def attacks(args): """ awspx attacks """ max_attack_iterations = int(args.max_attack_iterations) \ if args.max_attack_iterations else 5 max_attack_depth = args.max_attack_depth \ if args.max_attack_depth else "" ignore_conditionals = False \ if args.include_conditionals else True # Resolve only & except attacks except_attacks = [] if args.except_attacks: except_attacks = [ k for k in Attacks.definitions.keys() if k.lower() in args.except_attacks.lower() ] only_attacks = [] if args.only_attacks: only_attacks = [ k for k in Attacks.definitions.keys() if k.lower() in args.only_attacks.lower() ] if args.func == attacks: print("[+] Computing attack paths") Attacks.compute(max_iterations=max_attack_iterations, except_attacks=except_attacks, only_attacks=only_attacks, max_search_depth=max_attack_depth, ignore_actions_with_conditions=ignore_conditionals) else: return max_attack_iterations, max_attack_depth, ignore_conditionals, except_attacks, only_attacks
def handle_attacks(args, console=console): """ awspx attacks """ attacks = Attacks( skip_conditional_actions=args.include_conditional_attacks == False, skip_attacks=args.skip_attacks, only_attacks=args.only_attacks, console=console) attacks.compute(max_iterations=args.max_attack_iterations, max_search_depth=str(args.max_attack_depth if args. max_attack_depth is not None else ""))
def handle_attacks(args): """ awspx attacks """ try: Attacks.compute( max_iterations=args.max_attack_iterations, except_attacks=args.except_attacks, only_attacks=args.only_attacks, max_search_depth=str(args.max_attack_depth if args. max_attack_depth is not None else ""), ignore_actions_with_conditions=( not args.include_conditional_attacks)) except Exception as attack: if attack in Attacks.definitions: print(f"[!] Attack: `{attack}` failed, to exclude this " f"attack in future append --except-attacks='{attack}'") else: print("[-]", attack)
def ingest(args): """ awspx ingest """ account = "0000000000000" ingested = Elements() iam = None profile = args.profile if args.profile else "default" # offer to create profile it doesn't exist try: session = boto3.session.Session(profile_name=profile) except ProfileNotFound: create_new_profile(profile) session = boto3.session.Session(profile_name=profile) if not args.region: r = boto3.session.Session(profile_name=profile).region_name region = r if r != None else "eu-west-1" else: region = args.region if not args.database: database = profile + ".db" else: if args.database[-3:] == ".db": database = args.database else: database = args.database + ".db" if args.services and args.services != "all": services = [ s for s in SERVICES if s.__name__.upper() in map(str.upper, args.services.strip(" ").split(',')) ] else: services = SERVICES # Always ingest IAM if IAM not in services: services.insert(0, IAM) # Resolve only & except resources types & ARNs optional_resource_args = "" selections = {} if args.except_types: selections["except_types"] = args.except_types.split(",") validate_types(selections["except_types"]) optional_resource_args = optional_resource_args + \ f" --except-types {args.except_types} \\\n" else: selections["except_types"] = [] if args.only_types: selections["only_types"] = args.only_types.split(",") validate_types(selections["only_types"]) optional_resource_args = optional_resource_args + \ f" --only-types {args.only_types} \\\n" else: selections["only_types"] = [] if args.except_arns: selections["except_arns"] = args.except_arns.lower().split(",") optional_resource_args = optional_resource_args + \ f" --except-arns {args.except_arns} \\\n" else: selections["except_arns"] = [] if args.only_arns: selections["only_arns"] = args.only_arns.lower().split(",") optional_resource_args = optional_resource_args + \ f" --only-arns {args.only_arns} \\\n" else: selections["only_arns"] = [] if args.role_to_assume: assume_role_arg = f" --assume-role {args.role_to_assume} \\\n" else: assume_role_arg = "" max_attack_iterations, max_attack_depth, ignore_conditionals, except_attacks, only_attacks = attacks( args) if args.skip_attacks: attack_args = " --skip-attacks" else: attack_args = f""" --max-attack-iterations {str(max_attack_iterations)} \\ --ignore-conditionals {str(ignore_conditionals)} \\ """ if max_attack_depth != "": attack_args = attack_args + \ f" --max-attack-depth {max_attack_depth} \\" if except_attacks: attack_args = attack_args + \ f" --except-attacks {','.join(except_attacks)}" elif only_attacks: attack_args = attack_args + \ f" --only-attacks {','.join(only_attacks)}" print(f""" [+] Running awspx ingest --profile {profile} --region {region} --database {database} \\ --services {','.join([s.__name__ for s in services])} \\ {assume_role_arg+optional_resource_args+attack_args} """) try: session = boto3.session.Session(profile_name=profile, region_name=region) identity = session.client('sts').get_caller_identity() account = identity["Account"] print(f"[+] User set to {identity['Arn']}.") print(f"[+] Region set to {region}.") except: print( "[-] Request to establish identity (sts:GetCallerIdentity) failed." ) if args.role_to_assume: response = session.client('sts').assume_role( RoleArn=args.role_to_assume, RoleSessionName=f"awspx", DurationSeconds=7200) if response: print(f"[+] Assumed role {args.role_to_assume}") session = boto3.session.Session( aws_access_key_id=response["Credentials"]["AccessKeyId"], aws_secret_access_key=response["Credentials"] ["SecretAccessKey"], aws_session_token=response["Credentials"]["SessionToken"], region_name=region) try: identity = session.client('sts').get_caller_identity() account = identity["Account"] print(f"[+] Running as {identity['Arn']}.") print(f"[+] Region set to {region}.") except: print( "[-] Request to establish identity (sts:GetCallerIdentity) failed." ) if not args.database: database = f"{args.role_to_assume.split('::')[1].split(':')[0]}-{database}" print(f"[+] Using database {database}") if IAM in services: iam = IAM(session, db=database) account = iam.root.account() for service in [s for s in services if s != IAM]: resources = service(session, **selections, account=account) ingested += resources if IAM not in services: iam = IAM(session, db=database, resources=ingested) else: iam += ingested archive = iam.post() print(f"[+] Results exported to {archive}") Neo4j.load(archive, database) if not args.skip_attacks: print("[+] Computing attack paths") Attacks.compute(max_iterations=max_attack_iterations, except_attacks=except_attacks, only_attacks=only_attacks, max_search_depth=max_attack_depth, ignore_actions_with_conditions=ignore_conditionals) print("[+] Done.")