Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
AWS_Auditing_Framework/Script2.py
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
212 lines (185 sloc)
6.84 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import boto3 | |
import json | |
import argparse | |
import sys | |
import time | |
import threading | |
# Global variable to control the spinner animation | |
stop_spinner = False | |
def get_aws_profile_details(profile_name): | |
session = boto3.Session(profile_name=profile_name) | |
return { | |
'Region': session.region_name, | |
'Profile': profile_name | |
} | |
def list_user_policies(iam_client, user_name): | |
try: | |
response = iam_client.list_user_policies(UserName=user_name) | |
return response['PolicyNames'] | |
except Exception as e: | |
print(f"Error listing policies for user '{user_name}': {e}") | |
return [] | |
def get_user_policy(iam_client, user_name, policy_name): | |
try: | |
response = iam_client.get_user_policy(UserName=user_name, PolicyName=policy_name) | |
return response['PolicyDocument'] | |
except Exception as e: | |
print(f"Error getting policy '{policy_name}' for user '{user_name}': {e}") | |
return None | |
def print_pretty_json(data): | |
print(json.dumps(data, indent=4, sort_keys=True)) | |
def print_aws_profile_info(profile_details): | |
print("\n" + "="*60) | |
print(" AWS Profile Information ") | |
print("="*60) | |
print(f" Profile Name: {profile_details['Profile']}") | |
print(f" Region: {profile_details['Region']}") | |
print("="*60) | |
def print_iam_user_info(iam_client, user_name): | |
try: | |
user = iam_client.get_user(UserName=user_name) | |
print("\n" + "="*60) | |
print(" IAM User Details ") | |
print("="*60) | |
print(f" User Name: {user_name}") | |
print(f" User ARN: {user['User']['Arn']}") | |
print(f" User Creation Date: {user['User']['CreateDate']}") | |
print("="*60) | |
except iam_client.exceptions.NoSuchEntityException: | |
print(f"User '{user_name}' does not exist.") | |
except Exception as e: | |
print(f"Error fetching details for user '{user_name}': {e}") | |
def list_and_print_users(iam_client): | |
try: | |
response = iam_client.list_users() | |
users = response.get('Users', []) | |
if not users: | |
print("\nNo IAM users found.") | |
return | |
print("\n" + "="*60) | |
print(" IAM Users List ") | |
print("="*60) | |
for user in users: | |
user_name = user['UserName'] | |
print(f"User Name: {user_name}") | |
print(f"User ARN: {user['Arn']}") | |
print(f"User Creation Date: {user['CreateDate']}") | |
print("-" * 60) | |
except Exception as e: | |
print(f"Error listing users: {e}") | |
def spinner(): | |
spin_chars = ['|', '/', '-', '\\'] | |
while not stop_spinner: | |
for char in spin_chars: | |
sys.stdout.write(f'\rLoading... {char}') | |
sys.stdout.flush() | |
time.sleep(0.1) | |
def enumerate_iam_policies(user_name, profile_name, show_profile, show_user, list_users): | |
global stop_spinner | |
# Start spinner animation | |
stop_spinner = False | |
spinner_thread = threading.Thread(target=spinner) | |
spinner_thread.start() | |
# Initialize a session using Amazon IAM | |
session = boto3.Session(profile_name=profile_name) | |
iam_client = session.client('iam') | |
# Stop spinner animation | |
stop_spinner = True | |
spinner_thread.join() | |
# Print AWS Profile Information | |
profile_details = get_aws_profile_details(profile_name) | |
print("\nSuccessfully connected to AWS.") | |
print_aws_profile_info(profile_details) | |
if list_users: | |
# List and print all IAM users | |
list_and_print_users(iam_client) | |
return | |
if show_profile: | |
# Print AWS Profile Information | |
print_aws_profile_info(profile_details) | |
if show_user: | |
# Print IAM User Information | |
print_iam_user_info(iam_client, user_name) | |
# List user policies | |
policy_names = list_user_policies(iam_client, user_name) | |
if not policy_names: | |
print(f"\n{'='*60}") | |
print(f"No policies found for user '{user_name}'") | |
print(f"{'='*60}") | |
return | |
print(f"\n{'='*60}") | |
print(f" IAM Policies for User: {user_name}") | |
print(f"{'='*60}") | |
# Get details of each policy | |
for policy_name in policy_names: | |
sys.stdout.write(f'\rLoading policy: {policy_name} ...') | |
sys.stdout.flush() | |
policy_document = get_user_policy(iam_client, user_name, policy_name) | |
if policy_document: | |
print(f"\n{'-'*60}") | |
print(f" Policy Name: {policy_name}") | |
print(f"{'-'*60}") | |
print(" Policy Document:") | |
print_pretty_json(policy_document) | |
sys.stdout.write(f'\rLoading policy: {policy_name} ... done') | |
sys.stdout.flush() | |
def main(): | |
parser = argparse.ArgumentParser( | |
description="IAM Policy Enumeration Tool - List and view IAM user policies." | |
) | |
parser.add_argument( | |
'-u', '--username', | |
required=False, | |
help="The IAM username whose policies you want to list. Required if --list-users is not used." | |
) | |
parser.add_argument( | |
'-p', '--profile', | |
default='default', | |
help="The AWS profile name to use for the session. Defaults to 'default'." | |
) | |
parser.add_argument( | |
'--show-profile', | |
action='store_true', | |
help="Print AWS profile details." | |
) | |
parser.add_argument( | |
'--show-user', | |
action='store_true', | |
help="Print IAM user details." | |
) | |
parser.add_argument( | |
'--list-users', | |
action='store_true', | |
help="List all IAM users." | |
) | |
parser.add_argument( | |
'-e', '--examples', | |
action='store_true', | |
help="Show usage examples." | |
) | |
args = parser.parse_args() | |
if args.examples: | |
print("\nUsage Examples:") | |
print("="*60) | |
print(f"1. Show IAM user details:") | |
print(f" python {sys.argv[0]} -u <username> -p <profile> --show-user") | |
print(f" Example: python {sys.argv[0]} -u manager_iam_privesc_by_key_rotation_cgidojok4gmfsc -p cloudgoat --show-user") | |
print() | |
print(f"2. Show AWS profile details:") | |
print(f" python {sys.argv[0]} -u <username> -p <profile> --show-profile") | |
print(f" Example: python {sys.argv[0]} -u manager_iam_privesc_by_key_rotation_cgidojok4gmfsc -p cloudgoat --show-profile") | |
print() | |
print(f"3. List all IAM users:") | |
print(f" python {sys.argv[0]} --list-users -p <profile>") | |
print(f" Example: python {sys.argv[0]} --list-users -p cloudgoat") | |
print() | |
print(f"4. List IAM policies for a specific user:") | |
print(f" python {sys.argv[0]} -u <username> -p <profile>") | |
print(f" Example: python {sys.argv[0]} -u manager_iam_privesc_by_key_rotation_cgidojok4gmfsc -p cloudgoat") | |
print("="*60) | |
return | |
# Initialize session and print connection details | |
print("\nConnecting to AWS...") | |
enumerate_iam_policies(args.username, args.profile, args.show_profile, args.show_user, args.list_users) | |
if __name__ == "__main__": | |
main() |