From fc9a03468a38937aadc609de7d1a7ddd76fa5ca6 Mon Sep 17 00:00:00 2001
From: carnal0wnage <chris@carnal0wnage.com>
Date: Tue, 13 Jun 2017 16:05:26 -0400
Subject: [PATCH] add the ported ken's review_encrypted_volumes code and ec2.py

---
 ec2/__init__.py                 |   1 +
 ec2/__init__.pyc                | Bin 0 -> 139 bytes
 ec2/ec2.py                      |  55 ++++++++++++++++++++++++++++++++
 ec2/ec2.pyc                     | Bin 0 -> 2087 bytes
 ec2_review_encrypted_volumes.py |  24 ++++++++++++++
 5 files changed, 80 insertions(+)
 create mode 100644 ec2/__init__.py
 create mode 100644 ec2/__init__.pyc
 create mode 100644 ec2/ec2.py
 create mode 100644 ec2/ec2.pyc
 create mode 100644 ec2_review_encrypted_volumes.py

diff --git a/ec2/__init__.py b/ec2/__init__.py
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/ec2/__init__.py
@@ -0,0 +1 @@
+
diff --git a/ec2/__init__.pyc b/ec2/__init__.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..94fd526a1ab25aa033040c8fee128f8766a0e6d2
GIT binary patch
literal 139
zcmZSn%*&;COD{5+0SXv_v;z<qvjB+{28Lh_kcgiKkYGR~icNrG`k}?CMaBBg?)onI
z$)&lec_qdA1wb;jxJ17^HM1zi(a}dgHQ7i%K0Y%qvm`!Vub{Go1E|p^H$SB`C)EyQ
Jd@&F+004>Q9Mk{+

literal 0
HcmV?d00001

diff --git a/ec2/ec2.py b/ec2/ec2.py
new file mode 100644
index 0000000..8643308
--- /dev/null
+++ b/ec2/ec2.py
@@ -0,0 +1,55 @@
+#ec2 functions go here
+
+import boto3
+import botocore
+import pprint
+
+pp = pprint.PrettyPrinter(indent=5, width=80)
+
+regions = ['us-east-1', 'us-west-2', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', 'eu-central-1', 'eu-west-1']
+
+# right now this will print a file with nothing if bad key, should fix at some point --otherwise can assume its a valid key 
+# we are past the enumeration stage at this point
+def review_encrypted_volumes(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
+	print("Reviewing EC2 Volumes... This may take a few....")
+	not_encrypted = []
+	encrypted = []
+	try:
+		with open("{}-volumes_list.txt" .format(AWS_ACCESS_KEY_ID), "w") as fout:
+			for region in regions:
+				client = boto3.client(
+					'ec2',
+					aws_access_key_id = AWS_ACCESS_KEY_ID,
+					aws_secret_access_key = AWS_SECRET_ACCESS_KEY,
+					region_name=region
+				)
+
+				response = client.describe_volumes(Filters=[{
+					'Name' : 'status',
+					'Values' : ['in-use']
+				}])['Volumes']
+		
+				for volume in response:
+					if volume['Encrypted']:
+						encrypted.append(volume['VolumeId'])
+					else:
+						not_encrypted.append(volume['VolumeId'])
+					fout.write("\nEncrypted: " + str(volume['Encrypted']))
+					for attachments in volume['Attachments']:
+						fout.write("\nInstance ID: " + attachments['InstanceId'])
+					fout.write("\nVolume ID: " + volume['VolumeId'])
+					fout.write("\nRegion: " + region)
+					fout.write("\n" + "-" * 40)
+			print("Writing out results")
+			fout.write("\nNot encrypted: " + str(len(not_encrypted)) + "\n")
+			fout.write(pprint.pformat(not_encrypted))
+			fout.write("\nEncrypted: " + str(len(encrypted)) + "\n")
+			fout.write(pprint.pformat(encrypted))
+	except botocore.exceptions.ClientError as e:
+		if e.response['Error']['Code'] == 'UnauthorizedOperation':
+			print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
+		else:
+			print e
+
+
+
diff --git a/ec2/ec2.pyc b/ec2/ec2.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..c60ab9c1e1bb7c65ecf459c6cdc907d92e2fe62f
GIT binary patch
literal 2087
zcmbVNPg5gB6n{Ml1OfrF%fE<=ZFw*rLIkTgP?j#0WP#E`Om;WBSX-&t>4r>5X2Nub
z5H~sDS#N$2OOJja&wc>?b!S4b%JN`BzjVL<@AqCei9a*x?+%~7_9*_$;rA()x&#sU
zW7H-(zuz-DXA{0d=MG7SS_u*k3D6{o8M-6q9Gh7ZDH3xe=1HVUERa|vk)g{uI-eo2
zL_feSbQsn0%ZTOwh0m#;HQPYQK>IV;YD4<I&`tjgJ2el|Qw8ZNUD%zR`Vyx-wFH^l
zEd*htn^xhTrNUm!+MQ@kS@&8~!(FuqU$R&5kVoXU<4|DOP`jQ3@d8!`tAwQ<frC<x
zjse@qAwv^1_?2m}0T81h(H($G(49j+{me#5y3H}|Q29-kjb=zEs0GX{eozH?LujXH
z2sl|{gySr=0NWh-K-wa@4@fVev`G8-xg!Q}bE6d9{!YUb{QgFxIT`~0CCWv=&=3*e
z2IpnUAr%&6X^7PR!5b#2g{G~LzBh&HhEc!$*cxXkSAMfaqj`#TAJGu$Jf@u0y8eUe
zv0!x)%nD-WnyKg^W1YkXiA`D^oBv4l>wT(=9H5L%-ZRN)#B&USCLOW<(1lJ@Yhfy7
zv6-#Gm;v(tFq=qO9mD?Zt9tN^l6sL^8EP%jRhpuV!$xUhLqu67u|+xYKGqYuawwW{
z#P+ngN5|Jo4)l(W14gglu9p7*vvI0E1+B^(U-tdrl2=N5{AJkgb)?$a+2PNdzTzEs
zz_oiNxyvtPAM73V7)I|#g`2TvqwOobqi?ll;P){um``s{XYuRyRm1f>sZ`@i4jQ;D
zYcW?zFOvF!P@AER<fR`5jlk_lox=H<-_|lx_Ub9^>Yma`uumaZ<Lg-HDQU$o-F6R`
z%~-`H0AZp^;6;P3mI9rcNKS;kMCp6k0k_c)wRXK`2Nz4(yO=%+5H#>4KPf{c4F?m>
z#Kkz2mD?+yuG$I?xH4d*EhGg$kG(~$9{Jh;jZ4oXsd{ZhS}}^Jq2_XuDq@+pr4mJW
zFHF6qP)Lj1i@?Qm5k~&^Qhd{uk*fihYCz@Ph#&C$zsf)1{iY1K=eFA>Hl7<^mdcC#
zw=zbG7YbbUBFP6~k2l>L$<aU#{~cc`6XDCe$<pQ$c7cz<{vwPzuC{=W+oo*RZ$lk^
zW)-})4^?d}MI5gY&y1D3UAPkCXB4<dJ2^^6_O~5J>2@O@PE1?7aYWNd6U7TLL8dA4
z){|X}gl%KV#vP+)bOCf1HORb~Fguoq^;+YwRI1c!jjt-N8z*H8uHn`yrE2B*1EDtW
zXb|egeRu3wO;4sj7wD%gX$(Yl6TIq2CYk|iT(eCLcugkEj)pXoL6)c@cEuM8<6bNs
z70aQAYlulK8oV*s#lG|-ad`N35xp^Mr#sLlP-L&~G`|VPCUI2;AvVKi@lCKTma#i?
znolgU6kA~_C&SWg)yYDdWjVG6`UDmqvUMzu^9IX0dDDREh9TULZ4e918G4`xXQoLq
q!aohPsast)Dg}^fdH=u0Ir#a!6N+A2eqr7gWm>+-@O3tw?d0Dmmfy($

literal 0
HcmV?d00001

diff --git a/ec2_review_encrypted_volumes.py b/ec2_review_encrypted_volumes.py
new file mode 100644
index 0000000..4642eef
--- /dev/null
+++ b/ec2_review_encrypted_volumes.py
@@ -0,0 +1,24 @@
+
+'''
+This file is used to list EBS volumes and whether or not they are encrypted. This is only for "in-use" (running) volumes.
+'''
+
+import boto3
+import botocore
+
+import json
+import urllib
+import logging
+import sys,os
+import pprint
+
+pp = pprint.PrettyPrinter(indent=5, width=80)
+
+from ec2.ec2 import *
+
+#insert AWS key, will figure out how to pull this in from a single file for all scripts
+
+AWS_ACCESS_KEY_ID = ''
+AWS_SECRET_ACCESS_KEY =''
+
+review_encrypted_volumes(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
\ No newline at end of file