diff --git a/s3/__init__.py b/s3/__init__.py deleted file mode 100644 index 8b13789..0000000 --- a/s3/__init__.py +++ /dev/null @@ -1 +0,0 @@ - diff --git a/s3/s3.py b/s3/s3.py deleted file mode 100644 index 6131b84..0000000 --- a/s3/s3.py +++ /dev/null @@ -1,154 +0,0 @@ -''' -S3 Library -''' - -import boto3 -import botocore -import pprint - -pp = pprint.PrettyPrinter(indent=5, width=80) - -def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket): - client = boto3.client( - 's3', - aws_access_key_id=AWS_ACCESS_KEY_ID, - aws_secret_access_key=AWS_SECRET_ACCESS_KEY, - region_name='us-east-1' - ) - - try: - bucket = bucket - print('\n#### Trying to enumate s3 buckets and bucket policy & ACL for {} ####' .format(bucket)) - - try: - for key in client.list_objects(Bucket=bucket,MaxKeys=100)['Contents']: - print('[+] '+ key['Key'].encode('utf-8').strip()) - #print(key['Key']) #first 100 results - except KeyError as e: - print "KeyError havent tracked down reason yet" - except botocore.exceptions.ClientError as e: - if e.response['Error']['Code'] == 'AccessDenied': - print('{} : cant list s3 bucket [AccessDenied]' .format(AWS_ACCESS_KEY_ID)) - elif e.response['Error']['Code'] == 'NoSuchBucketPolicy': - print('%s: Has No S3 Policy!' % bucket['Name']) - elif e.response['Error']['Code'] == 'AllAccessDisabled': - print('{} : cant list s3 bucket [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID)) - else: - print "Unexpected error: {}" .format(e) - - try: - policy = client.get_bucket_policy(Bucket=bucket) - if policy: - print(bucket + " Policy: ") - pp.pprint(policy['Policy']) - print("\n") - else: - pass - except botocore.exceptions.ClientError as e: - if e.response['Error']['Code'] == 'AccessDenied': - print('{} : cant list s3 bucket policy [AccessDenied]' .format(AWS_ACCESS_KEY_ID)) - elif e.response['Error']['Code'] == 'NoSuchBucketPolicy': - print('{}: Has No S3 Policy!' .format(bucket)) - print("\n") - elif e.response['Error']['Code'] == 'AllAccessDisabled': - print('{} : cant list s3 bucket policy [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID)) - else: - print "Unexpected error: {}" .format(e) - - try: - acl = client.get_bucket_acl(Bucket=bucket) - if acl: - print(bucket + " Grants: ") - pp.pprint(acl['Grants']) - print("\n") - else: - pass - except botocore.exceptions.ClientError as e: - if e.response['Error']['Code'] == 'AccessDenied': - print('{} : cant list s3 bucket acl [AccessDenied]' .format(AWS_ACCESS_KEY_ID)) - elif e.response['Error']['Code'] == 'NoSuchBucketPolicy': - print('{}: Has No S3 Policy!' .format(bucket)) - print("\n") - elif e.response['Error']['Code'] == 'AllAccessDisabled': - print('{} : cant list s3 bucket acl [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID)) - else: - print "Unexpected error: {}" .format(e) - - except botocore.exceptions.ClientError as e: - if e.response['Error']['Code'] == 'InvalidClientTokenId': - sys.exit("The AWS KEY IS INVALID. Exiting") - elif e.response['Error']['Code'] == 'NotSignedUp': - print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) - else: - print "Unexpected error: {}" .format(e) - -#specifically get the acl on a file in a buckeet -def get_s3object_acl(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket, myfile): - client = boto3.client( - 's3', - aws_access_key_id=AWS_ACCESS_KEY_ID, - aws_secret_access_key=AWS_SECRET_ACCESS_KEY, - region_name='us-east-1' - ) - - try: - bucket = bucket - myobject = myfile - print('#### Trying to enumate s3 ACL for {}:{} ####\n '.format(bucket, myfile)) - acl = client.get_object_acl(Bucket=bucket,Key=myfile) - print acl - - except botocore.exceptions.ClientError as e: - if e.response['Error']['Code'] == 'InvalidClientTokenId': - sys.exit("The AWS KEY IS INVALID. Exiting") - elif e.response['Error']['Code'] == 'NotSignedUp': - print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) - else: - print "Unexpected error: {}" .format(e) - -#given an aws keypair what s3 assets does it have permission to -def get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - client = boto3.resource( - 's3', - aws_access_key_id=AWS_ACCESS_KEY_ID, - aws_secret_access_key=AWS_SECRET_ACCESS_KEY, - region_name='us-east-1' - ) - - try: - print('#### Trying to list s3 bucketsfor {} ####\n '.format(AWS_ACCESS_KEY_ID)) - for bucket in client.buckets.all(): - print(bucket.name) - - except botocore.exceptions.ClientError as e: - if e.response['Error']['Code'] == 'InvalidClientTokenId': - sys.exit("The AWS KEY IS INVALID. Exiting") - elif e.response['Error']['Code'] == 'AccessDenied': - print('{} : cant list s3 bucket policy [AccessDenied]' .format(AWS_ACCESS_KEY_ID)) - elif e.response['Error']['Code'] == 'NotSignedUp': - print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) - else: - print "Unexpected error: {}" .format(e) - - -def get_s3objects_for_account_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - client = boto3.resource( - 's3', - aws_access_key_id=AWS_ACCESS_KEY_ID, - aws_secret_access_key=AWS_SECRET_ACCESS_KEY, - region_name='us-east-1' - ) - - try: - print('#### Trying to list s3 bucketsfor {} ####\n '.format(AWS_ACCESS_KEY_ID)) - for bucket in client.buckets.all(): - print(bucket.name) - get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,bucket.name) - - except botocore.exceptions.ClientError as e: - if e.response['Error']['Code'] == 'InvalidClientTokenId': - sys.exit("The AWS KEY IS INVALID. Exiting") - elif e.response['Error']['Code'] == 'NotSignedUp': - print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) - else: - print "Unexpected error: {}" .format(e)