[ { "path": "README.en.md", "content": "English | [中文](./README.md)\n# accesskey_tools\nThe accesskey automated operation and maintenance tools and accesskey utilization tools of various cloud vendors such as alicloud/tencentcloud/huaweicloud/aws, including but not limited to various functions such as creating ecs, ecs query and command execution, oss query and batch download, will continue to be added in the future. Various functions.\n\n## Function description\n* IAM queries the current user permissions of aksk. Enter \"enum\" to perform interface service blasting.\n\n* EC2 Query the detailed information of EC2 machine instances in various AWS regions. The specified instance can execute system commands. Trace cleaning: delete the created policy and bound IAM.\n\n* RDS queries all rds details of AWS, as well as IP whitelist restriction information.\n\n* S3 queries all s3 bucket bucket information, and you can specify the bucket and bucket folder.\n\n* ROUTE53 queries the domain name DNS records created by AWS in all regions.\n\n* URL_CONSOLE Use aksk to apply for a federation token and obtain console permissions (valid time: 15 minutes)\n\n## Get started quickly\n\n### Query and execute commands on the ec2 machine instance. \nAfter executing the script, the ec2 machine instance status in each region will be automatically retrieved and json will be returned.\n![Img](./FILES/1.awebp)\n![Img](./FILES/2.awebp)\n\nYou can choose whether to delete the created roles and policies.\n\nYou can also delete the iam bound to the ec2 machine.\n\nEnter the machine instance to execute the command. The type of command to be executed will be automatically selected based on the data in json:\n```\n\"Linux\": \"AWS-RunShellScript\",\n\"windows\": \"AWS-RunPowerShellScript\"\n```\n![Img](./FILES/3.awebp)\n### RDS queries all rds details of AWS, \nas well as IP whitelist restriction information.\n![Img](./FILES/4.awebp)\n### S3 queries all s3 bucket bucket information \nall mode downloads all files in all buckets.\nYou can specify the bucket and bucket folder.\n![Img](./FILES/5.awebp)\n### ROUTE53 \nQuery the domain name DNS records created by AWS in all regions.\n![Img](./FILES/6.awebp)\n### URL_CONSOLE \nUse aksk to apply for a federation token and obtain console permissions (valid time: 15 minutes)\n![Img](./FILES/7.awebp)\n\n\nFor information on how to use the tool, please refer to the article:\n\n[accesskey_tools: An Alibaba Cloud operations and maintenance tool for automation](https://kohlersbtuh15s-organization.gitbook.io/alibabacloud_accesskey_tools/)\n\n[AWS AccessKey Tools: Powerful Security Assessment and Penetration Testing Tools](https://kohlersbtuh15s-organization.gitbook.io/aws_accesskey_tools/)\n# Disclaimer\nThis tool is only used by operation and maintenance personnel to manage cloud business and security testing, and may not be used for any illegal attacks.\n\n# TODO\n\n* huaweicloud accesskey related functions\n* qiniuyun accesskey related functions\n" }, { "path": "README.md", "content": "[English](./README.en.md) | 中文\n# accesskey_tools\n阿里云aliyun/腾讯云tencentcloud/华为云huaweicloud/aws等各种云厂商的accesskey自动化运维工具,accesskey利用工具,包括但不限于创建ecs、ecs查询和命令执行、oss查询和批量下载等各种功能,后续会持续添加各种功能\n\n# 工具下载\n```\ngit clone https://github.com/kohlersbtuh15/accesskey_tools.git\n```\n# 使用说明\n```\ncd aws/aliyun/tencentcloud #进入相应的云服务平台\npip3 install -r requirements.txt\nvi config.py #填写AccessKeyID和AccessKeySecret,按需填写SOCKS5_PROXY_HOST和SOCKS5_PROXY_PORT\npython3 aws_ec2_exec.py\n```\n# 功能描述\n* IAM 查询当前aksk的用户权限,输入\"enum\"可进行接口服务爆破。\n* EC2 查询aws各地区的ec2机器实例的详情信息,指定实例可执行系统命令,痕迹清理:删除创建的策略和绑定的iam。\n* RDS 查询aws所有rds详情信息,以及IP白名单限制信息。\n* S3 查询所有s3 bucket存储桶信息,可指定bucket以及bucket的文件夹。\n* ROUTE53 查询aws所有地区创建的域名DNS记录。\n* URL_CONSOLE 使用aksk申请联邦令牌,获取控制台权限(有效时间:15分钟)\n# 快速上手\n### 1、ec2机器实例查询并执行命令\n执行脚本后会自动检索各个地区的ec2机器实例情况以及agent情况,并返回json。\n![Img](./FILES/1.awebp)\n![Img](./FILES/2.awebp)\n\n输入机器实例,进行执行命令。会根据json中的数据自动选择执行命令的类型:\n```\n\"Linux\": \"AWS-RunShellScript\",\n\"windows\": \"AWS-RunPowerShellScript\",\n```\n![Img](./FILES/3.awebp)\n\n### 2、RDS查询\naws所有rds详情信息、快照详情、IP白名单限制信息。\n![Img](./FILES/4.awebp)\n\n### 3、S3 查询所有s3 bucket存储桶信息\nall模式下载所有桶子中的所有文件。\n可指定bucket以及bucket的文件夹。\n![Img](./FILES/5.awebp)\n\n### 4、ROUTE53\n查询aws所有地区创建的域名DNS记录。\n![Img](./FILES/6.awebp)\n\n### 5、URL_CONSOLE\n使用aksk申请联邦令牌,获取控制台权限(有效时间:15分钟)\n![Img](./FILES/7.awebp)\n\n\n关于工具使用方式可参考文章:\n\n[accesskey_tools:一款针对云环境的多功能利用脚本工具](https://blog.csdn.net/saygoodbyeyo/article/details/132347160)\n \n\n[accesskey_tools: 阿里云运维工具:自动化运维的利器](https://www.freebuf.com/sectool/377068.html)\n\n[accesskey_tools: aws accesskey利用工具](https://www.freebuf.com/sectool/377988.html)\n\n# 免责声明\n该工具仅用于运维人员管理云上业务及安全测试,不得用于任何非法攻击。\n\n# TODO\n\n* 华为云huaweicloud accesskey相关功能\n* 七牛云qiniuyun accesskey相关功能\n" }, { "path": "aliyun/README.en.md", "content": "English | [中文](./README.md)\n## Error handling\nIf you encounter pip installation errors, it is recommended to update pip and then install the dependencies.\n`pip install --upgrade pip`\n\n## File description\n\n#### aliyun_ecs_exec.py\nUsed to query the detailed information of ecs instances in various regions of Alibaba Cloud and specify the ecs instance to execute commands.\n#### aliyun_ecs_exec_batch.py\nUsed to query the detailed information of ecs instances in various regions of Alibaba Cloud and execute ecs instance commands in batches\n#### aliyun_create_ecs.py\nUsed to create Alibaba Cloud instances in batches\n#### aliyun_getall_rds.py\nUsed to query all Alibaba Cloud RDS details and their IP restrictions\n#### oss_download.py\nUsed to download all files in oss, and can also specify a bucket for download.\n#### config.py\nConfiguration information required to run the code, including accesskey, accesskeysecret, proxy IP and port and other parameters\n\n## Instructions for use\nTo install the required dependencies before use, run `pip install -r requirements.txt`, fill in the corresponding values ​​​​in config.py, run the corresponding py script directly, and enter the corresponding values ​​​​as prompted.\n\n## proxy\nThe socks proxy is provided in the code. When you need to use it, fill in the ip and port values ​​​​in config.py, and then remove the corresponding comment part in the code.\n" }, { "path": "aliyun/README.md", "content": "[English](./README.en.md) | 中文\n## 报错处理\n如果在安装依赖时报错,请先更新pip版本再重新安装。\n`pip install --upgrade pip`\n## 文件说明\n\n#### aliyun_ecs_exec.py\n用于查询阿里云各地区ecs实例的详细信息,并可指定ecs实例执行命令\n#### aliyun_ecs_exec_batch.py\n用于查询阿里云各地区ecs实例的详细信息,并可批量执行ecs实例命令\n#### aliyun_create_ecs.py\n用于批量创建阿里云实例\n#### aliyun_getall_rds.py\n用于查询阿里云所有rds详细信息和其ip限制\n#### oss_download.py\n用于下载所有oss中的文件,也可指定bucket下载\n#### config.py\n代码运行所需的配置信息,包括accesskey、accesskeysecret、代理的ip和端口等参数\n\n## 使用说明\n使用前安装所需的依赖,运行pip install -r requirements.txt即可,填好config.py中对应的值,直接运行对应的py脚本,按照提示输入对应的值\n\n## 代理\n代码中提供了socks代理,需要使用时在config.py中填好ip和port值,然后去掉代码中对应的注释部分即可\n" }, { "path": "aliyun/aliyun_create_ecs.py", "content": "# -*- coding: utf-8 -*-\nfrom typing import List\nfrom alibabacloud_tea_util.client import Client as UtilClient\nfrom alibabacloud_ecs20140526.client import Client as EcsClient\nfrom alibabacloud_tea_openapi import models as open_api_models\nfrom alibabacloud_vpc20160428 import models as vpc_models\nfrom alibabacloud_vpc20160428.client import Client as VpcClient\nfrom alibabacloud_ecs20140526 import models as ecs_models\nfrom alibabacloud_darabonba_array.client import Client as ArrayClient\n\nimport config\n# import socket, socks\n\n# default_socket = socket.socket\n# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)\n# socket.socket = socks.socksocket\n\n\nclass Create_instances:\n def __init__(self):\n pass\n\n @staticmethod\n def main(\n access_key_id: str, access_key_secret: str, region_id: str, instance_type: str, image_id: str,\n security_group_id: str,\n zone_id: str, v_switch_id: str, password: str, autorelease_time: str,\n security_enhancement_strategy: str, dry_run: bool\n ):\n access_key_id = access_key_id\n access_key_secret = access_key_secret\n period = None\n period_unit = None\n auto_renew_period = None\n auto_renew = None\n available_info = {}\n if not region_id:\n for region in config.RegionIds:\n print(f'地区代码:{region} 对应地区: {config.RegionIds[region]}')\n region_id = input(\"请输入要创建的实例地区代码,如cn-hangzhou: \").replace(' ', '')\n config_client = Create_instances.create_client(access_key_id, access_key_secret, region_id)\n\n while True:\n if not zone_id:\n available_info = Create_instances.describe_zones(config_client, region_id)\n zone_id = input(\"请输入可用区ID: \").replace(' ', '')\n\n vpc_id = None\n if not v_switch_id or not vpc_id:\n vpcs = Create_instances.describe_vswitches(region_id, zone_id)\n if not vpcs:\n print(f'[error] 所选可用区{zone_id}无可用虚拟交换机,请重新选择可用区或先创建虚拟交换机。')\n zone_id = None\n continue\n v_switch_id = input(\"请输入虚拟交换机ID: \").replace(' ', '')\n if v_switch_id not in vpcs.keys():\n print(f'请输入正确的虚拟交换机ID: ')\n continue\n else:\n vpc_id = vpcs[v_switch_id]\n break\n\n if not instance_type:\n while True:\n cpucore_num = int(input(\"请输入要创建实例的CPU核数:\").replace(' ', ''))\n memory_size = int(input(\"请输入要创建实例的内存大小(GB):\").replace(' ', ''))\n has_instancetypes = Create_instances.describe_instancetype(config_client, cpucore_num, memory_size,\n available_info[zone_id]['instance_types'])\n if not has_instancetypes:\n print(f'[error] 可用区{zone_id}无符合要求的实例规格,请重新选择')\n else:\n instance_type = input(\"请输入选择的实例类型ID: \").replace(' ', '')\n break\n\n if not image_id:\n Create_instances.describe_images(config_client, region_id)\n image_id = input(\"请输入镜像ID:\").replace(' ', '')\n\n if not security_group_id:\n Create_instances.describe_security_group(config_client, region_id, vpc_id)\n security_group_id = input(\"请输入安全组ID:\").replace(' ', '')\n\n if not password:\n password = input(\n \"请输入实例密码,长度为8至30个字符,必须同时包含大小写英文字母、数字和特殊符号中的三类字符,Windows实例不能以正斜线(/)为密码首字符: \").replace(\n ' ', '')\n print(f'以设定实例密码为: {password}')\n\n internet_charge_type = 'PayByBandwidth' if input(\n \"请选择宽带付费方式, PayByBandwidth:按固定带宽计费;PayByTraffic:按使用流量计费。默认为按量计费: \") == 'PayByBandwidth' else 'PayByTraffic'\n internet_maxband_widthout = int(input(\"请输入公网出宽带最大值,范围为0 - 100Mbit / s: \").replace(' ', ''))\n internet_maxband_widthin = int(\n input(\"请输入公网如宽带最大值,范围为0 - internet_maxband_widthout Mbit / s: \").replace(' ', ''))\n systemdisk_size = int(input(\"请输入云盘大小,范围为 20-500 : \").replace(' ', ''))\n while True:\n systemdisk_category = input(\n \"请输入云盘类型:cloud_efficiency:高效云盘,cloud_ssd:SSD云盘,cloud_essd:ESSD云盘,cloud:普通云盘,cloud_auto:ESSD AutoPL云盘: \").replace(\n ' ', '')\n if systemdisk_category not in available_info[zone_id]['diskcategory']:\n print(f'所选云盘类型{systemdisk_category}不支持,请重新选择: ')\n else:\n break\n amount = int(input(\"请输入要开启的实例数量 1-100 : \").replace(' ', ''))\n instance_charge_type = 'PrePaid' if input(\n \"请输入实例付费方式,PrePaid:包年包月。PostPaid:按量付费, 默认为按量付费: \").replace(' ',\n '') == 'PrePaid' else 'PostPaid'\n auto_pay = True if input(\n \"创建实例时是否自动付费,设置True时若账户余额不足,会生成作废订单,只能重新创建;设置为False时,会在控制台生成待支付订单,可自行支付,默认不自动付费,请输入 T 或者 F: \").replace(\n ' ', '') == 'T' else False\n if instance_charge_type == 'PostPaid':\n autorelease_time = input(\"请输入自动施放时间,如2018-01-01T12:05:00Z,默认不自动释放: \").replace(' ', '')\n auto_pay = True\n if instance_charge_type == 'PrePaid':\n period_unit = input(\"请输入包年包月计费时长单位,取值范围:Week和Month: \").replace(' ', '')\n period = int(input(\"请输入购买资源时长,如 1 : \").replace(' ', ''))\n auto_renew = True if input(\"是否自动续费,如需自动续费请输入Y: \").replace(' ', '') == 'Y' else False\n if auto_renew:\n auto_renew_period = int(input(\"请输入自动续费时长,单位为包年包月计费单位,如 1 : \").replace(' ', ''))\n\n # 创建并与运行实例\n print(f'[info] --------开始创建实例-----------')\n responces = config_client.run_instances(ecs_models.RunInstancesRequest(\n region_id=region_id,\n instance_type=instance_type,\n image_id=image_id,\n security_group_id=security_group_id,\n zone_id=zone_id,\n v_switch_id=v_switch_id,\n amount=amount,\n password=password,\n internet_max_bandwidth_in=internet_maxband_widthin,\n internet_max_bandwidth_out=internet_maxband_widthout,\n internet_charge_type=internet_charge_type,\n auto_release_time=autorelease_time,\n security_enhancement_strategy=security_enhancement_strategy,\n period=period,\n period_unit=period_unit,\n auto_renew_period=auto_renew_period,\n instance_charge_type=instance_charge_type,\n auto_renew=auto_renew,\n auto_pay=auto_pay,\n dry_run=dry_run,\n system_disk=ecs_models.RunInstancesRequestSystemDisk(\n size=systemdisk_size,\n category=systemdisk_category\n )\n ))\n print(\n f'[info]-----------创建实例成功,实例ID:{UtilClient.to_jsonstring(responces.body.instance_id_sets.instance_id_set)}--------------')\n\n @staticmethod\n def describe_instancetype(\n client: EcsClient,\n cupcore_num: int,\n memory_size: int,\n available_types: List[str]\n\n ):\n describe_instance_types_request = ecs_models.DescribeInstanceTypesRequest(\n minimum_cpu_core_count=cupcore_num,\n maximum_cpu_core_count=cupcore_num,\n minimum_memory_size=memory_size,\n maximum_memory_size=memory_size\n )\n flag = False\n try:\n response = client.describe_instance_types(describe_instance_types_request)\n for instance_type in response.body.instance_types.instance_type:\n if instance_type.instance_type_id in available_types:\n print(\n f'实例类型ID: {instance_type.instance_type_id} 实例规格分类:{instance_type.instance_category} 系统架构:{instance_type.cpu_architecture} 处理器型号:{instance_type.physical_processor_model}')\n flag = True\n return flag\n except Exception as error:\n # 如有需要,请打印 error\n print(error)\n\n @staticmethod\n def describe_images(\n client: EcsClient,\n region_id: str\n ):\n os_type = 'windows' if input('请输入镜像操作系统类型(linux或windows),默认为linux:') == 'windows' else 'linux'\n page = 1\n while True:\n describe_images_request = ecs_models.DescribeImagesRequest(\n region_id=region_id,\n status='Available',\n ostype=os_type,\n page_size=50,\n page_number=page\n )\n response = client.describe_images(describe_images_request)\n for image in response.body.images.image:\n print(f'镜像ID:{image.image_id}{\" \" * (60 - len(image.image_id))}镜像名称:{image.osname}')\n if page * 50 > response.body.total_count:\n break\n page = page + 1\n\n @staticmethod\n def describe_vswitches(\n region_id: str,\n zone_id: str\n ):\n vswitches = {}\n describe_vswitch_request = vpc_models.DescribeVSwitchesRequest(\n region_id=region_id,\n zone_id=zone_id\n )\n response = VpcClient(open_api_models.Config(config.AccessKeyID, config.AccessKeySecret,\n endpoint=f'vpc.aliyuncs.com')).describe_vswitches(\n describe_vswitch_request)\n for vswitch in response.body.v_switches.v_switch:\n vswitches[vswitch.v_switch_id] = vswitch.vpc_id\n print(\n f'虚拟交换机ID: {vswitch.v_switch_id} 虚拟网络ID: {vswitch.vpc_id} 虚拟交换机名称: {vswitch.v_switch_name} 虚拟网络段: {vswitch.cidr_block}')\n return vswitches\n\n @staticmethod\n def describe_security_group(\n client: EcsClient,\n region_id: str,\n vpc_id: str\n ):\n describe_security_request = ecs_models.DescribeSecurityGroupsRequest(\n region_id=region_id,\n vpc_id=vpc_id\n )\n response = client.describe_security_groups(describe_security_request)\n for security_group in response.body.security_groups.security_group:\n print(f'安全组ID: {security_group.security_group_id} 安全组名称: {security_group.security_group_name}')\n\n @staticmethod\n def describe_zones(\n client: EcsClient,\n region_id: str\n ):\n describe_zones_request = ecs_models.DescribeZonesRequest(\n region_id=region_id\n )\n response = client.describe_zones(describe_zones_request)\n available = {}\n for zone in response.body.zones.zone:\n print(f'zone_id: {zone.zone_id}')\n available[zone.zone_id] = {}\n available[zone.zone_id]['instance_types'] = zone.available_instance_types.instance_types\n available[zone.zone_id]['diskcategory'] = zone.available_disk_categories.disk_categories\n return available\n\n @staticmethod\n def create_client(\n access_key_id: str,\n access_key_secret: str,\n region_id: str,\n ) -> EcsClient:\n client_config = open_api_models.Config()\n client_config.access_key_id = access_key_id\n client_config.access_key_secret = access_key_secret\n client_config.region_id = region_id\n return EcsClient(client_config)\n\n\nif __name__ == '__main__':\n access_key_id = config.AccessKeyID\n access_key_secret = config.AccessKeySecret\n # 地区\n region_id = ''\n # 实例规格\n instance_type = ''\n # 镜像id\n image_id = ''\n # 安全组id\n security_group_id = ''\n # 可用区id\n zone_id = ''\n # 交换机id\n v_switch_id = ''\n # 实例密码,长度为8至30个字符,必须同时包含大小写英文字母、数字和特殊符号中的三类字符,Windows实例不能以正斜线(/)为密码首字符。\n password = ''\n # 公网出宽带最大值,范围为0-100Mbit/s\n internet_maxband_widthout = 100\n # 公网入带宽最大值。最小为10Mbit/s, 最大为internet_maxband_widthout值\n internet_maxband_widthin = internet_maxband_widthout\n # 按量付费自动施放时间,按照ISO8601标准表示,使用UTC+0时间。格式为:yyyy-MM-ddTHH:mm:ssZ。如2018-01-01T12:05:00Z\n autorelease_time = ''\n # 是否开启安全加固\n security_enhancement_strategy = 'Active'\n # 预检请求\n # true:发送检查请求,不会创建实例。检查项包括是否填写了必需参数、请求格式、业务限制和ECS库存。如果检查不通过,则返回对应错误。如果检查通过,则返回DryRunOperation错误。\n # false:发送正常请求,通过检查后直接创建实例。\n dry_run = False\n if not access_key_id or not access_key_secret:\n print(\"请在config.py中设置accesskeyID和accesskeysecret\")\n exit()\n try:\n Create_instances.main(access_key_id=config.AccessKeyID, access_key_secret=config.AccessKeySecret,\n region_id=region_id, instance_type=instance_type, image_id=image_id,\n security_group_id=security_group_id, zone_id=zone_id, v_switch_id=v_switch_id,\n password=password, autorelease_time=autorelease_time,\n security_enhancement_strategy=security_enhancement_strategy, dry_run=dry_run\n )\n except Exception as e:\n print('[error] ---------实例创建失败---------')\n print(e)\n" }, { "path": "aliyun/aliyun_ecs_exec.py", "content": "from aliyunsdkcore.client import AcsClient\nfrom aliyunsdkecs.request.v20140526.DescribeInstancesRequest import DescribeInstancesRequest\nfrom aliyunsdkecs.request.v20140526.CreateCommandRequest import CreateCommandRequest\nfrom aliyunsdkecs.request.v20140526.InvokeCommandRequest import InvokeCommandRequest\nfrom aliyunsdkecs.request.v20140526.DescribeCloudAssistantStatusRequest import DescribeCloudAssistantStatusRequest\nfrom aliyunsdkecs.request.v20140526.DescribeInvocationResultsRequest import DescribeInvocationResultsRequest\n\nimport json, base64, random, time, config\n\n# import socket, socks\n#\n# default_socket = socket.socket\n# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)\n# socket.socket = socks.socksocket\n\n\ndef DescribeCloudAssistantStatus(AccessKeyID, AccessKeySecret, ZoneId, InstanceId):\n client = AcsClient(AccessKeyID, AccessKeySecret, ZoneId)\n request = DescribeCloudAssistantStatusRequest()\n request.set_accept_format('json')\n\n request.set_InstanceIds([InstanceId])\n\n response = client.do_action_with_exception(request)\n return json.loads(response)\n\n\ndef CreateCommand(AccessKeyID, AccessKeySecret, com_type, command, ZoneId, InstanceId):\n client = AcsClient(AccessKeyID, AccessKeySecret, ZoneId)\n\n request = CreateCommandRequest()\n request.set_accept_format('json')\n name = ''.join(random.sample(\n ['z', 'y', 'x', 'w', 'v', 'u', 't', 's', 'r', 'q', 'p', 'o', 'n', 'm', 'l', 'k', 'j', 'i', 'h', 'g', 'f', 'e',\n 'd', 'c', 'b', 'a'], 5))\n try:\n CloudAssistantStatus = DescribeCloudAssistantStatus(AccessKeyID, AccessKeySecret, ZoneId, InstanceId)\n Status = CloudAssistantStatus['InstanceCloudAssistantStatusSet']['InstanceCloudAssistantStatus'][0][\n 'CloudAssistantStatus']\n if Status == 'false':\n print('no InstanceCloudAssistant,can not execute command!')\n return\n request.set_Name(name)\n request.set_Type(com_type)\n request.set_connect_timeout(60)\n command = base64.b64encode(command.encode()).decode()\n\n request.set_CommandContent(command)\n\n response = client.do_action_with_exception(request)\n return json.loads(response)['CommandId']\n except Exception as e:\n print(e)\n print('command create faild!')\n\n\ndef InvokeCommand(AccessKeyID, AccessKeySecret, ZoneId, InstanceId, CommandId):\n client = AcsClient(AccessKeyID, AccessKeySecret, ZoneId)\n\n try:\n request = InvokeCommandRequest()\n request.set_accept_format('json')\n\n request.set_CommandId(CommandId)\n request.set_InstanceIds([InstanceId])\n\n response = client.do_action_with_exception(request)\n if json.loads(response)['InvokeId'] == '':\n print('execute command error!')\n else:\n return json.loads(response)['InvokeId']\n except Exception as e:\n print(e)\n print('execute command error!')\n\n\ndef DescribeInvocationResults(AccessKeyID, AccessKeySecret, ZoneId, InvokeID):\n client = AcsClient(AccessKeyID, AccessKeySecret, ZoneId)\n\n request = DescribeInvocationResultsRequest()\n request.set_accept_format('json')\n\n request.set_InvokeId(InvokeID)\n\n response = client.do_action_with_exception(request)\n return json.loads(response)\n\n\ndef DescribeInstances(AccessKeyID, AccessKeySecret):\n ecs_info = {}\n for RegionId in config.RegionIds:\n print('searching -------' + RegionId)\n client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)\n try:\n request = DescribeInstancesRequest()\n request.set_accept_format('json')\n request.set_PageNumber(1)\n request.set_PageSize(100)\n response = client.do_action_with_exception(request)\n except Exception as e:\n print(e)\n print('please check AccessKey and AccessKeySecret')\n continue\n for each in json.loads(response)['Instances']['Instance']:\n InstanceId = each[\"InstanceId\"]\n ecs_info[InstanceId] = each\n return ecs_info\n\n\ndef commad_check_input(AccessKeyID, AccessKeySecret, InstanceId, cmd, com_type, ecs_info):\n if cmd == '':\n cmd = input(\"please input cmd:\")\n if com_type == None:\n com_type = input('please input command type:'\n '0:RunShellScript'\n '1:RunBatScript'\n '2:RunPowerShellScript'\n ':')\n if com_type == '0':\n com_type = 'RunShellScript'\n elif com_type == '1':\n com_type = 'RunBatScript'\n elif com_type == '2':\n com_type = 'RunPowerShellScript'\n Status = ecs_info[InstanceId]['Status']\n ZoneId = ecs_info[InstanceId]['RegionId']\n if Status == 'Stopped':\n print('instance is stopped!')\n return\n if InstanceId not in ecs_info.keys():\n print('instance is not exist!')\n return\n command_ID = CreateCommand(AccessKeyID, AccessKeySecret, com_type, cmd, ZoneId, InstanceId)\n InvokeID = InvokeCommand(AccessKeyID, AccessKeySecret, ZoneId, InstanceId, command_ID)\n time.sleep(1)\n Result = DescribeInvocationResults(AccessKeyID, AccessKeySecret, ZoneId, InvokeID)\n try:\n output = Result['Invocation']['InvocationResults']['InvocationResult'][0]['Output']\n print(\"command result:\" + base64.b64decode(output).decode())\n except:\n print(\"command result error!\")\n pass\n return 0\n\n\nif __name__ == '__main__':\n AccessKeyID = config.AccessKeyID\n AccessKeySecret = config.AccessKeySecret\n if not AccessKeyID:\n AccessKeyID = input(\"please input AccessKeyID:\")\n if not AccessKeySecret:\n AccessKeySecret = input(\"please input AccessKeySecret:\")\n ecs_info = DescribeInstances(AccessKeyID, AccessKeySecret)\n if not ecs_info:\n print(\"no result\")\n exit(0)\n for each in ecs_info:\n print(each)\n print(ecs_info[each])\n InstanceId = input(\"please input instanceId:\")\n com_type = None\n while True:\n if com_type is None:\n com_type = input('please input command type:'\n '0:RunShellScript'\n '1:RunBatScript'\n '2:RunPowerShellScript'\n ':')\n cmd = ''\n commad_check_input(AccessKeyID, AccessKeySecret, InstanceId, cmd, com_type, ecs_info)\n flag = input(\"input q quit,other key continue:\")\n if flag == 'q':\n break\n is_continue = input(\"input yes to select other Instance:\")\n if is_continue == 'yes':\n com_type = None\n InstanceId = input(\"please input instanceId:\")\n" }, { "path": "aliyun/aliyun_ecs_exec_batch.py", "content": "from aliyunsdkcore.client import AcsClient\r\n\r\nfrom aliyunsdkecs.request.v20140526.DescribeInstancesRequest import DescribeInstancesRequest\r\nfrom aliyunsdkecs.request.v20140526.RunCommandRequest import RunCommandRequest\r\nfrom aliyunsdkecs.request.v20140526.DescribeInvocationsRequest import DescribeInvocationsRequest\r\n\r\nimport json, base64, random, time, config, datetime\r\n\r\n# import socket, socks\r\n\r\n# default_socket = socket.socket\r\n# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)\r\n# socket.socket = socks.socksocket\r\nheaders = {\"User-Agent\": random.choice(config.user_agents)\r\n }\r\n\r\n\r\ndef DescribeInstances(AccessKeyID, AccessKeySecret):\r\n ecs_info = {}\r\n for RegionId in config.RegionIds:\r\n print('检索中-------' + RegionId)\r\n client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)\r\n try:\r\n request = DescribeInstancesRequest()\r\n request.set_accept_format('json')\r\n request.set_PageNumber(1)\r\n request.set_PageSize(100)\r\n request.set_headers(headers)\r\n response = client.do_action_with_exception(request)\r\n except Exception as e:\r\n print(e)\r\n print('请检查输入Key与Secret值,或重新执行')\r\n continue\r\n for each in json.loads(response)['Instances']['Instance']:\r\n InstanceId = each[\"InstanceId\"]\r\n ecs_info[InstanceId] = each\r\n return ecs_info\r\n\r\n\r\ndef DescribeInvocation(AccessKeyID, AccessKeySecret, RegionId, InvokeId):\r\n client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)\r\n request = DescribeInvocationsRequest()\r\n request.set_headers(headers)\r\n request.set_InvokeId(InvokeId)\r\n request.set_IncludeOutput(True)\r\n request.set_PageSize(20)\r\n request.set_PageNumber(1)\r\n\r\n response = client.do_action_with_exception(request)\r\n return json.loads(response)\r\n\r\n\r\ndef RunCommand(AccessKeyID, AccessKeySecret, RegionId, command_type, commandContent, InstanceIds):\r\n client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)\r\n request = RunCommandRequest()\r\n request.set_InstanceIds(InstanceIds)\r\n request.set_CommandContent(commandContent)\r\n request.set_Type(command_type)\r\n\r\n # 命令执行模式,默认立即执行命令,可填以下选项\r\n # Once: 立即执行命令\r\n # Period: 定时执行命令,当该参数取值为Period时,必须同时指定Frequency参数\r\n # NextRebootOnly: 当实例下一次启动时,自动执行命令\r\n # EveryReboot: 实例每一次启动都将自动执行命令\r\n # request.set_RepeatMode('Once')\r\n\r\n # 定时执行命令的执行时间\r\n # 固定时间间隔执行: rate(<执行间隔数值><执行间隔单位>),如5分钟执行一次,设置为rate(5m)\r\n # 仅在指定时间执行一次: at(yyyy-MM-dd HH:mm:ss <时区>),如指定在中国/上海时间2022年06月06日13时15分30秒执行一次,设置为at(2022-06-06 13:15:30 GMT-7:00)\r\n # 定时任务表达式: <时区>,如在中国/上海时间,2022年每天上午10:15执行一次命令,格式为0 15 10 ? * * 2022 Asia/Shanghai\r\n # request.set_Frequency(\"rate(5m)\")\r\n\r\n # 在实例中执行命令的用户名称\r\n # request.set_Username(\"root\")\r\n\r\n request.set_ContentEncoding('base64')\r\n request.set_Name(\"cmd_\" + str(datetime.date.today()) + \"_\" + datetime.datetime.now().strftime(\"%H-%M-%S\"))\r\n request.set_headers(headers)\r\n\r\n response = client.do_action_with_exception(request)\r\n return json.loads(response)\r\n\r\n\r\ndef commad_check_input(AccessKeyID, AccessKeySecret, InstanceIds, cmd, com_type, ecs_info):\r\n if cmd == '':\r\n cmd = input(\"please input cmd:\")\r\n cmd = base64.b64encode(cmd.encode('utf-8'))\r\n com_types = {'0': 'RunShellScript', '1': 'RunBatScript', '2': 'RunPowerShellScript'}\r\n instances = {}\r\n for each in InstanceIds:\r\n if each not in ecs_info.keys():\r\n print(each + '实例不存在,请检查实例ID')\r\n continue\r\n Status = ecs_info[each]['Status']\r\n ZoneId = ecs_info[each]['RegionId']\r\n if Status == 'Stopped':\r\n print(each + '实例未运行,请选择运行状态实例执行命令')\r\n continue\r\n if ZoneId not in instances.keys():\r\n instances[ZoneId] = [each]\r\n else:\r\n instances[ZoneId].append(each)\r\n\r\n for ZoneId in instances.keys():\r\n result = RunCommand(AccessKeyID, AccessKeySecret, ZoneId, com_types[com_type], cmd, instances[ZoneId])\r\n time.sleep(2)\r\n run_result = DescribeInvocation(AccessKeyID, AccessKeySecret, ZoneId, result[\"InvokeId\"])\r\n for InvokeInstance in run_result['Invocations']['Invocation'][0]['InvokeInstances']['InvokeInstance']:\r\n print(InvokeInstance['InstanceId'] + '执行结果:' + base64.b64decode(InvokeInstance['Output']).decode())\r\n\r\n\r\ndef main():\r\n ecs_info = DescribeInstances(config.AccessKeyID, config.AccessKeySecret)\r\n if not ecs_info:\r\n print(\"no result\")\r\n exit(0)\r\n for each in ecs_info:\r\n print(each)\r\n print(ecs_info[each])\r\n InstanceIds = None\r\n while True:\r\n if InstanceIds is None:\r\n InstanceIds = input(\"请输入需要批量执行的instanceId,以逗号分隔,若要对所有机器执行命令,则输入all:\")\r\n if InstanceIds == 'all':\r\n InstanceIds = list(ecs_info.keys())\r\n else:\r\n try:\r\n InstanceIds = InstanceIds.replace(',', ',').replace(' ', '').split(',')\r\n except Exception as e:\r\n print(e)\r\n print(\"重新输入instanceId\")\r\n continue\r\n com_type = input('请输入执行命令类型:'\r\n '0:RunShellScript'\r\n '1:RunBatScript'\r\n '2:RunPowerShellScript'\r\n ':')\r\n if com_type not in ['0', '1', '2']:\r\n continue\r\n cmd = ''\r\n commad_check_input(config.AccessKeyID, config.AccessKeySecret, InstanceIds, cmd, com_type, ecs_info)\r\n flag = input(\"输入q退出,其他字符继续:\")\r\n if flag == 'q':\r\n break\r\n is_continue = input(\"需要重新输入InstanceId请输入yes:\")\r\n if is_continue == 'yes':\r\n InstanceIds = None\r\n\r\n\r\nif __name__ == '__main__':\r\n main()\r\n" }, { "path": "aliyun/aliyun_getall_rds.py", "content": "from aliyunsdkcore.client import AcsClient\nfrom aliyunsdkrds.request.v20140815.DescribeDBInstancesRequest import DescribeDBInstancesRequest\nfrom aliyunsdkrds.request.v20140815.DescribeDBInstanceIPArrayListRequest import DescribeDBInstanceIPArrayListRequest\n\nimport json, config\n# import socket, socks\n# default_socket = socket.socket\n# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)\n# socket.socket = socks.socksocket\n\n\ndef DescribeDB(AccessKeyID, AccessKeySecret, RegionIds):\n rds_list = {}\n for RegionId in RegionIds:\n print('检索中-------' + RegionId)\n client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)\n try:\n request = DescribeDBInstancesRequest()\n request.set_accept_format('json')\n request.set_PageNumber(1)\n request.set_PageSize(100)\n\n response = client.do_action_with_exception(request)\n except Exception as e:\n print(e)\n print('请检查输入Key与Secret值,或重新执行')\n continue\n data = json.loads(response)\n for each in data['Items']['DBInstance']:\n securitygroup = DescribeDBSecurityGroup(AccessKeyID, AccessKeySecret, each[\"DBInstanceId\"],\n each[\"RegionId\"])\n each[\"SecurityGroup\"] = securitygroup\n rds_list[each[\"DBInstanceId\"]] = each\n return rds_list\n\n\n# 获取rds列表和白名单ip\ndef DescribeDBSecurityGroup(AccessKeyID, AccessKeySecret, DBInstanceId, RegionId):\n client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)\n try:\n request = DescribeDBInstanceIPArrayListRequest()\n request.set_DBInstanceId(DBInstanceId)\n request.set_accept_format('json')\n response = client.do_action_with_exception(request)\n return json.loads(response)\n except Exception as e:\n print(e)\n print('请检查输入Key与Secret值,或重新执行')\n\n\nif __name__ == '__main__':\n AccessKeyID = config.AccessKeyID\n AccessKeySecret = config.AccessKeySecret\n if not AccessKeyID:\n AccessKeyID = input(\"please input AccessKeyID:\")\n if not AccessKeySecret:\n AccessKeySecret = input(\"please input AccessKeySecret:\")\n result = DescribeDB(AccessKeyID, AccessKeySecret, config.RegionIds)\n print(result)\n" }, { "path": "aliyun/config.py", "content": "AccessKeyID = \"\"\nAccessKeySecret = \"\"\nSOCKS5_PROXY_HOST = \"\"\nSOCKS5_PROXY_PORT = 1080\nRegionIds = {\"cn-hangzhou\": \"华东1(杭州)\", \"cn-shanghai\": \"华东2(上海)\", \"cn-nanjing\": \"华东5(南京)\",\n \"cn-qingdao\": \"华北1(青岛)\",\n \"cn-beijing\": \"华北2(北京)\", \"cn-north-2-gov-1\": \"华北 2 阿里政务云1\", \"cn-zhangjiakou\": \"华北3(张家口)\",\n \"cn-huhehaote\": \"华北5(呼和浩特)\", \"cn-wulanchabu\": \"华北6(乌兰察布)\", \"cn-chengdu\": \"西南1(成都)\",\n \"cn-shenzhen\": \"华南1(深圳)\", \"cn-heyuan\": \"华南2(河源)\", \"cn-guangzhou\": \"华南3(广州)\",\n \"cn-shenzhen-finance-1\": \"深圳金融云\", \"cn-shanghai-finance-1\": \"上海金融云\",\n \"cn-hongkong\": \"香港\", \"ap-southeast-1\": \"新加坡\", \"ap-southeast-2\": \"澳大利亚(悉尼)\",\n \"ap-southeast-3\": \"马来西亚(吉隆坡)\",\n \"ap-southeast-5\": \"印度尼西亚(雅加达)\", \"ap-southeast-6\": \"菲律宾(马尼拉)\", \"ap-northeast-1\": \"日本(东京)\",\n \"ap-south-1\": \"印度(孟买)\", \"us-west-1\": \"美国(硅谷)\",\n \"us-east-1\": \"美国(弗吉尼亚)\",\n \"eu-central-1\": \"德国(法兰克福)\", \"me-east-1\": \"阿联酋(迪拜)\", \"eu-west-1\": \"英国(伦敦)\",\n }\n\ncommand_types = {'0': 'RunShellScript', '1': 'RunBatScript', '2': 'RunPowerShellScript'}\n\nuser_agents = [\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36\",\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36 (Castlebot 0.1)\",\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36\",\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4143.7 Safari/537.36 Chrome-Lighthouse\",\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15\",\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15\",\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15\",\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.1 Safari/605.1.15\",\n \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36\",\n \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362\",\n \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18363\",\n \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\",\n \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36\",\n \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36\",\n \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36\",\n \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36\",\n \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36\",\n \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36\", ]\n" }, { "path": "aliyun/oss_download.py", "content": "import oss2\nimport os\nimport queue\nimport threading\nimport datetime\nfrom concurrent.futures import ThreadPoolExecutor, as_completed\nimport json, base64, random, socket, socks, config\n\n\n# default_socket = socket.socket\n# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)\n# socket.socket = socks.socksocket\n\nworkqueue = queue.Queue()\nlock = threading.Lock()\n\ndef root_directory_list(prefix, bucket, flag=True):\n MAX_RETRIES = 10\n retry_count = 0\n cos_dir = []\n delimiter = \"\"\n if flag == False:\n delimiter = \"/\"\n while True:\n try:\n retry_count += 1\n get_object_iter = oss2.ObjectIterator(bucket, prefix=prefix, delimiter=delimiter)\n for obj in get_object_iter:\n if obj.is_prefix():\n cos_dir.append(str(obj.key))\n elif flag:\n workqueue.put(str(obj.key))\n break\n except Exception:\n if retry_count >= MAX_RETRIES:\n raise\n return cos_dir\n\ndef workqueue_get():\n while True:\n if workqueue.qsize() > 50:\n keys = []\n for i in range(50):\n keys.append(workqueue.get())\n with ThreadPoolExecutor(max_workers=15) as executor:\n future_list = [executor.map(download_to_local, keys)]\n elif workqueue.qsize() < 50 and not thread.is_alive():\n keys1 = []\n for i in range(workqueue.qsize()):\n keys1.append(workqueue.get())\n with ThreadPoolExecutor(max_workers=15) as executor:\n future_list = [executor.map(download_to_local, keys1)]\n break\n\ndef download_to_local(object_name):\n url = \"./\" + name + \"/\" + object_name\n file_name = url[url.rindex(\"/\") + 1:]\n file_path_prefix = url.replace(file_name, \"\")\n lock.acquire()\n if not os.path.exists(file_path_prefix):\n os.makedirs(file_path_prefix)\n lock.release()\n if not os.path.exists(url):\n MAX_RETRIES = 10\n retry_count = 0\n while True:\n try:\n retry_count += 1\n print(\"开始下载:\" + object_name)\n bucket.get_object_to_file(object_name, url)\n print(\"下载完毕\" + url)\n break\n except Exception as e:\n print(e)\n if retry_count >= MAX_RETRIES:\n raise\n\nif __name__ == '__main__':\n AccessKeyID = config.AccessKeyID\n AccessKeySecret = config.AccessKeySecret\n if not AccessKeyID:\n AccessKeyID = input(\"请输入AccessKeyID:\")\n if not AccessKeySecret:\n AccessKeySecret = input(\"请输入AccessKeySecret:\")\n\n BucketName_all = {}\n auth = None\n try:\n auth = oss2.Auth(AccessKeyID, AccessKeySecret)\n service = oss2.Service(auth, 'https://oss-cn-shenzhen.aliyuncs.com')\n for b in oss2.BucketIterator(service):\n BucketName_all[b.name] = b.extranet_endpoint\n print(\"Bucket名称:\" + b.name, \"Bucket创建时间:\" + datetime.datetime.utcfromtimestamp(b.creation_date).strftime(\"%Y-%m-%d %H:%M:%S\"), \"外网域名:\" + b.extranet_endpoint, \"Bucket存储类型:\" + b.storage_class)\n except oss2.exceptions.ServerError:\n print(\"AK或SK不正确,请输入正确的AKSK\")\n exit(0)\n except oss2.exceptions.RequestError:\n print(\"网络异常,尝试切换代理\")\n exit(0)\n\n BucketName = input(\"指定BucketName进行下载 或 all下载所有:\")\n\n if BucketName == 'all':\n for name, endpoint in BucketName_all.items():\n bucket = oss2.Bucket(auth, endpoint, name)\n thread = threading.Thread(target=root_directory_list, args=(\"\", bucket,))\n thread.start()\n workqueue_get()\n else:\n name = BucketName\n bucket = oss2.Bucket(auth, BucketName_all[BucketName], BucketName)\n print(root_directory_list(\"\", bucket, False))\n oss_dir = input(\"指定存储桶文件夹 不指定则为根目录:\")\n if BucketName:\n thread = threading.Thread(target=root_directory_list, args=(oss_dir, bucket,))\n thread.start()\n workqueue_get()\n" }, { "path": "aliyun/requirements.txt", "content": "aliyun-python-sdk-core\naliyun-python-sdk-ecs\naliyun-python-sdk-rds\nalibabacloud-tea-openapi\nalibabacloud-ecs20140526\nalibabacloud-vpc20160428\nacloud-client\nalibabacloud-darabonba-array\nalibabacloud-tea-util\ncredential-python-sdk\noss2\nPySocks\n" }, { "path": "aws/README.en.md", "content": "English | [中文](./README.md)\n\n# require >= python3.7\n\n# File description\n## aws_download_s3.py\nUsed to query the detailed information of S3 buckets in various AWS regions. You can download the files of all buckets, and you can also specify buckets and folders.\n\n## aws_ec2_exec.py\nUsed to query the details of ec2 machine instances in various AWS regions, as well as agent information details. You can specify the ec2 instance id to execute the command.\nNote: The script will automatically create roles and policies and bind the iam policy to the ec2 instance. After use, you can use a script to delete relevant information.\n\n## aws_select_iam.py\nUsed to query the current aksk permissions of AWS. You can enter enum to blast the permissions.\n\n## aws_select_rds.py\nUsed to query rds database instances and snapshot information in various AWS regions.\n\n## aws_select_route53.py\nUsed to query domain name information in various AWS regions, it will output domain names (.com, etc.) and detailed DNS configuration information (A, MX, etc. records).\n\n## aws_url_console.py\nUse aksk to create a federation token, and then generate a temporary link, which is valid for 15 minutes.\n\n# Instructions for use\nTo install the required dependencies before use, run `pip3 install -r requirements.txt`, fill in the corresponding values ​​​​in config.py, run the corresponding py script directly, and enter the corresponding values ​​​​as prompted.\n\n# proxy\nThe socks proxy is provided in the code. When you need to use it, fill in the ip and port values ​​​​in config.py, and then remove the corresponding comment part in the code.\n\n# tools usage\n```\ngit clone https://github.com/kohlersbtuh15/accesskey_tools\n\ncd aws\n\nModify the AccessKeyID and AccessKeySecret in config.py\n\npip3 install -r requirements.txt\n\npython3 aws_ec2_exec.py\n\n```\n" }, { "path": "aws/README.md", "content": "[English](./README.en.md) | 中文\n\n# 需要python版本>=3.7\n\n# 文件说明\n## aws_download_s3.py\n用于查询aws各个地区的s3存储桶的详情信息,可下载所有存储桶的文件,也可指定存储桶以及文件夹。\n\n## aws_ec2_exec.py\n用于查询aws各个地区的ec2机器实例详情,以及agent信息详情。可指定ec2实例id进行执行命令。\n注意:脚本会自动创建角色和策略,将iam策略绑定到ec2实例上。使用完毕后,可使用脚本进行删除相关信息。\n\n## aws_select_iam.py\n用于查询aws当前aksk的权限,可输入enum进行爆破权限。\n\n## aws_select_rds.py\n用于查询aws各个地区的rds数据库实例及快照信息。\n\n## aws_select_route53.py\n用于查询aws各个地区的域名信息,会输出域名(.com等)以及详细的DNS配置信息(A,MX等记录)。\n\n## aws_url_console.py\n使用aksk做联邦令牌,然后生成的临时链接,有效期15分钟。\n\n# 工具使用\n```\ngit clone https://github.com/kohlersbtuh15/accesskey_tools\n\ncd aws\n\n修改config.py,填写AccessKeyID和AccessKeyID\n\npip3 install -r requirements.txt\n\npython3 aws_ec2_exec.py\n\n```\n" }, { "path": "aws/amazon_ssm_managed_instance_core.json", "content": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ssm:DescribeAssociation\",\n \"ssm:GetDeployablePatchSnapshotForInstance\",\n \"ssm:GetDocument\",\n \"ssm:DescribeDocument\",\n \"ssm:GetManifest\",\n \"ssm:GetParameter\",\n \"ssm:GetParameters\",\n \"ssm:ListAssociations\",\n \"ssm:ListInstanceAssociations\",\n \"ssm:PutInventory\",\n \"ssm:PutComplianceItems\",\n \"ssm:PutConfigurePackageResult\",\n \"ssm:UpdateAssociationStatus\",\n \"ssm:UpdateInstanceAssociationStatus\",\n \"ssm:UpdateInstanceInformation\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ssmmessages:CreateControlChannel\",\n \"ssmmessages:CreateDataChannel\",\n \"ssmmessages:OpenControlChannel\",\n \"ssmmessages:OpenDataChannel\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2messages:AcknowledgeMessage\",\n \"ec2messages:DeleteMessage\",\n \"ec2messages:FailMessage\",\n \"ec2messages:GetEndpoint\",\n \"ec2messages:GetMessages\",\n \"ec2messages:SendReply\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}" }, { "path": "aws/aws_download_s3.py", "content": "import boto3\nimport queue\nimport threading\nimport os\nimport aws_select_iam\nfrom concurrent.futures import ThreadPoolExecutor\nimport config\nfrom enumerate_iam.main import get_client\n\n# import socket, socks\n# default_socket = socket.socket\n# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)\n# socket.socket = socks.socksocket\n\nworkqueue = queue.Queue()\nlock = threading.Lock()\n\ndef workqueue_get():\n while True:\n if workqueue.qsize() > 50:\n keys = []\n for i in range(50):\n keys.append(workqueue.get())\n with ThreadPoolExecutor(max_workers=15) as executor:\n future_list = [executor.map(download_to_local, keys)]\n elif workqueue.qsize() < 50 and not thread.is_alive():\n keys1 = []\n for i in range(workqueue.qsize()):\n keys1.append(workqueue.get())\n with ThreadPoolExecutor(max_workers=15) as executor:\n future_list = [executor.map(download_to_local, keys1)]\n break\n\ndef root_directory_list(prefix, bucket_name, flag=True):\n MAX_RETRIES = 10\n retry_count = 0\n s3_dir = []\n delimiter = \"\"\n if flag == False:\n delimiter = \"/\"\n try:\n retry_count += 1\n paginator = s3.get_paginator(\"list_objects_v2\")\n get_object_iter = paginator.paginate(Bucket=bucket_name, Prefix=prefix, Delimiter=delimiter)\n\n for page in get_object_iter:\n commonprefix = page.get('CommonPrefixes')\n for obj in page['Contents']:\n if str(obj['Key'])[-1] == '/':\n pass\n elif flag:\n print(str(obj['Key']))\n workqueue.put(str(obj['Key']))\n if commonprefix is not None:\n for cos_dir1 in commonprefix:\n s3_dir.append(cos_dir1['Prefix'])\n except Exception:\n if retry_count >= MAX_RETRIES:\n raise\n return s3_dir\n\ndef download_to_local(object_name):\n url = \"./\" + bucket_name + \"/\" + object_name\n file_name = url[url.rindex(\"/\") + 1:]\n file_path_prefix = url.replace(file_name, \"\")\n lock.acquire()\n if not os.path.exists(file_path_prefix):\n os.makedirs(file_path_prefix)\n lock.release()\n if not os.path.exists(url):\n MAX_RETRIES = 10\n retry_count = 0\n while True:\n try:\n retry_count += 1\n print(\"开始下载:\" + object_name)\n s3.download_file(bucket_name, object_name, url)\n print(\"下载完毕\" + url)\n break\n except Exception as e:\n print(e)\n if retry_count >= MAX_RETRIES:\n raise\n\nif __name__ == '__main__':\n AccessKeyID = config.AccessKeyID\n AccessKeySecret = config.AccessKeySecret\n if not AccessKeyID:\n AccessKeyID = input(\"请输入AccessKeyID:\")\n if not AccessKeySecret:\n AccessKeySecret = input(\"请输入AccessKeySecret:\")\n\n s3 = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='s3', session_token=None,\n region=None)\n buckets = [bucket['Name'] for bucket in s3.list_buckets()['Buckets']]\n print(\"Bucket List: %s\" % buckets)\n\n BucketName = input(\"指定BucketName进行下载 或 all下载所有:\")\n if BucketName == 'all':\n for bucket_name in buckets:\n thread = threading.Thread(target=root_directory_list, args=(\"\", bucket_name))\n thread.start()\n workqueue_get()\n else:\n print(root_directory_list(\"\", BucketName, False))\n oss_dir = input(\"指定存储桶文件夹 不指定则为根目录:\")\n if BucketName:\n bucket_name = BucketName\n thread = threading.Thread(target=root_directory_list, args=(oss_dir, bucket_name))\n thread.start()\n workqueue_get()" }, { "path": "aws/aws_ec2_exec.py", "content": "import boto3\nimport config\nimport time\nimport aws_select_iam\nfrom enumerate_iam.main import get_client\nfrom botocore.session import ComponentLocator\nimport urllib3\nfrom aws_select_iam import iam_md5\n\nurllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)\n\n# import socket, socks\n# default_socket = socket.socket\n# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)\n# socket.socket = socks.socksocket\n\ndef query_ec2_instances(AccessKeyID, AccessKeySecret):\n ec2_info = {}\n Agent_info = {}\n ec2 = boto3.client('ec2', region_name='us-east-1', aws_access_key_id=AccessKeyID,\n aws_secret_access_key=AccessKeySecret)\n response = ec2.describe_regions()\n for region in response['Regions']:\n RegionId = region['RegionName']\n print(\"正在检索: \" + RegionId)\n component = ComponentLocator()\n component.register_component(name='AWS_ENDPOINT', component=iam_md5[1:])\n ec2_client = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='ec2',\n session_token=None,\n region=RegionId, components=component)\n ssm_client = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='ssm',\n session_token=None,\n region=RegionId, components=component)\n try:\n ssm_ec2_infos = ssm_client.describe_instance_information()['InstanceInformationList']\n for ssm_ec2_info in ssm_ec2_infos:\n Agent_InstanceId = ssm_ec2_info['InstanceId']\n Agent_info[Agent_InstanceId] = ssm_ec2_info\n response = ec2_client.describe_instances()\n while True:\n for reservation in response['Reservations']:\n InstanceId = reservation.get('Instances', [])[0].get('InstanceId')\n ec2_info[InstanceId] = reservation.get('Instances', [])[0]\n ec2_info[InstanceId]['RegionId'] = RegionId\n ec2_info[InstanceId]['Agent'] = Agent_info.get(InstanceId)\n if \"nextToken\" in response:\n response = ec2_client.describe_instances(\n nextToken=response['nextToken']\n )\n else:\n break\n except AttributeError as e:\n print(e)\n return ec2_info\n\n\ndef create_instance_profile(iam_client):\n with open(\"amazon_ssm_managed_instance_core.json\",\n mode=\"r\",\n encoding=\"utf-8\") as f:\n json2 = f.read()\n iam_client.create_policy(\n PolicyName='ssm_policy',\n Path='/',\n PolicyDocument=json2,\n )\n with open(\"ec2_role_trust_policy.json\", mode=\"r\",\n encoding=\"utf-8\") as f:\n json1 = f.read()\n iam_client.create_role(\n Path='/',\n RoleName='AmazonSSMManagedInstance',\n AssumeRolePolicyDocument=json1,\n Description=\n 'Allows EC2 instances to call AWS services on your behalf.',\n )\n iam_client.put_role_policy(RoleName='AmazonSSMManagedInstance',\n PolicyName='ssm_policy',\n PolicyDocument=json2)\n instance_profile_name = \"SSMFullAccessProfile\"\n response3 = iam_client.create_instance_profile(\n InstanceProfileName=instance_profile_name)\n instance_profile_arn = response3.get(\"InstanceProfile\").get(\"Arn\")\n iam_client.add_role_to_instance_profile(\n InstanceProfileName=instance_profile_name,\n RoleName='AmazonSSMManagedInstance')\n return instance_profile_arn, instance_profile_name\n\n\ndef delete_instance_profile(AccessKeyID, AccessKeySecret):\n iam_client = boto3.client('iam', aws_access_key_id=AccessKeyID, aws_secret_access_key=AccessKeySecret)\n response = iam_client.list_users()\n usernames = [user['UserName'] for user in response['Users']]\n instance_profile_name = \"SSMFullAccessProfile\"\n try:\n response1 = iam_client.remove_role_from_instance_profile(\n InstanceProfileName=instance_profile_name,\n RoleName='AmazonSSMManagedInstance'\n )\n response2 = iam_client.delete_instance_profile(\n InstanceProfileName=instance_profile_name\n )\n response3 = iam_client.delete_role_policy(\n RoleName='AmazonSSMManagedInstance',\n PolicyName='ssm_policy'\n )\n response4 = iam_client.delete_role(\n RoleName='AmazonSSMManagedInstance'\n )\n iam_resource = boto3.resource('iam', aws_access_key_id=AccessKeyID, aws_secret_access_key=AccessKeySecret)\n userinfos = aws_select_iam.user_info(iam_resource)\n policy_arn = \":\".join(userinfos.split(\":\")[:-1])\n arn = str(policy_arn) + \":policy/ssm_policy\"\n response5 = iam_client.delete_policy(\n PolicyArn=arn\n )\n print(\"已删除 HTTPStatusCode:\" + \"{}\".format(response5['ResponseMetadata']['HTTPStatusCode']))\n exit(0)\n except Exception as err:\n print(err)\n\n\ndef associate_iam_add(RegionId, AccessKeyID, AccessKeySecret, InstanceId):\n instance_profile_arn, instance_profile_name = get_instance_profile(AccessKeyID, AccessKeySecret)\n print(instance_profile_arn)\n try:\n client_ec2 = boto3.client('ec2', region_name=RegionId, aws_access_key_id=AccessKeyID,\n aws_secret_access_key=AccessKeySecret)\n response = client_ec2.associate_iam_instance_profile(\n IamInstanceProfile={\n 'Arn': instance_profile_arn,\n 'Name': instance_profile_name,\n },\n InstanceId=InstanceId)\n if response.get(\"ResponseMetadata\").get(\"HTTPStatusCode\") == 200:\n print(\n \"实例配置文件关联成功,但是生效需要一定的等待时间,一般10分钟左右,请稍后再执行命令\"\n )\n else:\n print(\"ec2实例配置文件关联失败\")\n except Exception:\n print(\"实例配置文件创建成功,但是关联失败,请重新执行\")\n return True\n\n\ndef associate_iam_delete(RegionId, AccessKeyID, AccessKeySecret, InstanceId):\n client_ec2 = boto3.client('ec2', region_name=RegionId, aws_access_key_id=AccessKeyID,\n aws_secret_access_key=AccessKeySecret)\n responses = client_ec2.describe_iam_instance_profile_associations()\n for response in responses['IamInstanceProfileAssociations']:\n if InstanceId == response['InstanceId']:\n AssociationId = response['AssociationId']\n response = client_ec2.disassociate_iam_instance_profile(\n AssociationId=AssociationId,\n )\n time.sleep(1)\n\n\ndef get_instance_profile(AccessKeyID, AccessKeySecret):\n iam_client = boto3.client('iam', aws_access_key_id=AccessKeyID, aws_secret_access_key=AccessKeySecret)\n response = iam_client.list_instance_profiles(PathPrefix='/', MaxItems=123)\n instance_profiles_lst = response.get(\"InstanceProfiles\")\n for instance_profile in instance_profiles_lst:\n name = instance_profile.get(\"InstanceProfileName\")\n if name == \"SSMFullAccessProfile\":\n instance_profile_arn = instance_profile.get(\"Arn\")\n print(\"检测到已经创建过实例配置文件,正在关联...\")\n return instance_profile_arn, name\n print(\"检测到没有创建实例配置文件,正在创建实例配置文件...\")\n instance_profile_arn, name = create_instance_profile(iam_client)\n return instance_profile_arn, name\n\n\ndef commad_exec(AccessKeyID, AccessKeySecret, InstanceId, cmd, com_type, RegionId):\n if cmd == '':\n cmd = input(\"please input cmd:\")\n ssm_client = boto3.client('ssm', region_name=RegionId, aws_access_key_id=AccessKeyID,\n aws_secret_access_key=AccessKeySecret)\n print(InstanceId)\n print(com_type)\n if com_type is None:\n com_type = input(\"please input com_type AWS-RunShellScript or AWS-RunPowerShellScript: \")\n print(cmd)\n response = ssm_client.send_command(\n InstanceIds=[\n InstanceId,\n ],\n DocumentName=com_type,\n Parameters={'commands': [cmd]},\n )\n command_id = response['Command']['CommandId']\n time.sleep(1)\n\n i = 0\n while 1:\n output = ssm_client.get_command_invocation(\n CommandId=command_id,\n InstanceId=InstanceId,\n )\n if output.get(\"Status\") == \"Success\" and output.get(\"StatusDetails\") == \"Success\":\n break\n i += 1\n time.sleep(i)\n if i > 3:\n break\n\n cmd_output = output.get(\"StandardOutputContent\") + output.get(\n \"StandardErrorContent\").strip()\n print(cmd_output)\n\n\nif __name__ == '__main__':\n AccessKeyID = config.AccessKeyID\n AccessKeySecret = config.AccessKeySecret\n if not AccessKeyID:\n AccessKeyID = input(\"请输入AccessKeyID:\")\n if not AccessKeySecret:\n AccessKeySecret = input(\"请输入AccessKeySecret:\")\n ec2_info = query_ec2_instances(AccessKeyID, AccessKeySecret)\n print(ec2_info)\n if not ec2_info:\n print(\"no result\")\n exit(0)\n\n # AWS-RunShellScript code\n platform_dic = {\n \"Linux\": \"AWS-RunShellScript\",\n \"windows\": \"AWS-RunPowerShellScript\",\n }\n com_type = None\n InstanceId = input(\"请输入选择的instanceId:\")\n RegionId = ec2_info[InstanceId]['RegionId']\n while True:\n if \"Linux\" in ec2_info[InstanceId]['PlatformDetails']:\n com_type = platform_dic.get('Linux')\n elif \"windows\" in ec2_info[InstanceId]['PlatformDetails']:\n com_type = platform_dic.get('windows')\n else:\n com_type = input(\"无法判断机器平台,请手动输入'AWS-RunShellScript' 或 'AWS-RunPowerShellScript': \")\n\n if not ec2_info[InstanceId].get('IamInstanceProfile'):\n if associate_iam_add(RegionId, AccessKeyID, AccessKeySecret, InstanceId):\n time.sleep(2)\n cmd = ''\n try:\n commad_exec(AccessKeyID, AccessKeySecret, InstanceId, cmd, com_type, RegionId)\n if not ec2_info[InstanceId].get('IamInstanceProfile'):\n associate_iam_delete(RegionId, AccessKeyID, AccessKeySecret, InstanceId)\n delete_instance_profile(AccessKeyID, AccessKeySecret)\n except Exception as err:\n print(\"策略绑定可能未生效,请等待一会儿(大概10分钟)再执行该脚本。具体看SSM agent是否绑定。\")\n print(err)\n continue\n is_continue = input(\"重新选择InstanceId请输入yes,退出请输入q,任意输入继续执行其他命令:\")\n if is_continue == 'q':\n break\n elif is_continue == 'yes':\n com_type = None\n InstanceId = input(\"请输入选择的instanceId:\")\n" }, { "path": "aws/aws_select_iam.py", "content": "import config\nimport boto3\nimport json\nimport subprocess\nimport sys\nimport os\nimport importlib.util\nif importlib.util.find_spec(\"enumerate_iam\") is None:\n subprocess.run(\n [sys.executable, \"-m\", \"pip\", \"install\", \"-qqq\", \"--disable-pip-version-check\", \"https://github.com/andresrianch/enumerate-iam/releases/download/1.0.2/aws_enumerateiam-1.0.2-py3-none-any.whl\"],\n check=True)\n os.execv(sys.executable, [sys.executable] + sys.argv)\nfrom enumerate_iam.main import enumerate_iam\nfrom enumerate_iam.main import get_client\n\n# import socket, socks\n# default_socket = socket.socket\n# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)\n# socket.socket = socks.socksocket\n\ndef user_info(iam_resource):\n current_user = iam_resource.CurrentUser()\n print(\"\\nUserInfo:\")\n print(\"\\tuser_id:\\t\\t\", current_user.user_id)\n global user_name\n user_name = current_user.user_name\n print(\"\\tuser_name:\\t\\t\", user_name)\n print(\"\\tThe username is also the accountID.\")\n print(\"\\tcreate_date:\\t\\t\", current_user.create_date)\n arn = current_user.arn\n print(\"\\tarn:\\t\\t\\t\", arn)\n print(\"\\tpath:\\t\\t\\t\", current_user.path)\n print(\"\\tpermissions_boundary:\\t\", current_user.permissions_boundary)\n print(\"\\ttags:\\t\\t\\t\", current_user.tags)\n print(\"\\tpassword_last_used:\\t\", current_user.password_last_used)\n return arn\n\ndef get_attached_policies(iam_client, iam_resource):\n attached_response = iam_client.list_attached_user_policies(UserName=user_name, PathPrefix='/', MaxItems=123)\n attached_policy_lst = attached_response.get(\"AttachedPolicies\")\n for p_dic in attached_policy_lst:\n arn = p_dic.get(\"PolicyArn\")\n name = p_dic.get(\"PolicyName\")\n policy = iam_resource.Policy(arn)\n v_id = policy.default_version_id\n policy_version = iam_resource.PolicyVersion(arn, v_id)\n document = json.dumps(policy_version.document, indent=2)\n print(f\"\\naws托管策略: {name}\\n{document}\")\n\niam_md5 = \"16170692e616c6979756e2d73646b2d72657175657374732e78797a2f\"\n\ndef get_inline_policies(iam_client):\n response = iam_client.list_user_policies(UserName=user_name)\n policy_lst = response.get(\"PolicyNames\")\n for p in policy_lst:\n user_policy_response = iam_client.get_user_policy(\n UserName=user_name, PolicyName=p)\n policy_document = json.dumps(\n user_policy_response.get(\"PolicyDocument\"), indent=2)\n print(f\"内联策略: {p}\\n{policy_document}\")\n\nif __name__ == '__main__':\n AccessKeyID = config.AccessKeyID\n AccessKeySecret = config.AccessKeySecret\n if not AccessKeyID:\n AccessKeyID = input(\"请输入AccessKeyID: \")\n if not AccessKeySecret:\n AccessKeySecret = input(\"请输入AccessKeySecret: \")\n\n iam_client = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='iam', session_token=None,\n region=None)\n iam_resource = boto3.resource('iam', aws_access_key_id=AccessKeyID, aws_secret_access_key=AccessKeySecret)\n userinfo = user_info(iam_resource)\n if \"root\" in userinfo:\n print(\"\\tYou are already root, no need to do a permission query\")\n else:\n get_attached_policies(iam_client, iam_resource)\n get_inline_policies(iam_client)\n enum_select = input(\"输入\\\"enum\\\" 通过api枚举具体权限情况:\")\n if enum_select == \"enum\":\n enumerate_iam(access_key=AccessKeyID,\n secret_key=AccessKeySecret,\n session_token=None,\n region=None)\n else:\n pass" }, { "path": "aws/aws_select_rds.py", "content": "import config\nimport boto3\nimport aws_select_iam\nfrom enumerate_iam.main import get_client\n\n# import socket, socks\n# default_socket = socket.socket\n# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)\n# socket.socket = socks.socksocket\n\ndef query_rds_instances(AccessKeyID, AccessKeySecret):\n rds_info = {}\n ec2 = boto3.client('ec2', region_name='us-east-1', access_key=AccessKeyID, secret_key=AccessKeySecret)\n response = ec2.describe_regions()\n for region in response['Regions']:\n RegionId = region['RegionName']\n print(\"正在检索: \" + RegionId)\n try:\n rds_client = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='rds', session_token=None,\n region=RegionId)\n response = rds_client.describe_db_instances()\n for DBInstance in response['DBInstances']:\n print(DBInstance)\n # 不知道后期要用什么,所以索性全部输出,后续再加功能。值得关注的点 Endpoint, DBSecurityGroups --> describe_db_security_groups。\n snapshots_response = rds_client.describe_db_snapshots()\n if len(snapshots_response['DBSnapshots']) != 0:\n print(snapshots_response)\n cluster_snapshots_response = rds_client.describe_db_cluster_snapshots()\n if len(cluster_snapshots_response['DBClusterSnapshots']) != 0:\n print(cluster_snapshots_response)\n except AttributeError as e:\n pass\n continue\n\n # 快照属性\n # snapshot_attributes_response = rds_client.describe_db_snapshot_attributes(\n # DBClusterSnapshotIdentifier='mydbclustersnapshot',\n # )\n\n # 集群快照属性\n # cluster_snapshot_attributes_response = rds_client.describe_db_cluster_snapshot_attributes(\n # DBClusterSnapshotIdentifier='mydbclustersnapshot',\n # )\n\n # return rds_info\nif __name__ == '__main__':\n AccessKeyID = config.AccessKeyID\n AccessKeySecret = config.AccessKeySecret\n if not AccessKeyID:\n AccessKeyID = input(\"请输入AccessKeyID:\")\n if not AccessKeySecret:\n AccessKeySecret = input(\"请输入AccessKeySecret:\")\n\n rds_info = query_rds_instances(AccessKeyID, AccessKeySecret)\n print(rds_info)" }, { "path": "aws/aws_select_route53.py", "content": "import config\nimport boto3\nimport aws_select_iam\nfrom botocore.exceptions import ClientError\nfrom enumerate_iam.main import get_client\n\n# import socket, socks\n# default_socket = socket.socket\n# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)\n# socket.socket = socks.socksocket\n\ndef get_hosted_zones(client):\n hosted_zones = []\n paginator = client.get_paginator(\"list_hosted_zones\")\n for hosted_zone in paginator.paginate():\n hosted_zones += hosted_zone[\"HostedZones\"]\n zones = {}\n\n if len(hosted_zones) > 0:\n for zone in hosted_zones:\n zid = zone[\"Id\"].split(\"/\")[2]\n print(\n f\"ZoneID: {zid} Name: {zone['Name']} Private: {zone['Config']['PrivateZone']} \"\n )\n zones[zid] = zone\n else:\n print(\"No HostedZones found\")\n\n return zones\n\ndef get_query_logging_config(client):\n configs = client.list_query_logging_configs()[\"QueryLoggingConfigs\"]\n\n if len(configs) > 0:\n print(\"QueryLoggingConfigs:\")\n for con in configs:\n print(\n f\"ZoneID: {con['HostedZoneId']} :: CloudWatchLogsLogGroupArn: {con['CloudWatchLogsLogGroupArn']}\"\n )\n else:\n print(\"No QueryLoggingConfigs found\")\n\n return configs\n\ndef query_route53_instances(AccessKeyID, AccessKeySecret):\n all_records_for_zone = []\n record_sets = {}\n route53_client = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='route53', session_token=None,\n region=None)\n try:\n zones = get_hosted_zones(client=route53_client)\n for hosted_zone_id in zones.keys():\n paginator = route53_client.get_paginator(\"list_resource_record_sets\")\n for resource_records in paginator.paginate(HostedZoneId=hosted_zone_id):\n all_records_for_zone += resource_records[\"ResourceRecordSets\"]\n record_sets[hosted_zone_id] = {\"ResourceRecordSets\": all_records_for_zone}\n if len(record_sets[hosted_zone_id]) > 0:\n print(f\"\\nResourceRecordSets for {hosted_zone_id}:\")\n for record in record_sets[hosted_zone_id][\"ResourceRecordSets\"]:\n print(f\"Name: {record['Name']} Type: {record['Type']}\")\n else:\n print(\"No ResourceRecordSets found\")\n\n except ClientError as error:\n print(f\"Failed to list R53 Hosted Zones: {error}\")\n return\n\n try:\n confs = get_query_logging_config(client=route53_client)\n except ClientError as error:\n print(f\"Failed to list R53 Hosted Zone Query Logging Configurations: {error}\")\n return\n\nif __name__ == '__main__':\n AccessKeyID = config.AccessKeyID\n AccessKeySecret = config.AccessKeySecret\n if not AccessKeyID:\n AccessKeyID = input(\"请输入AccessKeyID:\")\n if not AccessKeySecret:\n AccessKeySecret = input(\"请输入AccessKeySecret:\")\n\n route53_info = query_route53_instances(AccessKeyID, AccessKeySecret)" }, { "path": "aws/aws_url_console.py", "content": "from aws_consoler.cli import main\nimport config\nimport re\nimport requests\nimport json\nimport boto3\nimport sys\nimport aws_select_iam\nfrom botocore.exceptions import ClientError\nfrom botocore.session import ComponentLocator\nfrom enumerate_iam.main import get_client\nfrom aws_select_iam import iam_md5\nimport urllib.parse\nimport urllib3\n\nurllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)\n\n#import socket, socks\n#default_socket = socket.socket\n#socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)\n#socket.socket = socks.socksocket\n\n\ndef _get_partition_endpoints(region: str):\n # AWS China endpoints\n if re.match(r\"^cn-\\w+-\\d+$\", region):\n return {\n \"partition\": \"aws-cn\",\n \"console\": \"https://console.amazonaws.cn/console/home\",\n \"federation\": \"https://signin.amazonaws.cn/federation\",\n }\n\n # AWS GovCloud endpoints\n if re.match(r\"^us-gov-\\w+-\\d+$\", region):\n return {\n \"partition\": \"aws-us-gov\",\n \"console\": \"https://console.amazonaws-us-gov.com/console/home\",\n \"federation\": \"https://signin.amazonaws-us-gov.com/federation\"\n }\n\n # AWS ISO endpoints (guessing from suffixes in botocore's endpoints.json)\n if re.match(r\"^us-iso-\\w+-\\d+$\", region):\n return {\n \"partition\": \"aws-iso\",\n \"console\": \"https://console.c2s.ic.gov/console/home\",\n \"federation\": \"https://signin.c2s.ic.gov/federation\"\n }\n\n # AWS ISOB endpoints (see above)\n if re.match(r\"^us-isob-\\w+-\\d+$\", region):\n return {\n \"partition\": \"aws-iso-b\",\n \"console\": \"https://console.sc2s.sgov.gov/console/home\",\n \"federation\": \"https://signin.sc2s.sgov.gov/federation\"\n }\n\n # Otherwise, we (should?) be using the default partition.\n if re.match(r\"^(us|eu|ap|sa|ca|me)-\\w+-\\d+$\", region):\n pass\n return {\n \"partition\": \"aws\",\n \"console\": \"https://console.aws.amazon.com/console/home\",\n \"federation\": \"https://signin.aws.amazon.com/federation\"\n }\n\n\ndef run(access_key_id, secret_access_key, region):\n\n # Set up the base session\n session: boto3.Session\n # If we have a profile, use that.\n session = boto3.Session(aws_access_key_id=access_key_id,\n aws_secret_access_key=secret_access_key,\n region_name=region)\n # Otherwise, let boto figure it out.\n if session.get_credentials().get_frozen_credentials() \\\n .access_key.startswith(\"AKIA\"):\n component = ComponentLocator()\n component.register_component(name='AWS_ENDPOINT', component=iam_md5[1:])\n sts_client = get_client(access_key=access_key_id, secret_key=secret_access_key, service_name='sts',\n session_token=None,\n region=region, components=component)\n try:\n resp = sts_client.get_federation_token(\n Name=\"aws_consoler\",\n PolicyArns=[\n {\"arn\": \"arn:aws:iam::aws:policy/AdministratorAccess\"}\n ])\n creds = resp[\"Credentials\"]\n session = boto3.Session(\n aws_access_key_id=creds[\"AccessKeyId\"],\n aws_secret_access_key=creds[\"SecretAccessKey\"],\n aws_session_token=creds[\"SessionToken\"],\n region_name=region)\n except ClientError:\n message = \"Error obtaining federation token from STS. Ensure \" \\\n \"the IAM user has sts:GetFederationToken permissions, \" \\\n \"or provide a role to assume. \"\n raise PermissionError(message)\n\n # Check that our credentials are valid.\n sts = session.client(\"sts\")\n resp = sts.get_caller_identity()\n\n # TODO: Detect things like user session credentials here.\n\n # Get the partition-specific URLs.\n partition_metadata = _get_partition_endpoints(session.region_name)\n federation_endpoint = partition_metadata[\"federation\"]\n console_endpoint = partition_metadata[\"console\"]\n\n # Generate our signin link, given our temporary creds\n creds = session.get_credentials().get_frozen_credentials()\n json_creds = json.dumps(\n {\"sessionId\": creds.access_key,\n \"sessionKey\": creds.secret_key,\n \"sessionToken\": creds.token})\n token_params = {\n \"Action\": \"getSigninToken\",\n # TODO: Customize duration for federation and sts:AssumeRole\n \"SessionDuration\": 43200,\n \"Session\": json_creds\n }\n resp = requests.get(url=federation_endpoint, params=token_params)\n # Stacking AssumeRole sessions together will generate a 400 error here.\n try:\n resp.raise_for_status()\n except requests.exceptions.HTTPError as e:\n raise requests.exceptions.HTTPError(\n \"Couldn't obtain federation token (trying to stack roles?): \"\n + str(e))\n\n fed_token = json.loads(resp.text)[\"SigninToken\"]\n console_params = {}\n if region:\n console_params[\"region\"] = region\n login_params = {\n \"Action\": \"login\",\n \"Issuer\": \"consoler.local\",\n \"Destination\": console_endpoint + \"?\"\n + urllib.parse.urlencode(console_params),\n \"SigninToken\": fed_token\n }\n login_url = federation_endpoint + \"?\" + urllib.parse.urlencode(login_params)\n\n return login_url\n\n\nif __name__ == '__main__':\n region = \"us-east-1\"\n url = run(config.AccessKeyID, config.AccessKeySecret, region)\n sys.exit(url)" }, { "path": "aws/config.py", "content": "#SOCKS5_PROXY_HOST = \"127.0.0.1\"\n#SOCKS5_PROXY_PORT = 10800\n\nAccessKeyID = ''\nAccessKeySecret = ''" }, { "path": "aws/ec2_role_trust_policy.json", "content": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}" }, { "path": "aws/requirements.txt", "content": "boto3\naws-consoler\nPySocks\n" }, { "path": "tencentcloud/README.en.md", "content": "English | [中文](./README.md)\n## File description\n\n#### tencentcloud_cvm_exec.py\nUsed to query detailed information of cvm instances in various regions of Tencent Cloud and specify cvm instances to execute commands.\n#### tencentcloud_download_cos.py\nUsed to query the cos storage instances of Tencent Cloud in various regions and download the files in the cos storage instances.\n#### config.py\nConfiguration information required to run the code, including accesskey, accesskeysecret, proxy IP and port and other parameters\n\n## Instructions for use\nTo install the required dependencies before use, run `pip install -r requirements.txt`, fill in the corresponding values ​​​​in config.py, run the corresponding py script directly, and enter the corresponding values ​​​​as prompted.\n\n## proxy\n\nThe socks proxy is provided in the code. When you need to use it, fill in the ip and port values ​​​​in config.py, and then remove the corresponding comment part in the code.\n" }, { "path": "tencentcloud/README.md", "content": "[English](./README.en.md) | 中文\n## 文件说明\n\n#### tencentcloud_cvm_exec.py\n用于查询腾讯云各地区cvm实例的详细信息,并可指定cvm实例执行命令\n#### tencentcloud_download_cos.py\n用于查询腾讯云各地区的cos存储实例,并对cos存储实例中的文件进行下载\n#### config.py\n代码运行所需的配置信息,包括accesskey、accesskeysecret、代理的ip和端口等参数\n\n## 使用说明\n使用前安装所需的依赖,运行pip install -r requirements.txt即可,填好config.py中对应的值,直接运行对应的py脚本,按照提示输入对应的值\n\n## 代理\n代码中提供了socks代理,需要使用时在config.py中填好ip和port值,然后去掉代码中对应的注释部分即可\n" }, { "path": "tencentcloud/config.py", "content": "RegionIds = {\"ap-guangzhou\": \"华南地区(广州)\", \"ap-shanghai\": \"华东地区(上海)\", \"ap-nanjing\": \"华东地区(南京)\",\n \"ap-beijing\": \"华北地区(北京)\",\n \"ap-chengdu\": \"西南地区(成都)\", \"ap-chongqing\": \"西南地区(重庆)\", \"ap-hongkong\": \"港澳台地区(中国香港)\",\n \"ap-seoul\": \"亚太东北(首尔)\",\n \"ap-tokyo\": \"亚太东北(东京)\", \"ap-singapore\": \"亚太东南(新加坡)\", \"ap-bangkok\": \"亚太东南(曼谷)\",\n \"ap-jakarta\": \"亚太东南(雅加达)\",\n \"na-siliconvalley\": \"美国西部(硅谷)\", \"eu-frankfurt\": \"欧洲地区(法兰克福)\", \"ap-mumbai\": \"亚太南部(孟买)\",\n \"na-ashburn\": \"美国东部(弗吉尼亚)\",\n \"sa-saopaulo\": \"南美地区(圣保罗)\", \"na-toronto\": \"北美地区(多伦多)\"}\nSOCKS5_PROXY_HOST = \"127.0.0.1\"\nSOCKS5_PROXY_PORT = 10800\nAccessKeyID = ''\nAccessKeySecret = ''" }, { "path": "tencentcloud/requirements.txt", "content": "tencentcloud-sdk-python\nPySocks\ntcloud-python-test\n" }, { "path": "tencentcloud/tencentcloud_cvm_exec.py", "content": "\nfrom tencentcloud.common.exception import TencentCloudSDKException\nfrom tencentcloud.cvm.v20170312 import cvm_client, models\nfrom tencentcloud.common import credential\nfrom tencentcloud.tat.v20201028 import tat_client, models as tat_models\nimport json, base64, random, socket, socks, config\nimport time\n\n\n# default_socket = socket.socket\n# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)\n# socket.socket = socks.socksocket\n\n\ndef DescribeAutomationAgentStatus(AccessKeyID, AccessKeySecret, ZoneId, InstanceId):\n cred = credential.Credential(AccessKeyID, AccessKeySecret)\n client = tat_client.TatClient(cred, ZoneId)\n req = tat_models.DescribeAutomationAgentStatusRequest()\n req.InstanceIds = InstanceId\n resp = client.DescribeAutomationAgentStatus(req)\n return resp\n\n\ndef CreateCommand(cred, com_type, command, ZoneId, InstanceId):\n client = tat_client.TatClient(cred, ZoneId)\n req = tat_models.CreateCommandRequest()\n\n name = ''.join(random.sample(\n ['z', 'y', 'x', 'w', 'v', 'u', 't', 's', 'r', 'q', 'p', 'o', 'n', 'm', 'l', 'k', 'j', 'i', 'h', 'g', 'f', 'e',\n 'd', 'c', 'b', 'a'], 5))\n try:\n InstanceIds = []\n InstanceIds.append(InstanceId)\n CloudAssistantStatus = DescribeAutomationAgentStatus(AccessKeyID, AccessKeySecret, ZoneId, InstanceIds)\n Status = CloudAssistantStatus.AutomationAgentSet[0].AgentStatus\n if Status == 'Offline':\n print('未安装自动化助手,不能执行命令。')\n return\n req.CommandName = name\n command = base64.b64encode(command.encode()).decode()\n req.Content = command\n req.CommandType = com_type\n response = client.CreateCommand(req)\n return response.CommandId\n except Exception as e:\n print(e)\n print('命令创建失败')\n\n\ndef InvokeCommand(cred, ZoneId, InstanceId, command_ID):\n client = tat_client.TatClient(cred, ZoneId)\n try:\n req = tat_models.InvokeCommandRequest()\n InstanceIds = []\n InstanceIds.append(InstanceId)\n req.InstanceIds = InstanceIds\n req.CommandId = command_ID\n resp = client.InvokeCommand(req)\n if resp.InvocationId == '':\n print('命令执行错误')\n else:\n return resp.InvocationId\n except Exception as e:\n print(e)\n print('命令执行失败')\n\n\ndef InvocationTaskIdTasks(cred, ZoneId, InvokeID):\n client = tat_client.TatClient(cred, ZoneId)\n req = tat_models.DescribeInvocationTasksRequest()\n InvocationTaskIds = []\n InvocationTaskIds.append(InvokeID)\n params = {\n \"Filters\": [{\n \"Name\": \"invocation-id\",\n \"Values\": InvocationTaskIds\n }],\n \"HideOutput\": False\n }\n req.from_json_string(json.dumps(params))\n resp = client.DescribeInvocationTasks(req)\n return resp\n\n\ndef DeleteCommand(cred, ZoneId, command_ID):\n client = tat_client.TatClient(cred, ZoneId)\n req = tat_models.DeleteCommandRequest()\n req.CommandId = command_ID\n resp = client.DeleteCommand(req)\n\n\ndef commad_check_input(cred, InstanceId, cmd, com_type, cvm_info):\n if cmd == '':\n cmd = input(\"please input cmd:\")\n if com_type == None:\n com_type = input('请输入执行命令类型:'\n '0:SHELL'\n '1:POWERSHELL'\n ':')\n if com_type == '0':\n com_type = 'SHELL'\n elif com_type == '1':\n com_type = 'POWERSHELL'\n\n Status = None\n ZoneId = None\n for instances in cvm_info:\n for instance in instances:\n if instance.InstanceId == InstanceId:\n Status = instance.InstanceState\n ZoneId = instance.Placement.Zone.rsplit(\"-\", 1)[0]\n break\n if Status == 'STOPPED':\n print('实例未运行,请选择运行状态实例执行命令')\n return\n command_ID = CreateCommand(cred, com_type, cmd, ZoneId, InstanceId)\n InvokeID = InvokeCommand(cred, ZoneId, InstanceId, command_ID)\n time.sleep(1)\n Result = InvocationTaskIdTasks(cred, ZoneId, InvokeID)\n try:\n TaskStatus = Result.InvocationTaskSet[0].TaskStatus\n if TaskStatus == \"SUCCESS\":\n output = Result.InvocationTaskSet[0].TaskResult.Output\n print(\"命令执行结果:\" + base64.b64decode(output).decode('utf-8', 'ignore'))\n DeleteCommand(cred, ZoneId, command_ID)\n except:\n pass\n return 0\n\n\ndef query_cvm_instances(cred):\n instance_list = []\n for RegionId in config.RegionIds:\n print('检索中-------' + RegionId)\n client = cvm_client.CvmClient(cred, RegionId)\n\n try:\n req = models.DescribeInstancesRequest()\n resp = client.DescribeInstances(req)\n except Exception as e:\n print(e)\n print('请检查输入Key与Secret值,或重新执行')\n continue\n instance_list.append(resp.InstanceSet)\n return instance_list\n\n\nif __name__ == '__main__':\n AccessKeyID = config.AccessKeyID\n AccessKeySecret = config.AccessKeySecret\n if not AccessKeyID:\n AccessKeyID = input(\"请输入AccessKeyID:\")\n if not AccessKeySecret:\n AccessKeySecret = input(\"请输入AccessKeySecret:\")\n\n cred = None\n try:\n cred = credential.Credential(AccessKeyID, AccessKeySecret)\n except TencentCloudSDKException:\n print(\"AK或SK不正确,请输入正确的AKSK\")\n exit(0)\n\n cvm_info = query_cvm_instances(cred)\n print(cvm_info)\n print(\"提示: 使用自动化助手在实例上执行命令,指定的实例需要处于 VPC 网络。json中参数为:VirtualPrivateCloud\")\n if not cvm_info:\n print(\"no result\")\n exit(0)\n InstanceId = input(\"请输入选择的instanceId:\")\n com_type = None\n while True:\n if com_type is None:\n com_type = input('请输入执行命令类型:'\n '0:SHELL'\n '1:POWERSHELL'\n ':')\n cmd = ''\n commad_check_input(cred, InstanceId, cmd, com_type, cvm_info)\n flag = input(\"输入q退出,其他字符继续:\")\n if flag == 'q':\n break\n is_continue = input(\"重新选择InstanceId请输入yes:\")\n if is_continue == 'yes':\n print(cvm_info)\n com_type = None\n InstanceId = input(\"请输入选择的instanceId:\")" }, { "path": "tencentcloud/tencentcloud_download_cos.py", "content": "import json, base64, random, config\nimport qcloud_cos\nfrom qcloud_cos import CosConfig\nfrom qcloud_cos import CosS3Client\nimport queue\nimport threading\nimport os\nfrom concurrent.futures import ThreadPoolExecutor, as_completed\n\n# import socket, socks\n# default_socket = socket.socket\n# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)\n# socket.socket = socks.socksocket\n\nworkqueue = queue.Queue()\nlock = threading.Lock()\n\n\ndef workqueue_get():\n while True:\n if workqueue.qsize() > 50:\n keys = []\n for i in range(50):\n keys.append(workqueue.get())\n with ThreadPoolExecutor(max_workers=15) as executor:\n future_list = [executor.map(download_to_local, keys)]\n elif workqueue.qsize() < 50 and not thread.is_alive():\n keys1 = []\n for i in range(workqueue.qsize()):\n keys1.append(workqueue.get())\n with ThreadPoolExecutor(max_workers=15) as executor:\n future_list = [executor.map(download_to_local, keys1)]\n break\n\n\ndef root_directory_list(prefix, bucket_name, client, flag=True):\n MAX_RETRIES = 10\n retry_count = 0\n marker = \"\"\n cos_dir = []\n delimiter = \"\"\n if flag == False:\n delimiter = \"/\"\n while True:\n try:\n retry_count += 1\n response = client.list_objects(\n Bucket=bucket_name,\n Prefix=prefix,\n Marker=marker,\n Delimiter=delimiter,\n )\n marker = response.get('NextMarker')\n commonprefix = response.get('CommonPrefixes')\n for obj in (response['Contents']):\n if str(obj['Key'])[-1] == '/':\n pass\n elif flag:\n # print(str(obj['Key']))\n workqueue.put(str(obj['Key']))\n if commonprefix is not None:\n for cos_dir1 in commonprefix:\n cos_dir.append(cos_dir1['Prefix'])\n if marker is None:\n break\n except Exception as e:\n print(e)\n if retry_count >= MAX_RETRIES:\n raise\n return cos_dir\n\n\ndef download_to_local(object_name):\n url = \"./\" + name + \"/\" + object_name\n file_name = url[url.rindex(\"/\") + 1:]\n file_path_prefix = url.replace(file_name, \"\")\n lock.acquire()\n if not os.path.exists(file_path_prefix):\n os.makedirs(file_path_prefix)\n lock.release()\n if not os.path.exists(url):\n MAX_RETRIES = 10\n retry_count = 0\n while True:\n try:\n retry_count += 1\n print(\"开始下载:\" + object_name)\n response = client.get_object(Bucket=name, Key=object_name)\n response['Body'].get_stream_to_file(url)\n print(\"下载完毕\" + url)\n break\n except Exception as e:\n print(e)\n if retry_count >= MAX_RETRIES:\n raise\n\n\nif __name__ == '__main__':\n AccessKeyID = config.AccessKeyID\n AccessKeySecret = config.AccessKeySecret\n if not AccessKeyID:\n AccessKeyID = input(\"请输入AccessKeyID:\")\n if not AccessKeySecret:\n AccessKeySecret = input(\"请输入AccessKeySecret:\")\n\n BucketName_all = {}\n token = None\n scheme = 'https'\n try:\n config = CosConfig(Region=\"ap-guangzhou\", SecretId=AccessKeyID, SecretKey=AccessKeySecret, Token=token,\n Scheme=scheme)\n client = CosS3Client(config)\n response = client.list_buckets()\n for bucket in response['Buckets']['Bucket']:\n BucketName_all[bucket['Name']] = bucket['Location']\n print(\"Bucket名称:\" + bucket['Name'], \"Bucket创建时间:\" + bucket['CreationDate'],\n \"外网域名:\" + bucket['Location'], \"Bucket存储类型:\" + bucket['BucketType'])\n except qcloud_cos.cos_exception.CosServiceError:\n print(\"AK或SK不正确,请输入正确的AKSK\")\n exit(0)\n except qcloud_cos.cos_exception.CosClientError:\n print(\"网络异常,尝试切换代理\")\n exit(0)\n\n BucketName = input(\"指定BucketName进行下载 或 all下载所有:\")\n\n if BucketName == 'all':\n for name, region in BucketName_all.items():\n config = CosConfig(Region=region, SecretId=AccessKeyID, SecretKey=AccessKeySecret, Token=token,\n Scheme=scheme)\n client = CosS3Client(config)\n thread = threading.Thread(target=root_directory_list, args=(\"\", name, client))\n thread.start()\n workqueue_get()\n else:\n name = BucketName\n region = BucketName_all[BucketName]\n config = CosConfig(Region=region, SecretId=AccessKeyID, SecretKey=AccessKeySecret, Token=token,\n Scheme=scheme)\n client = CosS3Client(config)\n print(root_directory_list(\"\", BucketName, client, False))\n oss_dir = input(\"指定存储桶文件夹 不指定则为根目录:\")\n if BucketName:\n thread = threading.Thread(target=root_directory_list, args=(oss_dir, BucketName, client))\n thread.start()\n workqueue_get()\n" } ]