search

punk-security / dnsReaper

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
GNU Affero General Public License v3.0
1.93k stars 150 forks source link

AWS provider fails hard without credentials #117

Closed SimonGurney closed 1 year ago

SimonGurney commented 1 year ago

We need to handle the cannot autodiscover boto3 credentials and output a clear error, and guidance on the args available

PS C:\Users\SimonGurney> docker run punksecurity/dnsreaper aws
          ____              __   _____                      _ __
         / __ \__  ______  / /__/ ___/___  _______  _______(_) /___  __
        / /_/ / / / / __ \/ //_/\__ \/ _ \/ ___/ / / / ___/ / __/ / / /
       / ____/ /_/ / / / / ,<  ___/ /  __/ /__/ /_/ / /  / / /_/ /_/ /
      /_/    \__,_/_/ /_/_/|_|/____/\___/\___/\__,_/_/  /_/\__/\__, /
                                             PRESENTS         /____/
                              DNS Reaper ☠️

             Scan all your DNS records for subdomain takeovers!

Traceback (most recent call last):
  File "/app/main.py", line 50, in <module>
    domains = list(provider.fetch_domains(**args.__dict__))
  File "/app/providers/aws.py", line 71, in fetch_domains
    zones = get_zones(client)
  File "/app/providers/aws.py", line 45, in get_zones
    hosted_zones = client.list_hosted_zones()["HostedZones"]
  File "/opt/venv/lib/python3.10/site-packages/botocore/client.py", line 514, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/opt/venv/lib/python3.10/site-packages/botocore/client.py", line 917, in _make_api_call
    http, parsed_response = self._make_request(
  File "/opt/venv/lib/python3.10/site-packages/botocore/client.py", line 940, in _make_request
    return self._endpoint.make_request(operation_model, request_dict)
  File "/opt/venv/lib/python3.10/site-packages/botocore/endpoint.py", line 119, in make_request
    return self._send_request(request_dict, operation_model)
  File "/opt/venv/lib/python3.10/site-packages/botocore/endpoint.py", line 198, in _send_request
    request = self.create_request(request_dict, operation_model)
  File "/opt/venv/lib/python3.10/site-packages/botocore/endpoint.py", line 134, in create_request
    self._event_emitter.emit(
  File "/opt/venv/lib/python3.10/site-packages/botocore/hooks.py", line 412, in emit
    return self._emitter.emit(aliased_event_name, **kwargs)
  File "/opt/venv/lib/python3.10/site-packages/botocore/hooks.py", line 256, in emit
    return self._emit(event_name, kwargs)
  File "/opt/venv/lib/python3.10/site-packages/botocore/hooks.py", line 239, in _emit
    response = handler(**kwargs)
  File "/opt/venv/lib/python3.10/site-packages/botocore/signers.py", line 105, in handler
    return self.sign(operation_name, request)
  File "/opt/venv/lib/python3.10/site-packages/botocore/signers.py", line 189, in sign
    auth.add_auth(request)
  File "/opt/venv/lib/python3.10/site-packages/botocore/auth.py", line 418, in add_auth
    raise NoCredentialsError()
botocore.exceptions.NoCredentialsError: Unable to locate credentials
PS C:\Users\SimonGurney>