From fa6400ee41849326684b251cbc19cbd1c47a23c0 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Tue, 1 May 2018 19:21:21 -0400 Subject: [PATCH] db updates and an iam function --- libs/brute.py | 4 ++-- libs/ec2.py | 4 ++-- libs/iam.py | 15 +++++++++++++++ libs/sql.py | 15 +++++++++------ modules/iam.py | 7 +++++++ test_insert.py | 7 ++++--- 6 files changed, 39 insertions(+), 13 deletions(-) diff --git a/libs/brute.py b/libs/brute.py index 32f535a..04074c9 100644 --- a/libs/brute.py +++ b/libs/brute.py @@ -126,7 +126,7 @@ def generic_permission_bruteforcer(service, tests): db_logger = [] for action in actions: - db_logger.append([service, action, AWS_ACCESS_KEY_ID, datetime.datetime.now()]) + db_logger.append([service, action, AWS_ACCESS_KEY_ID, target, datetime.datetime.now()]) # print (db_logger) # scrapped the json logging idea but keeping it here just in case @@ -164,7 +164,7 @@ def generic_permission_bruteforcer_region(service, tests, region_passed): db_logger = [] for action in actions: - db_logger.append([service, action, AWS_ACCESS_KEY_ID, datetime.datetime.now()]) + db_logger.append([service, action, AWS_ACCESS_KEY_ID, target, datetime.datetime.now()]) # print (db_logger) # scrapped the json logging idea but keeping it here just in case diff --git a/libs/ec2.py b/libs/ec2.py index 31b369a..e4568d6 100644 --- a/libs/ec2.py +++ b/libs/ec2.py @@ -90,7 +90,7 @@ def describe_instances(): print("[+] Listing instances for region: {} [+]" .format(region)) db_logger = [] for r in response['Reservations']: - db_logger.append(['ec2', 'DescribeInstances', str(r), AWS_ACCESS_KEY_ID, datetime.datetime.now()]) + db_logger.append(['ec2', 'DescribeInstances', str(r), AWS_ACCESS_KEY_ID, target, datetime.datetime.now()]) for i in r['Instances']: pp.pprint(i) # logging to db here @@ -132,7 +132,7 @@ def describe_instances_basic(): db_logger = [] for r in response['Reservations']: # logging the full blob - db_logger.append(['ec2', 'DescribeInstances', str(r), AWS_ACCESS_KEY_ID, datetime.datetime.now()]) + db_logger.append(['ec2', 'DescribeInstances', str(r), AWS_ACCESS_KEY_ID, target, datetime.datetime.now()]) for i in r['Instances']: launchtime = i['LaunchTime'] instanceid = i['InstanceId'] diff --git a/libs/iam.py b/libs/iam.py index daf216e..2f0b378 100644 --- a/libs/iam.py +++ b/libs/iam.py @@ -129,6 +129,21 @@ def get_password_policy(): except KeyboardInterrupt: print("CTRL-C received, exiting...") +def get_account_authorization_details(): + ''' + Get the account authoirzation details + ''' + client = boto3.client('iam', region_name=region) + + try: + deets = client.get_account_authorization_details() + print("Account Authorization Details:") + pp.pprint(deets['UserDetailList']) + except botocore.exceptions.ClientError as e: + print("Unexpected error: {}" .format(e)) + except KeyboardInterrupt: + print("CTRL-C received, exiting...") + def iam_create_user(username): ''' diff --git a/libs/sql.py b/libs/sql.py index 6f8ef1f..fed6b23 100644 --- a/libs/sql.py +++ b/libs/sql.py @@ -40,6 +40,7 @@ def create_recon_table(db_name, table_name): service text, sub_service text, AWSKeyID text, + target text, checked_at timestamp, PRIMARY KEY (ID))""" #FOREIGN KEY (AWSKeyID) references AWSKey(ID))""" @@ -53,8 +54,9 @@ def create_awskey_table(db_name, table_name): ''' sql = """CREATE TABLE AWSKey (ID integer, - AWSKeyID Text, - Description text, + AWSKeyID text, + description text, + target text, PRIMARY KEY(ID))""" create_table(db_name,table_name,sql) print ("created table: {}".format(table_name)) @@ -71,6 +73,7 @@ def create_services_table(db_name, table_name): sub_service text, sub_service_data text, checked_at timestamp, + target text, PRIMARY KEY(ID))""" create_table(db_name,table_name,sql) print ("created table: {}".format(table_name)) @@ -80,7 +83,7 @@ def insert_awskey_data(db_name, records): ''' Insert AWS Key and a description to the AWSKey table (unused) ''' - sql = """INSERT INTO AWSKey(AWSKeyID, Description) VALUES (?,?)""" + sql = """INSERT INTO AWSKey(AWSKeyID, description, target) VALUES (?,?,?)""" for record in records: query(db_name, sql,record) @@ -89,7 +92,7 @@ def insert_reconservice_data(db_name, records): ''' Insert data into the recon table ''' - sql = """INSERT INTO recon(service, sub_service, AWSKeyID, checked_at) VALUES (?,?,?,?)""" + sql = """INSERT INTO recon(service, sub_service, AWSKeyID, target, checked_at) VALUES (?,?,?,?,?)""" for record in records: query(db_name,sql,record) @@ -98,7 +101,7 @@ def insert_sub_service_data(db_name, records): ''' Insert service, sub_service & sub_service data into the DB ''' - sql = """INSERT INTO services(service, sub_service, sub_service_data, AWSKeyID, checked_at) VALUES (?,?,?,?,?)""" + sql = """INSERT INTO services(service, sub_service, sub_service_data, AWSKeyID, target, checked_at) VALUES (?,?,?,?,?,?)""" for record in records: query(db_name,sql,record) @@ -109,7 +112,7 @@ def search_recon_by_key(db_name,AWSKeyID): ''' with sqlite3.connect(db_name) as db: cursor = db.cursor() - cursor.execute("""SELECT DISTINCT service,sub_service,checked_at FROM recon WHERE AWSKeyID=? ORDER BY datetime(checked_at)""",(AWSKeyID,)) + cursor.execute("""SELECT DISTINCT service, sub_service, checked_at FROM recon WHERE AWSKeyID=? ORDER BY datetime(checked_at)""",(AWSKeyID,)) results = cursor.fetchall() return results diff --git a/modules/iam.py b/modules/iam.py index f2e7fb4..d1500ab 100644 --- a/modules/iam.py +++ b/modules/iam.py @@ -90,3 +90,10 @@ def module_iam_list_entities_for_policy(*text): python3 weirdAAL.py -m iam_list_entities_for_policy -a 'arn:aws:iam::...' -t yolo ''' iam_list_entities_for_policy(text[0][0]) + + +def module_iam_get_account_authorization_details(): + ''' + Retrieves information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another. Use this API to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account. + ''' + get_account_authorization_details() diff --git a/test_insert.py b/test_insert.py index 15565d8..34cf92a 100644 --- a/test_insert.py +++ b/test_insert.py @@ -7,17 +7,18 @@ from libs.sql import * # Provides us with a global var "db_name" we can access anywhere builtins.db_name = "weirdAAL.db" +target = "sometarget" #create some tables to stick data in if __name__ == "__main__": timenow = datetime.datetime.now() - test_aws_key = [("AKIAIOSFODNN7EXAMPLE", "some test shit")] + test_aws_key = [("AKIAIOSFODNN7EXAMPLE", "some test shit", target)] insert_awskey_data(db_name,test_aws_key) - test_service_data = [("ec2","DescribeInstances","AKIAIOSFODNN7EXAMPLE", timenow),("ecr","DescribeRepositories","AKIAIOSFODNN7EXAMPLE",timenow)] + test_service_data = [("ec2","DescribeInstances","AKIAIOSFODNN7EXAMPLE", target, timenow),("ecr","DescribeRepositories","AKIAIOSFODNN7EXAMPLE", target, timenow)] insert_reconservice_data(db_name, test_service_data) - test_sub_service_data = [("ec2","DescribeInstances","{'Groups': [], 'Instances': [{'AmiLaunchIndex': 0, 'ImageId': 'ami-90123455', 'InstanceId': 'i-04340cXXXXXXX', 'InstanceType': 't2.micro', 'KeyName': 'TEST THAT SHIT', 'LaunchTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'Monitoring': {'State': 'disabled'}, 'Placement': {'AvailabilityZone': 'us-east-1e', 'GroupName': '', 'Tenancy': 'default'}, 'Platform': 'windows', 'PrivateDnsName': 'ip-192-168-1-15.ec2.internal', 'PrivateIpAddress': '192.168.1.15', 'ProductCodes': [], 'PublicDnsName': '', 'State': {'Code': 16, 'Name': 'running'}, 'StateTransitionReason': '', 'SubnetId': 'subnet-12345a', 'VpcId': 'vpc-12345a', 'Architecture': 'x86_64', 'BlockDeviceMappings': [{'DeviceName': '/dev/sda1', 'Ebs': {'AttachTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'DeleteOnTermination': True, 'Status': 'attached', 'VolumeId': 'vol-123456'}}], 'ClientToken': '', 'EbsOptimized': False, 'EnaSupport': True, 'Hypervisor': 'xen', 'NetworkInterfaces': [{'Attachment': {'AttachTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'AttachmentId': 'eni-attach-12345', 'DeleteOnTermination': True, 'DeviceIndex': 0, 'Status': 'attached'}, 'Description': 'Primary network interface', 'Groups': [{'GroupName': 'INTERNAL', 'GroupId': 'sg-x12345c'}], 'Ipv6Addresses': [], 'MacAddress': 'ff:aa:ad:b1:c0:34', 'NetworkInterfaceId': 'eni-654321', 'OwnerId': 'xxxxxxxxxx', 'PrivateIpAddress': '192.168.1.15', 'PrivateIpAddresses': [{'Primary': True, 'PrivateIpAddress': '192.168.1.15'}], 'SourceDestCheck': True, 'Status': 'in-use', 'SubnetId': 'subnet-85d385ba', 'VpcId': 'vpc-deadbabe'}], 'RootDeviceName': '/dev/sda1', 'RootDeviceType': 'ebs', 'SecurityGroups': [{'GroupName': 'INTERNAL', 'GroupId': 'sg-12345'}], 'SourceDestCheck': True, 'Tags': [{'Key': 'Name', 'Value': 'INTERNAL'}], 'VirtualizationType': 'hvm'}], 'OwnerId': 'xxxxxxxxxx', 'ReservationId': 'r-00000000555555'}","AKIAIOSFODNN7EXAMPLE", datetime.datetime.now()),("ecr","DescribeRepositories","poop", "AKIAIOSFODNN7EXAMPLE",datetime.datetime.now())] + test_sub_service_data = [("ec2","DescribeInstances","{'Groups': [], 'Instances': [{'AmiLaunchIndex': 0, 'ImageId': 'ami-90123455', 'InstanceId': 'i-04340cXXXXXXX', 'InstanceType': 't2.micro', 'KeyName': 'TEST THAT SHIT', 'LaunchTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'Monitoring': {'State': 'disabled'}, 'Placement': {'AvailabilityZone': 'us-east-1e', 'GroupName': '', 'Tenancy': 'default'}, 'Platform': 'windows', 'PrivateDnsName': 'ip-192-168-1-15.ec2.internal', 'PrivateIpAddress': '192.168.1.15', 'ProductCodes': [], 'PublicDnsName': '', 'State': {'Code': 16, 'Name': 'running'}, 'StateTransitionReason': '', 'SubnetId': 'subnet-12345a', 'VpcId': 'vpc-12345a', 'Architecture': 'x86_64', 'BlockDeviceMappings': [{'DeviceName': '/dev/sda1', 'Ebs': {'AttachTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'DeleteOnTermination': True, 'Status': 'attached', 'VolumeId': 'vol-123456'}}], 'ClientToken': '', 'EbsOptimized': False, 'EnaSupport': True, 'Hypervisor': 'xen', 'NetworkInterfaces': [{'Attachment': {'AttachTime': datetime.datetime(2018, 3, 28, 15, 42, 9, tzinfo=tzutc()), 'AttachmentId': 'eni-attach-12345', 'DeleteOnTermination': True, 'DeviceIndex': 0, 'Status': 'attached'}, 'Description': 'Primary network interface', 'Groups': [{'GroupName': 'INTERNAL', 'GroupId': 'sg-x12345c'}], 'Ipv6Addresses': [], 'MacAddress': 'ff:aa:ad:b1:c0:34', 'NetworkInterfaceId': 'eni-654321', 'OwnerId': 'xxxxxxxxxx', 'PrivateIpAddress': '192.168.1.15', 'PrivateIpAddresses': [{'Primary': True, 'PrivateIpAddress': '192.168.1.15'}], 'SourceDestCheck': True, 'Status': 'in-use', 'SubnetId': 'subnet-85d385ba', 'VpcId': 'vpc-deadbabe'}], 'RootDeviceName': '/dev/sda1', 'RootDeviceType': 'ebs', 'SecurityGroups': [{'GroupName': 'INTERNAL', 'GroupId': 'sg-12345'}], 'SourceDestCheck': True, 'Tags': [{'Key': 'Name', 'Value': 'INTERNAL'}], 'VirtualizationType': 'hvm'}], 'OwnerId': 'xxxxxxxxxx', 'ReservationId': 'r-00000000555555'}","AKIAIOSFODNN7EXAMPLE", target, datetime.datetime.now()),("ecr","DescribeRepositories","poop", "AKIAIOSFODNN7EXAMPLE", target, datetime.datetime.now())] insert_sub_service_data(db_name, test_sub_service_data)