diff --git a/create_dbs.py b/create_dbs.py new file mode 100644 index 0000000..2fab322 --- /dev/null +++ b/create_dbs.py @@ -0,0 +1,12 @@ +import sqlite3 +from sqlite3 import Error + +from libs.sql import * + + +#create some tables to stick data in + +if __name__ == "__main__": + db_name = "weirdAAL.db" + create_awskey_table(db_name, "AWSKey") + create_recon_table(db_name, "recon") \ No newline at end of file diff --git a/libs/aws_lambda.py b/libs/aws_lambda.py index 00b942c..fabf78d 100644 --- a/libs/aws_lambda.py +++ b/libs/aws_lambda.py @@ -13,7 +13,7 @@ pp = pprint.PrettyPrinter(indent=5, width=80) regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] def list_functions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print("### Listing Lambda Functions ###") + print ("### Listing Lambda Functions ###") try: for region in regions: client = boto3.client( @@ -26,21 +26,21 @@ def list_functions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): response = client.list_functions() if response.get('Functions') is None: - print "{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID) + print ("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['Functions']) <= 0: - print "[-] ListFunctions allowed for {} but no results [-]" .format(region) + print ("[-] ListFunctions allowed for {} but no results [-]" .format(region)) else: #THIS PART IS UNTESTED for r in response['Functions']: #for i in r['Instances']: pp.pprint(r) - print("\n") + print ("\n") except botocore.exceptions.ClientError as e: - print e + print (e) except KeyboardInterrupt: - print("CTRL-C received, exiting...") + print ("CTRL-C received, exiting...") def list_event_source_mappings(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): - print("### Listing Lambda Event Source Mappings ###") + print ("### Listing Lambda Event Source Mappings ###") try: for region in regions: client = boto3.client( @@ -53,15 +53,15 @@ def list_event_source_mappings(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): response = client.list_event_source_mappings() if response.get('EventSourceMappings') is None: - print "{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID) + print ("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['EventSourceMappings']) <= 0: - print "[-] ListEventSourceMappings allowed for {} but no results [-]" .format(region) + print ("[-] ListEventSourceMappings allowed for {} but no results [-]" .format(region)) else: for r in response['EventSourceMappings']: #for i in r['Instances']: pp.pprint(r) - print("\n") + print ("\n") except botocore.exceptions.ClientError as e: - print e + print (e) except KeyboardInterrupt: - print("CTRL-C received, exiting...") \ No newline at end of file + print("CTRL-C received, exiting...") diff --git a/libs/brute.py b/libs/brute.py index 859ff7c..4368787 100644 --- a/libs/brute.py +++ b/libs/brute.py @@ -1,10 +1,24 @@ +from __future__ import print_function + import boto3 import botocore +import json +import logging import pprint import sys +import datetime #change as required once we decide time format + +from libs.sql import * + + +# we chould probably load this from one place in the future #TODO +db_name = "weirdAAL.db" pp = pprint.PrettyPrinter(indent=5, width=80) +logging.basicConfig(level=logging.ERROR, format='%(message)s',filename='target.txt', filemode='w') + + #from http://docs.aws.amazon.com/general/latest/gr/rande.html regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] @@ -42,23 +56,23 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): try: profile = client.get_login_profile(UserName=user['UserName']) if profile: - print('User {} likely has console access and the password can be reset :-)' .format(user['UserName'])) - print("Checking for MFA on account") + print ('User {} likely has console access and the password can be reset :-)' .format(user['UserName'])) + print ("Checking for MFA on account") mfa = client.list_mfa_devices(UserName=user['UserName']) - print mfa['MFADevices'] + print (mfa['MFADevices']) except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'NoSuchEntity': print("[-]: user '{}' likely doesnt have console access" .format(user['UserName'])) else: - print "Unexpected error: {}" .format(e) + print ("Unexpected error: {}" .format(e)) except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print ("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -75,6 +89,24 @@ def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, ser if actions: print ("\n[+] {} Actions allowed are [+]" .format(service)) print (actions) + timenow = datetime.datetime.now() + + db_logger = [] + for action in actions: + db_logger.append([service, action, AWS_ACCESS_KEY_ID, timenow]) + #print (db_logger) + + #scrapped the json logging idea but keeping it here just in case + #data = json.dumps({'time' : timenow, 'service' : service, 'actions' : actions, 'target' : 'passed_in_target'}) + #logging.critical(data) + + #logging to db here + try: + insert_reconservice_data(db_name, db_logger) + except sqlite3.OperationalError as e: + print (e) + print ("You need to set up the database...exiting") + sys.exit() print ("\n") else: print ("\n[-] No {} actions allowed [-]" .format(service)) @@ -90,7 +122,7 @@ def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service method(*args, **kwargs) #print method --wont return anything on dryrun except botocore.exceptions.EndpointConnectionError as e: - print e + print (e) continue except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -103,7 +135,7 @@ def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service actions.append(api_action) else: - print e + print (e) continue else: print('{} IS allowed' .format(api_action)) diff --git a/libs/cloudwatch.py b/libs/cloudwatch.py index d059db0..9dc66c3 100644 --- a/libs/cloudwatch.py +++ b/libs/cloudwatch.py @@ -15,13 +15,13 @@ regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', ' def describe_alarms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing Cloudwatch Alarm Information ###") try: - for region in regions: - client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + for region in regions: + client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) - response = client.describe_alarms() - print"### {} Alarms ###" .format(region) - for alarm in response['MetricAlarms']: - pp.pprint(alarm) + response = client.describe_alarms() + print ("### {} Alarms ###" .format(region)) + for alarm in response['MetricAlarms']: + pp.pprint(alarm) print("\n") except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': @@ -29,60 +29,60 @@ def describe_alarms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print ("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") def describe_alarm_history(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing Cloudwatch Alarm History Information ###") try: - for region in regions: - client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region) + for region in regions: + client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region) - response = client.describe_alarm_history() - #print response - if response.get('AlarmHistoryItems') is None: - print "{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID) - elif len(response['AlarmHistoryItems']) <= 0: - print "[-] DecribeAlarmHistory allowed for {} but no results [-]" .format(region) - else: - print"### {} Alarm History ###" .format(region) - for history_item in response['AlarmHistoryItems']: - pp.pprint(history_item) + response = client.describe_alarm_history() + #print response + if response.get('AlarmHistoryItems') is None: + print ("{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['AlarmHistoryItems']) <= 0: + print ("[-] DecribeAlarmHistory allowed for {} but no results [-]" .format(region)) + else: + print ("### {} Alarm History ###" .format(region)) + for history_item in response['AlarmHistoryItems']: + pp.pprint(history_item) print("\n") except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': - print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) + print ('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print ("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") def list_metrics(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing Cloudwatch List Metrics ###") try: - for region in regions: - client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region) + for region in regions: + client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region) - response = client.list_metrics() - #print response - if response.get('Metrics') is None: - print "{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID) - elif len(response['Metrics']) <= 0: - print "[-] ListMetrics allowed for {} but no results [-]" .format(region) - else: - print"### Listing Metrics for {} ###" .format(region) - for metrics in response['Metrics']: - pp.pprint(metrics) + response = client.list_metrics() + #print response + if response.get('Metrics') is None: + print ("{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['Metrics']) <= 0: + print ("[-] ListMetrics allowed for {} but no results [-]" .format(region)) + else: + print ("### Listing Metrics for {} ###" .format(region)) + for metrics in response['Metrics']: + pp.pprint(metrics) print("\n") except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': - print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) + print ('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print ("Unexpected error: {}" .format(e)) except KeyboardInterrupt: - print("CTRL-C received, exiting...") + print ("CTRL-C received, exiting...") diff --git a/libs/datapipeline.py b/libs/datapipeline.py index 39cc3fc..0307586 100644 --- a/libs/datapipeline.py +++ b/libs/datapipeline.py @@ -21,21 +21,21 @@ def list_pipelines(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): response = client.list_pipelines() print"### {} Data Pipelines ###" .format(region) if response.get('pipelineIdList') is None: - print "{} likely does not have Data Pipeline permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have Data Pipeline permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['pipelineIdList']) <= 0: - print "[-] ListPipelines allowed for {} but no results [-]" .format(region) + print("[-] ListPipelines allowed for {} but no results [-]" .format(region)) else: print"### {} Data Pipelines ###" .format(region) for pipes in response['pipelineIdList']: pp.pprint(pipes) print("\n") - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") diff --git a/libs/dynamodb.py b/libs/dynamodb.py index bdaee76..ee8ee94 100644 --- a/libs/dynamodb.py +++ b/libs/dynamodb.py @@ -20,22 +20,22 @@ def list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): response = client.list_tables() if response.get('TableNames') is None: - print "{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['TableNames']) <= 0: - print "[-] ListTables allowed for {} but no results [-]" .format(region) + print("[-] ListTables allowed for {} but no results [-]" .format(region)) else: print"### {} DynamoDB Tables ###" .format(region) for tables in response['TableNames']: pp.pprint(tables) print("\n") - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -47,55 +47,54 @@ def list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): response = client.list_tables() if response.get('TableNames') is None: - print "{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['TableNames']) <= 0: - print "[-] ListTables allowed for {} but no results [-]" .format(region) + print("[-] ListTables allowed for {} but no results [-]" .format(region)) else: print"### {} DynamoDB Tables ###" .format(region) for tables in response['TableNames']: #pp.pprint(tables) describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, tables, region) print("\n") - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") def describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, table, region): - print "### Describing DynamoDB Table: {} ###" .format(table) + print("### Describing DynamoDB Table: {} ###" .format(table)) try: client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) response = client.describe_table(TableName=table) if response.get('Table') is None: - print "{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['Table']) <= 0: - print "[-] DescribeTable allowed for {} but no results [-]" .format(region) + print("[-] DescribeTable allowed for {} but no results [-]" .format(region)) else: - print "TableArn: {}" .format(response['Table']['TableArn']) - print "AttributeDefinitions: {}" .format(response['Table']['AttributeDefinitions']) - print "ProvisionedThroughput: {}" .format(response['Table']['ProvisionedThroughput']) - print "TableSizeBytes: {}" .format(response['Table']['TableSizeBytes']) - print "TableName: {}" .format(response['Table']['TableName']) - print "TableStatus: {}" .format(response['Table']['TableStatus']) - print "KeySchema: {}" .format(response['Table']['KeySchema']) - print "ItemCount: {}" .format(response['Table']['ItemCount']) - print "CreationDateTime: {}" .format(response['Table']['CreationDateTime']) + print("TableArn: {}" .format(response['Table']['TableArn'])) + print("AttributeDefinitions: {}" .format(response['Table']['AttributeDefinitions'])) + print("ProvisionedThroughput: {}" .format(response['Table']['ProvisionedThroughput'])) + print("TableSizeBytes: {}" .format(response['Table']['TableSizeBytes'])) + print("TableName: {}" .format(response['Table']['TableName'])) + print("TableStatus: {}" .format(response['Table']['TableStatus'])) + print("KeySchema: {}" .format(response['Table']['KeySchema'])) + print("ItemCount: {}" .format(response['Table']['ItemCount'])) + print("CreationDateTime: {}" .format(response['Table']['CreationDateTime'])) print("\n") - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") - diff --git a/libs/dynamodbstreams.py b/libs/dynamodbstreams.py index 11dde44..cf7a3a8 100644 --- a/libs/dynamodbstreams.py +++ b/libs/dynamodbstreams.py @@ -21,9 +21,9 @@ def list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): response = client.list_streams() if response.get('Streams') is None: - print "{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['Streams']) <= 0: - print "[-] ListStreams allowed for {} but no results [-]" .format(region) + print("[-] ListStreams allowed for {} but no results [-]" .format(region)) else: print"### {} DynamoDB Streams ###" .format(region) for streams in response['Streams']: @@ -36,6 +36,6 @@ def list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") \ No newline at end of file diff --git a/libs/ecr.py b/libs/ecr.py index e90c172..82cc1f1 100644 --- a/libs/ecr.py +++ b/libs/ecr.py @@ -23,9 +23,9 @@ def describe_repositories(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): #print response if response.get('repositories') is None: - print "{} likely does not have ECR permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have ECR permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['repositories']) <= 0: - print "[-] DescribeRepositories allowed for {} but no results [-]" .format(region) + print("[-] DescribeRepositories allowed for {} but no results [-]" .format(region)) else: print"### {} ECR Repositories ###" .format(region) for tables in response['repositories']: @@ -38,6 +38,6 @@ def describe_repositories(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") diff --git a/libs/elasticbeanstalk.py b/libs/elasticbeanstalk.py index 79a7d9c..8483523 100644 --- a/libs/elasticbeanstalk.py +++ b/libs/elasticbeanstalk.py @@ -23,9 +23,9 @@ def describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): #print response if response.get('Applications') is None: - print "{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['Applications']) <= 0: - print "[-] DescribeApplications allowed for {} but no results [-]" .format(region) + print("[-] DescribeApplications allowed for {} but no results [-]" .format(region)) else: print"### {} ElasticBeanstalk Applications ###" .format(region) for app in response['Applications']: @@ -38,7 +38,7 @@ def describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -53,9 +53,9 @@ def describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): #print response if response.get('ApplicationVersions') is None: - print "{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['ApplicationVersions']) <= 0: - print "[-] DescribeApplicationVersions allowed for {} but no results [-]" .format(region) + print("[-] DescribeApplicationVersions allowed for {} but no results [-]" .format(region)) else: print"### {} ElasticBeanstalk Application Versions ###" .format(region) for app in response['ApplicationVersions']: @@ -68,7 +68,7 @@ def describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -83,17 +83,17 @@ def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): #print response if response.get('Options') is None: - print "{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['Options']) <= 0: - print "[-] DescribeConfigurationOptions allowed for {} but no results [-]" .format(region) + print("[-] DescribeConfigurationOptions allowed for {} but no results [-]" .format(region)) else: print"### {} ElasticBeanstalk Configuration Options ###" .format(region) #if response['PlatformArn'] is None: # pass #else: - # print "PlatformArn: {}" .format(response['PlatformArn']) + # print("PlatformArn: {}" .format(response['PlatformArn'])) - print "SolutionStackName: {}" .format(response['SolutionStackName']) + print("SolutionStackName: {}" .format(response['SolutionStackName'])) pp.pprint( "Options: {}" .format(response['Options'])) print("\n") @@ -103,7 +103,7 @@ def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -118,9 +118,9 @@ def describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): #print response if response.get('Environments') is None: - print "{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['Environments']) <= 0: - print "[-] DescribeEnvironments allowed for {} but no results [-]" .format(region) + print("[-] DescribeEnvironments allowed for {} but no results [-]" .format(region)) else: print"### {} ElasticBeanstalk Environments ###" .format(region) for enviro in response['Environments']: @@ -133,7 +133,7 @@ def describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -148,9 +148,9 @@ def describe_events(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): #print response if response.get('Events') is None: - print "{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['Events']) <= 0: - print "[-] DescribeEvents allowed for {} but no results [-]" .format(region) + print("[-] DescribeEvents allowed for {} but no results [-]" .format(region)) else: print"### {} ElasticBeanstalk Events ###" .format(region) for events in response['Events']: @@ -163,7 +163,7 @@ def describe_events(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") diff --git a/libs/emr.py b/libs/emr.py index 9d8c1be..f405214 100644 --- a/libs/emr.py +++ b/libs/emr.py @@ -23,9 +23,9 @@ def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): #print response if response.get('Clusters') is None: - print "{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['Clusters']) <= 0: - print "[-] ListClusters allowed for {} but no results [-]" .format(region) + print("[-] ListClusters allowed for {} but no results [-]" .format(region)) else: print"### {} EMR Clusters ###" .format(region) for app in response['Clusters']: @@ -38,7 +38,7 @@ def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -53,9 +53,9 @@ def list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): #print response if response.get('SecurityConfigurations') is None: - print "{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['SecurityConfigurations']) <= 0: - print "[-] ListSecurityConfigurations allowed for {} but no results [-]" .format(region) + print("[-] ListSecurityConfigurations allowed for {} but no results [-]" .format(region)) else: print"### {} EMR Security Configuration ###" .format(region) for app in response['SecurityConfigurations']: @@ -68,7 +68,7 @@ def list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") diff --git a/libs/iam.py b/libs/iam.py index 1611866..6044679 100644 --- a/libs/iam.py +++ b/libs/iam.py @@ -44,7 +44,7 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): if e.response['Error']['Code'] == 'NoSuchEntity': print("[-]: user '{}' likely doesnt have console access" .format(user['UserName'])) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': @@ -52,7 +52,7 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): if e.response['Error']['Code'] == 'AccessDenied': print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -69,7 +69,7 @@ def change_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, usern elif e.response['Error']['Code'] == 'NoSuchEntity': print("[-]: User likely doesnt have console access") else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -87,7 +87,7 @@ def create_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, usern elif e.response['Error']['Code'] == 'NoSuchEntity': print("[-]: User likely doesnt have console access") else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -100,7 +100,7 @@ def get_password_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("Account Password Policy:") pp.pprint(pass_policy['PasswordPolicy']) except botocore.exceptions.ClientError as e: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -117,7 +117,7 @@ def create_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): if e.response['Error']['Code'] == 'EntityAlreadyExists': print("ERROR: The provided user: {} already exists" .format(username)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -129,7 +129,7 @@ def create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): print("Creating a new access key for: {}" .format(username)) pp.pprint(create_access_key['AccessKey']) except botocore.exceptions.ClientError as e: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -144,7 +144,7 @@ def delete_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, access if e.response['Error']['Code'] == 'NoSuchEntity': print("ERROR: The provided AccessKey doesnt exist") else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -159,7 +159,7 @@ def delete_mfa_device(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, mfaser if e.response['Error']['Code'] == 'NoSuchEntity': print("ERROR: The provided AccessKey doesnt exist") else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -176,7 +176,7 @@ def make_admin(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): if e.response['Error']['Code'] == 'AccessDenied': print("ERROR: Account does not have permissions to add the policy") else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -191,6 +191,6 @@ def make_backdoor_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, pa create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,username) except botocore.exceptions.ClientError as e: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") diff --git a/libs/opsworks.py b/libs/opsworks.py index 4632462..f2203ef 100644 --- a/libs/opsworks.py +++ b/libs/opsworks.py @@ -24,21 +24,21 @@ def describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): #debug print response if response.get('Stacks') is None: - print "{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['Stacks']) <= 0: - print "[-] DescribeStacks allowed for {} but no results (everyone seems to have this permission) [-]\n" .format(region) + print("[-] DescribeStacks allowed for {} but no results (everyone seems to have this permission) [-]\n" .format(region)) else: #THIS PART IS UNTESTED for r in response['Stacks']: pp.pprint(r) except botocore.exceptions.EndpointConnectionError as e: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'EndpointConnectionError': - print "[-] Cant connect to the {} endpoint [-]" .format(region) + print("[-] Cant connect to the {} endpoint [-]" .format(region)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") diff --git a/libs/route53.py b/libs/route53.py index b241fa2..c7b6163 100644 --- a/libs/route53.py +++ b/libs/route53.py @@ -26,9 +26,9 @@ def list_geolocations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): #print response if response.get('GeoLocationDetailsList') is None: - print "{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['GeoLocationDetailsList']) <= 0: - print "[-] ListGeoLocations allowed for {} but no results [-]" .format(region) + print("[-] ListGeoLocations allowed for {} but no results [-]" .format(region)) else: print"### {} Route53 GeoLocations ###" .format(region) for app in response['GeoLocationDetailsList']: @@ -41,7 +41,7 @@ def list_geolocations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif e.response['Error']['Code'] == 'AccessDenied': print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") diff --git a/libs/s3.py b/libs/s3.py index c67b7d7..1aec960 100644 --- a/libs/s3.py +++ b/libs/s3.py @@ -25,7 +25,7 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket): print('[+] '+ key['Key'].encode('utf-8').strip()) #print(key['Key']) #first 100 results except KeyError as e: - print "KeyError havent tracked down reason yet" + print ("KeyError havent tracked down reason yet") except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'AccessDenied': print('{} : cant list s3 bucket [AccessDenied]' .format(AWS_ACCESS_KEY_ID)) @@ -34,7 +34,7 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket): elif e.response['Error']['Code'] == 'AllAccessDisabled': print('{} : cant list s3 bucket [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print ("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -55,7 +55,7 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket): elif e.response['Error']['Code'] == 'AllAccessDisabled': print('{} : cant list s3 bucket policy [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print ("Unexpected error: {}" .format(e)) try: acl = client.get_bucket_acl(Bucket=bucket) @@ -74,7 +74,7 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket): elif e.response['Error']['Code'] == 'AllAccessDisabled': print('{} : cant list s3 bucket acl [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print ("Unexpected error: {}" .format(e)) except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': @@ -82,7 +82,7 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket): elif e.response['Error']['Code'] == 'NotSignedUp': print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print ("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -100,7 +100,7 @@ def get_s3object_acl(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket, myfile): myobject = myfile print('#### Trying to enumate s3 ACL for {}:{} ####\n '.format(bucket, myfile)) acl = client.get_object_acl(Bucket=bucket,Key=myfile) - print acl + print (acl) except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': @@ -108,7 +108,7 @@ def get_s3object_acl(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket, myfile): elif e.response['Error']['Code'] == 'NotSignedUp': print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print ("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -134,7 +134,7 @@ def get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif e.response['Error']['Code'] == 'NotSignedUp': print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print ("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -159,6 +159,6 @@ def get_s3objects_for_account_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) elif e.response['Error']['Code'] == 'NotSignedUp': print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) else: - print "Unexpected error: {}" .format(e) + print ("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") diff --git a/libs/sql.py b/libs/sql.py new file mode 100644 index 0000000..e2d609b --- /dev/null +++ b/libs/sql.py @@ -0,0 +1,71 @@ +import sqlite3 +from sqlite3 import Error + +def create_table(db_name,table_name,sql): + with sqlite3.connect(db_name) as db: + cursor = db.cursor() + cursor.execute("""SELECT name FROM sqlite_master WHERE name=?""",(table_name,)) + result = cursor.fetchall() + keep_table = True + if len(result) == 1: + #python 3 + response = input("The table {} already exists, do you wish to recreate it? (y/n): ".format(table_name)) + if response == "y": + keep_table = False + print("The {} table will be recreated - all existing data will be lost".format(table_name)) + cursor.execute("drop table if exists {}".format(table_name)) + db.commit() + else: + print("The existing table was kept") + else: + keep_table = False + if not keep_table: + cursor.execute(sql) + db.commit() + +def create_recon_table(db_name, table_name): + sql = """CREATE TABLE recon + (ID integer, + service text, + sub_service text, + AWSKeyID text, + checked_at text, + PRIMARY KEY (ID))""" + #FOREIGN KEY (AWSKeyID) references AWSKey(ID))""" + create_table(db_name,table_name,sql) + print ("created table: {}".format(table_name)) + +def create_awskey_table(db_name, table_name): + sql = """CREATE TABLE AWSKey + (ID integer, + AWSKeyID Text, + Description text, + PRIMARY KEY(ID))""" + create_table(db_name,table_name,sql) + print ("created table: {}".format(table_name)) + + +def insert_awskey_data(db_name, records): + sql = """INSERT INTO AWSKey(AWSKeyID, Description) VALUES (?,?)""" + for record in records: + query(db_name, sql,record) + +def insert_reconservice_data(db_name, records): + sql = """INSERT INTO recon(service, sub_service, AWSKeyID, checked_at) VALUES (?,?,?,?)""" + for record in records: + query(db_name,sql,record) + +def search_recon_by_key(db_name,AWSKeyID): + with sqlite3.connect(db_name) as db: + cursor = db.cursor() + cursor.execute("""SELECT service,sub_service FROM recon WHERE AWSKeyID=?""",(AWSKeyID,)) + results = cursor.fetchall() + return results + +def query(db_name,sql,data): + with sqlite3.connect(db_name) as db: + cursor = db.cursor() + #cursor.execute("""PRAGMA foreign_keys = ON""") + cursor.execute(sql,data) + db.commit() + diff --git a/logging_list_monitoring_configuration.py b/logging_list_monitoring_configuration.py index a0fb1be..6ef909d 100644 --- a/logging_list_monitoring_configuration.py +++ b/logging_list_monitoring_configuration.py @@ -44,7 +44,7 @@ for region in regions: print_config_text(config_service_text) if response.get('ConfigurationRecorders') is None: - print "{} likely does not have Config permissions\n" .format(AWS_ACCESS_KEY_ID) + print("{} likely does not have Config permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['ConfigurationRecorders']) <= 0: print("NO CONFIGURATION DETECTED") else: diff --git a/recon_find_all_permissions.py b/recon_find_all_permissions.py index ce107c7..1c7ff0b 100644 --- a/recon_find_all_permissions.py +++ b/recon_find_all_permissions.py @@ -1,28 +1,32 @@ +from __future__ import print_function + from libs.brute import * from libs.s3 import * + from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_acm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#AlexaForBusiness +# AlexaForBusiness brute_apigateway_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#Application Auto Scaling +# Application Auto Scaling brute_appstream_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#AppSync no usable functions +# AppSync no usable functions brute_athena_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_autoscaling_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#AutoScalingPlans +# AutoScalingPlans brute_batch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#CostExplorer -brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) +# CostExplorer +# brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) Was working now its not brute_clouddirectory_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cloudformation_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cloudfront_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cloudhsm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#cloudhsmv2 +# cloudhsmv2 brute_cloudsearch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#CloudSearchDomain +# CloudSearchDomain brute_cloudtrail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cloudwatch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_codebuild_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) @@ -33,14 +37,14 @@ brute_codestar_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cognitoidentity_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cognitoidp_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cognitosync_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#Comprehend +# Comprehend brute_configservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#brute_costandusagereportservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) #Could not connect to the endpoint URL: "https://cur.us-west-2.amazonaws.com/" +# brute_costandusagereportservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) #Could not connect to the endpoint URL: "https://cur.us-west-2.amazonaws.com/" brute_datapipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#DAX +# DAX brute_devicefarm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_directconnect_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -brute_applicationdiscoveryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) +brute_applicationdiscoveryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_dms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_directoryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_dynamodb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) @@ -60,80 +64,80 @@ brute_cloudwatchevents_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_firehose_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_gamelift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_glacier_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#Glue -brute_greengrass_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) #in the docs but not in the codebase? -#GuardDuty +# Glue +brute_greengrass_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) +# GuardDuty brute_health_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_iam_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_importexport_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_inspector_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_iot_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#IoTDataPlane no functions -#IoTJobsDataPlane +# IoTDataPlane no functions +# IoTJobsDataPlane brute_kinesis_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#KinesisVideoArchivedMedia -#KinesisVideoMedia +# KinesisVideoArchivedMedia +# KinesisVideoMedia brute_kinesisanalytics_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#KinesisVideo +# KinesisVideo brute_kms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_lambda_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_lexmodels_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#LexRuntimeService #no functions +# LexRuntimeService #no functions brute_lightsail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cloudwatchlogs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_machinelearning_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#marketplace-entitlement no functions -#marketplacecommerceanalytics no functions -#MediaConvert -#MediaLive -#MediaPackage -#MediaStore -#MediaStore-Data -#MarketplaceMetering no functions -#MigrationHub -#Mobile -#MQ +# marketplace-entitlement no functions +# marketplacecommerceanalytics no functions +# MediaConvert +# MediaLive +# MediaPackage +# MediaStore +# MediaStore-Data +# MarketplaceMetering no functions +# MigrationHub +# Mobile +# MQ brute_mturk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_opsworks_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_opsworkscm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_organizations_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#PinPoint no functions +# PinPoint no functions brute_polly_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#Pricing +# Pricing brute_rds_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_redshift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_rekognition_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#ResourceGroups +# ResourceGroups brute_resourcegroupstaggingapi_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_route53_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_route53domains_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_s3_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#SageMaker -#SageMakerRuntime +# SageMaker +# SageMakerRuntime brute_sdb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#ServerlessApplicationRepository +# ServerlessApplicationRepository brute_servicecatalog_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#ServiceDiscovery +# ServiceDiscovery brute_ses_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_shield_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_sms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_snowball_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_sns_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_sqs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#SSM +# SSM brute_stepfunctions_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#StorageGateway +# StorageGateway brute_sts_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#Support -#SWF -#TranscribeService -#Translate -#WAF -#WAFRegional -#WorkDocs -#WorkMail +# Support +# SWF +# TranscribeService +# Translate +# WAF +# WAFRegional +# WorkDocs +# WorkMail brute_workspaces_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -#XRay no functions +# XRay no functions -#S3 bucket's while we are here... +# S3 bucket's while we are here... get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) diff --git a/s3_list_bucket_contents.py b/s3_list_bucket_contents.py index 21e3757..3ce0cea 100644 --- a/s3_list_bucket_contents.py +++ b/s3_list_bucket_contents.py @@ -3,7 +3,7 @@ from libs.s3 import * from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY if len(sys.argv) < 2: - print "must specify bucket: {} ".format(sys.argv[0]) + print("must specify bucket: {} ".format(sys.argv[0])) sys.exit(-1) #Attempt to list the contents of the bucket diff --git a/show_services_by_key.py b/show_services_by_key.py new file mode 100644 index 0000000..e5aa37c --- /dev/null +++ b/show_services_by_key.py @@ -0,0 +1,14 @@ +import sqlite3 +from sqlite3 import Error + +from libs.sql import * + +from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY + + +if __name__ == "__main__": + db_name = "weirdAAL.db" + results = search_recon_by_key(db_name,AWS_ACCESS_KEY_ID) + print("Services enumerated for {}".format(AWS_ACCESS_KEY_ID)) + for result in results: + print("{}:{}".format(result[0],result[1])) \ No newline at end of file diff --git a/test_insert.py b/test_insert.py new file mode 100644 index 0000000..83c14cf --- /dev/null +++ b/test_insert.py @@ -0,0 +1,18 @@ +import datetime +import sqlite3 +from sqlite3 import Error + +from libs.sql import * + + +#create some tables to stick data in + +if __name__ == "__main__": + db_name = "weirdAAL.db" + timenow = datetime.datetime.now() + + test_aws_key = [("AKIAIOSFODNN7EXAMPLE", "some test shit")] + insert_awskey_data(db_name,test_aws_key) + + test_service_data = [("ec2","DescribeInstances","AKIAIOSFODNN7EXAMPLE", timenow),("ecr","DescribeRepositories","AKIAIOSFODNN7EXAMPLE",timenow)] + insert_reconservice_data(db_name, test_service_data) \ No newline at end of file diff --git a/weirdAAL.py b/weirdAAL.py index 9792e0c..6045b5a 100755 --- a/weirdAAL.py +++ b/weirdAAL.py @@ -14,7 +14,10 @@ from botocore.exceptions import ClientError parser = argparse.ArgumentParser() parser.add_argument("-s", "--step", help="list the step you would like to run", -action="store", type=int, required=True) +action="store", type=str, required=True) +parser.add_argument("-t", "--target", help="Give your target a name so we can track results", +action="store", type=str, required=True) +parser.add_argument("-l", "--list", help="list steps", action="store_true") parser.add_argument("-v", "--verbosity", help="increase output verbosity", action="store_true") args = parser.parse_args() @@ -25,6 +28,17 @@ def perform_credential_check(): account_id = client.get_caller_identity()["Account"] except ClientError as e: print("The AWS Access Keys are not valid/active") + #exit(1) + +def step_recon(): + print("!!!") + +def method_create(): + try: + arg = eval("step_" + args.step) + return arg + except NameError: + print("That step does not exist") exit(1) # Need to figure out if we have keys in the ENV or not @@ -32,17 +46,17 @@ if AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY: perform_credential_check() else: print("Please supply keys as outlined in our README.md file") - exit(1) + #exit(1) + +if (args.list): + pass # We need the user to tell us the step they want to proceed on -if (args.step == 1): - print("Beginning step 1") -elif (args.step == 2): - print("Beginning step 2") -elif (args.step == 3): - print("Beginning step 3") -else: - print("We need a valid step to continue...") +if (args.step): + arg = method_create() + if callable(arg): + arg() + # Allow the user to specify verbosity for debugging