first commit - amiexpose - PoC on locating sensitive/private data in public AWS AMI's.
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
(DIR) commit 1c53db9fa62d4d2ce4ed306aaf294e41a23152a5
(HTM) Author: Jay Scott <me@jay.scot>
Date: Fri, 27 Oct 2017 21:33:22 +0100
first commit
Diffstat:
A .gitignore | 75 +++++++++++++++++++++++++++++++
A README.md | 30 ++++++++++++++++++++++++++++++
A ami_expose.py | 51 +++++++++++++++++++++++++++++++
A setup.py | 16 ++++++++++++++++
4 files changed, 172 insertions(+), 0 deletions(-)
---
(DIR) diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,75 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+# Usually these files are written by a python script from a template
+# before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+
+# Translations
+*.mo
+*.pot
+
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# pyenv
+.python-version
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
(DIR) diff --git a/README.md b/README.md
@@ -0,0 +1,30 @@
+
+## Overview
+
+Search AWS AMIs on **all** regions for certain keywords.
+
+[](https://asciinema.org/a/144619)
+
+## Development
+
+
+ $ python3 -m venv venv/
+ $ . venv/bin/activate
+
+## Build
+
+ $ pip install --editable .
+
+## Run
+
+make sure you have a valid **AWS_SECRET_KEY** and **AWS_SECRET_ACCESS_KEY** set.
+
+ $ ami_expose search --query YourString
+
+## Todo
+
+ - Define regions to search.
+ - Use regions from a Boto query.
+ - Launch a micro EC2 instance with a AMI ID.
+
+
(DIR) diff --git a/ami_expose.py b/ami_expose.py
@@ -0,0 +1,51 @@
+#!/usr/bin/env python3
+#
+# Search all of your own AMIs for any that are public on
+# all known regions.
+#
+# jay@beardyjay.co.uk
+#
+import boto3
+import click
+from botocore.exceptions import ClientError
+
+default_regions = ['us-east-1', 'us-west-1', 'us-west-2',
+ 'eu-west-1', 'sa-east-1', 'ap-southeast-1',
+ 'ap-southeast-2', 'ap-northeast-1',
+ 'ap-northeast-2', 'eu-central-1']
+
+
+@click.group()
+def cli():
+
+ pass
+
+
+@cli.command()
+@click.option('--query',
+ help='Query AMIs name containing string',
+ required=True)
+def search(query):
+ """ Search Amazon AMIs """
+
+ filters = {'Name': 'name', 'Values': ["*" + query + "*", ]}
+
+ results = {}
+ with click.progressbar(default_regions,
+ label='Searching region..') as regions:
+ for region in regions:
+
+ ec2 = boto3.resource('ec2', region_name=region)
+
+ try:
+ for image in ec2.images.filter(Filters=[filters]).all():
+ results[image.image_id] = [region, image.name]
+ except ClientError as e:
+ print(e)
+ raise
+
+ for item in results:
+ click.secho("[ %s ] " % results[item][0], nl=False, fg='green')
+ click.echo("%s : " % item, nl=False)
+ click.secho("%s" % results[item][1], nl=False, bold=True)
+ click.echo("")
(DIR) diff --git a/setup.py b/setup.py
@@ -0,0 +1,16 @@
+from setuptools import setup
+
+setup(
+ name='ami_expose',
+ version='0.1',
+ py_modules=['ami_expose'],
+ install_requires=[
+ 'boto3',
+ 'Click',
+ 'colorama',
+ ],
+ entry_points='''
+ [console_scripts]
+ ami_expose=ami_expose:cli
+ ''',
+)