| skipped 1 lines |
2 | 2 | | |
3 | 3 | | def main(): |
4 | 4 | | """Main function""" |
| 5 | + | print(''' |
| 6 | + | _______ _ _ _____ _ _ |
| 7 | + | |__ __| | | | / ____| | | | |
| 8 | + | | | | |__ _ _ _ __ __| | ___ _ __| | | | ___ _ _ __| | |
| 9 | + | | | | '_ \| | | | '_ \ / _` |/ _ \ '__| | | |/ _ \| | | |/ _` | |
| 10 | + | | | | | | | |_| | | | | (_| | __/ | | |____| | (_) | |_| | (_| | |
| 11 | + | \_/ |_| |_|\__,_|_| |_|\__,_|\___|_| \_____|_|\___/ \__,_|\__,_| |
| 12 | + | |
| 13 | + | ''') |
5 | 14 | | parser = argparse.ArgumentParser(description='Attack modules of cloud AWS') |
6 | 15 | | parser.add_argument('-ce', '--cognito_endpoint', help='to verify if cognito endpoint is vulnerable ' |
7 | 16 | | 'and to extract credentials') |
| 17 | + | parser.add_argument('-reg', '--region',help='AWS region of the resource') |
| 18 | + | parser.add_argument('-accid', '--aws_account_id', help='AWS account of the victim') |
| 19 | + | parser.add_argument('-aws_key', '--aws_access_key', help= 'AWS access keys of the victim account') |
| 20 | + | parser.add_argument('-aws_secret', '--aws_secret_key', help='AWS secret key of the victim account') |
| 21 | + | parser.add_argument('-bdrole', '--backdoor_role', help='Name of the backdoor role in victim role') |
8 | 22 | | parser.add_argument('-sso', '--sso_url', help='AWS SSO URL to phish for AWS credentials') |
9 | | - | parser.add_argument('-enum-roles', '--enumerate_roles', help='To enumerate account roles in victim AWS roles') |
10 | | - | parser.add_argument('-s3', '--s3_bucket_name', help='Execute 7 attacks on S3 bucket') |
11 | | - | parser.add_argument('-asum_role', '--assume_role', help='Privilege escalation for assuming roles') |
| 23 | + | parser.add_argument('-enum_roles', '--enumerate_roles', help='To enumerate and assume account roles in victim AWS roles') |
| 24 | + | parser.add_argument('-s3', '--s3_bucket_name', help='Execute upload attack on S3 bucket') |
12 | 25 | | parser.add_argument('-conn_string', '--connection_string', help='Azure Shared Access key for reading' |
13 | 26 | | 'servicebus/queues/blobs etc') |
14 | 27 | | parser.add_argument('-blob', '--blob', help='Azure blob enumeration') |
15 | | - | parser.add_argument() |
| 28 | + | parser.add_argument('-shared_access_key', '--shared_access_key', help='Azure shared key') |
16 | 29 | | args = parser.parse_args() |
17 | 30 | | if args.cognito_endpoint: |
18 | 31 | | from clouds.aws.cognito import Cognito |
19 | 32 | | attack_cognito = Cognito() |
20 | | - | attack_cognito.attack() |
| 33 | + | attack_cognito.attack(args.cognito_endpoint, args.region) |
21 | 34 | | elif args.sso_url: |
22 | 35 | | from clouds.aws.sso import AWSSSO |
23 | 36 | | attack_sso = AWSSSO() |
24 | | - | attack_sso.attack() |
| 37 | + | attack_sso.attack(args.sso_url, args.region) |
25 | 38 | | elif args.enumerate_roles: |
26 | 39 | | from clouds.aws.enum import EnumRoles |
27 | 40 | | attack_roles = EnumRoles() |
28 | | - | attack_roles.attack() |
| 41 | + | attack_roles.attack(args.enumerate_roles, args.aws_access_key, args.aws_secret_key) |
29 | 42 | | elif args.s3_bucket_name: |
30 | | - | from clouds.aws.s3 import S3 |
31 | | - | attack_s3 = S3() |
32 | | - | attack_s3.attack() |
33 | | - | elif args.assume_role: |
34 | | - | from clouds.aws.assume import AsumRole |
35 | | - | attack_roles = AsumRole() |
36 | | - | attack_roles.attack() |
37 | | - | elif args.shared_access_key: |
38 | | - | from clouds.azure.keys import ConnectionString |
39 | | - | attack_keys = ConnectionString() |
40 | | - | attack_keys.attack() |
| 43 | + | from clouds.aws.s3 import s3bucket |
| 44 | + | attack_s3 = s3bucket() |
| 45 | + | attack_s3.attack(args.s3_bucket_name, args.aws_access_key, args.aws_secret_key) |
| 46 | + | elif args.backdoor_role: |
| 47 | + | from clouds.aws.iambackdoor import backdoor |
| 48 | + | attack_role = backdoor() |
| 49 | + | attack_role.attack(args.backdoor_role, args.aws_access_key, args.aws_secret_key, args.aws_account_id) |
41 | 50 | | elif args.blob: |
42 | 51 | | from clouds.azure.blob import Blob |
43 | 52 | | attack_blob = Blob() |
| skipped 7 lines |