dash/weirdAAL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updated brute.py

Browse Source
This commit is contained in:
carnal0wnage
2017-06-18 10:43:39 -04:00
parent 2dc08dac5e
commit e369a2f9ed
1 changed files with 107 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
brute/brute.py
View File

@@ -8,8 +8,13 @@ pp = pprint.PrettyPrinter(indent=5, width=80)
#from http://docs.aws.amazon.com/general/latest/gr/rande.html #from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
def get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
client = boto3.client("sts", aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY)
account_id = client.get_caller_identity()["Account"]
return account_id
def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name='us-east-1') client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY)
try: try:
acct_summary = client.get_account_summary() acct_summary = client.get_account_summary()
@@ -51,7 +56,7 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests): def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests):
actions = [] actions = []
try: try:
client = boto3.client(service, aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name='us-east-1') client = boto3.client(service, aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY)
except Exception as e: except Exception as e:
print('Failed to connect: "{}"' .format(e.error_message)) print('Failed to connect: "{}"' .format(e.error_message))
return actions return actions
@@ -69,12 +74,15 @@ def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, ser
def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests): def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests):
actions = [] actions = []
client = boto3.client(service, aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name='us-east-1') client = boto3.client(service, aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY)
for api_action, method_name, args, kwargs in tests: for api_action, method_name, args, kwargs in tests:
try: try:
method = getattr(client, method_name) method = getattr(client, method_name)
method(*args, **kwargs) method(*args, **kwargs)
#print method --wont return anything on dryrun #print method --wont return anything on dryrun
except botocore.exceptions.EndpointConnectionError as e:
print e
continue
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'DryRunOperation': if e.response['Error']['Code'] == 'DryRunOperation':
print('{} IS allowed' .format(api_action)) print('{} IS allowed' .format(api_action))
@@ -152,10 +160,10 @@ def brute_batch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'batch', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'batch', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/budgets.html #http://boto3.readthedocs.io/en/latest/reference/services/budgets.html
# TODO REQUIRES ACCOUNT NUMBER 12 digits - should really pull this from the key we are trying
def brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating Budgets Permissions ###") print ("### Enumerating Budgets Permissions ###")
tests = [('DescribeBudgets', 'describe_budgets', (), {'AccountId':'123456789123'}, ), account_id = get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
tests = [('DescribeBudgets', 'describe_budgets', (), {'AccountId':account_id}, ),
] ]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'budgets', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'budgets', tests)
@@ -164,8 +172,8 @@ def brute_cloudformation_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating CLoudFormation Permissions ###") print ("### Enumerating CLoudFormation Permissions ###")
tests = [('ListStacks', 'list_stacks', (), {} ), tests = [('ListStacks', 'list_stacks', (), {} ),
('DescribeStacks', 'describe_stacks', (), {} ), ('DescribeStacks', 'describe_stacks', (), {} ),
#('DescribeStackEvents', 'describe_stack_events', (), {} ), ('DescribeStackEvents', 'describe_stack_events', (), {} ),
#('DescribeStackResources', 'describe_stack_resources', (), {} ), ('DescribeStackResources', 'describe_stack_resources', (), {} ),
('ListExports', 'list_exports', (), {} ), ('ListExports', 'list_exports', (), {} ),
('DescribeAccountLimits', 'describe_account_limits', (), {} ), ('DescribeAccountLimits', 'describe_account_limits', (), {} ),
] ]
@@ -195,7 +203,6 @@ def brute_cloudsearch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating CloudSearch Permissions ###") print ("### Enumerating CloudSearch Permissions ###")
tests = [('DescribeDomains', 'describe_domains', (), {}, ), tests = [('DescribeDomains', 'describe_domains', (), {}, ),
('ListDomainNames', 'list_domain_names', (), {}, ), ('ListDomainNames', 'list_domain_names', (), {}, ),
] ]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudsearch', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudsearch', tests)
@@ -204,7 +211,6 @@ def brute_cloudtrail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating CloudTrail Permissions ###") print ("### Enumerating CloudTrail Permissions ###")
tests = [('DescribeTrails', 'describe_trails', (), {}, ), tests = [('DescribeTrails', 'describe_trails', (), {}, ),
('ListPublicKeys', 'list_public_keys', (), {}, ), ('ListPublicKeys', 'list_public_keys', (), {}, ),
] ]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudtrail', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cloudtrail', tests)
@@ -239,7 +245,7 @@ def brute_codedeploy_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
tests = [('ListApplications', 'list_applications', (), {}, ), tests = [('ListApplications', 'list_applications', (), {}, ),
('ListDeployments', 'list_deployments', (), {}, ), ('ListDeployments', 'list_deployments', (), {}, ),
('ListDeploymentsConfigs', 'list_deployment_configs', (), {}, ), ('ListDeploymentsConfigs', 'list_deployment_configs', (), {}, ),
#('ListGitHubAccountTokenNames', 'list_git_hub_account_token_names', (), {}, ), #('ListGitHubAccountTokenNames', 'list_git_hub_account_token_names', (), {}, ), #returning an error no function of that name
('ListOnPremisesInstances', 'list_on_premises_instances', (), {}, ), ('ListOnPremisesInstances', 'list_on_premises_instances', (), {}, ),
] ]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'codedeploy', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'codedeploy', tests)
@@ -296,11 +302,11 @@ def brute_configservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#Doesnt seem to be working #Doesnt seem to be working
#http://boto3.readthedocs.io/en/latest/reference/services/cur.html #http://boto3.readthedocs.io/en/latest/reference/services/cur.html
#def brute_costandusagereportservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def brute_costandusagereportservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
# print ("### Enumerating CostandUsageReportService Permissions ###") print ("### Enumerating CostandUsageReportService Permissions ###")
# tests = [('DescribeReportDefinitions', 'describe_report_definitions', (), {}, ), tests = [('DescribeReportDefinitions', 'describe_report_definitions', (), {}, ),
# ] ]
# return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cur', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'cur', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/datapipeline.html #http://boto3.readthedocs.io/en/latest/reference/services/datapipeline.html
def brute_datapipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def brute_datapipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
@@ -326,7 +332,7 @@ def brute_directconnect_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'directconnect', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'directconnect', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/discovery.html #http://boto3.readthedocs.io/en/latest/reference/services/discovery.html
def brute_discovery_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def brute_applicationdiscoveryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating ApplicationDiscoveryService Permissions ###") print ("### Enumerating ApplicationDiscoveryService Permissions ###")
tests = [('DescribeAgents', 'describe_agents', (), {}, ), tests = [('DescribeAgents', 'describe_agents', (), {}, ),
] ]
@@ -341,21 +347,19 @@ def brute_dms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
] ]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'dms', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'dms', tests)
#TODO #http://boto3.readthedocs.io/en/latest/reference/services/ds.html
def brute_directoryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def brute_directoryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating DirectoryService Permissions ###") print ("### Enumerating DirectoryService Permissions ###")
tests = [('DescribeAccountAttributes', 'describe_account_attributes', (), {}, ), tests = [('DescribeDirectories', 'describe_directories', (), {}, ),
('DescribeEvents', 'describe_events', (), {}, ), ('DescribeSnapshots', 'describe_snapshots', (), {}, ),
('DescribeConnections', 'describe_connections', (), {}, ), ('DescribeTrusts', 'describe_trusts', (), {}, ),
] ]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'ds', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'ds', tests)
#TODO #http://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html
def brute_dynamodb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def brute_dynamodb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating DynamoDB Permissions ###") print ("### Enumerating DynamoDB Permissions ###")
tests = [('DescribeAccountAttributes', 'describe_account_attributes', (), {}, ), tests = [('ListTables', 'list_tables', (), {}, ),
('DescribeEvents', 'describe_events', (), {}, ),
('DescribeConnections', 'describe_connections', (), {}, ),
] ]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'dynamodb', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'dynamodb', tests)
@@ -366,8 +370,6 @@ def brute_dynamodbstreams_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
] ]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'dynamodbstreams', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'dynamodbstreams', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#client #http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#client
def brute_ec2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def brute_ec2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating EC2 Permissions ###") print ("### Enumerating EC2 Permissions ###")
@@ -434,12 +436,15 @@ def brute_ec2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#http://boto3.readthedocs.io/en/latest/reference/services/ecr.html #http://boto3.readthedocs.io/en/latest/reference/services/ecr.html
#TODO def brute_ecr_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating EC2 Container Registry (ECR) Permissions ###")
tests = [('DescribeRepositories', 'describe_repositories', (), {}),
]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'ecr', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/ecs.html #http://boto3.readthedocs.io/en/latest/reference/services/ecs.html
def brute_ecs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def brute_ecs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating EC2 Container Service Permissions ###") print ("### Enumerating EC2 Container Service (ECS) Permissions ###")
tests = [('ListClusters', 'list_clusters', (), {}), tests = [('ListClusters', 'list_clusters', (), {}),
('DescribeClusters', 'describe_clusters', (), {}), ('DescribeClusters', 'describe_clusters', (), {}),
('ListContainerInstances', 'list_container_instances', (), {}), ('ListContainerInstances', 'list_container_instances', (), {}),
@@ -449,10 +454,27 @@ def brute_ecs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'ecs', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'ecs', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/efs.html #http://boto3.readthedocs.io/en/latest/reference/services/efs.html
#TODO def brute_efs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating Elastic File System (EFS) Permissions ###")
tests = [('DescribeFileSystems', 'describe_file_systems', (), {}),
('DescribeMountTargets', 'describe_mount_targets', (), {}),
]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'efs', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/elasticache.html #http://boto3.readthedocs.io/en/latest/reference/services/elasticache.html
# TODO def brute_elasticache_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating ElastiCache Permissions ###")
tests = [('DescribeCacheClusters', 'describe_cache_clusters', (), {}),
('DescribeCacheEngineVersions', 'describe_cache_engine_versions', (), {}),
('DescribeCacheSecurityGroups', 'describe_cache_security_groups', (), {}),
('DescribeCacheSubnetGroups', 'describe_cache_subnet_groups', (), {}),
('DescribeEvents', 'describe_events', (), {}),
('DescribeReplicationGroups', 'describe_replication_groups', (), {}),
('DescribeReservedCacheNodes', 'describe_reserved_cache_nodes', (), {}),
('DescribeReservedCacheNodesOfferings', 'describe_reserved_cache_nodes_offerings', (), {}),
('DescribeSnapshots', 'describe_snapshots', (), {}),
]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elasticache', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/elasticbeanstalk.html #http://boto3.readthedocs.io/en/latest/reference/services/elasticbeanstalk.html
def brute_elasticbeanstalk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def brute_elasticbeanstalk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
@@ -461,11 +483,11 @@ def brute_elasticbeanstalk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
('DescribeApplicationVersions', 'describe_application_versions', (), {}), ('DescribeApplicationVersions', 'describe_application_versions', (), {}),
('DescribeConfigurationOptions', 'describe_configuration_options', (), {}), ('DescribeConfigurationOptions', 'describe_configuration_options', (), {}),
('DescribeEnvironments', 'describe_environments', (), {}), ('DescribeEnvironments', 'describe_environments', (), {}),
#('DescribeEnvironmentHealth', 'describe_environment_health', (), {}, ), ('DescribeEnvironmentHealth', 'describe_environment_health', (), {}, ),
#('DescribeEnvironmentManagedActionHistory', 'describe_environment_managed_action_history', (), {}), ('DescribeEnvironmentManagedActionHistory', 'describe_environment_managed_action_history', (), {}),
#('DescribeEnvironmentManagedActions', 'describe_environment_managed_actions', (), {}), ('DescribeEnvironmentManagedActions', 'describe_environment_managed_actions', (), {}),
('DescribeEvents', 'describe_events', (), {}), ('DescribeEvents', 'describe_events', (), {}),
#('DescribeInstancesHealth', 'describe_instances_health', (), {}), ('DescribeInstancesHealth', 'describe_instances_health', (), {}),
] ]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elasticbeanstalk', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elasticbeanstalk', tests)
@@ -485,26 +507,60 @@ def brute_elasticloadbalancing_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elb', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elb', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/elbv2.html #http://boto3.readthedocs.io/en/latest/reference/services/elbv2.html
#TODO def brute_elasticloadbalancingv2_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating ElasticLoadBalancing Permissions ###")
tests = [('DescribeLoadBalancers', 'describe_load_balancers', (), {}),
('DescribeAccountLimits', 'describe_account_limits', (), {}),
('DescribeListeners', 'describe_listeners', (), {}),
('DescribeTargetGroups', 'describe_target_groups', (), {}),
]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'elbv2', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/emr.html #http://boto3.readthedocs.io/en/latest/reference/services/emr.html
def brute_emr_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def brute_emr_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating Elastic MapReduce (EMR) Permissions ###") print ("### Enumerating Elastic MapReduce (EMR) Permissions ###")
tests = [('ListClusters', 'list_clusters', (), {}) tests = [('ListClusters', 'list_clusters', (), {}),
('ListSecurityConfigurations', 'list_security_configurations', (), {}),
] ]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'emr', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'emr', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/es.html #http://boto3.readthedocs.io/en/latest/reference/services/es.html
#TODO def brute_es_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating Elasticsearch Service Permissions ###")
tests = [('ListDomainNames', 'list_domain_names', (), {}),
('ListElasticsearchVersions', 'list_elasticsearch_versions', (), {}),
]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'es', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/events.html #http://boto3.readthedocs.io/en/latest/reference/services/events.html
#TODO def brute_cloudwatchevents_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating CloudWatch Events Permissions ###")
tests = [('ListRules', 'list_rules', (), {}),
]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'events', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/firehose.html #http://boto3.readthedocs.io/en/latest/reference/services/firehose.html
#TODO def brute_firehose_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating Kinesis Firehose Permissions ###")
tests = [('ListDeliveryStreams', 'list_delivery_streams', (), {}),
]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'firehose', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/gamelift.html #http://boto3.readthedocs.io/en/latest/reference/services/gamelift.html
#TODO def brute_gamelift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating GameLift Permissions ###")
tests = [('ListAliases', 'list_aliases', (), {}),
('ListBuilds', 'list_builds', (), {}),
('ListFleets', 'list_fleets', (), {}),
('DescribeEC2InstanceLimits', 'describe_ec2_instance_limits', (), {}),
('DescribeFleetAttributes', 'describe_fleet_attributes', (), {}),
('DescribeFleetCapacity', 'describe_fleet_capacity', (), {}),
('DescribeGameSessionDetails', 'describe_game_session_details', (), {}),
('DescribeGameSessionQueues', 'describe_game_session_queues', (), {}),
('DescribeGameSessions', 'describe_game_sessions', (), {}),
('DescribePlayerSessions', 'describe_player_sessions', (), {}),
]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'gamelift', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/glacier.html #http://boto3.readthedocs.io/en/latest/reference/services/glacier.html
def brute_glacier_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def brute_glacier_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
@@ -549,7 +605,11 @@ def brute_kinesis_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'kinesis', tests) return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'kinesis', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/kinesisanalytics.html #http://boto3.readthedocs.io/en/latest/reference/services/kinesisanalytics.html
#TODO def brute_kinesisanalytics_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating Kinesis Analytics Permissions ###")
tests = [('ListApplications', 'list_applications', (), {}),
]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'kinesisanalytics', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/kms.html #http://boto3.readthedocs.io/en/latest/reference/services/kms.html
def brute_kms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def brute_kms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
@@ -664,7 +724,11 @@ def brute_lambda_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#TODO #TODO
#http://boto3.readthedocs.io/en/latest/reference/services/sts.html #http://boto3.readthedocs.io/en/latest/reference/services/sts.html
#TODO def brute_sts_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ("### Enumerating Security Token Service (STS) Permissions ###")
tests = [('GetCallerIdentity', 'get_caller_identity', (), {}),
]
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'sts', tests)
#http://boto3.readthedocs.io/en/latest/reference/services/support.html #http://boto3.readthedocs.io/en/latest/reference/services/support.html
#TODO #TODO