ami_expose.py - amiexpose - PoC on locating sensitive/private data in public AWS AMI's.
(HTM) git clone git://jay.scot/amiexpose
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
ami_expose.py (1404B)
---
1 #!/usr/bin/env python3
2 #
3 # Search all of your own AMIs for any that are public on
4 # all known regions.
5 #
6 # jay@beardyjay.co.uk
7 #
8 import boto3
9 import click
10 from botocore.exceptions import ClientError
11
12 default_regions = ['us-east-1', 'us-west-1', 'us-west-2',
13 'eu-west-1', 'sa-east-1', 'ap-southeast-1',
14 'ap-southeast-2', 'ap-northeast-1',
15 'ap-northeast-2', 'eu-central-1']
16
17
18 @click.group()
19 def cli():
20
21 pass
22
23
24 @cli.command()
25 @click.option('--query',
26 help='Query AMIs name containing string',
27 required=True)
28 def search(query):
29 """ Search Amazon AMIs """
30
31 filters = {'Name': 'name', 'Values': ["*" + query + "*", ]}
32
33 results = {}
34 with click.progressbar(default_regions,
35 label='Searching region..') as regions:
36 for region in regions:
37
38 ec2 = boto3.resource('ec2', region_name=region)
39
40 try:
41 for image in ec2.images.filter(Filters=[filters]).all():
42 results[image.image_id] = [region, image.name]
43 except ClientError as e:
44 print(e)
45 raise
46
47 for item in results:
48 click.secho("[ %s ] " % results[item][0], nl=False, fg='green')
49 click.echo("%s : " % item, nl=False)
50 click.secho("%s" % results[item][1], nl=False, bold=True)
51 click.echo("")