Example #1
0
def add_to_neo(tx):
    all_nodes = simple_storage.all_records('graph_nodes')
    all_relations = simple_storage.all_records('graph_relationships')

    for node in all_nodes:
        tx.run('MERGE (t:{1} {{NodeId: "{0}", node_type: "{1}"}});'.format(node['node_id'], node['node_type']))

    for rel in all_relations:
        tx.run('MATCH (source {{NodeId: "{0}"}}), (target {{NodeId: "{1}"}}) MERGE (source)-[:SystemConnection {{type: "{2}"}}]->(target);'.format(rel['source_node'], rel['target_node'], rel['relation_name']))
Example #2
0
def export():
    all_nodes = simple_storage.all_records('graph_nodes')
    all_relations = simple_storage.all_records('graph_relationships')

    with open('graph_nodes.csv', 'w') as csvfile:
        fieldnames = ['node_id', 'node_resource_id', 'node_type']
        writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
        writer.writeheader()
        for graph_node in all_nodes:
            writer.writerow(graph_node)

    with open('graph_relationships.csv', 'w') as csvfile:
        fieldnames = ['relation_name', 'source_node', 'target_node']
        writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
        writer.writeheader()
        for graph_relation in all_relations:
            writer.writerow(graph_relation)
Example #3
0
    def init(self):
        all_users_to_ip = simple_storage.all_records('user_to_ip')

        all_users = simple_storage.all_records('users')
        all_roles = simple_storage.all_records('roles')

        name_to_arn = {}
        for user in all_users:
            name_to_arn[user['UserName']] = user['Arn']
        for role in all_roles:
            name_to_arn[role['RoleName']] = role['Arn']

        for user in all_users_to_ip:
            if user['username'] not in name_to_arn:
                continue
            user_node = BaseRoleNode(name_to_arn[user['username']])
            for ip in user['ips']:
                ip_node = BasePublicIP(ip)
                ip_node.relate(user_node, "UserPublicIPAddress")
    def init(self):
        all_lambda_functions = simple_storage.all_records('lambda_function')
        all_lambda_functions_arn = set([])
        for lambda_function in all_lambda_functions:
            all_lambda_functions_arn.add(lambda_function['FunctionArn'])

        all_users = simple_storage.all_records('iam_gatherusers')
        all_users.extend(simple_storage.all_records('iam_gatherroles'))

        if len(all_lambda_functions_arn) == 0:
            return

        for user in all_users:

            simulation_params = {
                'PolicySourceArn':
                user['Arn'],
                'ActionNames':
                ['lambda:GetFunction', 'lambda:UpdateFunctionCode'],
                'ResourceArns':
                list(all_lambda_functions_arn),
                'ContextEntries': [{
                    'ContextKeyName': 'aws:multifactorauthpresent',
                    'ContextKeyType': 'boolean',
                    'ContextKeyValues': ['true']
                }]
            }
            all_simulations = run_single_region('iam',
                                                'simulate_principal_policy',
                                                simulation_params)
            for simulation_data in all_simulations["EvaluationResults"]:
                if simulation_data["EvalDecision"] == "allowed":
                    lambda_node = BaseLambdaNode(
                        simulation_data['EvalResourceName'])
                    role_node = BaseRoleNode(user['Arn'])
                    role_node.relate(self.storage, lambda_node,
                                     simulation_data['EvalActionName'])
    def init(self):
        all_instances = simple_storage.all_records('ec2_gather')
        all_instances_arn = set([])
        all_instances.append({'InstanceId': "ALL-INSTANCES"})
        basic_arn = 'arn:aws:ec2:*:*:instance/'
        for instance in all_instances:
            all_instances_arn.add(basic_arn + instance['InstanceId'])

        all_users = simple_storage.all_records('iam_gatherusers')
        all_users.extend(simple_storage.all_records('iam_gatherroles'))

        if len(all_instances_arn) == 0:
            return

        for user in all_users:
            simulation_params = {
                'PolicySourceArn':
                user['Arn'],
                'ActionNames': ['ssm:SendCommand'],
                'ResourceArns':
                ['arn:aws:ssm:*:*:document/AWS-RunPowerShellScript'],
                'ContextEntries': [{
                    'ContextKeyName': 'aws:multifactorauthpresent',
                    'ContextKeyType': 'boolean',
                    'ContextKeyValues': ['true']
                }]
            }
            all_simulations = run_single_region('iam',
                                                'simulate_principal_policy',
                                                simulation_params)
            for simulation_data in all_simulations["EvaluationResults"]:
                if simulation_data["EvalDecision"] == "allowed":
                    for instance in all_instances:
                        ec2_node = BaseEC2Node(instance['InstanceId'])
                        role_node = BaseRoleNode(user['Arn'])
                        role_node.relate(self.storage, ec2_node,
                                         simulation_data['EvalActionName'])
Example #6
0
    def init(self):
        all_instances = simple_storage.all_records('ec2_gather')
        all_instances.append({'InstanceId': "ALL-INSTANCES"})
        all_instances_arn = set([])
        basic_arn = 'arn:aws:ec2:*:*:instance/'
        for instance in all_instances:
            all_instances_arn.add(basic_arn + instance['InstanceId'])

        all_users = simple_storage.all_records('iam_gatherusers')
        all_users.extend(simple_storage.all_records('iam_gatherroles'))
        ''''ec2:AssociateIamInstanceProfile',
                                'ec2:DetachVolume',
                                'ec2:AttachVolume','''
        if len(all_instances_arn) == 0:
            return

        for user in all_users:
            simulation_params = {
                'PolicySourceArn': user['Arn'],
                'ActionNames': [
                    #'ec2:AssociateIamInstanceProfile'
                    #'ec2:StartInstances',
                    #'ec2:StopInstances'
                    'ec2:AttachVolume',
                    'ec2:DetachVolume'
                ],
                'ResourceArns': list(all_instances_arn),
                'ContextEntries': [{
                    'ContextKeyName': 'aws:multifactorauthpresent',
                    'ContextKeyType': 'boolean',
                    'ContextKeyValues': ['true']
                }]
            }
            all_simulations = run_single_region('iam', 'simulate_principal_policy', simulation_params)
            #all_simulations = {"EvaluationResults": []}
            for simulation_data in all_simulations["EvaluationResults"]:
                if simulation_data["EvalDecision"] == "allowed":
                    ec2_node = BaseEC2Node(simulation_data['EvalResourceName'][len(basic_arn):])
                    role_node = BaseRoleNode(user['Arn'])
                    role_node.relate(self.storage, ec2_node, simulation_data['EvalActionName'])
            simulation_params = {
                'PolicySourceArn': user['Arn'],
                'ActionNames': [
                    #'ec2:AssociateIamInstanceProfile'
                    'ec2:StartInstances',
                    'ec2:StopInstances'
                    #'ec2:AttachVolume'
                                ],
                'ResourceArns': list(all_instances_arn),
                'ContextEntries': [{
                    'ContextKeyName': 'aws:multifactorauthpresent',
                    'ContextKeyType': 'boolean',
                    'ContextKeyValues': ['true']
                }]
            }
            all_simulations = run_single_region('iam', 'simulate_principal_policy', simulation_params)
            #all_simulations = {"EvaluationResults": []}
            for simulation_data in all_simulations["EvaluationResults"]:
                if simulation_data["EvalDecision"] == "allowed":
                    ec2_node = BaseEC2Node(simulation_data['EvalResourceName'][len(basic_arn):])
                    role_node = BaseRoleNode(user['Arn'])
                    role_node.relate(self.storage, ec2_node, simulation_data['EvalActionName'])

            simulation_params = {
                'PolicySourceArn': user['Arn'],
                'ActionNames': [
                    'ec2:AssociateIamInstanceProfile'
                    #'ec2:StartInstances',
                    #'ec2:StopInstances'
                    #'ec2:AttachVolume'
                ],
                'ResourceArns': list(all_instances_arn),
                'ContextEntries': [{
                    'ContextKeyName': 'aws:multifactorauthpresent',
                    'ContextKeyType': 'boolean',
                    'ContextKeyValues': ['true']
                }]
            }
            all_simulations = run_single_region('iam', 'simulate_principal_policy', simulation_params)
            #all_simulations = {"EvaluationResults": []}
            for simulation_data in all_simulations["EvaluationResults"]:
                if simulation_data["EvalDecision"] == "allowed":
                    ec2_node = BaseEC2Node(simulation_data['EvalResourceName'][len(basic_arn):])
                    role_node = BaseRoleNode(user['Arn'])
                    role_node.relate(self.storage, ec2_node, simulation_data['EvalActionName'])


            simulation_params = {
                        'PolicySourceArn': user['Arn'],
                        'ActionNames': [
                                        'ec2:DescribeInstances',
                                        'ec2:ModifyInstanceAttribute',
                                        'ec2:CopySnapshot',
                                        'ec2:RunInstances'
                                        ],
                        'ContextEntries': [{
                            'ContextKeyName': 'aws:multifactorauthpresent',
                            'ContextKeyType': 'boolean',
                            'ContextKeyValues': ['true']
                        }]
                        }
            all_simulations = run_single_region('iam', 'simulate_principal_policy', simulation_params)
            for simulation_data in all_simulations["EvaluationResults"]:
                if simulation_data["EvalDecision"] == "allowed":
                    for instance in all_instances:
                        ec2_node = BaseEC2Node(instance['InstanceId'])
                        role_node = BaseRoleNode(user['Arn'])
                        role_node.relate(self.storage, ec2_node, simulation_data['EvalActionName'])