From 86654a6fb1473c894b01e74f13791a71c03bae8a Mon Sep 17 00:00:00 2001 From: cktricky Date: Thu, 5 Apr 2018 14:18:08 -1000 Subject: [PATCH 1/5] as far as I can tell, this works except that I am getting errors because of python 2.7 and printing --- libs/__init__.py | 10 ++++++++++ libs/brute.py | 5 ++++- weirdAAL.py | 5 +++-- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/libs/__init__.py b/libs/__init__.py index 8b13789..367e6ee 100644 --- a/libs/__init__.py +++ b/libs/__init__.py @@ -1 +1,11 @@ +import os +list_of_files = os.listdir('.') +arry = [] + +for file in list_of_files: + filename_and_ext = os.path.splitext(file) + if filename_and_ext[1] == ".py": + arry.append(filename_and_ext[0]) + +__all__ = arry diff --git a/libs/brute.py b/libs/brute.py index 859ff7c..58943c1 100644 --- a/libs/brute.py +++ b/libs/brute.py @@ -21,6 +21,9 @@ def get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # print username # return username +def step_app(): + print('hiiiiiii') + def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) @@ -817,7 +820,7 @@ def brute_machinelearning_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): #NO functions to call without arguements #http://boto3.readthedocs.io/en/latest/reference/services/mgh.html -#TODO +#TODO #http://boto3.readthedocs.io/en/latest/reference/services/mobile.html #TODO diff --git a/weirdAAL.py b/weirdAAL.py index 6045b5a..5586b88 100755 --- a/weirdAAL.py +++ b/weirdAAL.py @@ -11,6 +11,7 @@ import argparse import os from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY from botocore.exceptions import ClientError +from libs import * parser = argparse.ArgumentParser() parser.add_argument("-s", "--step", help="list the step you would like to run", @@ -35,9 +36,9 @@ def step_recon(): def method_create(): try: - arg = eval("step_" + args.step) + arg = globals()["step_" + args.step]#arg = eval("step_" + args.step) return arg - except NameError: + except KeyError: print("That step does not exist") exit(1) From f92a7c51a312e58a1b055a60c489fae6c7aa0176 Mon Sep 17 00:00:00 2001 From: cktricky Date: Thu, 5 Apr 2018 14:19:35 -1000 Subject: [PATCH 2/5] removing testing method that is unnecessary --- libs/brute.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/libs/brute.py b/libs/brute.py index 58943c1..a790152 100644 --- a/libs/brute.py +++ b/libs/brute.py @@ -21,9 +21,6 @@ def get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): # print username # return username -def step_app(): - print('hiiiiiii') - def check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): client = boto3.client('iam', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY) From 3b60996fdca2afc259bf709cb0b47e75ba945fb4 Mon Sep 17 00:00:00 2001 From: cktricky Date: Thu, 5 Apr 2018 18:27:37 -1000 Subject: [PATCH 3/5] staging some stuff before I do the print rework --- weirdAAL.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weirdAAL.py b/weirdAAL.py index 5586b88..bb5e6af 100755 --- a/weirdAAL.py +++ b/weirdAAL.py @@ -11,7 +11,7 @@ import argparse import os from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY from botocore.exceptions import ClientError -from libs import * +#from modules import * parser = argparse.ArgumentParser() parser.add_argument("-s", "--step", help="list the step you would like to run", From 7ff5319252e8610968dd1f77da0f0eb7a090eee7 Mon Sep 17 00:00:00 2001 From: cktricky Date: Fri, 6 Apr 2018 00:00:01 -1000 Subject: [PATCH 4/5] looks legit to me (trying to make sure we can load all files in the modules directory as well as libs but do it in a somewhat abstracted way. Although, the method to do the abstraction then requires duplicate code so I am sort of annoyed that I used dup code to avoid making dup code... whatever... get over it you neurotic ginger.) --- libs/__init__.py | 14 +++++++------- libs/utils/__init__.py | 0 libs/utils/common.py | 12 ++++++++++++ modules/__init__.py | 11 +++++++++++ iam_pwn.py => modules/iam_pwn.py | 8 +++++--- weirdAAL.py | 2 +- 6 files changed, 36 insertions(+), 11 deletions(-) create mode 100644 libs/utils/__init__.py create mode 100644 libs/utils/common.py create mode 100644 modules/__init__.py rename iam_pwn.py => modules/iam_pwn.py (77%) diff --git a/libs/__init__.py b/libs/__init__.py index 367e6ee..7ad8262 100644 --- a/libs/__init__.py +++ b/libs/__init__.py @@ -1,11 +1,11 @@ import os -list_of_files = os.listdir('.') +from libs.utils.common import * -arry = [] -for file in list_of_files: - filename_and_ext = os.path.splitext(file) - if filename_and_ext[1] == ".py": - arry.append(filename_and_ext[0]) +# Get the application's path (wherever weirdAAL.py is located will be the dirpath ) +dirpath = os.getcwd() +# The actual location of this file on the filesystem is the "foldername" +foldername = os.path.dirname(os.path.realpath(__file__)) -__all__ = arry +all_files = list_all_files(foldername) +__all__ = all_files diff --git a/libs/utils/__init__.py b/libs/utils/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/libs/utils/common.py b/libs/utils/common.py new file mode 100644 index 0000000..4ac82b4 --- /dev/null +++ b/libs/utils/common.py @@ -0,0 +1,12 @@ +import os + +def list_all_files(directory): + list_of_files = os.listdir(directory) + + array = [] + + for file in list_of_files: + filename_and_ext = os.path.splitext(file) + if filename_and_ext[1] == ".py": + array.append(filename_and_ext[0]) + return array diff --git a/modules/__init__.py b/modules/__init__.py new file mode 100644 index 0000000..7ad8262 --- /dev/null +++ b/modules/__init__.py @@ -0,0 +1,11 @@ +import os +from libs.utils.common import * + + +# Get the application's path (wherever weirdAAL.py is located will be the dirpath ) +dirpath = os.getcwd() +# The actual location of this file on the filesystem is the "foldername" +foldername = os.path.dirname(os.path.realpath(__file__)) + +all_files = list_all_files(foldername) +__all__ = all_files diff --git a/iam_pwn.py b/modules/iam_pwn.py similarity index 77% rename from iam_pwn.py rename to modules/iam_pwn.py index a9e24e1..be8217e 100644 --- a/iam_pwn.py +++ b/modules/iam_pwn.py @@ -5,9 +5,11 @@ from libs.iam import * from libs.sts import * from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY -get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) -get_password_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + +def step_cg_test(): + get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) + get_password_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) #create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,'pythons3') #delete_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,'pythons3', 'AKIAIJV3RQMOYM7WQS2Q') #change_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'pythons3', 'PS#EDCasd123456!@') diff --git a/weirdAAL.py b/weirdAAL.py index bb5e6af..54b0b21 100755 --- a/weirdAAL.py +++ b/weirdAAL.py @@ -11,7 +11,7 @@ import argparse import os from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY from botocore.exceptions import ClientError -#from modules import * +from modules import * parser = argparse.ArgumentParser() parser.add_argument("-s", "--step", help="list the step you would like to run", From 6ba2f12cab47fbffd384883f946bed60d7a6a375 Mon Sep 17 00:00:00 2001 From: cktricky Date: Fri, 6 Apr 2018 00:07:20 -1000 Subject: [PATCH 5/5] removed dup code that is ugly and horrible --- weirdAAL.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weirdAAL.py b/weirdAAL.py index 54b0b21..0887c52 100755 --- a/weirdAAL.py +++ b/weirdAAL.py @@ -36,7 +36,7 @@ def step_recon(): def method_create(): try: - arg = globals()["step_" + args.step]#arg = eval("step_" + args.step) + arg = globals()["step_" + args.step] return arg except KeyError: print("That step does not exist")