simple change, for correct interpreter and additional cred check, as lambda aws excepts otherwise

module to list ec2 public ips
update a module to say Elastic as it doesnt the ec2 public ip, but the elastic ip
2019-12-12 16:20:27 +01:00 · 2019-05-30 13:44:05 -04:00 · 2019-05-30 10:10:43 -04:00 · 2019-02-08 11:54:58 -05:00 · 2019-02-08 11:16:37 -05:00 · 2018-11-29 19:46:36 -05:00
3 changed files with 132 additions and 9 deletions
--- a/libs/aws/ec2.py
+++ b/libs/aws/ec2.py
@@ -143,8 +143,8 @@ def describe_instances_basic():
                    print('{} : (AuthFailure) when calling the DescribeInstances in ({}) -- key is invalid or no permissions.' .format(AWS_ACCESS_KEY_ID, region))
                    continue
                elif e.response['Error']['Code'] == 'OptInRequired':
-                     print('{} : (OptInRequired) Has permissions but isnt signed up for service in ({})- ' .format(AWS_ACCESS_KEY_ID, region))
-                     continue
+                    print('{} : (OptInRequired) Has permissions but isnt signed up for service in ({})- ' .format(AWS_ACCESS_KEY_ID, region))
+                    continue
                else:
                    print(e)
                    continue
@@ -354,6 +354,56 @@ def get_instance_volume_details():
        print("CTRL-C received, exiting...")


+def get_instance_userdata():
+    '''
+    show volumes sorted by instanceId ex: instanceID-->multiple volumes  less detail than get_instance_volume_details2
+    '''
+    try:
+        for region in regions:
+            try:
+                client = boto3.client('ec2', region_name=region)
+                instances = client.describe_instances()
+            except botocore.exceptions.ClientError as e:
+                if e.response['Error']['Code'] == 'UnauthorizedOperation':
+                    print('{} : (UnauthorizedOperation) when calling the DescribeInstances in ({}) -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID, region))
+                    continue
+                elif e.response['Error']['Code'] == 'AuthFailure':
+                    print('{} : (AuthFailure) when calling the DescribeInstances in ({}) -- key is invalid or no permissions.' .format(AWS_ACCESS_KEY_ID, region))
+                    continue
+                elif e.response['Error']['Code'] == 'OptInRequired':
+                    print('{} : (OptInRequired) Has permissions but isnt signed up for service in ({})- ' .format(AWS_ACCESS_KEY_ID, region))
+                    continue
+                else:
+                    print(e)
+                    continue
+            if len(instances['Reservations']) <= 0:
+                print("[-] List instances allowed for {} but no results [-]" .format(region))
+            else:
+                for r in instances['Reservations']:
+                    for i in r['Instances']:
+                        try:
+                            userData = client.describe_instance_attribute(InstanceId=i['InstanceId'], Attribute='userData')
+                            print("Instance ID: {} \n" .format(i['InstanceId']))
+                            if len(userData['UserData']['Value']) >= 0:
+                                print("Decoded Userdata values:")
+                                pp.pprint(base64.b64decode(userData['UserData']['Value']).decode("utf-8"))
+                                print("\n")
+                            else:
+                                print("no Userdata for: {}\n".format(i['InstanceId']))
+                        except KeyError:
+                            next
+
+    except botocore.exceptions.ClientError as e:
+        if e.response['Error']['Code'] == 'UnauthorizedOperation':
+            print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
+        elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
+            print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
+        else:
+            print(e)
+    except KeyboardInterrupt:
+        print("CTRL-C received, exiting...")
+
+
 def get_instance_volume_details2():
    '''
    show volumes by instanceId but instanceID->volume1 of ID, instanceID->volume2 of ID but more details.
@@ -388,9 +438,9 @@ def get_instance_volume_details2():
        print("CTRL-C received, exiting...")


-def describe_addresses():
+def describe_elastic_addresses():
    '''
-    Describe EC2 addresses (loop through all regions)
+    Describe EC2 elastic addresses (loop through all regions)
    '''
    try:
        for region in regions:
@@ -422,6 +472,45 @@ def describe_addresses():
    except KeyboardInterrupt:
        print("CTRL-C received, exiting...")

+def describe_publicips():
+    '''
+    Describe EC2 Public IPs (loop through all regions)
+    '''
+    try:
+        for region in regions:
+            try:
+                client = boto3.client('ec2', region_name=region)
+                response = client.describe_network_interfaces()
+                # print(response)
+            except botocore.exceptions.ClientError as e:
+                if e.response['Error']['Code'] == 'UnauthorizedOperation':
+                    print('{} : (UnauthorizedOperation) when calling describe_network_interfaces -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
+                    sys.exit()
+                else:
+                    print(e)
+            if response.get('NetworkInterfaces') is None:
+                print("{} likely does not have EC2 permissions\n" .format(AWS_ACCESS_KEY_ID))
+            elif len(response['NetworkInterfaces']) <= 0:
+                print("[-] DescribeNetworkInterfaces allowed for {} but no results [-]" .format(region))
+            else:
+                # print(response)
+                print("[+] Listing Public IPs for region: {} [+]" .format(region))
+                for r in response['NetworkInterfaces']:
+                    if 'Association' in r:
+                        pp.pprint(r['Association']['PublicIp'])
+                    else:
+                        #pp.pprint(r)
+                        next
+    except botocore.exceptions.ClientError as e:
+        if e.response['Error']['Code'] == 'UnauthorizedOperation':
+            print('{} : (UnauthorizedOperation) when calling the describe_network_interfaces-- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
+        elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
+            print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
+        else:
+            print(e)
+    except KeyboardInterrupt:
+        print("CTRL-C received, exiting...")
+

 def describe_network_interfaces():
    '''
@@ -435,7 +524,7 @@ def describe_network_interfaces():
                # print(response)
            except botocore.exceptions.ClientError as e:
                if e.response['Error']['Code'] == 'UnauthorizedOperation':
-                    print('{} : (UnauthorizedOperation) when calling get_console_screenshot -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
+                    print('{} : (UnauthorizedOperation) when calling describe_network_interfaces -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
                    sys.exit()
                else:
                    print(e)
@@ -450,7 +539,7 @@ def describe_network_interfaces():
                    pp.pprint(r)
    except botocore.exceptions.ClientError as e:
        if e.response['Error']['Code'] == 'UnauthorizedOperation':
-            print('{} : (UnauthorizedOperation) when calling the DescribeInstances-- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
+            print('{} : (UnauthorizedOperation) when calling the describe_network_interfaces -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
        elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
            print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
        else:
--- a/modules/aws/ec2.py
+++ b/modules/aws/ec2.py
@@ -40,6 +40,14 @@ def module_ec2_get_instance_volume_details():
    get_instance_volume_details()


+def module_ec2_get_instance_userdata():
+    '''
+    Show userData sorted by instanceId
+    python3 weirdAAL.py -m ec2_get_instance_userdata -t demo
+    '''
+    get_instance_userdata()
+
+
 def module_ec2_get_instance_volume_details2():
    '''
    Show volumes by instanceId but instanceID->volume1 of ID, instanceID->volume2 of ID but more details.
@@ -56,12 +64,12 @@ def module_ec2_review_encrypted_volumes():
    review_encrypted_volumes()


-def module_ec2_describe_addresses():
+def module_ec2_describe_elastic_addresses():
    '''
    This function is used to describe ec2 network addresses.
    python3 weirdAAL.py -m ec2_describe_addresses -t demo
    '''
-    describe_addresses()
+    describe_elastic_addresses()


 def module_ec2_describe_network_interfaces():
@@ -71,6 +79,12 @@ def module_ec2_describe_network_interfaces():
    '''
    describe_network_interfaces()

+def module_ec2_describe_publicips():
+    '''
+    This function is used to describe ec2 network interfaces.
+    python3 weirdAAL.py -m ec2_describe_publicips -t demo
+    '''
+    describe_publicips()

 def module_ec2_describe_route_tables():
    '''
--- a/weirdAAL.py
+++ b/weirdAAL.py
@@ -1,3 +1,5 @@
+#!/usr/bin/env python3
+
 # This file will help to serve as a starting point for using the rest of the tools
 # Things we want to figure out
 # 1) Is your key active?
@@ -9,6 +11,7 @@
 import boto3
 import argparse
 import os
+import sys
 from botocore.exceptions import ClientError
 from modules import *
 import sys
@@ -17,7 +20,24 @@ import re
 from tabulate import tabulate
 import textwrap

-os.environ['AWS_SHARED_CREDENTIALS_FILE'] = '.env'
+# Let a user set .aws/credentials or another file as the credentials source
+# If user-defined, must be an absolute path
+AWS_SHARED_CREDS_PATH='.env'
+if 'AWS_SHARED_CREDENTIALS_FILE' not in os.environ and os.path.exists(AWS_SHARED_CREDS_PATH):
+    os.environ['AWS_SHARED_CREDENTIALS_FILE'] = AWS_SHARED_CREDS_PATH
+else:
+    print('No Key Information available. Place creds in .env file or export variables.')
+    print('Shared Creds Example File:')
+    print('[default]\n\
+aws_access_key_id = YOUR_AWS_ACCESS_KEY_ID\n\
+aws_secret_access_key = YOUR_AWS_SECRET_ACCESS_KEY')
+    print()
+    print('Or to export them in running shell:')
+    print('export AWS_ACCESS_KEY_ID=<hereyourkeyid>')
+    print('export AWS_SECRET_ACCESS_KEY=<hereyoursecretaccesskey>')
+    print()
+    sys.exit(1)
+

 # If you want to use a transparent + supports SSL proxy you can put it here
 # os.environ['HTTPS_PROXY'] = 'https://127.0.0.1:3128'
Author	SHA1	Message	Date
c0decave	c8c58d6b63	simple change, for correct interpreter and additional cred check, as lambda aws excepts otherwise	2019-12-12 16:20:27 +01:00
carnal0wnage	d9d25fa442	module to list ec2 public ips	2019-05-30 13:44:05 -04:00
carnal0wnage	1a712a8299	update a module to say Elastic as it doesnt the ec2 public ip, but the elastic ip	2019-05-30 10:10:43 -04:00
Ken Johnson	2ea16cc882	Merge pull request #67 from arikalfus/patch-1 Let users choose AWS_SHARED_CREDENTIALS_FILE	2019-02-08 11:54:58 -05:00
Ari Kalfus	a60b7a8676	Let users choose AWS_SHARED_CREDENTIALS_FILE Use the .env in the repo by default, or use a separate file, by the user's choice.	2019-02-08 11:16:37 -05:00
carnal0wnage	8dec167c7a	add userdata check for ec2	2018-11-29 19:46:36 -05:00