simple change, for correct interpreter and additional cred check, as lambda aws excepts otherwise

Let users choose AWS_SHARED_CREDENTIALS_FILE

libs/aws/ec2.py

@@ -143,8 +143,8 @@ def describe_instances_basic():
                     print('{} : (AuthFailure) when calling the DescribeInstances in ({}) -- key is invalid or no permissions.' .format(AWS_ACCESS_KEY_ID, region))
                     continue
                 elif e.response['Error']['Code'] == 'OptInRequired':
-                     print('{} : (OptInRequired) Has permissions but isnt signed up for service in ({})- ' .format(AWS_ACCESS_KEY_ID, region))
+                    print('{} : (OptInRequired) Has permissions but isnt signed up for service in ({})- ' .format(AWS_ACCESS_KEY_ID, region))
-                     continue
+                    continue
                 else:
                     print(e)
                     continue
@@ -354,6 +354,56 @@ def get_instance_volume_details():
         print("CTRL-C received, exiting...")
 
 
+def get_instance_userdata():
+    '''
+    show volumes sorted by instanceId ex: instanceID-->multiple volumes  less detail than get_instance_volume_details2
+    '''
+    try:
+        for region in regions:
+            try:
+                client = boto3.client('ec2', region_name=region)
+                instances = client.describe_instances()
+            except botocore.exceptions.ClientError as e:
+                if e.response['Error']['Code'] == 'UnauthorizedOperation':
+                    print('{} : (UnauthorizedOperation) when calling the DescribeInstances in ({}) -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID, region))
+                    continue
+                elif e.response['Error']['Code'] == 'AuthFailure':
+                    print('{} : (AuthFailure) when calling the DescribeInstances in ({}) -- key is invalid or no permissions.' .format(AWS_ACCESS_KEY_ID, region))
+                    continue
+                elif e.response['Error']['Code'] == 'OptInRequired':
+                    print('{} : (OptInRequired) Has permissions but isnt signed up for service in ({})- ' .format(AWS_ACCESS_KEY_ID, region))
+                    continue
+                else:
+                    print(e)
+                    continue
+            if len(instances['Reservations']) <= 0:
+                print("[-] List instances allowed for {} but no results [-]" .format(region))
+            else:
+                for r in instances['Reservations']:
+                    for i in r['Instances']:
+                        try:
+                            userData = client.describe_instance_attribute(InstanceId=i['InstanceId'], Attribute='userData')
+                            print("Instance ID: {} \n" .format(i['InstanceId']))
+                            if len(userData['UserData']['Value']) >= 0:
+                                print("Decoded Userdata values:")
+                                pp.pprint(base64.b64decode(userData['UserData']['Value']).decode("utf-8"))
+                                print("\n")
+                            else:
+                                print("no Userdata for: {}\n".format(i['InstanceId']))
+                        except KeyError:
+                            next
+
+    except botocore.exceptions.ClientError as e:
+        if e.response['Error']['Code'] == 'UnauthorizedOperation':
+            print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
+        elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
+            print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
+        else:
+            print(e)
+    except KeyboardInterrupt:
+        print("CTRL-C received, exiting...")
+
+
 def get_instance_volume_details2():
     '''
     show volumes by instanceId but instanceID->volume1 of ID, instanceID->volume2 of ID but more details.
@@ -388,9 +438,9 @@ def get_instance_volume_details2():
         print("CTRL-C received, exiting...")
 
 
-def describe_addresses():
+def describe_elastic_addresses():
     '''
-    Describe EC2 addresses (loop through all regions)
+    Describe EC2 elastic addresses (loop through all regions)
     '''
     try:
         for region in regions:
@@ -422,6 +472,45 @@ def describe_addresses():
     except KeyboardInterrupt:
         print("CTRL-C received, exiting...")
 
+def describe_publicips():
+    '''
+    Describe EC2 Public IPs (loop through all regions)
+    '''
+    try:
+        for region in regions:
+            try:
+                client = boto3.client('ec2', region_name=region)
+                response = client.describe_network_interfaces()
+                # print(response)
+            except botocore.exceptions.ClientError as e:
+                if e.response['Error']['Code'] == 'UnauthorizedOperation':
+                    print('{} : (UnauthorizedOperation) when calling describe_network_interfaces -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
+                    sys.exit()
+                else:
+                    print(e)
+            if response.get('NetworkInterfaces') is None:
+                print("{} likely does not have EC2 permissions\n" .format(AWS_ACCESS_KEY_ID))
+            elif len(response['NetworkInterfaces']) <= 0:
+                print("[-] DescribeNetworkInterfaces allowed for {} but no results [-]" .format(region))
+            else:
+                # print(response)
+                print("[+] Listing Public IPs for region: {} [+]" .format(region))
+                for r in response['NetworkInterfaces']:
+                    if 'Association' in r:
+                        pp.pprint(r['Association']['PublicIp'])
+                    else:
+                        #pp.pprint(r)
+                        next
+    except botocore.exceptions.ClientError as e:
+        if e.response['Error']['Code'] == 'UnauthorizedOperation':
+            print('{} : (UnauthorizedOperation) when calling the describe_network_interfaces-- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
+        elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
+            print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
+        else:
+            print(e)
+    except KeyboardInterrupt:
+        print("CTRL-C received, exiting...")
+
 
 def describe_network_interfaces():
     '''
@@ -435,7 +524,7 @@ def describe_network_interfaces():
                 # print(response)
             except botocore.exceptions.ClientError as e:
                 if e.response['Error']['Code'] == 'UnauthorizedOperation':
-                    print('{} : (UnauthorizedOperation) when calling get_console_screenshot -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
+                    print('{} : (UnauthorizedOperation) when calling describe_network_interfaces -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
                     sys.exit()
                 else:
                     print(e)
@@ -450,7 +539,7 @@ def describe_network_interfaces():
                     pp.pprint(r)
     except botocore.exceptions.ClientError as e:
         if e.response['Error']['Code'] == 'UnauthorizedOperation':
-            print('{} : (UnauthorizedOperation) when calling the DescribeInstances-- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
+            print('{} : (UnauthorizedOperation) when calling the describe_network_interfaces -- sure you have ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
         elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
             print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
         else:

modules/aws/ec2.py

@@ -40,6 +40,14 @@ def module_ec2_get_instance_volume_details():
     get_instance_volume_details()
 
 
+def module_ec2_get_instance_userdata():
+    '''
+    Show userData sorted by instanceId
+    python3 weirdAAL.py -m ec2_get_instance_userdata -t demo
+    '''
+    get_instance_userdata()
+
+
 def module_ec2_get_instance_volume_details2():
     '''
     Show volumes by instanceId but instanceID->volume1 of ID, instanceID->volume2 of ID but more details.
@@ -56,12 +64,12 @@ def module_ec2_review_encrypted_volumes():
     review_encrypted_volumes()
 
 
-def module_ec2_describe_addresses():
+def module_ec2_describe_elastic_addresses():
     '''
     This function is used to describe ec2 network addresses.
     python3 weirdAAL.py -m ec2_describe_addresses -t demo
     '''
-    describe_addresses()
+    describe_elastic_addresses()
 
 
 def module_ec2_describe_network_interfaces():
@@ -71,6 +79,12 @@ def module_ec2_describe_network_interfaces():
     '''
     describe_network_interfaces()
 
+def module_ec2_describe_publicips():
+    '''
+    This function is used to describe ec2 network interfaces.
+    python3 weirdAAL.py -m ec2_describe_publicips -t demo
+    '''
+    describe_publicips()
 
 def module_ec2_describe_route_tables():
     '''

weirdAAL.py

@@ -1,3 +1,5 @@
+#!/usr/bin/env python3
+
 # This file will help to serve as a starting point for using the rest of the tools
 # Things we want to figure out
 # 1) Is your key active?
@@ -9,6 +11,7 @@
 import boto3
 import argparse
 import os
+import sys
 from botocore.exceptions import ClientError
 from modules import *
 import sys
@@ -17,7 +20,24 @@ import re
 from tabulate import tabulate
 import textwrap
 
-os.environ['AWS_SHARED_CREDENTIALS_FILE'] = '.env'
+# Let a user set .aws/credentials or another file as the credentials source
+# If user-defined, must be an absolute path
+AWS_SHARED_CREDS_PATH='.env'
+if 'AWS_SHARED_CREDENTIALS_FILE' not in os.environ and os.path.exists(AWS_SHARED_CREDS_PATH):
+    os.environ['AWS_SHARED_CREDENTIALS_FILE'] = AWS_SHARED_CREDS_PATH
+else:
+    print('No Key Information available. Place creds in .env file or export variables.')
+    print('Shared Creds Example File:')
+    print('[default]\n\
+aws_access_key_id = YOUR_AWS_ACCESS_KEY_ID\n\
+aws_secret_access_key = YOUR_AWS_SECRET_ACCESS_KEY')
+    print()
+    print('Or to export them in running shell:')
+    print('export AWS_ACCESS_KEY_ID=<hereyourkeyid>')
+    print('export AWS_SECRET_ACCESS_KEY=<hereyoursecretaccesskey>')
+    print()
+    sys.exit(1)
+
 
 # If you want to use a transparent + supports SSL proxy you can put it here
 # os.environ['HTTPS_PROXY'] = 'https://127.0.0.1:3128'
@@ -42,17 +62,8 @@ builtins.db_name = "weirdAAL.db"
 
 def perform_credential_check():
     '''
-    Depending on the module, we determine which type of
+    Check that the AWS keys work before we go any further. It picks the keys up from the local .env file
-    credential check we perform.
+    We are letting boto3 do all the work that way we can handle session tokens natively
-    '''
-    pass
-
-def aws_cred_check():
-    '''
-    Check that the AWS keys work before we go any further.
-    It picks the keys up from the local .env file
-    We are letting boto3 do all the work that way we can
-    handle session tokens natively
     '''
 
     try:
@@ -65,9 +76,6 @@ def aws_cred_check():
         print("The AWS Access Keys are not valid/active")
         sys.exit(1)
 
-def gcp_cred_check():
-    pass
-
 def method_create():
     try:
         arg = globals()["module_" + args.module]