dash/weirdAAL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #19 from carnal0wnage/cg_build_in_some_logic

Browse Source 
Cg build in some logic
This commit is contained in:
Ken Johnson
2018-04-05 19:02:46 -10:00
committed by GitHub
parent 62e811968a ea5ed636d7
commit f09407ab8d
21 changed files with 366 additions and 202 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
create_dbs.py Normal file
View File

@@ -0,0 +1,12 @@
import sqlite3
from sqlite3 import Error
from libs.sql import *
#create some tables to stick data in
if __name__ == "__main__":
db_name = "weirdAAL.db"
create_awskey_table(db_name, "AWSKey")
create_recon_table(db_name, "recon")

12
libs/aws_lambda.py
View File

@@ -26,16 +26,16 @@ def list_functions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
response = client.list_functions()
if response.get('Functions') is None:
print "{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID)
print ("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Functions']) <= 0:
print "[-] ListFunctions allowed for {} but no results [-]" .format(region)
print ("[-] ListFunctions allowed for {} but no results [-]" .format(region))
else: #THIS PART IS UNTESTED
for r in response['Functions']:
#for i in r['Instances']:
pp.pprint(r)
print ("\n")
except botocore.exceptions.ClientError as e:
print e
print (e)
except KeyboardInterrupt:
print ("CTRL-C received, exiting...")
@@ -53,15 +53,15 @@ def list_event_source_mappings(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
response = client.list_event_source_mappings()
if response.get('EventSourceMappings') is None:
print "{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID)
print ("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['EventSourceMappings']) <= 0:
print "[-] ListEventSourceMappings allowed for {} but no results [-]" .format(region)
print ("[-] ListEventSourceMappings allowed for {} but no results [-]" .format(region))
else:
for r in response['EventSourceMappings']:
#for i in r['Instances']:
pp.pprint(r)
print ("\n")
except botocore.exceptions.ClientError as e:
print e
print (e)
except KeyboardInterrupt:
print("CTRL-C received, exiting...")

42
libs/brute.py
View File

@@ -1,10 +1,24 @@
from __future__ import print_function
import boto3
import botocore
import json
import logging
import pprint
import sys
import datetime #change as required once we decide time format
from libs.sql import *
# we chould probably load this from one place in the future #TODO
db_name = "weirdAAL.db"
pp = pprint.PrettyPrinter(indent=5, width=80)
logging.basicConfig(level=logging.ERROR, format='%(message)s',filename='target.txt', filemode='w')
#from http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ]
@@ -45,20 +59,20 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print ('User {} likely has console access and the password can be reset :-)' .format(user['UserName']))
print ("Checking for MFA on account")
mfa = client.list_mfa_devices(UserName=user['UserName'])
print mfa['MFADevices']
print (mfa['MFADevices'])
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'NoSuchEntity':
print("[-]: user '{}' likely doesnt have console access" .format(user['UserName']))
else:
print "Unexpected error: {}" .format(e)
print ("Unexpected error: {}" .format(e))
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -75,6 +89,24 @@ def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, ser
if actions:
print ("\n[+] {} Actions allowed are [+]" .format(service))
print (actions)
timenow = datetime.datetime.now()
db_logger = []
for action in actions:
db_logger.append([service, action, AWS_ACCESS_KEY_ID, timenow])
#print (db_logger)
#scrapped the json logging idea but keeping it here just in case
#data = json.dumps({'time' : timenow, 'service' : service, 'actions' : actions, 'target' : 'passed_in_target'})
#logging.critical(data)
#logging to db here
try:
insert_reconservice_data(db_name, db_logger)
except sqlite3.OperationalError as e:
print (e)
print ("You need to set up the database...exiting")
sys.exit()
print ("\n")
else:
print ("\n[-] No {} actions allowed [-]" .format(service))
@@ -90,7 +122,7 @@ def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service
method(*args, **kwargs)
#print method --wont return anything on dryrun
except botocore.exceptions.EndpointConnectionError as e:
print e
print (e)
continue
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -103,7 +135,7 @@ def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service
actions.append(api_action)
else:
print e
print (e)
continue
else:
print('{} IS allowed' .format(api_action))

20
libs/cloudwatch.py
View File

@@ -19,7 +19,7 @@ def describe_alarms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
response = client.describe_alarms()
print"### {} Alarms ###" .format(region)
print ("### {} Alarms ###" .format(region))
for alarm in response['MetricAlarms']:
pp.pprint(alarm)
print("\n")
@@ -29,7 +29,7 @@ def describe_alarms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -42,11 +42,11 @@ def describe_alarm_history(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
response = client.describe_alarm_history()
#print response
if response.get('AlarmHistoryItems') is None:
print "{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID)
print ("{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['AlarmHistoryItems']) <= 0:
print "[-] DecribeAlarmHistory allowed for {} but no results [-]" .format(region)
print ("[-] DecribeAlarmHistory allowed for {} but no results [-]" .format(region))
else:
print"### {} Alarm History ###" .format(region)
print ("### {} Alarm History ###" .format(region))
for history_item in response['AlarmHistoryItems']:
pp.pprint(history_item)
print("\n")
@@ -56,7 +56,7 @@ def describe_alarm_history(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print ('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -69,11 +69,11 @@ def list_metrics(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
response = client.list_metrics()
#print response
if response.get('Metrics') is None:
print "{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID)
print ("{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Metrics']) <= 0:
print "[-] ListMetrics allowed for {} but no results [-]" .format(region)
print ("[-] ListMetrics allowed for {} but no results [-]" .format(region))
else:
print"### Listing Metrics for {} ###" .format(region)
print ("### Listing Metrics for {} ###" .format(region))
for metrics in response['Metrics']:
pp.pprint(metrics)
print("\n")
@@ -83,6 +83,6 @@ def list_metrics(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print ('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print ("CTRL-C received, exiting...")

6
libs/datapipeline.py
View File

@@ -21,9 +21,9 @@ def list_pipelines(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
response = client.list_pipelines()
print"### {} Data Pipelines ###" .format(region)
if response.get('pipelineIdList') is None:
print "{} likely does not have Data Pipeline permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have Data Pipeline permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['pipelineIdList']) <= 0:
print "[-] ListPipelines allowed for {} but no results [-]" .format(region)
print("[-] ListPipelines allowed for {} but no results [-]" .format(region))
else:
print"### {} Data Pipelines ###" .format(region)
for pipes in response['pipelineIdList']:
@@ -36,6 +36,6 @@ def list_pipelines(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")

39
libs/dynamodb.py
View File

@@ -20,9 +20,9 @@ def list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
response = client.list_tables()
if response.get('TableNames') is None:
print "{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['TableNames']) <= 0:
print "[-] ListTables allowed for {} but no results [-]" .format(region)
print("[-] ListTables allowed for {} but no results [-]" .format(region))
else:
print"### {} DynamoDB Tables ###" .format(region)
for tables in response['TableNames']:
@@ -35,7 +35,7 @@ def list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -47,9 +47,9 @@ def list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
response = client.list_tables()
if response.get('TableNames') is None:
print "{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['TableNames']) <= 0:
print "[-] ListTables allowed for {} but no results [-]" .format(region)
print("[-] ListTables allowed for {} but no results [-]" .format(region))
else:
print"### {} DynamoDB Tables ###" .format(region)
for tables in response['TableNames']:
@@ -63,30 +63,30 @@ def list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
def describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, table, region):
print "### Describing DynamoDB Table: {} ###" .format(table)
print("### Describing DynamoDB Table: {} ###" .format(table))
try:
client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
response = client.describe_table(TableName=table)
if response.get('Table') is None:
print "{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Table']) <= 0:
print "[-] DescribeTable allowed for {} but no results [-]" .format(region)
print("[-] DescribeTable allowed for {} but no results [-]" .format(region))
else:
print "TableArn: {}" .format(response['Table']['TableArn'])
print "AttributeDefinitions: {}" .format(response['Table']['AttributeDefinitions'])
print "ProvisionedThroughput: {}" .format(response['Table']['ProvisionedThroughput'])
print "TableSizeBytes: {}" .format(response['Table']['TableSizeBytes'])
print "TableName: {}" .format(response['Table']['TableName'])
print "TableStatus: {}" .format(response['Table']['TableStatus'])
print "KeySchema: {}" .format(response['Table']['KeySchema'])
print "ItemCount: {}" .format(response['Table']['ItemCount'])
print "CreationDateTime: {}" .format(response['Table']['CreationDateTime'])
print("TableArn: {}" .format(response['Table']['TableArn']))
print("AttributeDefinitions: {}" .format(response['Table']['AttributeDefinitions']))
print("ProvisionedThroughput: {}" .format(response['Table']['ProvisionedThroughput']))
print("TableSizeBytes: {}" .format(response['Table']['TableSizeBytes']))
print("TableName: {}" .format(response['Table']['TableName']))
print("TableStatus: {}" .format(response['Table']['TableStatus']))
print("KeySchema: {}" .format(response['Table']['KeySchema']))
print("ItemCount: {}" .format(response['Table']['ItemCount']))
print("CreationDateTime: {}" .format(response['Table']['CreationDateTime']))
print("\n")
except botocore.exceptions.ClientError as e:
@@ -95,7 +95,6 @@ def describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, table, region):
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")

6
libs/dynamodbstreams.py
View File

@@ -21,9 +21,9 @@ def list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
response = client.list_streams()
if response.get('Streams') is None:
print "{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Streams']) <= 0:
print "[-] ListStreams allowed for {} but no results [-]" .format(region)
print("[-] ListStreams allowed for {} but no results [-]" .format(region))
else:
print"### {} DynamoDB Streams ###" .format(region)
for streams in response['Streams']:
@@ -36,6 +36,6 @@ def list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")

6
libs/ecr.py
View File

@@ -23,9 +23,9 @@ def describe_repositories(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response
if response.get('repositories') is None:
print "{} likely does not have ECR permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have ECR permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['repositories']) <= 0:
print "[-] DescribeRepositories allowed for {} but no results [-]" .format(region)
print("[-] DescribeRepositories allowed for {} but no results [-]" .format(region))
else:
print"### {} ECR Repositories ###" .format(region)
for tables in response['repositories']:
@@ -38,6 +38,6 @@ def describe_repositories(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")

34
libs/elasticbeanstalk.py
View File

@@ -23,9 +23,9 @@ def describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response
if response.get('Applications') is None:
print "{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Applications']) <= 0:
print "[-] DescribeApplications allowed for {} but no results [-]" .format(region)
print("[-] DescribeApplications allowed for {} but no results [-]" .format(region))
else:
print"### {} ElasticBeanstalk Applications ###" .format(region)
for app in response['Applications']:
@@ -38,7 +38,7 @@ def describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -53,9 +53,9 @@ def describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response
if response.get('ApplicationVersions') is None:
print "{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['ApplicationVersions']) <= 0:
print "[-] DescribeApplicationVersions allowed for {} but no results [-]" .format(region)
print("[-] DescribeApplicationVersions allowed for {} but no results [-]" .format(region))
else:
print"### {} ElasticBeanstalk Application Versions ###" .format(region)
for app in response['ApplicationVersions']:
@@ -68,7 +68,7 @@ def describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -83,17 +83,17 @@ def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response
if response.get('Options') is None:
print "{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Options']) <= 0:
print "[-] DescribeConfigurationOptions allowed for {} but no results [-]" .format(region)
print("[-] DescribeConfigurationOptions allowed for {} but no results [-]" .format(region))
else:
print"### {} ElasticBeanstalk Configuration Options ###" .format(region)
#if response['PlatformArn'] is None:
# pass
#else:
# print "PlatformArn: {}" .format(response['PlatformArn'])
# print("PlatformArn: {}" .format(response['PlatformArn']))
print "SolutionStackName: {}" .format(response['SolutionStackName'])
print("SolutionStackName: {}" .format(response['SolutionStackName']))
pp.pprint( "Options: {}" .format(response['Options']))
print("\n")
@@ -103,7 +103,7 @@ def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -118,9 +118,9 @@ def describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response
if response.get('Environments') is None:
print "{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Environments']) <= 0:
print "[-] DescribeEnvironments allowed for {} but no results [-]" .format(region)
print("[-] DescribeEnvironments allowed for {} but no results [-]" .format(region))
else:
print"### {} ElasticBeanstalk Environments ###" .format(region)
for enviro in response['Environments']:
@@ -133,7 +133,7 @@ def describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -148,9 +148,9 @@ def describe_events(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response
if response.get('Events') is None:
print "{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have ElasticBeanstalk permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Events']) <= 0:
print "[-] DescribeEvents allowed for {} but no results [-]" .format(region)
print("[-] DescribeEvents allowed for {} but no results [-]" .format(region))
else:
print"### {} ElasticBeanstalk Events ###" .format(region)
for events in response['Events']:
@@ -163,7 +163,7 @@ def describe_events(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")

12
libs/emr.py
View File

@@ -23,9 +23,9 @@ def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response
if response.get('Clusters') is None:
print "{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Clusters']) <= 0:
print "[-] ListClusters allowed for {} but no results [-]" .format(region)
print("[-] ListClusters allowed for {} but no results [-]" .format(region))
else:
print"### {} EMR Clusters ###" .format(region)
for app in response['Clusters']:
@@ -38,7 +38,7 @@ def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -53,9 +53,9 @@ def list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response
if response.get('SecurityConfigurations') is None:
print "{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['SecurityConfigurations']) <= 0:
print "[-] ListSecurityConfigurations allowed for {} but no results [-]" .format(region)
print("[-] ListSecurityConfigurations allowed for {} but no results [-]" .format(region))
else:
print"### {} EMR Security Configuration ###" .format(region)
for app in response['SecurityConfigurations']:
@@ -68,7 +68,7 @@ def list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")

22
libs/iam.py
View File

@@ -44,7 +44,7 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
if e.response['Error']['Code'] == 'NoSuchEntity':
print("[-]: user '{}' likely doesnt have console access" .format(user['UserName']))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':
@@ -52,7 +52,7 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
if e.response['Error']['Code'] == 'AccessDenied':
print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -69,7 +69,7 @@ def change_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, usern
elif e.response['Error']['Code'] == 'NoSuchEntity':
print("[-]: User likely doesnt have console access")
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -87,7 +87,7 @@ def create_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, usern
elif e.response['Error']['Code'] == 'NoSuchEntity':
print("[-]: User likely doesnt have console access")
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -100,7 +100,7 @@ def get_password_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
print("Account Password Policy:")
pp.pprint(pass_policy['PasswordPolicy'])
except botocore.exceptions.ClientError as e:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -117,7 +117,7 @@ def create_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username):
if e.response['Error']['Code'] == 'EntityAlreadyExists':
print("ERROR: The provided user: {} already exists" .format(username))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -129,7 +129,7 @@ def create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username):
print("Creating a new access key for: {}" .format(username))
pp.pprint(create_access_key['AccessKey'])
except botocore.exceptions.ClientError as e:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -144,7 +144,7 @@ def delete_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, access
if e.response['Error']['Code'] == 'NoSuchEntity':
print("ERROR: The provided AccessKey doesnt exist")
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -159,7 +159,7 @@ def delete_mfa_device(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, mfaser
if e.response['Error']['Code'] == 'NoSuchEntity':
print("ERROR: The provided AccessKey doesnt exist")
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -176,7 +176,7 @@ def make_admin(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username):
if e.response['Error']['Code'] == 'AccessDenied':
print("ERROR: Account does not have permissions to add the policy")
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -191,6 +191,6 @@ def make_backdoor_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, pa
create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,username)
except botocore.exceptions.ClientError as e:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")

10
libs/opsworks.py
View File

@@ -24,21 +24,21 @@ def describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#debug
print response
if response.get('Stacks') is None:
print "{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['Stacks']) <= 0:
print "[-] DescribeStacks allowed for {} but no results (everyone seems to have this permission) [-]\n" .format(region)
print("[-] DescribeStacks allowed for {} but no results (everyone seems to have this permission) [-]\n" .format(region))
else: #THIS PART IS UNTESTED
for r in response['Stacks']:
pp.pprint(r)
except botocore.exceptions.EndpointConnectionError as e:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'EndpointConnectionError':
print "[-] Cant connect to the {} endpoint [-]" .format(region)
print("[-] Cant connect to the {} endpoint [-]" .format(region))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")

6
libs/route53.py
View File

@@ -26,9 +26,9 @@ def list_geolocations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
#print response
if response.get('GeoLocationDetailsList') is None:
print "{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have EMR permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['GeoLocationDetailsList']) <= 0:
print "[-] ListGeoLocations allowed for {} but no results [-]" .format(region)
print("[-] ListGeoLocations allowed for {} but no results [-]" .format(region))
else:
print"### {} Route53 GeoLocations ###" .format(region)
for app in response['GeoLocationDetailsList']:
@@ -41,7 +41,7 @@ def list_geolocations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Does not have the required permissions' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")

18
libs/s3.py
View File

@@ -25,7 +25,7 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket):
print('[+] '+ key['Key'].encode('utf-8').strip())
#print(key['Key']) #first 100 results
except KeyError as e:
print "KeyError havent tracked down reason yet"
print ("KeyError havent tracked down reason yet")
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'AccessDenied':
print('{} : cant list s3 bucket [AccessDenied]' .format(AWS_ACCESS_KEY_ID))
@@ -34,7 +34,7 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket):
elif e.response['Error']['Code'] == 'AllAccessDisabled':
print('{} : cant list s3 bucket [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -55,7 +55,7 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket):
elif e.response['Error']['Code'] == 'AllAccessDisabled':
print('{} : cant list s3 bucket policy [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print ("Unexpected error: {}" .format(e))
try:
acl = client.get_bucket_acl(Bucket=bucket)
@@ -74,7 +74,7 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket):
elif e.response['Error']['Code'] == 'AllAccessDisabled':
print('{} : cant list s3 bucket acl [AllAccessDisabled]' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print ("Unexpected error: {}" .format(e))
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':
@@ -82,7 +82,7 @@ def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket):
elif e.response['Error']['Code'] == 'NotSignedUp':
print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -100,7 +100,7 @@ def get_s3object_acl(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket, myfile):
myobject = myfile
print('#### Trying to enumate s3 ACL for {}:{} ####\n '.format(bucket, myfile))
acl = client.get_object_acl(Bucket=bucket,Key=myfile)
print acl
print (acl)
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':
@@ -108,7 +108,7 @@ def get_s3object_acl(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket, myfile):
elif e.response['Error']['Code'] == 'NotSignedUp':
print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -134,7 +134,7 @@ def get_s3objects_for_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
elif e.response['Error']['Code'] == 'NotSignedUp':
print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
@@ -159,6 +159,6 @@ def get_s3objects_for_account_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
elif e.response['Error']['Code'] == 'NotSignedUp':
print('{} : doesnt have s3 access' .format(AWS_ACCESS_KEY_ID))
else:
print "Unexpected error: {}" .format(e)
print ("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")

71
libs/sql.py Normal file
View File

@@ -0,0 +1,71 @@
import sqlite3
from sqlite3 import Error
def create_table(db_name,table_name,sql):
with sqlite3.connect(db_name) as db:
cursor = db.cursor()
cursor.execute("""SELECT name FROM sqlite_master WHERE name=?""",(table_name,))
result = cursor.fetchall()
keep_table = True
if len(result) == 1:
#python 3
response = input("The table {} already exists, do you wish to recreate it? (y/n): ".format(table_name))
if response == "y":
keep_table = False
print("The {} table will be recreated - all existing data will be lost".format(table_name))
cursor.execute("drop table if exists {}".format(table_name))
db.commit()
else:
print("The existing table was kept")
else:
keep_table = False
if not keep_table:
cursor.execute(sql)
db.commit()
def create_recon_table(db_name, table_name):
sql = """CREATE TABLE recon
(ID integer,
service text,
sub_service text,
AWSKeyID text,
checked_at text,
PRIMARY KEY (ID))"""
#FOREIGN KEY (AWSKeyID) references AWSKey(ID))"""
create_table(db_name,table_name,sql)
print ("created table: {}".format(table_name))
def create_awskey_table(db_name, table_name):
sql = """CREATE TABLE AWSKey
(ID integer,
AWSKeyID Text,
Description text,
PRIMARY KEY(ID))"""
create_table(db_name,table_name,sql)
print ("created table: {}".format(table_name))
def insert_awskey_data(db_name, records):
sql = """INSERT INTO AWSKey(AWSKeyID, Description) VALUES (?,?)"""
for record in records:
query(db_name, sql,record)
def insert_reconservice_data(db_name, records):
sql = """INSERT INTO recon(service, sub_service, AWSKeyID, checked_at) VALUES (?,?,?,?)"""
for record in records:
query(db_name,sql,record)
def search_recon_by_key(db_name,AWSKeyID):
with sqlite3.connect(db_name) as db:
cursor = db.cursor()
cursor.execute("""SELECT service,sub_service FROM recon WHERE AWSKeyID=?""",(AWSKeyID,))
results = cursor.fetchall()
return results
def query(db_name,sql,data):
with sqlite3.connect(db_name) as db:
cursor = db.cursor()
#cursor.execute("""PRAGMA foreign_keys = ON""")
cursor.execute(sql,data)
db.commit()

2
logging_list_monitoring_configuration.py
View File

@@ -44,7 +44,7 @@ for region in regions:
print_config_text(config_service_text)
if response.get('ConfigurationRecorders') is None:
print "{} likely does not have Config permissions\n" .format(AWS_ACCESS_KEY_ID)
print("{} likely does not have Config permissions\n" .format(AWS_ACCESS_KEY_ID))
elif len(response['ConfigurationRecorders']) <= 0:
print("NO CONFIGURATION DETECTED")
else:

8
recon_find_all_permissions.py
View File

@@ -1,7 +1,11 @@
from __future__ import print_function
from libs.brute import *
from libs.s3 import *
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_acm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
# AlexaForBusiness
@@ -15,7 +19,7 @@ brute_autoscaling_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_batch_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_budgets_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
# CostExplorer
brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
# brute_cloud9_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) Was working now its not
brute_clouddirectory_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_cloudformation_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_cloudfront_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
@@ -61,7 +65,7 @@ brute_firehose_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_gamelift_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_glacier_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
# Glue
brute_greengrass_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) #in the docs but not in the codebase?
brute_greengrass_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
# GuardDuty
brute_health_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
brute_iam_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)

2
s3_list_bucket_contents.py
View File

@@ -3,7 +3,7 @@ from libs.s3 import *
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
if len(sys.argv) < 2:
print "must specify bucket: {} <bucketname>".format(sys.argv[0])
print("must specify bucket: {} <bucketname>".format(sys.argv[0]))
sys.exit(-1)
#Attempt to list the contents of the bucket

14
show_services_by_key.py Normal file
View File

@@ -0,0 +1,14 @@
import sqlite3
from sqlite3 import Error
from libs.sql import *
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
if __name__ == "__main__":
db_name = "weirdAAL.db"
results = search_recon_by_key(db_name,AWS_ACCESS_KEY_ID)
print("Services enumerated for {}".format(AWS_ACCESS_KEY_ID))
for result in results:
print("{}:{}".format(result[0],result[1]))

18
test_insert.py Normal file
View File

@@ -0,0 +1,18 @@
import datetime
import sqlite3
from sqlite3 import Error
from libs.sql import *
#create some tables to stick data in
if __name__ == "__main__":
db_name = "weirdAAL.db"
timenow = datetime.datetime.now()
test_aws_key = [("AKIAIOSFODNN7EXAMPLE", "some test shit")]
insert_awskey_data(db_name,test_aws_key)
test_service_data = [("ec2","DescribeInstances","AKIAIOSFODNN7EXAMPLE", timenow),("ecr","DescribeRepositories","AKIAIOSFODNN7EXAMPLE",timenow)]
insert_reconservice_data(db_name, test_service_data)

34
weirdAAL.py
View File

@@ -14,7 +14,10 @@ from botocore.exceptions import ClientError
parser = argparse.ArgumentParser()
parser.add_argument("-s", "--step", help="list the step you would like to run",
action="store", type=int, required=True)
action="store", type=str, required=True)
parser.add_argument("-t", "--target", help="Give your target a name so we can track results",
action="store", type=str, required=True)
parser.add_argument("-l", "--list", help="list steps", action="store_true")
parser.add_argument("-v", "--verbosity", help="increase output verbosity",
action="store_true")
args = parser.parse_args()
@@ -25,6 +28,17 @@ def perform_credential_check():
account_id = client.get_caller_identity()["Account"]
except ClientError as e:
print("The AWS Access Keys are not valid/active")
#exit(1)
def step_recon():
print("!!!")
def method_create():
try:
arg = eval("step_" + args.step)
return arg
except NameError:
print("That step does not exist")
exit(1)
# Need to figure out if we have keys in the ENV or not
@@ -32,17 +46,17 @@ if AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY:
perform_credential_check()
else:
print("Please supply keys as outlined in our README.md file")
exit(1)
#exit(1)
if (args.list):
pass
# We need the user to tell us the step they want to proceed on
if (args.step == 1):
print("Beginning step 1")
elif (args.step == 2):
print("Beginning step 2")
elif (args.step == 3):
print("Beginning step 3")
else:
print("We need a valid step to continue...")
if (args.step):
arg = method_create()
if callable(arg):
arg()
# Allow the user to specify verbosity for debugging