1
0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2025-01-13 11:40:59 +01:00
mgeeky-Penetration-Testing-.../clouds/aws/find-exposed-resources.sh

106 lines
2.3 KiB
Bash
Raw Normal View History

2019-12-05 15:41:29 +01:00
#!/bin/bash
#
# This script attempts quickly enumerate some of the exposed resources
# available given a set of AWS credentials.
# Based on excellent work of Scott Piper:
# https://duo.com/blog/beyond-s3-exposed-resources-on-aws
#
if [ $# -lt 1 ]; then
echo "Usage: ./find-exposed-resources.sh <profile-name> [region]"
echo ""
echo "If region is not specified, will enumerate all regions."
exit 1
fi
PROFILE=$1
REGION=
if [[ "$2" != "" ]]; then
REGION="$2"
fi
trap ctrl_c INT
function ctrl_c() {
echo "[!] User interrupted script execution."
exit 1
}
function _aws() {
if [[ "$REGION" != "" ]]; then
#echo "aws --region $REGION --profile $PROFILE $@ --no-paginate"
aws --region $REGION --profile $PROFILE $@ --no-paginate
else
#echo "aws --profile $PROFILE $@ --no-paginate"
aws --profile $PROFILE $@ --no-paginate
fi
}
function ebs_snapshots() {
out=$(_aws ec2 describe-snapshots --owner-id self --restorable-by-user-ids all)
if ! echo "$out" | grep -q '": \[\]'; then
echo "---[ Public EBS Snapshots"
echo "$out"
echo
fi
}
function rds_snapshots() {
out=$(_aws rds describe-db-snapshots --snapshot-type public)
if ! echo "$out" | grep -q '": \[\]'; then
echo "---[ Public RDS Snapshots"
echo "$out"
echo
fi
}
function ami_images() {
out=$(_aws ec2 describe-images --owners self --executable-users all)
if ! echo "$out" | grep -q '": \[\]'; then
2020-04-15 12:33:57 +02:00
echo "---[ Public AMI Images"
2019-12-05 15:41:29 +01:00
echo "$out"
echo
fi
}
function s3_buckets() {
echo "---[ Public S3 Buckets"
for bucket in $(_aws s3api list-buckets --query 'Buckets[*].Name' --output text)
do
pub=$(_aws s3api get-bucket-policy-status --bucket $bucket --query 'PolicyStatus.IsPublic' 2> /dev/null || echo 'false')
echo -n "IsPublic:"
if [[ "$pub" == "true" ]]; then
echo -en "\e[91m"
else
echo -en "\e[34m"
fi
echo -e "$pub\e[39m - Bucket: \e[93m$bucket\e[39m"
done
echo
}
regions=$(aws ec2 describe-regions --query 'Regions[*].RegionName' --output text)
if [[ "$REGION" == "" ]]; then
for region in ${regions[@]}
do
REGION="$region"
echo "=================== Region: $region ======================"
echo
ebs_snapshots
rds_snapshots
ami_images
done
echo
else
echo "=================== Region: $REGION ======================"
echo
ebs_snapshots
rds_snapshots
ami_images
echo
fi
s3_buckets