dash/weirdAAL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #19 from carnal0wnage/cg_build_in_some_logic

Browse Source 
Cg build in some logic
This commit is contained in:
Ken Johnson
2018-04-05 19:02:46 -10:00
committed by GitHub
parent 62e811968a ea5ed636d7
commit f09407ab8d
21 changed files with 366 additions and 202 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
create_dbs.py Normal file
View File

@@ -0,0 +1,12 @@
import sqlite3
from sqlite3 import Error
from libs.sql import *
#create some tables to stick data in
if __name__ == "__main__":
db_name = "weirdAAL.db"
create_awskey_table(db_name, "AWSKey")
create_recon_table(db_name, "recon")

24
libs/aws_lambda.py
View File

@@ -13,7 +13,7 @@ pp = pprint.PrettyPrinter(indent=5, width=80)
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
def list_functions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def list_functions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print("### Listing Lambda Functions ###") print ("### Listing Lambda Functions ###")
try: try:
for region in regions: for region in regions:
client = boto3.client( client = boto3.client(
@@ -26,21 +26,21 @@ def list_functions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
response = client.list_functions() response = client.list_functions()
if response.get('Functions') is None: if response.get('Functions') is None:
print "{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID) print ("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Functions']) <= 0: elif len(response['Functions']) <= 0:
print "[-] ListFunctions allowed for {} but no results [-]" .format(region) print ("[-] ListFunctions allowed for {} but no results [-]" .format(region))
else: #THIS PART IS UNTESTED else: #THIS PART IS UNTESTED
for r in response['Functions']: for r in response['Functions']:
#for i in r['Instances']: #for i in r['Instances']:
pp.pprint(r) pp.pprint(r)
print("\n") print ("\n")
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
print e print (e)
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print ("CTRL-C received, exiting...")
def list_event_source_mappings(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def list_event_source_mappings(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print("### Listing Lambda Event Source Mappings ###") print ("### Listing Lambda Event Source Mappings ###")
try: try:
for region in regions: for region in regions:
client = boto3.client( client = boto3.client(
@@ -53,15 +53,15 @@ def list_event_source_mappings(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
response = client.list_event_source_mappings() response = client.list_event_source_mappings()
if response.get('EventSourceMappings') is None: if response.get('EventSourceMappings') is None:
print "{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID) print ("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['EventSourceMappings']) <= 0: elif len(response['EventSourceMappings']) <= 0:
print "[-] ListEventSourceMappings allowed for {} but no results [-]" .format(region) print ("[-] ListEventSourceMappings allowed for {} but no results [-]" .format(region))
else: else:
for r in response['EventSourceMappings']: for r in response['EventSourceMappings']:
#for i in r['Instances']: #for i in r['Instances']:
pp.pprint(r) pp.pprint(r)
print("\n") print ("\n")
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
print e print (e)
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")

46
libs/brute.py
View File

@@ -1,10 +1,24 @@
from __future__ import print_function
import boto3 import boto3
import botocore import botocore
import json
import logging
import pprint import pprint
import sys import sys
import datetime #change as required once we decide time format
from libs.sql import *
# we chould probably load this from one place in the future #TODO
db_name = "weirdAAL.db"
pp = pprint.PrettyPrinter(indent=5, width=80) pp = pprint.PrettyPrinter(indent=5, width=80)
logging.basicConfig(level=logging.ERROR, format='%(message)s',filename='target.txt', filemode='w')
#from http://docs.aws.amazon.com/general/latest/gr/rande.html #from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
@@ -42,23 +56,23 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
try: try:
profile = client.get_login_profile(UserName=user['UserName']) profile = client.get_login_profile(UserName=user['UserName'])
if profile: if profile:
print('User {} likely has console access and the password can be reset :-)' .format(user['UserName'])) print ('User {} likely has console access and the password can be reset :-)' .format(user['UserName']))
print("Checking for MFA on account") print ("Checking for MFA on account")
mfa = client.list_mfa_devices(UserName=user['UserName']) mfa = client.list_mfa_devices(UserName=user['UserName'])
print mfa['MFADevices'] print (mfa['MFADevices'])
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'NoSuchEntity': if e.response['Error']['Code'] == 'NoSuchEntity':
print("[-]: user '{}' likely doesnt have console access" .format(user['UserName'])) print("[-]: user '{}' likely doesnt have console access" .format(user['UserName']))
else: else:
print "Unexpected error: {}" .format(e) print ("Unexpected error: {}" .format(e))
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -75,6 +89,24 @@ def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, ser
if actions: if actions:
print ("\n[+] {} Actions allowed are [+]" .format(service)) print ("\n[+] {} Actions allowed are [+]" .format(service))
print (actions) print (actions)
timenow = datetime.datetime.now()
db_logger = []
for action in actions:
db_logger.append([service, action, AWS_ACCESS_KEY_ID, timenow])
#print (db_logger)
#scrapped the json logging idea but keeping it here just in case
#data = json.dumps({'time' : timenow, 'service' : service, 'actions' : actions, 'target' : 'passed_in_target'})
#logging.critical(data)
#logging to db here
try:
insert_reconservice_data(db_name, db_logger)
except sqlite3.OperationalError as e:
print (e)
print ("You need to set up the database...exiting")
sys.exit()
print ("\n") print ("\n")
else: else:
print ("\n[-] No {} actions allowed [-]" .format(service)) print ("\n[-] No {} actions allowed [-]" .format(service))
@@ -90,7 +122,7 @@ def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service
method(*args, **kwargs) method(*args, **kwargs)
#print method --wont return anything on dryrun #print method --wont return anything on dryrun
except botocore.exceptions.EndpointConnectionError as e: except botocore.exceptions.EndpointConnectionError as e:
print e print (e)
continue continue
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -103,7 +135,7 @@ def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service
actions.append(api_action) actions.append(api_action)
else: else:
print e print (e)
continue continue
else: else:
print('{} IS allowed' .format(api_action)) print('{} IS allowed' .format(api_action))

72
libs/cloudwatch.py
View File

@@ -15,13 +15,13 @@ regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', '
def describe_alarms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def describe_alarms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print("### Printing Cloudwatch Alarm Information ###") print("### Printing Cloudwatch Alarm Information ###")
try: try:
for region in regions: for region in regions:
client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
response = client.describe_alarms() response = client.describe_alarms()
print"### {} Alarms ###" .format(region) print ("### {} Alarms ###" .format(region))
for alarm in response['MetricAlarms']: for alarm in response['MetricAlarms']:
pp.pprint(alarm) pp.pprint(alarm)
print("\n") print("\n")
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
@@ -29,60 +29,60 @@ def describe_alarms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def describe_alarm_history(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def describe_alarm_history(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print("### Printing Cloudwatch Alarm History Information ###") print("### Printing Cloudwatch Alarm History Information ###")
try: try:
for region in regions: for region in regions:
client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region) client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region)
response = client.describe_alarm_history() response = client.describe_alarm_history()
#print response #print response
if response.get('AlarmHistoryItems') is None: if response.get('AlarmHistoryItems') is None:
print "{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID) print ("{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['AlarmHistoryItems']) <= 0: elif len(response['AlarmHistoryItems']) <= 0:
print "[-] DecribeAlarmHistory allowed for {} but no results [-]" .format(region) print ("[-] DecribeAlarmHistory allowed for {} but no results [-]" .format(region))
else: else:
print"### {} Alarm History ###" .format(region) print ("### {} Alarm History ###" .format(region))
for history_item in response['AlarmHistoryItems']: for history_item in response['AlarmHistoryItems']:
pp.pprint(history_item) pp.pprint(history_item)
print("\n") print("\n")
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) print ('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def list_metrics(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def list_metrics(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print("### Printing Cloudwatch List Metrics ###") print("### Printing Cloudwatch List Metrics ###")
try: try:
for region in regions: for region in regions:
client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region) client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region)
response = client.list_metrics() response = client.list_metrics()
#print response #print response
if response.get('Metrics') is None: if response.get('Metrics') is None:
print "{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID) print ("{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Metrics']) <= 0: elif len(response['Metrics']) <= 0:
print "[-] ListMetrics allowed for {} but no results [-]" .format(region) print ("[-] ListMetrics allowed for {} but no results [-]" .format(region))
else: else:
print"### Listing Metrics for {} ###" .format(region) print ("### Listing Metrics for {} ###" .format(region))
for metrics in response['Metrics']: for metrics in response['Metrics']:
pp.pprint(metrics) pp.pprint(metrics)
print("\n") print("\n")
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) print ('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print ("CTRL-C received, exiting...")

8
libs/datapipeline.py
View File

@@ -21,21 +21,21 @@ def list_pipelines(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
response = client.list_pipelines() response = client.list_pipelines()
print"### {} Data Pipelines ###" .format(region) print"### {} Data Pipelines ###" .format(region)
if response.get('pipelineIdList') is None: if response.get('pipelineIdList') is None:
print "{} likely does not have Data Pipeline permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have Data Pipeline permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['pipelineIdList']) <= 0: elif len(response['pipelineIdList']) <= 0:
print "[-] ListPipelines allowed for {} but no results [-]" .format(region) print("[-] ListPipelines allowed for {} but no results [-]" .format(region))
else: else:
print"### {} Data Pipelines ###" .format(region) print"### {} Data Pipelines ###" .format(region)
for pipes in response['pipelineIdList']: for pipes in response['pipelineIdList']:
pp.pprint(pipes) pp.pprint(pipes)
print("\n") print("\n")
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")

45
libs/dynamodb.py
View File

@@ -20,22 +20,22 @@ def list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
response = client.list_tables() response = client.list_tables()
if response.get('TableNames') is None: if response.get('TableNames') is None:
print "{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['TableNames']) <= 0: elif len(response['TableNames']) <= 0:
print "[-] ListTables allowed for {} but no results [-]" .format(region) print("[-] ListTables allowed for {} but no results [-]" .format(region))
else: else:
print"### {} DynamoDB Tables ###" .format(region) print"### {} DynamoDB Tables ###" .format(region)
for tables in response['TableNames']: for tables in response['TableNames']:
pp.pprint(tables) pp.pprint(tables)
print("\n") print("\n")
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -47,55 +47,54 @@ def list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
response = client.list_tables() response = client.list_tables()
if response.get('TableNames') is None: if response.get('TableNames') is None:
print "{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['TableNames']) <= 0: elif len(response['TableNames']) <= 0:
print "[-] ListTables allowed for {} but no results [-]" .format(region) print("[-] ListTables allowed for {} but no results [-]" .format(region))
else: else:
print"### {} DynamoDB Tables ###" .format(region) print"### {} DynamoDB Tables ###" .format(region)
for tables in response['TableNames']: for tables in response['TableNames']:
#pp.pprint(tables) #pp.pprint(tables)
describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, tables, region) describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, tables, region)
print("\n") print("\n")
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, table, region): def describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, table, region):
print "### Describing DynamoDB Table: {} ###" .format(table) print("### Describing DynamoDB Table: {} ###" .format(table))
try: try:
client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
response = client.describe_table(TableName=table) response = client.describe_table(TableName=table)
if response.get('Table') is None: if response.get('Table') is None:
print "{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Table']) <= 0: elif len(response['Table']) <= 0:
print "[-] DescribeTable allowed for {} but no results [-]" .format(region) print("[-] DescribeTable allowed for {} but no results [-]" .format(region))
else: else:
print "TableArn: {}" .format(response['Table']['TableArn']) print("TableArn: {}" .format(response['Table']['TableArn']))
print "AttributeDefinitions: {}" .format(response['Table']['AttributeDefinitions']) print("AttributeDefinitions: {}" .format(response['Table']['AttributeDefinitions']))
print "ProvisionedThroughput: {}" .format(response['Table']['ProvisionedThroughput']) print("ProvisionedThroughput: {}" .format(response['Table']['ProvisionedThroughput']))
print "TableSizeBytes: {}" .format(response['Table']['TableSizeBytes']) print("TableSizeBytes: {}" .format(response['Table']['TableSizeBytes']))
print "TableName: {}" .format(response['Table']['TableName']) print("TableName: {}" .format(response['Table']['TableName']))
print "TableStatus: {}" .format(response['Table']['TableStatus']) print("TableStatus: {}" .format(response['Table']['TableStatus']))
print "KeySchema: {}" .format(response['Table']['KeySchema']) print("KeySchema: {}" .format(response['Table']['KeySchema']))
print "ItemCount: {}" .format(response['Table']['ItemCount']) print("ItemCount: {}" .format(response['Table']['ItemCount']))
print "CreationDateTime: {}" .format(response['Table']['CreationDateTime']) print("CreationDateTime: {}" .format(response['Table']['CreationDateTime']))
print("\n") print("\n")
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")

6
libs/dynamodbstreams.py
View File

@@ -21,9 +21,9 @@ def list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
response = client.list_streams() response = client.list_streams()
if response.get('Streams') is None: if response.get('Streams') is None:
print "{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Streams']) <= 0: elif len(response['Streams']) <= 0:
print "[-] ListStreams allowed for {} but no results [-]" .format(region) print("[-] ListStreams allowed for {} but no results [-]" .format(region))
else: else:
print"### {} DynamoDB Streams ###" .format(region) print"### {} DynamoDB Streams ###" .format(region)
for streams in response['Streams']: for streams in response['Streams']:
@@ -36,6 +36,6 @@ def list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")

6
libs/ecr.py
View File

@@ -23,9 +23,9 @@ def describe_repositories(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response #print response
if response.get('repositories') is None: if response.get('repositories') is None:
print "{} likely does not have ECR permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have ECR permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['repositories']) <= 0: elif len(response['repositories']) <= 0:
print "[-] DescribeRepositories allowed for {} but no results [-]" .format(region) print("[-] DescribeRepositories allowed for {} but no results [-]" .format(region))
else: else:
print"### {} ECR Repositories ###" .format(region) print"### {} ECR Repositories ###" .format(region)
for tables in response['repositories']: for tables in response['repositories']:
@@ -38,6 +38,6 @@ def describe_repositories(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")

34
libs/elasticbeanstalk.py
View File

@@ -23,9 +23,9 @@ def describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response #print response
if response.get('Applications') is None: if response.get('Applications') is None:
print "{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Applications']) <= 0: elif len(response['Applications']) <= 0:
print "[-] DescribeApplications allowed for {} but no results [-]" .format(region) print("[-] DescribeApplications allowed for {} but no results [-]" .format(region))
else: else:
print"### {} ElasticBeanstalk Applications ###" .format(region) print"### {} ElasticBeanstalk Applications ###" .format(region)
for app in response['Applications']: for app in response['Applications']:
@@ -38,7 +38,7 @@ def describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -53,9 +53,9 @@ def describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response #print response
if response.get('ApplicationVersions') is None: if response.get('ApplicationVersions') is None:
print "{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['ApplicationVersions']) <= 0: elif len(response['ApplicationVersions']) <= 0:
print "[-] DescribeApplicationVersions allowed for {} but no results [-]" .format(region) print("[-] DescribeApplicationVersions allowed for {} but no results [-]" .format(region))
else: else:
print"### {} ElasticBeanstalk Application Versions ###" .format(region) print"### {} ElasticBeanstalk Application Versions ###" .format(region)
for app in response['ApplicationVersions']: for app in response['ApplicationVersions']:
@@ -68,7 +68,7 @@ def describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -83,17 +83,17 @@ def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response #print response
if response.get('Options') is None: if response.get('Options') is None:
print "{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Options']) <= 0: elif len(response['Options']) <= 0:
print "[-] DescribeConfigurationOptions allowed for {} but no results [-]" .format(region) print("[-] DescribeConfigurationOptions allowed for {} but no results [-]" .format(region))
else: else:
print"### {} ElasticBeanstalk Configuration Options ###" .format(region) print"### {} ElasticBeanstalk Configuration Options ###" .format(region)
#if response['PlatformArn'] is None: #if response['PlatformArn'] is None:
# pass # pass
#else: #else:
# print "PlatformArn: {}" .format(response['PlatformArn']) # print("PlatformArn: {}" .format(response['PlatformArn']))
print "SolutionStackName: {}" .format(response['SolutionStackName']) print("SolutionStackName: {}" .format(response['SolutionStackName']))
pp.pprint( "Options: {}" .format(response['Options'])) pp.pprint( "Options: {}" .format(response['Options']))
print("\n") print("\n")
@@ -103,7 +103,7 @@ def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -118,9 +118,9 @@ def describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response #print response
if response.get('Environments') is None: if response.get('Environments') is None:
print "{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Environments']) <= 0: elif len(response['Environments']) <= 0:
print "[-] DescribeEnvironments allowed for {} but no results [-]" .format(region) print("[-] DescribeEnvironments allowed for {} but no results [-]" .format(region))
else: else:
print"### {} ElasticBeanstalk Environments ###" .format(region) print"### {} ElasticBeanstalk Environments ###" .format(region)
for enviro in response['Environments']: for enviro in response['Environments']:
@@ -133,7 +133,7 @@ def describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -148,9 +148,9 @@ def describe_events(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response #print response
if response.get('Events') is None: if response.get('Events') is None:
print "{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Events']) <= 0: elif len(response['Events']) <= 0:
print "[-] DescribeEvents allowed for {} but no results [-]" .format(region) print("[-] DescribeEvents allowed for {} but no results [-]" .format(region))
else: else:
print"### {} ElasticBeanstalk Events ###" .format(region) print"### {} ElasticBeanstalk Events ###" .format(region)
for events in response['Events']: for events in response['Events']:
@@ -163,7 +163,7 @@ def describe_events(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")

12
libs/emr.py
View File

@@ -23,9 +23,9 @@ def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response #print response
if response.get('Clusters') is None: if response.get('Clusters') is None:
print "{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Clusters']) <= 0: elif len(response['Clusters']) <= 0:
print "[-] ListClusters allowed for {} but no results [-]" .format(region) print("[-] ListClusters allowed for {} but no results [-]" .format(region))
else: else:
print"### {} EMR Clusters ###" .format(region) print"### {} EMR Clusters ###" .format(region)
for app in response['Clusters']: for app in response['Clusters']:
@@ -38,7 +38,7 @@ def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -53,9 +53,9 @@ def list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response #print response
if response.get('SecurityConfigurations') is None: if response.get('SecurityConfigurations') is None:
print "{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['SecurityConfigurations']) <= 0: elif len(response['SecurityConfigurations']) <= 0:
print "[-] ListSecurityConfigurations allowed for {} but no results [-]" .format(region) print("[-] ListSecurityConfigurations allowed for {} but no results [-]" .format(region))
else: else:
print"### {} EMR Security Configuration ###" .format(region) print"### {} EMR Security Configuration ###" .format(region)
for app in response['SecurityConfigurations']: for app in response['SecurityConfigurations']:
@@ -68,7 +68,7 @@ def list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")

22
libs/iam.py
View File

@@ -44,7 +44,7 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
if e.response['Error']['Code'] == 'NoSuchEntity': if e.response['Error']['Code'] == 'NoSuchEntity':
print("[-]: user '{}' likely doesnt have console access" .format(user['UserName'])) print("[-]: user '{}' likely doesnt have console access" .format(user['UserName']))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
@@ -52,7 +52,7 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
if e.response['Error']['Code'] == 'AccessDenied': if e.response['Error']['Code'] == 'AccessDenied':
print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -69,7 +69,7 @@ def change_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, usern
elif e.response['Error']['Code'] == 'NoSuchEntity': elif e.response['Error']['Code'] == 'NoSuchEntity':
print("[-]: User likely doesnt have console access") print("[-]: User likely doesnt have console access")
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -87,7 +87,7 @@ def create_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, usern
elif e.response['Error']['Code'] == 'NoSuchEntity': elif e.response['Error']['Code'] == 'NoSuchEntity':
print("[-]: User likely doesnt have console access") print("[-]: User likely doesnt have console access")
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -100,7 +100,7 @@ def get_password_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print("Account Password Policy:") print("Account Password Policy:")
pp.pprint(pass_policy['PasswordPolicy']) pp.pprint(pass_policy['PasswordPolicy'])
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -117,7 +117,7 @@ def create_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username):
if e.response['Error']['Code'] == 'EntityAlreadyExists': if e.response['Error']['Code'] == 'EntityAlreadyExists':
print("ERROR: The provided user: {} already exists" .format(username)) print("ERROR: The provided user: {} already exists" .format(username))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -129,7 +129,7 @@ def create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username):
print("Creating a new access key for: {}" .format(username)) print("Creating a new access key for: {}" .format(username))
pp.pprint(create_access_key['AccessKey']) pp.pprint(create_access_key['AccessKey'])
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -144,7 +144,7 @@ def delete_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, access
if e.response['Error']['Code'] == 'NoSuchEntity': if e.response['Error']['Code'] == 'NoSuchEntity':
print("ERROR: The provided AccessKey doesnt exist") print("ERROR: The provided AccessKey doesnt exist")
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -159,7 +159,7 @@ def delete_mfa_device(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, mfaser
if e.response['Error']['Code'] == 'NoSuchEntity': if e.response['Error']['Code'] == 'NoSuchEntity':
print("ERROR: The provided AccessKey doesnt exist") print("ERROR: The provided AccessKey doesnt exist")
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -176,7 +176,7 @@ def make_admin(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username):
if e.response['Error']['Code'] == 'AccessDenied': if e.response['Error']['Code'] == 'AccessDenied':
print("ERROR: Account does not have permissions to add the policy") print("ERROR: Account does not have permissions to add the policy")
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -191,6 +191,6 @@ def make_backdoor_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, pa
create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,username) create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,username)
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")

10
libs/opsworks.py
View File

@@ -24,21 +24,21 @@ def describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#debug #debug
print response print response
if response.get('Stacks') is None: if response.get('Stacks') is None:
print "{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Stacks']) <= 0: elif len(response['Stacks']) <= 0:
print "[-] DescribeStacks allowed for {} but no results (everyone seems to have this permission) [-]\n" .format(region) print("[-] DescribeStacks allowed for {} but no results (everyone seems to have this permission) [-]\n" .format(region))
else: #THIS PART IS UNTESTED else: #THIS PART IS UNTESTED
for r in response['Stacks']: for r in response['Stacks']:
pp.pprint(r) pp.pprint(r)
except botocore.exceptions.EndpointConnectionError as e: except botocore.exceptions.EndpointConnectionError as e:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'EndpointConnectionError': elif e.response['Error']['Code'] == 'EndpointConnectionError':
print "[-] Cant connect to the {} endpoint [-]" .format(region) print("[-] Cant connect to the {} endpoint [-]" .format(region))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")

6
libs/route53.py
View File

@@ -26,9 +26,9 @@ def list_geolocations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response #print response
if response.get('GeoLocationDetailsList') is None: if response.get('GeoLocationDetailsList') is None:
print "{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['GeoLocationDetailsList']) <= 0: elif len(response['GeoLocationDetailsList']) <= 0:
print "[-] ListGeoLocations allowed for {} but no results [-]" .format(region) print("[-] ListGeoLocations allowed for {} but no results [-]" .format(region))
else: else:
print"### {} Route53 GeoLocations ###" .format(region) print"### {} Route53 GeoLocations ###" .format(region)
for app in response['GeoLocationDetailsList']: for app in response['GeoLocationDetailsList']:
@@ -41,7 +41,7 @@ def list_geolocations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied': elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID)) print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")

18
libs/s3.py
View File

@@ -25,7 +25,7 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket):
print('[+] '+ key['Key'].encode('utf-8').strip()) print('[+] '+ key['Key'].encode('utf-8').strip())
#print(key['Key']) #first 100 results #print(key['Key']) #first 100 results
except KeyError as e: except KeyError as e:
print "KeyError havent tracked down reason yet" print ("KeyError havent tracked down reason yet")
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'AccessDenied': if e.response['Error']['Code'] == 'AccessDenied':
print('{} : cant list s3 bucket [AccessDenied]' .format(AWS_ACCESS_KEY_ID)) print('{} : cant list s3 bucket [AccessDenied]' .format(AWS_ACCESS_KEY_ID))
@@ -34,7 +34,7 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket):
elif e.response['Error']['Code'] == 'AllAccessDisabled': elif e.response['Error']['Code'] == 'AllAccessDisabled':
print('{} : cant list s3 bucket [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID)) print('{} : cant list s3 bucket [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -55,7 +55,7 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket):
elif e.response['Error']['Code'] == 'AllAccessDisabled': elif e.response['Error']['Code'] == 'AllAccessDisabled':
print('{} : cant list s3 bucket policy [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID)) print('{} : cant list s3 bucket policy [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print ("Unexpected error: {}" .format(e))
try: try:
acl = client.get_bucket_acl(Bucket=bucket) acl = client.get_bucket_acl(Bucket=bucket)
@@ -74,7 +74,7 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket):
elif e.response['Error']['Code'] == 'AllAccessDisabled': elif e.response['Error']['Code'] == 'AllAccessDisabled':
print('{} : cant list s3 bucket acl [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID)) print('{} : cant list s3 bucket acl [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print ("Unexpected error: {}" .format(e))
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
@@ -82,7 +82,7 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket):
elif e.response['Error']['Code'] == 'NotSignedUp': elif e.response['Error']['Code'] == 'NotSignedUp':
print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -100,7 +100,7 @@ def get_s3object_acl(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket, myfile):
myobject = myfile myobject = myfile
print('#### Trying to enumate s3 ACL for {}:{} ####\n '.format(bucket, myfile)) print('#### Trying to enumate s3 ACL for {}:{} ####\n '.format(bucket, myfile))
acl = client.get_object_acl(Bucket=bucket,Key=myfile) acl = client.get_object_acl(Bucket=bucket,Key=myfile)
print acl print (acl)
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId': if e.response['Error']['Code'] == 'InvalidClientTokenId':
@@ -108,7 +108,7 @@ def get_s3object_acl(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket, myfile):
elif e.response['Error']['Code'] == 'NotSignedUp': elif e.response['Error']['Code'] == 'NotSignedUp':
print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -134,7 +134,7 @@ def get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'NotSignedUp': elif e.response['Error']['Code'] == 'NotSignedUp':
print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
@@ -159,6 +159,6 @@ def get_s3objects_for_account_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
elif e.response['Error']['Code'] == 'NotSignedUp': elif e.response['Error']['Code'] == 'NotSignedUp':
print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID)) print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID))
else: else:
print "Unexpected error: {}" .format(e) print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")

71
libs/sql.py Normal file
View File

@@ -0,0 +1,71 @@
import sqlite3
from sqlite3 import Error
def create_table(db_name,table_name,sql):
with sqlite3.connect(db_name) as db:
cursor = db.cursor()
cursor.execute("""SELECT name FROM sqlite_master WHERE name=?""",(table_name,))
result = cursor.fetchall()
keep_table = True
if len(result) == 1:
#python 3
response = input("The table {} already exists, do you wish to recreate it? (y/n): ".format(table_name))
if response == "y":
keep_table = False
print("The {} table will be recreated - all existing data will be lost".format(table_name))
cursor.execute("drop table if exists {}".format(table_name))
db.commit()
else:
print("The existing table was kept")
else:
keep_table = False
if not keep_table:
cursor.execute(sql)
db.commit()
def create_recon_table(db_name, table_name):
sql = """CREATE TABLE recon
(ID integer,
service text,
sub_service text,
AWSKeyID text,
checked_at text,
PRIMARY KEY (ID))"""
#FOREIGN KEY (AWSKeyID) references AWSKey(ID))"""
create_table(db_name,table_name,sql)
print ("created table: {}".format(table_name))
def create_awskey_table(db_name, table_name):
sql = """CREATE TABLE AWSKey
(ID integer,
AWSKeyID Text,
Description text,
PRIMARY KEY(ID))"""
create_table(db_name,table_name,sql)
print ("created table: {}".format(table_name))
def insert_awskey_data(db_name, records):
sql = """INSERT INTO AWSKey(AWSKeyID, Description) VALUES (?,?)"""
for record in records:
query(db_name, sql,record)
def insert_reconservice_data(db_name, records):
sql = """INSERT INTO recon(service, sub_service, AWSKeyID, checked_at) VALUES (?,?,?,?)"""
for record in records:
query(db_name,sql,record)
def search_recon_by_key(db_name,AWSKeyID):
with sqlite3.connect(db_name) as db:
cursor = db.cursor()
cursor.execute("""SELECT service,sub_service FROM recon WHERE AWSKeyID=?""",(AWSKeyID,))
results = cursor.fetchall()
return results
def query(db_name,sql,data):
with sqlite3.connect(db_name) as db:
cursor = db.cursor()
#cursor.execute("""PRAGMA foreign_keys = ON""")
cursor.execute(sql,data)
db.commit()

2
logging_list_monitoring_configuration.py
View File

@@ -44,7 +44,7 @@ for region in regions:
print_config_text(config_service_text) print_config_text(config_service_text)
if response.get('ConfigurationRecorders') is None: if response.get('ConfigurationRecorders') is None:
print "{} likely does not have Config permissions\n" .format(AWS_ACCESS_KEY_ID) print("{} likely does not have Config permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['ConfigurationRecorders']) <= 0: elif len(response['ConfigurationRecorders']) <= 0:
print("NO CONFIGURATION DETECTED") print("NO CONFIGURATION DETECTED")
else: else:

106
recon_find_all_permissions.py
View File

@@ -1,28 +1,32 @@
from __future__ import print_function
from libs.brute import * from libs.brute import *
from libs.s3 import * from libs.s3 import *
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_acm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_acm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#AlexaForBusiness # AlexaForBusiness
brute_apigateway_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_apigateway_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#Application Auto Scaling # Application Auto Scaling
brute_appstream_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_appstream_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#AppSync no usable functions # AppSync no usable functions
brute_athena_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_athena_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_autoscaling_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_autoscaling_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#AutoScalingPlans # AutoScalingPlans
brute_batch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_batch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#CostExplorer # CostExplorer
brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) # brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) Was working now its not
brute_clouddirectory_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_clouddirectory_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_cloudformation_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cloudformation_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_cloudfront_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cloudfront_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_cloudhsm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cloudhsm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#cloudhsmv2 # cloudhsmv2
brute_cloudsearch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cloudsearch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#CloudSearchDomain # CloudSearchDomain
brute_cloudtrail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cloudtrail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_cloudwatch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cloudwatch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_codebuild_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_codebuild_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
@@ -33,14 +37,14 @@ brute_codestar_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_cognitoidentity_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cognitoidentity_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_cognitoidp_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cognitoidp_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_cognitosync_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cognitosync_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#Comprehend # Comprehend
brute_configservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_configservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#brute_costandusagereportservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) #Could not connect to the endpoint URL: "https://cur.us-west-2.amazonaws.com/" # brute_costandusagereportservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) #Could not connect to the endpoint URL: "https://cur.us-west-2.amazonaws.com/"
brute_datapipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_datapipeline_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#DAX # DAX
brute_devicefarm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_devicefarm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_directconnect_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_directconnect_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_applicationdiscoveryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_applicationdiscoveryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_dms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_dms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_directoryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_directoryservice_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_dynamodb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_dynamodb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
@@ -60,80 +64,80 @@ brute_cloudwatchevents_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_firehose_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_firehose_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_gamelift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_gamelift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_glacier_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_glacier_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#Glue # Glue
brute_greengrass_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) #in the docs but not in the codebase? brute_greengrass_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#GuardDuty # GuardDuty
brute_health_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_health_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_iam_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_iam_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_importexport_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_importexport_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_inspector_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_inspector_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_iot_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_iot_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#IoTDataPlane no functions # IoTDataPlane no functions
#IoTJobsDataPlane # IoTJobsDataPlane
brute_kinesis_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_kinesis_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#KinesisVideoArchivedMedia # KinesisVideoArchivedMedia
#KinesisVideoMedia # KinesisVideoMedia
brute_kinesisanalytics_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_kinesisanalytics_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#KinesisVideo # KinesisVideo
brute_kms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_kms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_lambda_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_lambda_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_lexmodels_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_lexmodels_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#LexRuntimeService #no functions # LexRuntimeService #no functions
brute_lightsail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_lightsail_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_cloudwatchlogs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_cloudwatchlogs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_machinelearning_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_machinelearning_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#marketplace-entitlement no functions # marketplace-entitlement no functions
#marketplacecommerceanalytics no functions # marketplacecommerceanalytics no functions
#MediaConvert # MediaConvert
#MediaLive # MediaLive
#MediaPackage # MediaPackage
#MediaStore # MediaStore
#MediaStore-Data # MediaStore-Data
#MarketplaceMetering no functions # MarketplaceMetering no functions
#MigrationHub # MigrationHub
#Mobile # Mobile
#MQ # MQ
brute_mturk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_mturk_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_opsworks_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_opsworks_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_opsworkscm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_opsworkscm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_organizations_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_organizations_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#PinPoint no functions # PinPoint no functions
brute_polly_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_polly_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#Pricing # Pricing
brute_rds_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_rds_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_redshift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_redshift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_rekognition_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_rekognition_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#ResourceGroups # ResourceGroups
brute_resourcegroupstaggingapi_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_resourcegroupstaggingapi_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_route53_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_route53_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_route53domains_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_route53domains_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_s3_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_s3_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#SageMaker # SageMaker
#SageMakerRuntime # SageMakerRuntime
brute_sdb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_sdb_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#ServerlessApplicationRepository # ServerlessApplicationRepository
brute_servicecatalog_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_servicecatalog_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#ServiceDiscovery # ServiceDiscovery
brute_ses_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_ses_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_shield_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_shield_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_sms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_sms_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_snowball_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_snowball_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_sns_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_sns_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_sqs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_sqs_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#SSM # SSM
brute_stepfunctions_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_stepfunctions_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#StorageGateway # StorageGateway
brute_sts_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_sts_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#Support # Support
#SWF # SWF
#TranscribeService # TranscribeService
#Translate # Translate
#WAF # WAF
#WAFRegional # WAFRegional
#WorkDocs # WorkDocs
#WorkMail # WorkMail
brute_workspaces_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) brute_workspaces_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
#XRay no functions # XRay no functions
#S3 bucket's while we are here... # S3 bucket's while we are here...
get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)

2
s3_list_bucket_contents.py
View File

@@ -3,7 +3,7 @@ from libs.s3 import *
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
if len(sys.argv) < 2: if len(sys.argv) < 2:
print "must specify bucket: {} <bucketname>".format(sys.argv[0]) print("must specify bucket: {} <bucketname>".format(sys.argv[0]))
sys.exit(-1) sys.exit(-1)
#Attempt to list the contents of the bucket #Attempt to list the contents of the bucket

14
show_services_by_key.py Normal file
View File

@@ -0,0 +1,14 @@
import sqlite3
from sqlite3 import Error
from libs.sql import *
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
if __name__ == "__main__":
db_name = "weirdAAL.db"
results = search_recon_by_key(db_name,AWS_ACCESS_KEY_ID)
print("Services enumerated for {}".format(AWS_ACCESS_KEY_ID))
for result in results:
print("{}:{}".format(result[0],result[1]))

18
test_insert.py Normal file
View File

@@ -0,0 +1,18 @@
import datetime
import sqlite3
from sqlite3 import Error
from libs.sql import *
#create some tables to stick data in
if __name__ == "__main__":
db_name = "weirdAAL.db"
timenow = datetime.datetime.now()
test_aws_key = [("AKIAIOSFODNN7EXAMPLE", "some test shit")]
insert_awskey_data(db_name,test_aws_key)
test_service_data = [("ec2","DescribeInstances","AKIAIOSFODNN7EXAMPLE", timenow),("ecr","DescribeRepositories","AKIAIOSFODNN7EXAMPLE",timenow)]
insert_reconservice_data(db_name, test_service_data)

34
weirdAAL.py
View File

@@ -14,7 +14,10 @@ from botocore.exceptions import ClientError
parser = argparse.ArgumentParser() parser = argparse.ArgumentParser()
parser.add_argument("-s", "--step", help="list the step you would like to run", parser.add_argument("-s", "--step", help="list the step you would like to run",
action="store", type=int, required=True) action="store", type=str, required=True)
parser.add_argument("-t", "--target", help="Give your target a name so we can track results",
action="store", type=str, required=True)
parser.add_argument("-l", "--list", help="list steps", action="store_true")
parser.add_argument("-v", "--verbosity", help="increase output verbosity", parser.add_argument("-v", "--verbosity", help="increase output verbosity",
action="store_true") action="store_true")
args = parser.parse_args() args = parser.parse_args()
@@ -25,6 +28,17 @@ def perform_credential_check():
account_id = client.get_caller_identity()["Account"] account_id = client.get_caller_identity()["Account"]
except ClientError as e: except ClientError as e:
print("The AWS Access Keys are not valid/active") print("The AWS Access Keys are not valid/active")
#exit(1)
def step_recon():
print("!!!")
def method_create():
try:
arg = eval("step_" + args.step)
return arg
except NameError:
print("That step does not exist")
exit(1) exit(1)
# Need to figure out if we have keys in the ENV or not # Need to figure out if we have keys in the ENV or not
@@ -32,17 +46,17 @@ if AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY:
perform_credential_check() perform_credential_check()
else: else:
print("Please supply keys as outlined in our README.md file") print("Please supply keys as outlined in our README.md file")
exit(1) #exit(1)
if (args.list):
pass
# We need the user to tell us the step they want to proceed on # We need the user to tell us the step they want to proceed on
if (args.step == 1): if (args.step):
print("Beginning step 1") arg = method_create()
elif (args.step == 2): if callable(arg):
print("Beginning step 2") arg()
elif (args.step == 3):
print("Beginning step 3")
else:
print("We need a valid step to continue...")
# Allow the user to specify verbosity for debugging # Allow the user to specify verbosity for debugging