From 3ae87d030a46da93411ac41302acb887ee276809 Mon Sep 17 00:00:00 2001 From: cktricky Date: Fri, 6 Apr 2018 11:11:50 -1000 Subject: [PATCH 1/4] believe the last of the print issues should be fixed --- libs/ec2.py | 15 ++++++------- libs/iam.py | 28 ++++++++++++------------ libs/opsworks.py | 4 ++-- libs/rds.py | 4 ++-- logging_list_monitoring_configuration.py | 6 ++--- 5 files changed, 28 insertions(+), 29 deletions(-) diff --git a/libs/ec2.py b/libs/ec2.py index 494614c..5f9a070 100644 --- a/libs/ec2.py +++ b/libs/ec2.py @@ -28,7 +28,7 @@ def review_encrypted_volumes(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): 'Name' : 'status', 'Values' : ['in-use'] }])['Volumes'] - + for volume in response: if volume['Encrypted']: encrypted.append(volume['VolumeId']) @@ -49,7 +49,7 @@ def review_encrypted_volumes(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): if e.response['Error']['Code'] == 'UnauthorizedOperation': print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) else: - print e + print(e) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -70,7 +70,7 @@ def get_instance_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): pp.pprint(i) except botocore.exceptions.ClientError as e: - print e + print(e) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -91,9 +91,9 @@ def get_instance_volume_details(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): volumes = client.describe_instance_attribute(InstanceId=i['InstanceId'], Attribute='blockDeviceMapping') print ("Instance ID: {} \n" .format(i['InstanceId'])) pp.pprint(volumes) - + except botocore.exceptions.ClientError as e: - print e + print(e) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -115,9 +115,8 @@ def get_instance_volume_details2(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("InstandID:{} \n" .format(volume['Attachments'][0]['InstanceId'])) pp.pprint(volume) print("\n") - + except botocore.exceptions.ClientError as e: - print e + print(e) except KeyboardInterrupt: print("CTRL-C received, exiting...") - diff --git a/libs/iam.py b/libs/iam.py index 6044679..80f1cc5 100644 --- a/libs/iam.py +++ b/libs/iam.py @@ -17,7 +17,7 @@ region = 'us-east-1' def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region) - + try: acct_summary = client.get_account_summary() if acct_summary: @@ -28,18 +28,18 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): if client_list: print("Printing Users") pp.pprint(client_list['Users']) - + print("Checking for console access") for user in client_list['Users']: - + try: profile = client.get_login_profile(UserName=user['UserName']) if profile: print('User {} likely has console access and the password can be reset :-)' .format(user['UserName'])) print("Checking for MFA on account") mfa = client.list_mfa_devices(UserName=user['UserName']) - print mfa['MFADevices'] - + print(mfa['MFADevices']) + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'NoSuchEntity': print("[-]: user '{}' likely doesnt have console access" .format(user['UserName'])) @@ -55,10 +55,10 @@ def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") - + def change_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, password): client = boto3.client('iam', aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name=region) - + try: response = client.update_login_profile(UserName=username,Password=password, PasswordResetRequired=False) print('Changing password for user: {} to password: {}' .format(username, password)) @@ -76,7 +76,7 @@ def change_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, usern def create_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, password): client = boto3.client('iam', aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name=region) - + try: response = client.create_login_profile(UserName=username,Password=password, PasswordResetRequired=False) print('Changing password for user: %s to password: {}' .format(username, password)) @@ -94,7 +94,7 @@ def create_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, usern def get_password_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): client = boto3.client('iam', aws_access_key_id = AWS_ACCESS_KEY_ID, aws_secret_access_key = AWS_SECRET_ACCESS_KEY, region_name=region) - + try: pass_policy = client.get_account_password_policy() print("Account Password Policy:") @@ -106,7 +106,7 @@ def get_password_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def create_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) - + try: print("Creating a new IAM user named: {}" .format(username)) create_user = client.create_user(Path='/',UserName=username) @@ -123,7 +123,7 @@ def create_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): def create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) - + try: create_access_key = client.create_access_key(UserName=username) print("Creating a new access key for: {}" .format(username)) @@ -135,7 +135,7 @@ def create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): def delete_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, accesskey): client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) - + try: delete_access_key = client.delete_access_key(UserName=username, AccessKeyId=accesskey) print("Deleting a access key: {} for: {}" .format(accesskey, username)) @@ -166,7 +166,7 @@ def delete_mfa_device(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, mfaser def make_admin(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username): client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) - + try: make_admin = client.attach_user_policy(UserName=username, PolicyArn='arn:aws:iam::aws:policy/AdministratorAccess') print("Adding admin policy to: {}" .format(username)) @@ -189,7 +189,7 @@ def make_backdoor_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, pa make_admin(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,username) create_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, username, password) create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,username) - + except botocore.exceptions.ClientError as e: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: diff --git a/libs/opsworks.py b/libs/opsworks.py index f2203ef..3e5aeaa 100644 --- a/libs/opsworks.py +++ b/libs/opsworks.py @@ -22,13 +22,13 @@ def describe_stacks(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): ) response = client.describe_stacks() #debug - print response + print(response) if response.get('Stacks') is None: print("{} likely does not have Lambda permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['Stacks']) <= 0: print("[-] DescribeStacks allowed for {} but no results (everyone seems to have this permission) [-]\n" .format(region)) else: #THIS PART IS UNTESTED - for r in response['Stacks']: + for r in response['Stacks']: pp.pprint(r) except botocore.exceptions.EndpointConnectionError as e: print("Unexpected error: {}" .format(e)) diff --git a/libs/rds.py b/libs/rds.py index 4151765..2bcbfa3 100644 --- a/libs/rds.py +++ b/libs/rds.py @@ -25,6 +25,6 @@ def describe_db_instances(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): pp.pprint(i) except botocore.exceptions.ClientError as e: - print e + print(e) except KeyboardInterrupt: - print("CTRL-C received, exiting...") \ No newline at end of file + print("CTRL-C received, exiting...") diff --git a/logging_list_monitoring_configuration.py b/logging_list_monitoring_configuration.py index 6ef909d..cf1ea68 100644 --- a/logging_list_monitoring_configuration.py +++ b/logging_list_monitoring_configuration.py @@ -42,7 +42,7 @@ for region in regions: print(config_service_text) print("Region:" + region) print_config_text(config_service_text) - + if response.get('ConfigurationRecorders') is None: print("{} likely does not have Config permissions\n" .format(AWS_ACCESS_KEY_ID)) elif len(response['ConfigurationRecorders']) <= 0: @@ -55,6 +55,6 @@ for region in regions: # pp.pprint(resourcetype['resourceTypes'][0]) ruleresponse = describe_configuration_recorders(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, region) - print ruleresponse - + print(ruleresponse) + print_section_header_and_footer("END OF CONFIG SERVICE REVIEW", True) From 51d2887a60efaee2b50edbe4c971e6acf34baec0 Mon Sep 17 00:00:00 2001 From: cktricky Date: Fri, 6 Apr 2018 13:02:53 -1000 Subject: [PATCH 2/4] fixed indentation and print errors --- libs/brute.py | 4 +++- libs/config.py | 6 ++--- libs/datapipeline.py | 25 ++++++++++--------- libs/dynamodb.py | 52 +++++++++++++++++++--------------------- libs/dynamodbstreams.py | 26 ++++++++++---------- libs/ecr.py | 4 ++-- libs/elasticbeanstalk.py | 25 ++++++++++--------- libs/emr.py | 9 ++++--- libs/route53.py | 6 ++--- modules/__init__.py | 1 + modules/iam_pwn.py | 2 +- target.txt | 0 weirdAAL.py | 2 +- 13 files changed, 77 insertions(+), 85 deletions(-) create mode 100644 target.txt diff --git a/libs/brute.py b/libs/brute.py index 381e1c4..c76ce0b 100644 --- a/libs/brute.py +++ b/libs/brute.py @@ -10,7 +10,9 @@ import datetime #change as required once we decide time format from libs.sql import * - +def step_cg_test(): + pass + # we chould probably load this from one place in the future #TODO db_name = "weirdAAL.db" diff --git a/libs/config.py b/libs/config.py index a3aea8c..56915a2 100644 --- a/libs/config.py +++ b/libs/config.py @@ -32,7 +32,7 @@ def describe_configuration_recorders(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, r print('[-] {} : does not have config access. Did you check first?' .format(AWS_ACCESS_KEY_ID)) pass else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") @@ -57,8 +57,8 @@ def describe_configuration_rules(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, regio print('[-] {} : does not have config access. Did you check first?' .format(AWS_ACCESS_KEY_ID)) pass else: - print "Unexpected error: {}" .format(e) + print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") - return response \ No newline at end of file + return response diff --git a/libs/datapipeline.py b/libs/datapipeline.py index 0307586..2237938 100644 --- a/libs/datapipeline.py +++ b/libs/datapipeline.py @@ -16,19 +16,18 @@ def list_pipelines(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing Data Pipeline Pipelines ###") try: for region in regions: - client = boto3.client('datapipeline', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) - - response = client.list_pipelines() - print"### {} Data Pipelines ###" .format(region) - if response.get('pipelineIdList') is None: - print("{} likely does not have Data Pipeline permissions\n" .format(AWS_ACCESS_KEY_ID)) - elif len(response['pipelineIdList']) <= 0: - print("[-] ListPipelines allowed for {} but no results [-]" .format(region)) - else: - print"### {} Data Pipelines ###" .format(region) - for pipes in response['pipelineIdList']: - pp.pprint(pipes) - print("\n") + client = boto3.client('datapipeline', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + response = client.list_pipelines() + print("### {} Data Pipelines ###" .format(region)) + if response.get('pipelineIdList') is None: + print("{} likely does not have Data Pipeline permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['pipelineIdList']) <= 0: + print("[-] ListPipelines allowed for {} but no results [-]" .format(region)) + else: + print("### {} Data Pipelines ###" .format(region)) + for pipes in response['pipelineIdList']: + pp.pprint(pipes) + print("\n") except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': diff --git a/libs/dynamodb.py b/libs/dynamodb.py index ee8ee94..3d5e7c7 100644 --- a/libs/dynamodb.py +++ b/libs/dynamodb.py @@ -15,19 +15,18 @@ regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', ' def list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing DynamoDB Tables ###") try: - for region in regions: - client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) - - response = client.list_tables() - if response.get('TableNames') is None: - print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) - elif len(response['TableNames']) <= 0: - print("[-] ListTables allowed for {} but no results [-]" .format(region)) - else: - print"### {} DynamoDB Tables ###" .format(region) - for tables in response['TableNames']: - pp.pprint(tables) - print("\n") + for region in regions: + client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + response = client.list_tables() + if response.get('TableNames') is None: + print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['TableNames']) <= 0: + print("[-] ListTables allowed for {} but no results [-]" .format(region)) + else: + print("### {} DynamoDB Tables ###" .format(region)) + for tables in response['TableNames']: + pp.pprint(tables) + print("\n") except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': @@ -42,19 +41,17 @@ def list_dynamodb_tables(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing DynamoDB Tables ###") try: - for region in regions: - client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) - - response = client.list_tables() - if response.get('TableNames') is None: - print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) - elif len(response['TableNames']) <= 0: - print("[-] ListTables allowed for {} but no results [-]" .format(region)) - else: - print"### {} DynamoDB Tables ###" .format(region) - for tables in response['TableNames']: - #pp.pprint(tables) - describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, tables, region) + for region in regions: + client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + response = client.list_tables() + if response.get('TableNames') is None: + print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['TableNames']) <= 0: + print("[-] ListTables allowed for {} but no results [-]" .format(region)) + else: + print("### {} DynamoDB Tables ###" .format(region)) + for tables in response['TableNames']: + describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, tables, region) print("\n") except botocore.exceptions.ClientError as e: @@ -70,8 +67,7 @@ def list_dynamodb_tables_detailed(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): def describe_table(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, table, region): print("### Describing DynamoDB Table: {} ###" .format(table)) try: - client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) - + client = boto3.client('dynamodb', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) response = client.describe_table(TableName=table) if response.get('Table') is None: print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) diff --git a/libs/dynamodbstreams.py b/libs/dynamodbstreams.py index cf7a3a8..2b55bb0 100644 --- a/libs/dynamodbstreams.py +++ b/libs/dynamodbstreams.py @@ -16,20 +16,18 @@ regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', ' def list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("### Printing DynamoDBstreams ###") try: - for region in regions: - client = boto3.client('dynamodbstreams', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + for region in regions: + client = boto3.client('dynamodbstreams', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + if response.get('Streams') is None: + print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) + elif len(response['Streams']) <= 0: + print("[-] ListStreams allowed for {} but no results [-]" .format(region)) + else: + print("### {} DynamoDB Streams ###" .format(region)) + for streams in response['Streams']: + pp.pprint(streams) + print("\n") - response = client.list_streams() - if response.get('Streams') is None: - print("{} likely does not have DynamoDB permissions\n" .format(AWS_ACCESS_KEY_ID)) - elif len(response['Streams']) <= 0: - print("[-] ListStreams allowed for {} but no results [-]" .format(region)) - else: - print"### {} DynamoDB Streams ###" .format(region) - for streams in response['Streams']: - pp.pprint(streams) - print("\n") - except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) @@ -38,4 +36,4 @@ def list_dynamodbstreams(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): else: print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: - print("CTRL-C received, exiting...") \ No newline at end of file + print("CTRL-C received, exiting...") diff --git a/libs/ecr.py b/libs/ecr.py index 82cc1f1..bfc4cce 100644 --- a/libs/ecr.py +++ b/libs/ecr.py @@ -27,11 +27,11 @@ def describe_repositories(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif len(response['repositories']) <= 0: print("[-] DescribeRepositories allowed for {} but no results [-]" .format(region)) else: - print"### {} ECR Repositories ###" .format(region) + print("### {} ECR Repositories ###" .format(region)) for tables in response['repositories']: pp.pprint(tables) print("\n") - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) diff --git a/libs/elasticbeanstalk.py b/libs/elasticbeanstalk.py index 8483523..b97caef 100644 --- a/libs/elasticbeanstalk.py +++ b/libs/elasticbeanstalk.py @@ -27,11 +27,11 @@ def describe_applications(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif len(response['Applications']) <= 0: print("[-] DescribeApplications allowed for {} but no results [-]" .format(region)) else: - print"### {} ElasticBeanstalk Applications ###" .format(region) + print("### {} ElasticBeanstalk Applications ###" .format(region)) for app in response['Applications']: pp.pprint(app) print("\n") - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) @@ -57,11 +57,11 @@ def describe_application_versions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif len(response['ApplicationVersions']) <= 0: print("[-] DescribeApplicationVersions allowed for {} but no results [-]" .format(region)) else: - print"### {} ElasticBeanstalk Application Versions ###" .format(region) + print("### {} ElasticBeanstalk Application Versions ###" .format(region)) for app in response['ApplicationVersions']: pp.pprint(app) print("\n") - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) @@ -87,7 +87,7 @@ def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif len(response['Options']) <= 0: print("[-] DescribeConfigurationOptions allowed for {} but no results [-]" .format(region)) else: - print"### {} ElasticBeanstalk Configuration Options ###" .format(region) + print("### {} ElasticBeanstalk Configuration Options ###" .format(region)) #if response['PlatformArn'] is None: # pass #else: @@ -96,7 +96,7 @@ def describe_configuration_options(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("SolutionStackName: {}" .format(response['SolutionStackName'])) pp.pprint( "Options: {}" .format(response['Options'])) print("\n") - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) @@ -122,11 +122,11 @@ def describe_environments(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif len(response['Environments']) <= 0: print("[-] DescribeEnvironments allowed for {} but no results [-]" .format(region)) else: - print"### {} ElasticBeanstalk Environments ###" .format(region) + print("### {} ElasticBeanstalk Environments ###" .format(region)) for enviro in response['Environments']: - pp.pprint(enviro) + pp.pprint(enviro) print("\n") - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) @@ -152,11 +152,11 @@ def describe_events(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif len(response['Events']) <= 0: print("[-] DescribeEvents allowed for {} but no results [-]" .format(region)) else: - print"### {} ElasticBeanstalk Events ###" .format(region) + print("### {} ElasticBeanstalk Events ###" .format(region)) for events in response['Events']: - pp.pprint(events) + pp.pprint(events) print("\n") - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) @@ -166,4 +166,3 @@ def describe_events(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") - diff --git a/libs/emr.py b/libs/emr.py index f405214..983bd4c 100644 --- a/libs/emr.py +++ b/libs/emr.py @@ -27,11 +27,11 @@ def list_clusters(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif len(response['Clusters']) <= 0: print("[-] ListClusters allowed for {} but no results [-]" .format(region)) else: - print"### {} EMR Clusters ###" .format(region) + print("### {} EMR Clusters ###" .format(region)) for app in response['Clusters']: pp.pprint(app) print("\n") - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) @@ -57,11 +57,11 @@ def list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif len(response['SecurityConfigurations']) <= 0: print("[-] ListSecurityConfigurations allowed for {} but no results [-]" .format(region)) else: - print"### {} EMR Security Configuration ###" .format(region) + print("### {} EMR Security Configuration ###" .format(region)) for app in response['SecurityConfigurations']: pp.pprint(app) print("\n") - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) @@ -71,4 +71,3 @@ def list_security_configurations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") - diff --git a/libs/route53.py b/libs/route53.py index c7b6163..d173a78 100644 --- a/libs/route53.py +++ b/libs/route53.py @@ -30,11 +30,11 @@ def list_geolocations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): elif len(response['GeoLocationDetailsList']) <= 0: print("[-] ListGeoLocations allowed for {} but no results [-]" .format(region)) else: - print"### {} Route53 GeoLocations ###" .format(region) + print("### {} Route53 GeoLocations ###" .format(region)) for app in response['GeoLocationDetailsList']: pp.pprint(app) print("\n") - + except botocore.exceptions.ClientError as e: if e.response['Error']['Code'] == 'InvalidClientTokenId': sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) @@ -44,5 +44,3 @@ def list_geolocations(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): print("Unexpected error: {}" .format(e)) except KeyboardInterrupt: print("CTRL-C received, exiting...") - - diff --git a/modules/__init__.py b/modules/__init__.py index 7ad8262..4f3d876 100644 --- a/modules/__init__.py +++ b/modules/__init__.py @@ -8,4 +8,5 @@ dirpath = os.getcwd() foldername = os.path.dirname(os.path.realpath(__file__)) all_files = list_all_files(foldername) + __all__ = all_files diff --git a/modules/iam_pwn.py b/modules/iam_pwn.py index be8217e..1085294 100644 --- a/modules/iam_pwn.py +++ b/modules/iam_pwn.py @@ -3,7 +3,7 @@ if you have root or IAM access gather user info, manipulate access keys or passw ''' from libs.iam import * from libs.sts import * -from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY +#from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY def step_cg_test(): diff --git a/target.txt b/target.txt new file mode 100644 index 0000000..e69de29 diff --git a/weirdAAL.py b/weirdAAL.py index 0887c52..691eb30 100755 --- a/weirdAAL.py +++ b/weirdAAL.py @@ -11,7 +11,7 @@ import argparse import os from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY from botocore.exceptions import ClientError -from modules import * +from libs import * parser = argparse.ArgumentParser() parser.add_argument("-s", "--step", help="list the step you would like to run", From 123aedf81da06af18fc3f3e0063eebd98aae00d9 Mon Sep 17 00:00:00 2001 From: cktricky Date: Fri, 6 Apr 2018 13:03:15 -1000 Subject: [PATCH 3/4] changed back to modules --- weirdAAL.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weirdAAL.py b/weirdAAL.py index 691eb30..0887c52 100755 --- a/weirdAAL.py +++ b/weirdAAL.py @@ -11,7 +11,7 @@ import argparse import os from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY from botocore.exceptions import ClientError -from libs import * +from modules import * parser = argparse.ArgumentParser() parser.add_argument("-s", "--step", help="list the step you would like to run", From d030ad82dd523c9ce3f8f6a15e6ff136b68145a9 Mon Sep 17 00:00:00 2001 From: cktricky Date: Fri, 6 Apr 2018 13:04:01 -1000 Subject: [PATCH 4/4] switched back to modules which means the brute.py test file no longer needs the method step_cg_test --- libs/brute.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/libs/brute.py b/libs/brute.py index c76ce0b..11030b0 100644 --- a/libs/brute.py +++ b/libs/brute.py @@ -10,9 +10,6 @@ import datetime #change as required once we decide time format from libs.sql import * -def step_cg_test(): - pass - # we chould probably load this from one place in the future #TODO db_name = "weirdAAL.db"