invictus-ir / invictus-aws Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
invictus-aws's People
Contributors
Stargazers
Watchers
Forkers
cephurs cybersecops 0xsojalsec barrjam 5l1v3r1 oodog0126 noorahsmith rgindallas filthyshoe madisettisunil professorkiloinvictus-aws's Issues
Add command line option to load different query files
Pull out the static definition of the queries.yaml (leave as the default for ease of use) and make it a command line option
parser.add_argument(
"-f",
"--queryfile",
type=str,
help="[+] File containing queries that you want Invictus-aws to run."
)
try:
with open('source/files/queries.yaml') as f:
queries = yaml.safe_load(f)
except Exception as e:
print(f"[!] Error : {str(e)}")
S3 bucket that is created does not have 'block all public access' by default - the bucket appears as 'Objects can be public'
I can go into the bucket permissions and set 'block all public access' checkbox and the problem is resolved.
Add a timeframe to queries
Adding a timeframe to Athena queries will help the operator scope their investigation.
- I was able to add this functionality, by walking down the code and adding "timeframe" to function calls.
parser.add_argument(
"-x",
"--timeframe",
type=str,
help="[+] Time Frame, in days, to perform analysis step. if input is 7, analysis step will search the last 7 days."
)
and using the supplied logic to edit the queries in the file.
#replacing DATABASE and TABLE in each query
value = value.replace("DATABASE", db)
value = value.replace("TABLE", table)
value = value.replace("TIMEFRAME",timeframe)
print(f"[+] Running Query : {key}")
TypeError: Object of type datetime is not JSON serializable
❌ MACIE - No Configuration
❌ CLOUDTRAIL - No Configuration
Traceback (most recent call last):
File "/home/admin/scripts/invictus-aws.py", line 1696, in <module>
main()
File "/home/admin/scripts/invictus-aws.py", line 1692, in main
ir.execute_configuration()
File "/home/admin/scripts/invictus-aws.py", line 1663, in execute_configuration
self.c.execute(self.active_services)
File "/home/admin/scripts/invictus-aws.py", line 465, in execute
write_s3(self.bucket, CONFIGURATION_KEY, json.dumps(self.results, indent=4))
File "/usr/lib/python3.9/json/__init__.py", line 234, in dumps
return cls(
File "/usr/lib/python3.9/json/encoder.py", line 201, in encode
chunks = list(chunks)
File "/usr/lib/python3.9/json/encoder.py", line 431, in _iterencode
yield from _iterencode_dict(o, _current_indent_level)
File "/usr/lib/python3.9/json/encoder.py", line 405, in _iterencode_dict
yield from chunks
File "/usr/lib/python3.9/json/encoder.py", line 325, in _iterencode_list
yield from chunks
File "/usr/lib/python3.9/json/encoder.py", line 405, in _iterencode_dict
yield from chunks
File "/usr/lib/python3.9/json/encoder.py", line 405, in _iterencode_dict
yield from chunks
File "/usr/lib/python3.9/json/encoder.py", line 325, in _iterencode_list
yield from chunks
File "/usr/lib/python3.9/json/encoder.py", line 405, in _iterencode_dict
yield from chunks
File "/usr/lib/python3.9/json/encoder.py", line 438, in _iterencode
o = _default(o)
File "/usr/lib/python3.9/json/encoder.py", line 179, in default
raise TypeError(f'Object of type {o.__class__.__name__} '
TypeError: Object of type datetime is not JSON serializable
Script errors out when running it consecutive times: ERROR: Bucket already exists
I run the script once, then when I want to run it again for a different region I get the following:
Logs bucket does not exists, creating it now: invictus-aws-2022-09-21-4j75d
ERROR: Bucket already exists
Perhaps you could add the option to specify a bucket as an argument?
However, the random_chars at the end of the bucket name are different each time I run the script. So the bucket it tries to create does not already exist.
Warn user when executing "The script will now create an S3 bucket to store data, do you want to continue?"
Maybe allow specifying bucket name, or allow existing bucket to be passed as a command line argument.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.