Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added opportunity to set custom endpoint url #20

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Added opportunity to set custom endpoint url #20

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion enumerate-iam.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,15 @@ def main():
parser.add_argument('--secret-key', help='AWS secret key', required=True)
parser.add_argument('--session-token', help='STS session token')
parser.add_argument('--region', help='AWS region to send API requests to', default='us-east-1')
parser.add_argument('--endpoint-url', help='URL to send API requests to', default=None)

args = parser.parse_args()

enumerate_iam(args.access_key,
args.secret_key,
args.session_token,
args.region)
args.region,
args.endpoint_url)


if __name__ == '__main__':
Expand Down
30 changes: 18 additions & 12 deletions enumerate_iam/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ def report_arn(candidate):
return None, None, None


def enumerate_using_bruteforce(access_key, secret_key, session_token, region):
def enumerate_using_bruteforce(access_key, secret_key, session_token, region, endpoint_url):
"""
Attempt to brute-force common describe calls.
"""
Expand All @@ -68,7 +68,7 @@ def enumerate_using_bruteforce(access_key, secret_key, session_token, region):
logger.info('Attempting common-service describe / list brute force.')

pool = ThreadPool(MAX_THREADS)
args_generator = generate_args(access_key, secret_key, session_token, region)
args_generator = generate_args(access_key, secret_key, session_token, region, endpoint_url)

try:
results = pool.map(check_one_permission, args_generator)
Expand All @@ -86,6 +86,9 @@ def enumerate_using_bruteforce(access_key, secret_key, session_token, region):
except KeyboardInterrupt:
print('')
return output
except Exception as e:
logger.warn('Error occured: %s' % e)
results = []

for thread_result in results:
if thread_result is None:
Expand All @@ -100,7 +103,7 @@ def enumerate_using_bruteforce(access_key, secret_key, session_token, region):
return output


def generate_args(access_key, secret_key, session_token, region):
def generate_args(access_key, secret_key, session_token, region, endpoint_url):

service_names = list(BRUTEFORCE_TESTS.keys())

Expand All @@ -111,10 +114,10 @@ def generate_args(access_key, secret_key, session_token, region):
random.shuffle(actions)

for action in actions:
yield access_key, secret_key, session_token, region, service_name, action
yield access_key, secret_key, session_token, region, endpoint_url, service_name, action


def get_client(access_key, secret_key, session_token, service_name, region):
def get_client(access_key, secret_key, session_token, service_name, region, endpoint_url):
key = '%s-%s-%s-%s-%s' % (access_key, secret_key, session_token, service_name, region)

client = CLIENT_POOL.get(key, None)
Expand All @@ -136,6 +139,7 @@ def get_client(access_key, secret_key, session_token, service_name, region):
aws_secret_access_key=secret_key,
aws_session_token=session_token,
region_name=region,
endpoint_url=endpoint_url,
verify=False,
config=config,
)
Expand All @@ -149,10 +153,10 @@ def get_client(access_key, secret_key, session_token, service_name, region):


def check_one_permission(arg_tuple):
access_key, secret_key, session_token, region, service_name, operation_name = arg_tuple
access_key, secret_key, session_token, region, endpoint_url, service_name, operation_name = arg_tuple
logger = logging.getLogger()

service_client = get_client(access_key, secret_key, session_token, service_name, region)
service_client = get_client(access_key, secret_key, session_token, service_name, region, endpoint_url)
if service_client is None:
return

Expand Down Expand Up @@ -207,7 +211,7 @@ def configure_logging():
urllib3.disable_warnings(botocore.vendored.requests.packages.urllib3.exceptions.InsecureRequestWarning)


def enumerate_iam(access_key, secret_key, session_token, region):
def enumerate_iam(access_key, secret_key, session_token, region, endpoint_url):
"""IAM Account Enumerator.

This code provides a mechanism to attempt to validate the permissions assigned
Expand All @@ -216,13 +220,13 @@ def enumerate_iam(access_key, secret_key, session_token, region):
output = dict()
configure_logging()

output['iam'] = enumerate_using_iam(access_key, secret_key, session_token, region)
output['bruteforce'] = enumerate_using_bruteforce(access_key, secret_key, session_token, region)
output['iam'] = enumerate_using_iam(access_key, secret_key, session_token, region, endpoint_url)
output['bruteforce'] = enumerate_using_bruteforce(access_key, secret_key, session_token, region, endpoint_url)

return output


def enumerate_using_iam(access_key, secret_key, session_token, region):
def enumerate_using_iam(access_key, secret_key, session_token, region, endpoint_url):
output = dict()
logger = logging.getLogger()

Expand All @@ -232,7 +236,9 @@ def enumerate_using_iam(access_key, secret_key, session_token, region):
'iam',
aws_access_key_id=access_key,
aws_secret_access_key=secret_key,
aws_session_token=session_token
aws_session_token=session_token,
region_name=region,
endpoint_url=endpoint_url
)

# Try for the kitchen sink.
Expand Down