Git
/
mgeeky-Penetration-Testing-Tools
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhanced exfiltrate-ec2.py a bit more

This commit is contained in:
mgeeky 2019-12-05 19:03:29 +01:00
parent 5f56e0ab33
commit 7b10ba1c08
1 changed files with 39 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
clouds/aws/evaluate-iam-role.sh
View File

@ -8,6 +8,29 @@ fi
PROFILE=$1 PROFILE=$1
ROLE_NAME=$2 ROLE_NAME=$2
known_potentially_dangerous_permissions=(
".*:\*"
".*:.*Attach.*"
".*:.*Create.*"
".*:.*Delete.*"
".*:.*Reboot.*"
".*:.*Command.*"
".*:.*Run.*"
".*:.*Send.*"
".*:.*Batch.*"
".*:.*Set.*"
".*:.*Invoke.*"
".*:.*Add.*"
".*:.*Execute.*"
".*:.*Start.*"
".*:.*Modify.*"
".*:.*Register.*"
".*:.*Replace.*"
".*:.*Change.*"
".*:.*Update.*"
".*:.*Put.*"
)
known_dangerous_permissions=( known_dangerous_permissions=(
"*:*" "*:*"
"iam:CreatePolicyVersion" "iam:CreatePolicyVersion"
@ -47,6 +70,7 @@ IFS=$'\n'
attached_role_policies=($(aws --profile $PROFILE iam list-attached-role-policies --role-name $ROLE_NAME | jq -r '.AttachedPolicies[].PolicyArn')) attached_role_policies=($(aws --profile $PROFILE iam list-attached-role-policies --role-name $ROLE_NAME | jq -r '.AttachedPolicies[].PolicyArn'))
dangerous_permissions=() dangerous_permissions=()
potentially_dangerous_permissions=()
all_perms=() all_perms=()
for policy in "${attached_role_policies[@]}" ; do for policy in "${attached_role_policies[@]}" ; do
@ -64,8 +88,11 @@ for policy in "${attached_role_policies[@]}" ; do
for dangperm in "${known_dangerous_permissions[@]}"; do for dangperm in "${known_dangerous_permissions[@]}"; do
if echo "$dangperm" | grep -iq $perm ; then if echo "$dangperm" | grep -iq $perm ; then
dangerous_permissions+=("$perm") dangerous_permissions+=("$perm")
elif echo "$perm" | grep -qP "\w+:\*"; then fi
dangerous_permissions+=("$perm") done
for dangperm in "${known_potentially_dangerous_permissions[@]}"; do
if echo "$perm" | grep -Piq "$dangperm" ; then
potentially_dangerous_permissions+=("$perm")
fi fi
done done
done done
@ -78,6 +105,16 @@ if [[ ${#all_perms[@]} -gt 0 ]]; then
echo -e "\t$perm" echo -e "\t$perm"
done done
if [[ ${#potentially_dangerous_permissions[@]} -gt 0 ]]; then
echo -e "\n\n=============== Detected POTENTIALLY dangerous permissions granted ==============="
sorted=($(echo "${potentially_dangerous_permissions[@]}" | tr ' ' '\n' | sort -u ))
for dangperm in "${sorted[@]}"; do
echo -e "\t$dangperm"
done
else
echo -e "\nNo potentially dangerous permissions were found to be granted."
fi
if [[ ${#dangerous_permissions[@]} -gt 0 ]]; then if [[ ${#dangerous_permissions[@]} -gt 0 ]]; then
echo -e "\n\n=============== Detected dangerous permissions granted ===============" echo -e "\n\n=============== Detected dangerous permissions granted ==============="
sorted=($(echo "${dangerous_permissions[@]}" | tr ' ' '\n' | sort -u )) sorted=($(echo "${dangerous_permissions[@]}" | tr ' ' '\n' | sort -u ))