follow on action suggester module(s)

[carnal0wnage]

from lunch...

we will log the results of the recon module to the DB. we need some functions/modules that will check what services and sub-services the key has access to and either suggest or execute follow on activity. once the data is in the DB, this should be relatively easy to do

possible flow...

weirdaal.py --recon --populates awskey, service, sub_service

weirdaal.py --show_services EC2, DescribeInstances EC2, DescribeVolumes

EMR, DescribeRepositories ... weirdaal.py --suggest

EC2, DescribeInstances, list instances module / action ... EMR, DescribeRepositories, list repositories module / action

[carnal0wnage]

just thinking in text on this...the DB is there and works. looks like this:

Services enumerated for SNIPSNIPSNIP
autoscaling:DescribeAccountLimits
autoscaling:DescribeAdjustmentTypes
autoscaling:DescribeAutoScalingInstances
autoscaling:DescribeAutoScalingGroups
autoscaling:DescribeLaunchConfigurations
autoscaling:DescribeScheduledActions
autoscaling:DescribeTags
autoscaling:DescribeTerminationPolicyTypes
autoscaling:DescribePolicies
cloudwatch:ListMetrics
cloudwatch:DescribeAlarmHistory
cloudwatch:DescribeAlarms
datapipeline:ListPipelines
dynamodb:ListTables
dynamodb:DescribeLimits
dynamodb:ListBackups
dynamodb:ListGlobalTables
dynamodbstreams:ListStreams
ec2:DescribeInstances
ec2:DescribeInstanceStatus
ec2:DescribeImages
ec2:CreateImage

[carnal0wnage]

I'm reserving the right to make a design change to go from ec2:CreateImage to ec2:create_image to facilitate grabbing that column and automagically doing stuff

[carnal0wnage]

adding this as lots of checks are here and may be useful later https://www.cloudconformity.com/conformity-rules/