diff --git a/libs/s3.py b/libs/s3.py index 810910c..b5a51c5 100644 --- a/libs/s3.py +++ b/libs/s3.py @@ -4,6 +4,7 @@ S3 functions for WeirdAAL import boto3 import botocore +import os import pprint pp = pprint.PrettyPrinter(indent=5, width=80) @@ -17,10 +18,11 @@ AWS_ACCESS_KEY_ID = credentials.access_key AWS_SECRET_ACCESS_KEY = credentials.secret_key # from http://docs.aws.amazon.com/general/latest/gr/rande.html -regions = ['us-east-1', 'us-east-2','us-west-1', 'us-west-2', 'ca-central-1', 'ap-south-1', 'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-southeast-1', 'ap-southeast-2', 'cn-north-1', 'cn-northwest-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1'] +regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'ap-south-1', 'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-southeast-1', 'ap-southeast-2', 'cn-north-1', 'cn-northwest-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1'] region = 'us-east-1' + def s3_get_bucket_policy(bucket): try: client = boto3.client('s3', region_name=region) @@ -34,8 +36,8 @@ def s3_get_bucket_policy(bucket): # Create a paginator to pull 1000 objects at a time paginator = client.get_paginator('list_objects') pageresponse = paginator.paginate(Bucket=thebucket) - - # PageResponse Holds 1000 objects at a time and will continue to repeat in chunks of 1000. + + # PageResponse Holds 1000 objects at a time and will continue to repeat in chunks of 1000. for pageobject in pageresponse: for file in pageobject["Contents"]: print(file["Key"]) @@ -50,10 +52,10 @@ def s3_get_bucket_policy(bucket): elif e.response['Error']['Code'] == 'AllAccessDisabled': print('{} : cant list s3 bucket [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID)) else: - print ("Unexpected error: {}" .format(e)) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") - + try: policy = client.get_bucket_policy(Bucket=bucket) if policy: @@ -73,7 +75,7 @@ def s3_get_bucket_policy(bucket): elif e.response['Error']['Code'] == 'SubscriptionRequiredException': print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) else: - print("Unexpected error: {}" .format(e)) + print("Unexpected error: {}" .format(e)) try: acl = client.get_bucket_acl(Bucket=bucket) if acl: @@ -107,15 +109,52 @@ def s3_get_bucket_policy(bucket): except KeyboardInterrupt: print("CTRL-C received, exiting...") -# specifically get the acl on a file in a buckeet -def get_s3object_acl(bucket, myfile, region): - client = boto3.client('s3',region_name=region) - + +def s3_list_bucket_contents(bucket): try: + client = boto3.client('s3', region_name=region) + print('\n#### Attempting to list s3 bucket contents for {} ####'.format(bucket)) + + try: + for key in client.list_objects(Bucket=bucket)['Contents']: + print(key['Key']) + + ''' + # Create a paginator to pull 1000 objects at a time + paginator = client.get_paginator('list_objects') + pageresponse = paginator.paginate(Bucket=thebucket) + + # PageResponse Holds 1000 objects at a time and will continue to repeat in chunks of 1000. + for pageobject in pageresponse: + for file in pageobject["Contents"]: + print(file["Key"]) + ''' + except KeyError as e: + print("Bucket: {} is empty".format(bucket)) + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'AccessDenied': + print('{} : cant list s3 bucket [AccessDenied]'.format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'NoSuchBucketPolicy': + print('%s: Has No S3 Policy!' % bucket['Name']) + elif e.response['Error']['Code'] == 'AllAccessDisabled': + print('{} : cant list s3 bucket [AllAccessDisabled]'.format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + + +def get_s3object_acl(bucket, myfile, region): + ''' + # specifically get the acl on a file in a buckeet + + ''' + try: + client = boto3.client('s3', region_name=region) print('#### Trying to enumate s3 ACL for {}:{} ####\n '.format(bucket, myfile)) - acl = client.get_object_acl(Bucket=bucket,Key=myfile) + acl = client.get_object_acl(Bucket=bucket, Key=myfile) print(acl) - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("The AWS KEY IS INVALID. Exiting") @@ -128,7 +167,7 @@ def get_s3object_acl(bucket, myfile, region): except KeyboardInterrupt: print("CTRL-C received, exiting...") -# given an aws keypair what s3 assets does it have permission to + def s3_get_objects_for_account(): ''' list s3 buckets for an account @@ -139,7 +178,7 @@ def s3_get_objects_for_account(): print('#### Trying to list s3 bucketsfor {} ####\n '.format(AWS_ACCESS_KEY_ID)) for bucket in client.buckets.all(): print(bucket.name) - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("The AWS KEY IS INVALID. Exiting") @@ -166,7 +205,7 @@ def s3_get_objects_for_account_detailed(): for bucket in client.buckets.all(): print(bucket.name) s3_get_bucket_policy(bucket.name) - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("The AWS KEY IS INVALID. Exiting") @@ -206,4 +245,54 @@ def s3_get_bucket_objects_from_file(file): else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: - print("CTRL-C received, exiting...") \ No newline at end of file + print("CTRL-C received, exiting...") + + +def s3_download_file(bucket, file): + ''' + download a file from a S3 bucket + ''' + try: + client = boto3.resource('s3', region_name=region) + client.Bucket(bucket).download_file(file, '{}/loot/{}'.format(os.getcwd(), file)) + print("file downloaded to: {}/loot/{}".format(os.getcwd(), file)) + + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == "404": + print("{} object does not exist.".format(file)) + elif e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("The AWS KEY IS INVALID. Exiting") + elif e.response['Error']['Code'] == 'NotSignedUp': + print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + + +def s3_upload_file(bucket, source_file, dest_file): + ''' + upload a file to a S3 bucket + ''' + try: + client = boto3.resource('s3', region_name=region) + client.meta.client.upload_file(source_file, bucket, dest_file) + + print("{} uploaded to: {}/{}".format(source_file, bucket, dest_file)) + except FileNotFoundError as e: + print("[-] {} not found [-]".format(source_file)) + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == "404": + print("{} object does not exist.".format(file)) + elif e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("The AWS KEY IS INVALID. Exiting") + elif e.response['Error']['Code'] == 'NotSignedUp': + print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'SubscriptionRequiredException': + print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) + else: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") diff --git a/modules/s3.py b/modules/s3.py index b88c53e..6b1772f 100644 --- a/modules/s3.py +++ b/modules/s3.py @@ -7,23 +7,47 @@ from libs.s3 import * def module_s3_get_bucket_policy(*args): ''' - S3 list specific bucket acl and policy + S3 list specific bucket contents, acl and policy python3 weirdAAL.py -m s3_get_bucket_policy -a 'bucket' -t yolo ''' s3_get_bucket_policy(args[0][0]) +def module_s3_download_file(*args): + ''' + S3 download a file from specified bucket + python3 weirdAAL.py -m s3_download_file -a 'bucket','file' -t yolo + ''' + s3_download_file(args[0][0], args[0][1]) + + +def module_s3_upload_file(*args): + ''' + S3 upload a file to the specified bucket + python3 weirdAAL.py -m s3_upload_file -a 'bucket','source_file', 'dest_file' -t yolo + ''' + s3_upload_file(args[0][0], args[0][1], args[0][2]) + + def module_s3_list_buckets(): ''' - S3 list buckets + S3 list buckets for account python3 weirdAAL.py -m s3_list_buckets -t yolo ''' s3_get_objects_for_account() +def module_s3_list_bucket_contents(*args): + ''' + S3 list specific bucket contents + python3 weirdAAL.py -m s3_list_bucket_contents -a "mybucket" -t yolo + ''' + s3_list_bucket_contents(args[0][0]) + + def module_s3_list_buckets_and_policies(): ''' - S3 list all buckets and their policies + S3 list all buckets contents and their policies python3 weirdAAL.py -m s3_list_buckets_and_policies -t yolo ''' s3_get_objects_for_account_detailed() @@ -34,4 +58,4 @@ def module_s3_list_buckets_from_file(*args): S3 list buckets python3 weirdAAL.py -m s3_list_buckets_from_file -a 'bucket_list.txt' -t yolo ''' - s3_get_bucket_objects_from_file(args[0][0]) \ No newline at end of file + s3_get_bucket_objects_from_file(args[0][0])