), ] + return generic_permission_bruteforcer('fms', tests) def brute_gamelift_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/gamelift.html + ''' print("### Enumerating GameLift Permissions ###") tests = [('ListAliases', 'list_aliases', (), {}), ('ListBuilds', 'list_builds', (), {}), @@ -811,53 +914,76 @@ def brute_gamelift_permissions(): ('DescribeEC2InstanceLimits', 'describe_ec2_instance_limits', (), {}), ('DescribeFleetAttributes', 'describe_fleet_attributes', (), {}), ('DescribeFleetCapacity', 'describe_fleet_capacity', (), {}), - ('DescribeGameSessionDetails', 'describe_game_session_details', (), {}), - ('DescribeGameSessionQueues', 'describe_game_session_queues', (), {}), - ('DescribeGameSessions', 'describe_game_sessions', (), {}), - ('DescribePlayerSessions', 'describe_player_sessions', (), {}), ] + #('DescribeGameSessionDetails', 'describe_game_session_details', (), {}), + ('DescribeGameSessionQueues', 'describe_game_session_queues', (), {}), ] + #('DescribeGameSessions', 'describe_game_sessions', (), {}), + #('DescribePlayerSessions', 'describe_player_sessions', (), {}), ] return generic_permission_bruteforcer('gamelift', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/glacier.html - def brute_glacier_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/glacier.html + ''' print("### Enumerating Glacier Permissions ###") tests = [('ListVaults', 'list_vaults', (), {}), ] return generic_permission_bruteforcer('glacier', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/glue.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/greengrass.html -# If this one doesnt work make sure boto3 is up to date +def brute_glue_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/glue.html + ''' + print("### Enumerating Glue Permissions ###") + tests = [('GetDatabases', 'get_databases', (), {}), + ('GetClassifiers', 'get_classifiers', (), {}), + ('GetConnections', 'get_connections', (), {}), + ('GetCrawlerMetrics', 'get_crawler_metrics', (), {}), + ('GetCrawlers', 'get_crawlers', (), {}), + ('GetDevEndpoints', 'get_dev_endpoints', (), {}), + ('GetJobs', 'get_jobs', (), {}), + ('GetTriggers', 'get_triggers', (), {}), ] + return generic_permission_bruteforcer('glue', tests) def brute_greengrass_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/greengrass.html + If this one doesnt work make sure boto3 is up to date + ''' print("### Enumerating Greegrass Permissions ###") tests = [('ListGroups', 'list_groups', (), {}), ('ListLoggerDefinitions', 'list_logger_definitions', (), {}), ('ListSubscriptionDefinitions', 'list_subscription_definitions', (), {}), ] return generic_permission_bruteforcer('greengrass', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/guardduty.html -# TODO - -# http://boto3.readthedocs.io/en/latest/reference/services/health.html +def brute_guardduty_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/guardduty.html + ''' + print("### Enumerating Guard Duty Permissions ###") + tests = [('ListDetectors', 'list_detectors', (), {}), + ('ListInvitations', 'list_invitations', (), {}), ] + return generic_permission_bruteforcer('guardduty', tests) def brute_health_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/health.html + ''' print("### Enumerating Health Permissions ###") tests = [('DescribeEvents', 'describe_events', (), {}), ('DescribeEntityAggregates', 'describe_entity_aggregates', (), {}), ('DescribeEventTypes', 'describe_event_types', (), {}), ] return generic_permission_bruteforcer('health', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/iam.html -# TODO chop out the ARN/username and make some more fun function calls must chop up ARN to get username - def brute_iam_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/iam.html + TODO chop out the ARN/username and make some more fun function calls must chop up ARN to get username + ''' print("### Enumerating IAM Permissions ###") # account_username = get_username() tests = [('GetUser', 'get_user', (), {}), @@ -872,18 +998,20 @@ def brute_iam_permissions(): ('GetAccountAuthorizationDetails', 'get_account_authorization_details', (), {}), ] return generic_permission_bruteforcer('iam', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/importexport.html - def brute_importexport_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/importexport.html + ''' print("### Enumerating Import/Export Permissions ###") tests = [('ListJobs', 'list_jobs', (), {}), ] return generic_permission_bruteforcer('importexport', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/inspector.html - def brute_inspector_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/inspector.html + ''' print("### Enumerating Inspector Permissions ###") tests = [('ListFindings', 'list_findings', (), {}), ('ListEventSubscriptions', 'list_event_subscriptions', (), {}), @@ -891,94 +1019,109 @@ def brute_inspector_permissions(): ('ListAssessmentTargets', 'list_assessment_targets', (), {}), ] return generic_permission_bruteforcer('inspector', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/iot.html - def brute_iot_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/iot.html + ''' print("### Enumerating IoT Permissions ###") tests = [('ListThings', 'list_things', (), {}), ('ListPolicies', 'list_policies', (), {}), ('ListCertificates', 'list_certificates', (), {}), ] return generic_permission_bruteforcer('iot', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/iot-data.html -# NO functions to call without data - def brute_iotdata_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/iot-data.html + NO functions to call without data + ''' print("### Enumerating IoT Data Plane Permissions ###") tests = [('', '', (), {}), ] return generic_permission_bruteforcer('iot-data', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/iot-jobs-data.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/kinesis.html +# http://boto3.readthedocs.io/en/latest/reference/services/iot-jobs-data.html +# NO functions to call without data def brute_kinesis_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/kinesis.html + ''' print("### Enumerating Kinesis Permissions ###") tests = [('ListStreams', 'list_streams', (), {}), ] return generic_permission_bruteforcer('kinesis', tests) # http://boto3.readthedocs.io/en/latest/reference/services/kinesis-video-archived-media.html -# TODO +# NO functions to call without data # http://boto3.readthedocs.io/en/latest/reference/services/kinesis-video-media.html -# TODO - - -# http://boto3.readthedocs.io/en/latest/reference/services/kinesisanalytics.html +# NO functions to call without data def brute_kinesisanalytics_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/kinesisanalytics.html + ''' print("### Enumerating Kinesis Analytics Permissions ###") tests = [('ListApplications', 'list_applications', (), {}), ] return generic_permission_bruteforcer('kinesisanalytics', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/kinesisvideo.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/kms.html +def brute_kinesisvideo_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/kinesisvideo.html + ''' + print("### Enumerating Kinesis Video Permissions ###") + tests = [('ListStreams', 'list_streams', (), {}), ] + return generic_permission_bruteforcer('kinesisvideo', tests) def brute_kms_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/kms.html + ''' print("### Enumerating Key Management Service (KMS) Permissions ###") tests = [('ListKeys', 'list_keys', (), {}), ('ListAliases', 'list_aliases', (), {}), ] return generic_permission_bruteforcer('kms', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/lambda.html - def brute_lambda_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/lambda.html + ''' print("### Enumerating Lambda Permissions ###") tests = [('ListFunctions', 'list_functions', (), {}, ), ('ListEventSourceMappings', 'list_event_source_mappings', (), {}), ] return generic_permission_bruteforcer('lambda', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/lex-models.html - def brute_lexmodels_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/lex-models.html + ''' print("### Enumerating Lex Model Building Service Permissions ###") tests = [('GetBots', 'get_bots', (), {}), ('GetIntents', 'get_intents', (), {}), ] return generic_permission_bruteforcer('lex-models', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/lex-runtime.html -# NO functions to call without data - def brute_lexmruntime_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/lex-runtime.html + NO functions to call without data + ''' print("### Enumerating Lex Runtime Permissions ###") tests = [('', '', (), {}), ] return generic_permission_bruteforcer('lex-runtime', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/lightsail.html - def brute_lightsail_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/lightsail.html + ''' print("### Enumerating Lightsail Permissions ###") tests = [('GetDomains', 'get_domains', (), {}), ('GetBundles', 'get_bundles', (), {}), @@ -988,21 +1131,23 @@ def brute_lightsail_permissions(): ('GetRegions', 'get_regions', (), {}), ] return generic_permission_bruteforcer('lightsail', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/logs.html - def brute_cloudwatchlogs_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/logs.html + ''' print("### Enumerating CloudWatch Logs Permissions ###") tests = [('DescribeDestinations', 'describe_destinations', (), {}), ('DescribeExportTasks', 'describe_export_tasks', (), {}), ('DescribeLogGroups', 'describe_log_groups', (), {}), ] return generic_permission_bruteforcer('logs', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/machinelearning.html -# http://docs.aws.amazon.com/general/latest/gr/rande.html#machinelearning_region <--allowed regions for ML - def brute_machinelearning_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/machinelearning.html + http://docs.aws.amazon.com/general/latest/gr/rande.html#machinelearning_region <--allowed regions for ML + ''' print("### Enumerating Machine Learning Permissions ###") tests = [('DescribeDataSources', 'describe_data_sources', (), {}), ('DescribeEvaluations', 'describe_evaluations', (), {}), ] @@ -1014,67 +1159,130 @@ def brute_machinelearning_permissions(): # http://boto3.readthedocs.io/en/latest/reference/services/marketplacecommerceanalytics.html # NO functions to call without arguements -# http://boto3.readthedocs.io/en/latest/reference/services/mediaconvert.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/medialive.html -# TODO +def brute_mediaconvert_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/mediaconvert.html + ''' + print("### Enumerating AWS Elemental MediaConvert Permissions ###") + tests = [('ListJobs', 'list_jobs', (), {}), + ('ListJobTemplates', 'list_job_templates', (), {}), + ('ListPresets', 'list_presets', (), {}), + ('ListQueues', 'list_queues', (), {}), ] + return generic_permission_bruteforcer('mediaconvert', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/mediapackage.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/mediastore.html -# TODO +def brute_medialive_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/medialive.html + ''' + print("### Enumerating AWS Elemental MediaLive Permissions ###") + tests = [('ListChannels', 'list_channels', (), {}), + ('ListInputSecurityGroups', 'list_input_security_groups', (), {}), + ('ListInputs', 'list_inputs', (), {}), ] + return generic_permission_bruteforcer('medialive', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/mediastore-data.html -# TODO + +def brute_mediapackage_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/mediapackage.html + ''' + print("### Enumerating AWS Elemental MediaPackage Permissions ###") + tests = [('ListChannels', 'list_channels', (), {}), + ('ListOriginEndpoints', 'list_origin_endpoints', (), {}), ] + return generic_permission_bruteforcer('mediapackage', tests) + + +def brute_mediastore_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/mediastore.html + ''' + print("### Enumerating AWS Elemental MediaStore Permissions ###") + tests = [('ListContainers', 'list_containers', (), {}), ] + return generic_permission_bruteforcer('mediastore', tests) + + +def brute_mediastore_data_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/mediastore-data.html + Could not connect to the endpoint URL: "https://data.mediastore.us-east-1.amazonaws.com/" + boto3 (1.7.4) bug + ''' + print("### Enumerating AWS Elemental MediaStore Permissions ###") + tests = [('ListItems', 'list_items', (), {}), ] + return generic_permission_bruteforcer('mediastore-data', tests) # http://boto3.readthedocs.io/en/latest/reference/services/meteringmarketplace.html # NO functions to call without arguements -# http://boto3.readthedocs.io/en/latest/reference/services/mgh.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/mobile.html -# TODO +def brute_mgh_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/mgh.html + ''' + print("### Enumerating AWS Migration Hub Permissions ###") + tests = [('ListMigrationTasks', 'list_migration_tasks', (), {}), + ('ListProgressUpdateStreams', 'list_progress_update_streams', (), {}), ] + return generic_permission_bruteforcer_region('mgh', tests, 'us-west-2') -# http://boto3.readthedocs.io/en/latest/reference/services/mq.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/mturk.html +def brute_mobile_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/mobile.html + ''' + print("### Enumerating AWS Mobile Permissions ###") + tests = [('ListBundles', 'list_bundles', (), {}), + ('ListProjects', 'list_projects', (), {}), ] + return generic_permission_bruteforcer('mobile', tests) + + +def brute_mq_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/mq.html + ''' + print("### Enumerating AmazonMQ Permissions ###") + tests = [('ListBrokers', 'list_brokers', (), {}), + ('ListConfigurations', 'list_configurations', (), {}), ] + return generic_permission_bruteforcer('mq', tests) def brute_mturk_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/mturk.html + ''' print("### Enumerating Mechanical Turk (MTurk) Permissions ###") tests = [('GetAccountBalance', 'get_account_balance', (), {}), ('ListHits', 'list_hits', (), {}), ('ListWorkerBlocks', 'list_worker_blocks', (), {}), ] return generic_permission_bruteforcer('mturk', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/opsworks.html -# Everything else requires a stackID to get the instance/app/volume info per stack - def brute_opsworks_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/opsworks.html + Everything else requires a stackID to get the instance/app/volume info per stack + ''' print("### Enumerating OpsWorks Permissions ###") tests = [('DescribeUserProfiles', 'describe_user_profiles', (), {}), ('DescribeStacks', 'describe_stacks', (), {}), ] return generic_permission_bruteforcer('opsworks', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/opsworkscm.html - def brute_opsworkscm_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/opsworkscm.html + ''' print("### Enumerating OpsWorks for Chef Automate Permissions ###") tests = [('DescribeAccountAttributes', 'describe_account_attributes', (), {}), ('DescribeBackups', 'describe_backups', (), {}), ('DescribeServers', 'describe_servers', (), {}), ] return generic_permission_bruteforcer('opsworkscm', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/organizations.html - def brute_organizations_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/organizations.html + ''' print("### Enumerating Organizations Permissions ###") tests = [('DescribeOrganization', 'describe_organization', (), {}), ('ListAccounts', 'list_accounts', (), {}), @@ -1088,22 +1296,30 @@ def brute_organizations_permissions(): # http://boto3.readthedocs.io/en/latest/reference/services/pinpoint.html # NO functions to call without arguements -# http://boto3.readthedocs.io/en/latest/reference/services/polly.html - def brute_polly_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/polly.html + ''' print("### Enumerating Polly Permissions ###") tests = [('DescribeVoices', 'describe_voices', (), {}), ('ListLexicons', 'list_lexicons', (), {}), ] return generic_permission_bruteforcer('polly', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/pricing.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/rds.html +def brute_pricing_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/pricing.html + ''' + print("### Enumerating AWS Price List Service (Pricing) Permissions ###") + tests = [('DescribeServices', 'describe_services', (), {}), ] + return generic_permission_bruteforcer('pricing', tests) def brute_rds_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/rds.html + ''' print("### Enumerating RDS Permissions ###") tests = [('DescribeDBInstances', 'describe_db_instances', (), {}), ('DescribeDBSecurityGroups', 'describe_db_security_groups', (), {}), @@ -1115,10 +1331,11 @@ def brute_rds_permissions(): ('DescribeReservedDBInstances', 'describe_reserved_db_instances', (), {}), ] return generic_permission_bruteforcer('rds', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/redshift.html - def brute_redshift_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/redshift.html + ''' print("### Enumerating Redshift Permissions ###") tests = [('DescribeClusters', 'describe_clusters', (), {}), ('DescribeClusterSecurityGroups', 'describe_cluster_security_groups', (), {}), @@ -1128,29 +1345,38 @@ def brute_redshift_permissions(): ('DescribeHSMConfigurations', 'describe_hsm_configurations', (), {}), ] return generic_permission_bruteforcer('redshift', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/rekognition.html - def brute_rekognition_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/rekognition.html + ''' print("### Enumerating Rekognition Permissions ###") tests = [('ListCollections', 'list_collections', (), {}), ] return generic_permission_bruteforcer('rekognition', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/resource-groups.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/resourcegroupstaggingapi.html +def brute_resource_groups_permissions(): + ''' + # http://boto3.readthedocs.io/en/latest/reference/services/resource-groups.html + ''' + print("### Enumerating AWS Resource Groups Permissions ###") + tests = [('ListGroups', 'list_groups', (), {}), ] + return generic_permission_bruteforcer('resource-groups', tests) def brute_resourcegroupstaggingapi_permissions(): - print("### Enumerating Resource Groups Tagging API Permissions ###") + ''' + http://boto3.readthedocs.io/en/latest/reference/services/resourcegroupstaggingapi.html + ''' + print("### Enumerating AWS Resource Groups Tagging API Permissions ###") tests = [('GetResources', 'get_resources', (), {}), ] return generic_permission_bruteforcer('resourcegroupstaggingapi', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/route53.html - def brute_route53_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/route53.html + ''' print("### Enumerating Route53 Permissions ###") tests = [('ListHostedZones', 'list_hosted_zones', (), {}), ('ListHostedZonesByName', 'list_hosted_zones_by_name', (), {}), @@ -1159,86 +1385,126 @@ def brute_route53_permissions(): ('ListTrafficPolicies', 'list_traffic_policies', (), {}), ] return generic_permission_bruteforcer('route53', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/route53domains.html - def brute_route53domains_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/route53domains.html + ''' print("### Enumerating Route53 Domains Permissions ###") tests = [('ListDomains', 'list_domains', (), {}), ('ListOperations', 'list_operations', (), {}), ] return generic_permission_bruteforcer('route53domains', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/s3.html - def brute_s3_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/s3.html + ''' print("### Enumerating S3 Permissions ###") tests = [('ListBuckets', 'list_buckets', (), {}), ] return generic_permission_bruteforcer('s3', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/sagemaker.html -# TODO + +def brute_sagemaker_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/sagemaker.html + ''' + print("### Enumerating Amazon SageMaker Service Permissions ###") + tests = [('listEndpointConfigs', 'list_endpoint_configs', (), {}), + ('ListEndpoints', 'list_endpoints', (), {}), + ('ListModels', 'list_models', (), {}), + ('ListNotebookInstanceLifecycleConfigs', 'list_notebook_instance_lifecycle_configs', (), {}), + ('ListNotebookInstances', 'list_notebook_instances', (), {}), + ('ListTrainingJobs', 'list_training_jobs', (), {}), ] + return generic_permission_bruteforcer('sagemaker', tests) # http://boto3.readthedocs.io/en/latest/reference/services/sagemaker-runtime.html -# TODO - -# http://boto3.readthedocs.io/en/latest/reference/services/sdb.html +# no functions def brute_sdb_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/sdb.html + ''' print("### Enumerating SimpleDB Permissions ###") tests = [('ListDomains', 'list_domains', (), {}), ] return generic_permission_bruteforcer('sdb', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/serverlessrepo.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/servicecatalog.html +def brute_secretsmanager_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/secretsmanager.html + ''' + print("### Enumerating AWS Secrets Manager Permissions ###") + tests = [('ListSecrets', 'list_secrets', (), {}), ] + return generic_permission_bruteforcer('secretsmanager', tests) + + +def brute_serverlessrepo_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/serverlessrepo.html + ''' + print("### Enumerating AWS ServerlessApplicationRepository Permissions ###") + tests = [('ListApplications', 'list_applications', (), {}), ] + return generic_permission_bruteforcer('serverlessrepo', tests) def brute_servicecatalog_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/servicecatalog.html + ''' print("### Enumerating Service Catalog Permissions ###") tests = [('ListPortfolios', 'list_portfolios', (), {}), ('ListRecordHistory', 'list_record_history', (), {}), ('ListAcceptedPortfolioShares', 'list_accepted_portfolio_shares', (), {}), ] return generic_permission_bruteforcer('servicecatalog', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/servicediscovery.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/ses.html +def brute_servicediscovery_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/servicediscovery.html + ''' + print("### Enumerating Amazon Route 53 Auto Naming (ServiceDiscovery) Permissions ###") + tests = [('ListServices', 'list_services', (), {}), ] + return generic_permission_bruteforcer('servicediscovery', tests) def brute_ses_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/ses.html + ''' print("### Enumerating Simple Email Service (SES) Permissions ###") tests = [('ListIdentities', 'list_identities', (), {}), ('GetSendStatistics', 'get_send_statistics', (), {}), ('ListConfigurationSets', 'list_configuration_sets', (), {}), ] return generic_permission_bruteforcer('ses', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/shield.html - def brute_shield_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/shield.html + ''' print("### Enumerating Shield Permissions ###") tests = [('ListAttacks', 'list_attacks', (), {}), ('ListProtections', 'list_protections', (), {}), ('DescribeSubscription', 'describe_subscription', (), {}), ] return generic_permission_bruteforcer('shield', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/sms.html - def brute_sms_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/sms.html + ''' print("### Enumerating Server Migration Service (SMS) Permissions ###") tests = [('GetReplicationJobs', 'get_replication_jobs', (), {}), ('GetServers', 'get_servers', (), {}), ] return generic_permission_bruteforcer('sms', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/snowball.html - def brute_snowball_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/snowball.html + ''' print("### Enumerating Snowball Permissions ###") tests = [('GetSnowballUsage', 'get_snowball_usage', (), {}), ('ListClusters', 'list_clusters', (), {}), @@ -1246,10 +1512,10 @@ def brute_snowball_permissions(): return generic_permission_bruteforcer('snowball', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/sns.html - - def brute_sns_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/sns.html + ''' print("### Enumerating Simple Notification Service (SNS) Permissions ###") tests = [('ListPlatformApplications', 'list_platform_applications', (), {}), ('ListPhoneNumbersOptedOut', 'list_phone_numbers_opted_out', (), {}), @@ -1258,65 +1524,142 @@ def brute_sns_permissions(): ('GetSmsAttributes', 'get_sms_attributes', (), {}), ] return generic_permission_bruteforcer('sns', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/sqs.html - def brute_sqs_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/sqs.html + ''' print("### Enumerating Simple Queue Service (SQS) Permissions ###") tests = [('ListQueues', 'list_queues', (), {}), ] return generic_permission_bruteforcer('sqs', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/ssm.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/stepfunctions.html +def brute_ssm_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/ssm.html + ''' + print("### Enumerating Amazon Simple Systems Manager (SSM) Permissions ###") + tests = [('DescribeActivations', 'describe_activations', (), {}), + #('DescribeAssociation', 'describe_association', (), {}), + ('ListDocuments', 'list_documents', (), {}), + ('ListResourceComplianceSummaries', 'list_resource_compliance_summaries', (), {}), ] + return generic_permission_bruteforcer('ssm', tests) def brute_stepfunctions_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/stepfunctions.html + ''' print("### Enumerating Step Functions (SFN) Permissions ###") tests = [('ListActivities', 'list_activities', (), {}), ] return generic_permission_bruteforcer('stepfunctions', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/storagegateway.html -# TODO - -# http://boto3.readthedocs.io/en/latest/reference/services/sts.html +def brute_storagegateway_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/storagegateway.html + ''' + print("### Enumerating AWS Storage Gateway Permissions ###") + tests = [('ListGateways', 'list_gateways', (), {}), + ('ListFileShares', 'list_file_shares', (), {}), + ('ListVolumes', 'list_volumes', (), {}), + ('ListTapes', 'list_tapes', (), {}), ] + return generic_permission_bruteforcer('storagegateway', tests) def brute_sts_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/sts.html + ''' print("### Enumerating Security Token Service (STS) Permissions ###") tests = [('GetCallerIdentity', 'get_caller_identity', (), {}), ] return generic_permission_bruteforcer('sts', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/support.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/swf.html -# TODO +def brute_support_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/support.html + ''' + print("### Enumerating AWS Support Permissions ###") + tests = [('DescribeCases', 'describe_cases', (), {}), + ('DescribeServices', 'describe_services', (), {}), ] + return generic_permission_bruteforcer('support', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/transcribe.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/translate.html -# TODO +def brute_swf_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/swf.html + ''' + print("### Enumerating Amazon Simple Workflow Service (SWF) Permissions ###") + tests = [('ListDomains', 'list_domains', (), {'registrationStatus':'REGISTERED'}), ] + return generic_permission_bruteforcer('swf', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/waf.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/waf-regional.html -# TODO +def brute_transcribe_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/transcribe.html + ''' + print("### Enumerating Amazon Transcribe Service Permissions ###") + tests = [('ListTranscriptionJobs', 'list_transcription_jobs', (), {}), + ('ListVocabularies', 'list_vocabularies', (), {}), ] + return generic_permission_bruteforcer('transcribe', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/workdocs.html -# TODO -# http://boto3.readthedocs.io/en/latest/reference/services/workmail.html -# TODO +def brute_translate_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/translate.html + ''' + print("### Enumerating Amazon Translate Permissions ###") + tests = [('TranslateText', 'translate_text', (), {'Text': 'secure your shit', 'SourceLanguageCode': 'en' ,'TargetLanguageCode': 'es' }), ] + return generic_permission_bruteforcer('translate', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/workspaces.html + +def brute_waf_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/waf.html + ''' + print("### Enumerating AWS WAF Permissions ###") + tests = [('ListRules', 'list_rules', (), {}), + ('ListRuleGroups', 'list_rule_groups', (), {}), + #('ListActivatedRulesInRuleGroup', 'list_activated_rules_in_rule_group', (), {}), + ('ListIpSets', 'list_ip_sets', (), {}), ] + return generic_permission_bruteforcer('waf', tests) + + +def brute_waf_regional_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/waf-regional.html + ''' + print("### Enumerating AWS WAF Regional Permissions ###") + tests = [('ListRules', 'list_rules', (), {}), + ('ListRuleGroups', 'list_rule_groups', (), {}), + #('ListActivatedRulesInRuleGroup', 'list_activated_rules_in_rule_group', (), {}), + ('ListIpSets', 'list_ip_sets', (), {}), ] + return generic_permission_bruteforcer('waf-regional', tests) + + +def brute_workdocs_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/workdocs.html + ''' + print("### Enumerating Amazon WorkDocs Permissions ###") + tests = [('DescribeUsers', 'describe_users', (), {}), ] + return generic_permission_bruteforcer('workdocs', tests) + + +def brute_workmail_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/workmail.html + ''' + print("### Enumerating Amazon WorkMail Permissions ###") + tests = [('ListOrganizations', 'list_organizations', (), {}), ] + return generic_permission_bruteforcer('workmail', tests) def brute_workspaces_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/workspaces.html + ''' print("### Enumerating WorkSpaces Permissions ###") tests = [('DescribeWorkspaceBundles', 'describe_workspace_bundles', (), {}), ('DescribeWorkspaceDirectories', 'describe_workspace_directories', (), {}), @@ -1324,12 +1667,13 @@ def brute_workspaces_permissions(): ('DescribeWorkspacesConnectionStatus', 'describe_workspaces_connection_status', (), {}), ] return generic_permission_bruteforcer('workspaces', tests) -# http://boto3.readthedocs.io/en/latest/reference/services/xray.html -# NO functions that dont take any arguements. GetTraceSummaries requires start/end times, We can -# probably programatically add these - need to see what the service actually does - def brute_xray_permissions(): + ''' + http://boto3.readthedocs.io/en/latest/reference/services/xray.html + NO functions that dont take any arguements. GetTraceSummaries requires start/end times, We can + probably programatically add these - need to see what the service actually does + ''' print("### Enumerating X-Ray Permissions ###") tests = [('GetTraceSummaries', 'get_trace_summaries', (), {}), ] return generic_permission_bruteforcer('xray', tests) diff --git a/modules/recon.py b/modules/recon.py index 49549de..c9553a6 100644 --- a/modules/recon.py +++ b/modules/recon.py @@ -1,14 +1,19 @@ -from __future__ import print_function +''' +This module handles the core recon functionality by asking all the services +that have functions that done have arguments if we can access them :-) +''' from libs.brute import * from libs.s3 import * +# maps to available services in boto 1.7.4 def module_recon_all(): get_accountid() check_root_account() brute_acm_permissions() - # AlexaForBusiness + brute_acm_pca_permissions() + brute_alexaforbusiness_permissions() brute_apigateway_permissions() # Application Auto Scaling - no usable functions brute_appstream_permissions() @@ -19,14 +24,14 @@ def module_recon_all(): brute_batch_permissions() brute_budgets_permissions() # CostExplorer - # brute_cloud9_permissions() Was working now its not + brute_cloud9_permissions() brute_clouddirectory_permissions() brute_cloudformation_permissions() brute_cloudfront_permissions() brute_cloudhsm_permissions() - # cloudhsmv2 + brute_cloudhsmv2_permissions() brute_cloudsearch_permissions() - # CloudSearchDomain + # brute_cloudsearchdomain_permissions() requires a valid cloudsearch domain brute_cloudtrail_permissions() brute_cloudwatch_permissions() brute_codebuild_permissions() @@ -37,11 +42,12 @@ def module_recon_all(): brute_cognitoidentity_permissions() brute_cognitoidp_permissions() brute_cognitosync_permissions() - # Comprehend + brute_comprehend_permissions() brute_configservice_permissions() - # brute_costandusagereportservice_permissions() #Could not connect to the endpoint URL: "https://cur.us-west-2.amazonaws.com/" + # connect no functions + brute_costandusagereportservice_permissions() brute_datapipeline_permissions() - # DAX + brute_dax_permissions() brute_devicefarm_permissions() brute_directconnect_permissions() brute_applicationdiscoveryservice_permissions() @@ -62,23 +68,24 @@ def module_recon_all(): brute_es_permissions() brute_cloudwatchevents_permissions() brute_firehose_permissions() + brute_fms_permissions() brute_gamelift_permissions() brute_glacier_permissions() - # Glue + brute_glue_permissions() brute_greengrass_permissions() - # GuardDuty + brute_guardduty_permissions() brute_health_permissions() brute_iam_permissions() brute_importexport_permissions() brute_inspector_permissions() brute_iot_permissions() # IoTDataPlane no functions - # IoTJobsDataPlane + # IoTJobsDataPlane no functions brute_kinesis_permissions() - # KinesisVideoArchivedMedia - # KinesisVideoMedia + # KinesisVideoArchivedMedia no functions + # KinesisVideoMedia no functions brute_kinesisanalytics_permissions() - # KinesisVideo + brute_kinesisvideo_permissions() brute_kms_permissions() brute_lambda_permissions() brute_lexmodels_permissions() @@ -88,54 +95,55 @@ def module_recon_all(): brute_machinelearning_permissions() # marketplace-entitlement no functions # marketplacecommerceanalytics no functions - # MediaConvert - # MediaLive - # MediaPackage - # MediaStore - # MediaStore-Data + brute_mediaconvert_permissions() + brute_medialive_permissions() + brute_mediapackage_permissions() + brute_mediastore_permissions() + brute_mediastore_data_permissions() # MarketplaceMetering no functions - # MigrationHub - # Mobile - # MQ + brute_mgh_permissions() + brute_mobile_permissions() + brute_mq_permissions() brute_mturk_permissions() brute_opsworks_permissions() brute_opsworkscm_permissions() brute_organizations_permissions() # PinPoint no functions brute_polly_permissions() - # Pricing + brute_pricing_permissions() brute_rds_permissions() brute_redshift_permissions() brute_rekognition_permissions() - # ResourceGroups + brute_resource_groups_permissions() brute_resourcegroupstaggingapi_permissions() brute_route53_permissions() brute_route53domains_permissions() brute_s3_permissions() - # SageMaker - # SageMakerRuntime + brute_sagemaker_permissions() + # SageMakerRuntime no functions brute_sdb_permissions() - # ServerlessApplicationRepository + brute_secretsmanager_permissions() + brute_serverlessrepo_permissions() brute_servicecatalog_permissions() - # ServiceDiscovery + brute_servicediscovery_permissions() brute_ses_permissions() brute_shield_permissions() brute_sms_permissions() brute_snowball_permissions() brute_sns_permissions() brute_sqs_permissions() - # SSM + brute_ssm_permissions() brute_stepfunctions_permissions() - # StorageGateway + brute_storagegateway_permissions() brute_sts_permissions() - # Support - # SWF - # TranscribeService - # Translate - # WAF - # WAFRegional - # WorkDocs - # WorkMail + brute_support_permissions() + brute_swf_permissions() + brute_transcribe_permissions() + brute_translate_permissions() + brute_waf_permissions() + brute_waf_regional_permissions() + brute_workdocs_permissions() + brute_workmail_permissions() brute_workspaces_permissions() # XRay no functions