dash/weirdAAL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
1357c804d9cbe30b6b30f2e91bde63bd9d6e325f
weirdAAL/s3/s3.py
carnal0wnage 1357c804d9 list s3 buckets for an account
2017-06-12 21:54:49 -04:00

126 lines
5.0 KiB
Python
Raw Blame History

#s3 functions go here
import boto3
import botocore
import pprint
pp = pprint.PrettyPrinter(indent=5, width=80)
def get_s3bucket_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, bucket):
client = boto3.client(
's3',
aws_access_key_id=AWS_ACCESS_KEY_ID,
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
region_name='us-east-1'
)
try:
bucket = bucket
print('\n#### Trying to enumate s3 buckets and bucket policy & ACL for {} ####' .format(bucket))
try:
for key in client.list_objects(Bucket=bucket,MaxKeys=100)['Contents']:
print('[+] '+ key['Key'].encode('utf-8').strip())
#print(key['Key']) #first 100 results
except KeyError as e:
print "KeyError havent tracked down reason yet"
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'AccessDenied':
print('%s : cant list s3 bucket [AccessDenied]' % AWS_ACCESS_KEY_ID)
elif e.response['Error']['Code'] == 'NoSuchBucketPolicy':
print('%s: Has No S3 Policy!' % bucket['Name'])
elif e.response['Error']['Code'] == 'AllAccessDisabled':
print('%s : cant list s3 bucket [AllAccessDisabled]' % AWS_ACCESS_KEY_ID)
else:
print "Unexpected error: %s" % e
try:
policy = client.get_bucket_policy(Bucket=bucket)
if policy:
print(bucket + " Policy: ")
pp.pprint(policy['Policy'])
print("\n")
else:
pass
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'AccessDenied':
print('%s : cant list s3 bucket policy [AccessDenied]' % AWS_ACCESS_KEY_ID)
elif e.response['Error']['Code'] == 'NoSuchBucketPolicy':
print('%s: Has No S3 Policy!' % bucket)
print("\n")
elif e.response['Error']['Code'] == 'AllAccessDisabled':
print('%s : cant list s3 bucket policy [AllAccessDisabled]' % AWS_ACCESS_KEY_ID)
else:
print "Unexpected error: %s" % e
try:
acl = client.get_bucket_acl(Bucket=bucket)
if acl:
print(bucket + " Grants: ")
pp.pprint(acl['Grants'])
print("\n")
else:
pass
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'AccessDenied':
print('%s : cant list s3 bucket acl [AccessDenied]' % AWS_ACCESS_KEY_ID)
elif e.response['Error']['Code'] == 'NoSuchBucketPolicy':
print('%s: Has No S3 Policy!' % bucket)
print("\n")
elif e.response['Error']['Code'] == 'AllAccessDisabled':
print('%s : cant list s3 bucket acl [AllAccessDisabled]' % AWS_ACCESS_KEY_ID)
else:
print "Unexpected error: %s" % e
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("The AWS KEY IS INVALID. Exiting")
elif e.response['Error']['Code'] == 'NotSignedUp':
print('%s : doesnt have s3 access' % AWS_ACCESS_KEY_ID)
else:
print "Unexpected error: %s" % e
def get_s3object_acl(access_key, secret_key, bucket, myfile):
client = boto3.client(
's3',
aws_access_key_id=AWS_ACCESS_KEY_ID,
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
region_name='us-east-1'
)
try:
bucket = bucket
myobject = myfile
print('#### Trying to enumate s3 ACL for %s:%s ####\n ' % (bucket, myfile))
acl = client.get_object_acl(Bucket=bucket,Key=myfile)
print acl
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("The AWS KEY IS INVALID. Exiting")
elif e.response['Error']['Code'] == 'NotSignedUp':
print('%s : doesnt have s3 access' % AWS_ACCESS_KEY_ID)
else:
print "Unexpected error: %s" % e
def get_s3objects_foraccount(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
client = boto3.resource(
's3',
aws_access_key_id=AWS_ACCESS_KEY_ID,
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
region_name='us-east-1'
)
try:
print('#### Trying to list s3 bucketsfor {} ####\n '.format(AWS_ACCESS_KEY_ID))
for bucket in client.buckets.all():
print(bucket.name)
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("The AWS KEY IS INVALID. Exiting")
elif e.response['Error']['Code'] == 'NotSignedUp':
print('%s : doesnt have s3 access' % AWS_ACCESS_KEY_ID)
else:
print "Unexpected error: %s" % e
Reference in New Issue View Git Blame Copy Permalink