mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-12-22 17:15:06 +01:00
632 lines
20 KiB
Ruby
Executable File
632 lines
20 KiB
Ruby
Executable File
#!/usr/bin/env ruby
|
|
#
|
|
# This script is intended to manage a single AWS EC2 instance for use during
|
|
# pentests. The script offers following functionalities:
|
|
#
|
|
# start - Starts an EC2 instance. If it does not exist, it is to be created
|
|
# stop - Stops the EC2 instance. It does not terminate it.
|
|
# restart - Restarts the EC2 instance
|
|
# terminate - Terminates the EC2 instance.
|
|
# address - Gets an IPv4 address of the EC2 instance. If verbose options is set, will return more FQDN also.
|
|
# status - Checks what is a status of picked EC2 instance.
|
|
# ssh - Opens a ssh connection with specified instance. If it is not running, it is to be created and started.
|
|
# notify - Sends gnome notification using "notify-send" with running instance uptime
|
|
#
|
|
# The basic use case for this script is to have yourself launched an EC2 instance for quick
|
|
# verification of Web Application vulnerabilities like out-of-bound communication: blind-XXE for instance.
|
|
# Everytime you will be in position of needing a machine with public IPv4 address - take this script for a spin,
|
|
# and it will provide you with your own EC2 instance.
|
|
#
|
|
# Requirements:
|
|
# - gem "aws-sdk-ec2"
|
|
#
|
|
# Author: Mariusz B., '19, <mb@binary-offensive.com>
|
|
#
|
|
|
|
require 'aws-sdk-ec2'
|
|
require 'base64'
|
|
require 'optparse'
|
|
|
|
VERSION = '0.1'
|
|
|
|
$aws_config_path = File.join((ENV['OS'] == 'Windows_NT') ? ENV['UserProfile'] : File.expand_path('~'), '.aws')
|
|
|
|
$config = {
|
|
|
|
#
|
|
# Notably interesting configuration to fill up
|
|
#
|
|
|
|
:image_id => 'ami-07360d1b1c9e13198',
|
|
:key_name => 'ec2-pentest-key',
|
|
:sg_name => 'ec2-pentest-usage',
|
|
:instance_name => 'pentestec2',
|
|
:instance_type => 't2.micro',
|
|
:ssh_user => 'ec2-user',
|
|
:ssh_identity_file => File.join($aws_config_path, 'ec2-pentest-key.pem'),
|
|
|
|
# ----
|
|
:verbose => false,
|
|
:quiet => false,
|
|
:debug => false,
|
|
:aws_path => "",
|
|
:aws_profile => 'default',
|
|
:region => 'us-east-1',
|
|
}
|
|
|
|
$supported_funcs = {
|
|
'start' => 'Starts an EC2 instance. If it does not exist, it is to be created',
|
|
'stop' => 'Stops the EC2 instance. It does not terminate it.',
|
|
'restart' => 'Restarts the EC2 instance',
|
|
'terminate' => 'Terminates the EC2 instance.',
|
|
'address' => 'Gets an IPv4 address of the EC2 instance. If verbose options is set, will return more FQDN also.',
|
|
'status' => 'Checks what is a status of picked EC2 instance.',
|
|
'ssh' => 'Opens a ssh connection with specified instance. If it is not running, it is to be created and started.',
|
|
'notify' => 'Sends gnome notification using "notify-send" with running instance uptime.'
|
|
}
|
|
|
|
class Logger
|
|
def Logger._out(x)
|
|
if not $config[:quiet] and ($config[:verbose] or $config[:debug])
|
|
STDOUT.write(x + "\n")
|
|
end
|
|
end
|
|
|
|
def Logger.dbg(x)
|
|
if $config[:debug]
|
|
Logger._out("[dbg] #{x}")
|
|
end
|
|
end
|
|
|
|
def Logger.info(x)
|
|
Logger._out("[.] #{x}")
|
|
end
|
|
|
|
def Logger.fatal(x)
|
|
unless $config[:quiet]
|
|
STDOUT.write(x + "\n")
|
|
end
|
|
exit 1
|
|
end
|
|
|
|
def Logger.fail(x)
|
|
Logger._out("[-] #{x}")
|
|
end
|
|
|
|
def Logger.ok(x)
|
|
Logger._out("[+] #{x}")
|
|
end
|
|
end
|
|
|
|
|
|
class AwsEc2Manager
|
|
attr_reader :instance_name
|
|
|
|
def initialize(func, instance_name, config)
|
|
@instance_name = instance_name
|
|
@checked = false
|
|
@func = func
|
|
@config = config
|
|
@instance_id = ""
|
|
@instance_id_file = File.join($aws_config_path, instance_name+'_id')
|
|
|
|
try_to_load_instance_id
|
|
|
|
@aws_access_key_id = ""
|
|
@aws_secret_access_key = ""
|
|
|
|
|
|
if @config[:aws_profile] != 'default' or not @config[:aws_path].to_s.empty?
|
|
path = @config[:aws_path].to_s.empty? ? $aws_config_path : @config[:aws_path]
|
|
Logger.dbg("Initializing AWS config with creds from path: #{path} - profile: #{@config[:aws_profile]}")
|
|
shared_creds = Aws::SharedCredentials.new(
|
|
path: path,
|
|
profile_name: @config[:aws_profile]
|
|
)
|
|
Aws.config.update({
|
|
credentials: shared_creds
|
|
})
|
|
end
|
|
|
|
Aws.config.update({region: @config[:region]})
|
|
|
|
@ec2_client = Aws::EC2::Client.new(region: @config[:region])
|
|
@ec2 = Aws::EC2::Resource.new(client: @ec2_client)
|
|
end
|
|
|
|
def try_to_load_instance_id
|
|
if File.file? @instance_id_file
|
|
File.open(@instance_id_file) do |f|
|
|
@instance_id = f.gets.strip
|
|
Logger.dbg("Using instance ID: #{@instance_id}")
|
|
end
|
|
else
|
|
Logger.fail("No instance id file: #{@instance_id_file}")
|
|
end
|
|
end
|
|
|
|
def get_security_group_id
|
|
group_id = ""
|
|
@ec2_client.describe_security_groups do |security_group|
|
|
if security_group.group_name == @config[:sg_name]
|
|
group_id = security_group.group_id
|
|
break
|
|
end
|
|
end
|
|
|
|
group_id
|
|
end
|
|
|
|
def try_to_find_instance_id
|
|
Logger.dbg("Trying to find that specific instance online...")
|
|
insts = @ec2.instances({
|
|
filters: [
|
|
{
|
|
name: 'image-id',
|
|
values: [@config[:image_id]]
|
|
},
|
|
{
|
|
name: 'instance-type',
|
|
values: [@config[:instance_type]]
|
|
},
|
|
{
|
|
name: 'tag:name',
|
|
values: [@config[:instance_name]]
|
|
},
|
|
{
|
|
name: 'key-name',
|
|
values: [@config[:key_name]]
|
|
},
|
|
]
|
|
})
|
|
|
|
insts.each do |instance|
|
|
Logger.dbg("Checking instance with ID: #{instance.id}")
|
|
if instance.state.code == 48
|
|
Logger.fail("Instance is terminated. Leaving id file empty.")
|
|
File.open(@instance_id_file, 'w') do |f|
|
|
f.puts("")
|
|
end
|
|
@instance_id = ""
|
|
break
|
|
end
|
|
|
|
Logger.dbg("Found proper instance: #{instance.id} / #{instance.image_id}. Clobberring id file...")
|
|
@instance_id = instance.id
|
|
|
|
File.open(@instance_id_file, 'w') do |f|
|
|
f.puts(instance.id)
|
|
end
|
|
break
|
|
end
|
|
|
|
if not insts.any?
|
|
Logger.fail("Did not found any instance matching our criterias.")
|
|
end
|
|
|
|
@instance_id
|
|
end
|
|
|
|
def get_instance_id
|
|
if @checked and not @instance_id.to_s.empty?
|
|
Logger.dbg("Returning cached checked instance id.")
|
|
|
|
elsif not @instance_id.to_s.empty?
|
|
Logger.dbg("Checking if instance with ID = #{@instance_id} still exists.")
|
|
|
|
i = @ec2.instance(@instance_id)
|
|
if i.exists?
|
|
Logger.dbg("Instance still exists.")
|
|
@checked = true
|
|
else
|
|
Logger.dbg("Instance does not exist, clearing cached instance id in file.")
|
|
File.open(@instance_id_file, 'w') do |f|
|
|
f.puts("")
|
|
end
|
|
|
|
try_to_find_instance_id
|
|
end
|
|
end
|
|
|
|
Logger.info("Working on instance: #{@instance_id}")
|
|
@instance_id
|
|
end
|
|
|
|
def create(wait: false)
|
|
# group_id = get_security_group_id
|
|
# unless group_id
|
|
# Logger.fatal("Could not obtain EC2 Security Group ID by name: #{@config[:sg_name]}")
|
|
# end
|
|
|
|
Logger.dbg(%Q(Creating an instance:
|
|
AMI Image ID: #{@config[:image_id]}
|
|
EC2 Key Name: #{@config[:key_name]}
|
|
Security Group Name: #{@config[:sg_name]}
|
|
))
|
|
# Security Group ID: #{group_id}
|
|
|
|
instance = @ec2.create_instances({
|
|
image_id: @config[:image_id],
|
|
min_count: 1,
|
|
max_count: 1,
|
|
key_name: @config[:key_name],
|
|
security_groups: [@config[:sg_name]],
|
|
instance_type: @config[:instance_type],
|
|
tag_specifications: [
|
|
{
|
|
resource_type: 'instance',
|
|
tags: [
|
|
key: 'name',
|
|
value: @config[:instance_name],
|
|
],
|
|
},
|
|
],
|
|
})
|
|
|
|
if instance.any?
|
|
Logger.ok("Instance created. Waiting for it to get into running state...")
|
|
else
|
|
Logger.fail("Could not spin up an instance! Something went wrong but will proceed anyway...")
|
|
end
|
|
|
|
# Wait for the instance to be created, running, and passed status checks
|
|
inst = instance.first
|
|
if wait
|
|
puts "Waiting for instance to get it up & running. This might take a couple of minutes."
|
|
@ec2.client.wait_until(:instance_status_ok, {instance_ids: [inst.id]})
|
|
else
|
|
Logger.ok("Instance up & initializing.")
|
|
end
|
|
|
|
File.open(@instance_id_file, 'w') do |f|
|
|
f.puts(inst.id)
|
|
end
|
|
|
|
if @config[:quiet]
|
|
puts "created"
|
|
elsif @config[:verbose] or @config[:debug]
|
|
puts "Created instance: inst.id"
|
|
end
|
|
end
|
|
|
|
def start(wait: false)
|
|
state = status(raw: true)
|
|
|
|
Logger.info("Instance is in state: #{state}")
|
|
|
|
if state == 'notcreated'
|
|
create(wait: wait)
|
|
else
|
|
if get_instance_id.to_s.empty?
|
|
Logger.fatal("No instance that could be started.")
|
|
end
|
|
|
|
i = @ec2.instance(@instance_id)
|
|
if i.exists?
|
|
case i.state.code
|
|
when 0 # pending
|
|
puts "#{i.id} is pending, so it will be running in a bit"
|
|
when 16 # started
|
|
puts "#{i.id} is already started"
|
|
when 48 # terminated
|
|
puts "#{i.id} is terminated, gotta create another one."
|
|
create(wait: wait)
|
|
else
|
|
puts "Started instance. Please wait couple of minutes before doing SSH."
|
|
begin
|
|
i.start
|
|
return true
|
|
rescue Aws::EC2::Errors::IncorrectInstanceState => e
|
|
if e.include? "is not in a state from which it can be started."
|
|
Logger.fatal("EC2 instance is in a state from which it can't be started right now. Try later.")
|
|
else
|
|
Logger.fatal("Could not start EC2 instance: #{e}")
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
return false
|
|
end
|
|
|
|
def stop
|
|
if get_instance_id.to_s.empty?
|
|
Logger.fatal("No instance that could be stopped.")
|
|
end
|
|
|
|
i = @ec2.instance(@instance_id)
|
|
if i.exists?
|
|
case i.state.code
|
|
when 48 # terminated
|
|
puts "#{i.id} is already stopped."
|
|
when 64 # stopping
|
|
puts "#{i.id} is stopping, so it become stopped in a while."
|
|
when 80 # stopped
|
|
puts "#{i.id} is already stopped."
|
|
else
|
|
puts "Stopped an instance."
|
|
i.stop
|
|
end
|
|
end
|
|
end
|
|
|
|
def restart
|
|
if get_instance_id.to_s.empty?
|
|
Logger.fatal("No instance that could be restarted.")
|
|
end
|
|
|
|
i = @ec2.instance(@instance_id)
|
|
if i.exists?
|
|
case i.state.code
|
|
when 48 # terminated
|
|
start
|
|
else
|
|
puts "Issued instance reboot signal."
|
|
i.reboot
|
|
end
|
|
end
|
|
end
|
|
|
|
def terminate
|
|
if get_instance_id.to_s.empty?
|
|
Logger.fatal("No instance that could be terminated.")
|
|
end
|
|
|
|
i = @ec2.instance(@instance_id)
|
|
if i.exists?
|
|
case i.state.code
|
|
when 48 # terminated
|
|
puts "#{i.id} is already terminated."
|
|
else
|
|
puts "Terminated instance. Cleared instance id file."
|
|
i.terminate
|
|
File.open(@instance_id_file, 'w') do |f|
|
|
f.puts("")
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
def address(raw: false)
|
|
if get_instance_id.to_s.empty?
|
|
if @config[:quiet]
|
|
exit 1
|
|
end
|
|
Logger.fatal("No instance id to operate on. Instance will need to be created first.")
|
|
end
|
|
|
|
addr = ""
|
|
i = @ec2.instance(@instance_id)
|
|
if i.exists?
|
|
Logger.dbg("Instance found.")
|
|
|
|
addr = i.public_ip_address
|
|
|
|
if not raw
|
|
if @config[:verbose]
|
|
puts "Public IPv4:\t#{i.public_ip_address}"
|
|
puts "Public FQDN:\t#{i.public_dns_name}"
|
|
puts "Private IPv4:\t#{i.private_ip_address}"
|
|
puts "Private FQDN:\t#{i.private_dns_name}"
|
|
else
|
|
puts i.public_ip_address
|
|
end
|
|
end
|
|
end
|
|
|
|
addr
|
|
end
|
|
|
|
def status(raw: false, quitOnFailure: true)
|
|
get_instance_id
|
|
|
|
if @instance_id.to_s.empty?
|
|
Logger.fail("No instance id stored locally. Will try to look up online.")
|
|
if not try_to_find_instance_id
|
|
puts("No instance created.")
|
|
exit 1
|
|
end
|
|
end
|
|
|
|
if @instance_id.to_s.empty? and quitOnFailure
|
|
state = "notcreated"
|
|
if not raw
|
|
puts "State: notcreated"
|
|
end
|
|
return state
|
|
end
|
|
|
|
state = ""
|
|
inst = @ec2.instance(@instance_id)
|
|
if inst.exists?
|
|
state = inst.state.name
|
|
if not raw
|
|
if @config[:verbose] or @config[:debug]
|
|
puts "State:\t\tInstance is #{inst.state.name} (#{inst.state.code})"
|
|
|
|
if inst.state.code == 16
|
|
dif = ((Time.now - inst.launch_time) / 60).ceil
|
|
t = inst.launch_time
|
|
stime = t.strftime("%Y-%m-%d %I:%M%P UTC")
|
|
puts "Launched time:\t#{stime}; #{dif.to_s} minutes ago."
|
|
end
|
|
else
|
|
puts inst.state.name
|
|
end
|
|
end
|
|
else
|
|
state = "notcreated"
|
|
if not raw
|
|
puts "State: notcreated"
|
|
end
|
|
end
|
|
|
|
state
|
|
end
|
|
|
|
def ssh
|
|
state = status(raw: true)
|
|
|
|
if state == 'stopped'
|
|
puts "Instance is stopped. Creating it first."
|
|
if not start(wait: true)
|
|
Logger.fatal("Could not create EC2 instance.")
|
|
end
|
|
|
|
state = 'running'
|
|
end
|
|
|
|
if state == 'running'
|
|
addr = address(raw: true)
|
|
|
|
cmd = "ssh -i #{@config[:ssh_identity_file]} -o ConnectTimeout=10 -oStrictHostKeyChecking=no #{@config[:ssh_user]}@#{addr}"
|
|
Logger.dbg("Running command: #{cmd}")
|
|
|
|
puts "Attempting to ssh #{@config[:ssh_user]}@#{addr} ...\n\n"
|
|
exec(cmd)
|
|
end
|
|
|
|
raise "Unsupported EC2 machine state: #{state}"
|
|
end
|
|
|
|
def notify
|
|
get_instance_id
|
|
|
|
if @instance_id.to_s.empty?
|
|
if not try_to_find_instance_id
|
|
exit 1
|
|
end
|
|
end
|
|
|
|
inst = @ec2.instance(@instance_id)
|
|
if inst.exists?
|
|
Logger.dbg('Instance exists.')
|
|
if inst.state.code == 16
|
|
Logger.dbg('Instance is running.')
|
|
minutes = ((Time.now - inst.launch_time) / 60).ceil
|
|
|
|
title = "EC2 Instance #{@config[:instance_name]} is running."
|
|
body = ""
|
|
if minutes < 60
|
|
body = "Your instance has been running #{minutes} minutes by now. Consider stopping it."
|
|
else
|
|
hours = (minutes / 60).floor
|
|
restm = minutes % 60
|
|
body = "Your instance's been running #{hours}h and #{restm}mins by now. Consider stopping it."
|
|
end
|
|
|
|
cmd = "notify-send '#{title}' '#{body}'"
|
|
|
|
Logger.dbg("Executing notification command: #{cmd}")
|
|
exec(cmd)
|
|
puts cmd
|
|
else
|
|
Logger.dbg("Instance is not running.")
|
|
end
|
|
end
|
|
end
|
|
|
|
end
|
|
|
|
def parse_options
|
|
options = {}
|
|
parser = OptionParser.new do |opts|
|
|
funcs = ""
|
|
$supported_funcs.each do |k, v|
|
|
funcs += " - #{k}\t\t\t#{v}\n"
|
|
end
|
|
|
|
opts.banner = %Q(
|
|
Usage: aws-manager.rb [options] <func> <name>
|
|
|
|
Available 'func' values:
|
|
#{funcs}
|
|
Options:
|
|
)
|
|
opts.on('-h', '--help', 'Display this screen' ) do
|
|
puts opts
|
|
exit
|
|
end
|
|
|
|
opts.on('-q', '--quiet', 'Surpress informative output.') do |q|
|
|
$config[:quiet] = q
|
|
end
|
|
|
|
opts.on('-v', '--verbose', 'Turn on verbose logging.') do |v|
|
|
$config[:verbose] = v
|
|
end
|
|
|
|
opts.on('--debug', 'Turn on debug logging.') do |d|
|
|
$config[:debug] = d
|
|
end
|
|
|
|
opts.on('-dPATH', '--aws-path=PATH', "Path to shared AWS credentials file. Default value that will be used: $AWS_PATH/credentials ") do |p|
|
|
$config[:aws_path] = p
|
|
end
|
|
|
|
opts.on('-pNAME', '--profile=NAME', 'AWS credentials profile to use. Should no option is given, "default" is used.') do |n|
|
|
$config[:aws_profile] = n
|
|
end
|
|
|
|
opts.on('-pREGION', '--region=REGION', 'AWS regoin to use. Default one: "us-east-1".') do |n|
|
|
$config[:region] = n
|
|
end
|
|
|
|
opts.on('-iID', '--image-id=ID', "AWS image ID to create an EC2 from. Default: '#{$config[:image_id]}") do |i|
|
|
$config[:image_id] = i
|
|
end
|
|
|
|
opts.on('-kKEY', '--key-name=KEY', "AWS EC2 Key Name to use. Default: '#{$config[:key_name]}") do |k|
|
|
$config[:key_name] = k
|
|
end
|
|
|
|
opts.on('-sNAME', '--security-group-name=NAME', "AWS EC2 Security Group name to use. Default: '#{$config[:sg_name]}") do |s|
|
|
$config[:sg_name] = s
|
|
end
|
|
|
|
opts.on('-tTYPE', '--instance-type=TYPE', "Instance type to spin. Default: '#{$config[:instance_type]}") do |s|
|
|
$config[:instance_type] = s
|
|
end
|
|
|
|
opts.on('-uUSER', '--user=USER', "SSH user to log into when doing 'ssh'. Default: '#{$config[:ssh_user]}") do |s|
|
|
$config[:ssh_user] = s
|
|
end
|
|
|
|
end
|
|
|
|
args = parser.parse!
|
|
|
|
func = args.shift.downcase
|
|
raise "Need to specify <func> parameter to invoke." unless func
|
|
|
|
unless $supported_funcs.keys.include? func
|
|
Logger.fatal("Unsupported function specified. You need to pick on of these: #{$supported_funcs.keys.join(', ')}")
|
|
end
|
|
|
|
instance_name = args.shift.downcase
|
|
$config[:instance_name] = instance_name
|
|
|
|
raise "Need to specify <name> parameter to invoke." unless instance_name
|
|
|
|
raise "EC2 Security Group name must be specified." unless $config[:sg_name]
|
|
raise "EC2 Key pair name must be specified." unless $config[:key_name]
|
|
raise "EC2 image id (AMI) must be specified." unless $config[:image_id]
|
|
raise "EC2 instance type must be specified." unless $config[:instance_type]
|
|
raise "EC2 instance name must be specified." unless $config[:instance_name]
|
|
raise "EC2 instance name must be specified." unless $config[:ssh_user]
|
|
|
|
return func, instance_name
|
|
end
|
|
|
|
def main
|
|
func, instance_name = parse_options
|
|
Logger.dbg("Using AWS configuration path: #{$aws_config_path}")
|
|
Logger.dbg("Action to take: #{func} #{instance_name}")
|
|
|
|
manager = AwsEc2Manager.new(func, instance_name, $config)
|
|
manager.send func
|
|
end
|
|
|
|
main
|