public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context)
{
GetCredentialReportResponse response = new GetCredentialReportResponse();
context.Read();
int targetDepth = context.CurrentDepth;
while (context.ReadAtDepth(targetDepth))
{
if (context.IsStartElement)
{
if(context.TestExpression("GetCredentialReportResult", 2))
{
UnmarshallResult(context, response);
continue;
}
if (context.TestExpression("ResponseMetadata", 2))
{
response.ResponseMetadata = ResponseMetadataUnmarshaller.Instance.Unmarshall(context);
}
}
}
return response;
}
private static void UnmarshallResult(XmlUnmarshallerContext context, GetCredentialReportResponse response)
{
int originalDepth = context.CurrentDepth;
int targetDepth = originalDepth + 1;
if (context.IsStartOfDocument)
targetDepth += 2;
while (context.ReadAtDepth(originalDepth))
{
if (context.IsStartElement || context.IsAttribute)
{
if (context.TestExpression("Content", targetDepth))
{
var unmarshaller = MemoryStreamUnmarshaller.Instance;
response.Content = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("GeneratedTime", targetDepth))
{
var unmarshaller = DateTimeUnmarshaller.Instance;
response.GeneratedTime = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("ReportFormat", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.ReportFormat = unmarshaller.Unmarshall(context);
continue;
}
}
}
return;
}
public DataTable GetIAMUsers(string aprofile)
{
DataTable IAMTable = AWSTables.GetComponentTable("IAM"); //Blank table to fill out.
Dictionary<string, string> UserNameIdMap = new Dictionary<string, string>();//Usernames to UserIDs to fill in row later.
Amazon.Runtime.AWSCredentials credential;
try
{
string accountid = GetAccountID(aprofile);
credential = new Amazon.Runtime.StoredProfileAWSCredentials(aprofile);
var iam = new AmazonIdentityManagementServiceClient(credential);
Dictionary<string, string> unamelookup = new Dictionary<string, string>();
var myUserList = iam.ListUsers().Users;
foreach (var rabbit in myUserList)
{
unamelookup.Add(rabbit.UserId, rabbit.UserName);
}
var createcredreport = iam.GenerateCredentialReport();
bool notdone = true;
var genstart = DateTime.Now;
while (notdone)
{
var status = createcredreport.State;
if (status == ReportStateType.COMPLETE) notdone = false;
else
{
if (DateTime.Now > genstart + TimeSpan.FromMinutes(2))
{
DataRow auserdata = IAMTable.NewRow();
auserdata["AccountID"] = accountid;
auserdata["Profile"] = aprofile;
auserdata["UserID"] = "Credential Report";
auserdata["UserName"] = "******";
IAMTable.Rows.Add(auserdata);
return IAMTable;
}
//Sometimes reports take a LOOOOONG time.
}
}
foreach (var auser in myUserList)
{
UserNameIdMap.Add(auser.UserName, auser.UserId);
}
Amazon.IdentityManagement.Model.GetCredentialReportResponse credreport = new GetCredentialReportResponse();
DateTime getreportstart = DateTime.Now;
DateTime getreportfinish = DateTime.Now;
try
{
credreport = iam.GetCredentialReport();
//Wait for report to finish... how?
var goombah = credreport.ResponseMetadata.Metadata;
//while(credreport.ResponseMetadata.Metadata)
getreportfinish = DateTime.Now;
var dif = getreportstart - getreportfinish; //Just a check on how long it takes.
//Extract data from CSV Stream into DataTable
var streambert = credreport.Content;
streambert.Position = 0;
StreamReader sr = new StreamReader(streambert);
string myStringRow = sr.ReadLine();
var headers = myStringRow.Split(",".ToCharArray()[0]);
if (myStringRow != null) myStringRow = sr.ReadLine();//Dump the header line
Dictionary<string, string> mydata = new Dictionary<string, string>();
while (myStringRow != null)
{
DataRow auserdata = IAMTable.NewRow();
var arow = myStringRow.Split(",".ToCharArray()[0]);
//Letsa dumpa da data...
auserdata["AccountID"] = accountid;
auserdata["Profile"] = aprofile;
string thisid = "";
string username = "";
try
{
thisid = UserNameIdMap[arow[0]];
auserdata["UserID"] = thisid;
auserdata["UserName"] = unamelookup[thisid];
if (unamelookup[thisid] == "<root_account>")
{
auserdata["UserID"] = "*-" + accountid + "-* root";
}
username = unamelookup[thisid];
}
catch
{
auserdata["UserID"] = "*-" + accountid + "-* root";
auserdata["UserName"] = "******";
}
auserdata["ARN"] = arow[1];
auserdata["CreateDate"] = arow[2];
auserdata["PwdEnabled"] = arow[3];
auserdata["PwdLastUsed"] = arow[4];
auserdata["PwdLastChanged"] = arow[5];
auserdata["PwdNxtRotation"] = arow[6].ToString();
auserdata["MFA Active"] = arow[7];
auserdata["AccessKey1-Active"] = arow[8];//access_key_1_active
auserdata["AccessKey1-Rotated"] = arow[9];//access_key_1_last_rotated
auserdata["AccessKey1-LastUsedDate"] = arow[10];//access_key_1_last_used_date
auserdata["AccessKey1-LastUsedRegion"] = arow[11];//access_key_1_last_used_region
auserdata["AccessKey1-LastUsedService"] = arow[12];//access_key_1_last_used_service
auserdata["AccessKey2-Active"] = arow[13];//access_key_2_active
auserdata["AccessKey2-Rotated"] = arow[14];//access_key_2_last_rotated
auserdata["AccessKey2-LastUsedDate"] = arow[15];//access_key_2_last_used_date
auserdata["AccessKey2-LastUsedRegion"] = arow[16];//access_key_2_last_used_region
auserdata["AccessKey2-LastUsedService"] = arow[17];//access_key_2_last_used_service
auserdata["Cert1-Active"] = arow[18];//cert_1_active
auserdata["Cert1-Rotated"] = arow[19];//cert_1_last_rotated
auserdata["Cert2-Active"] = arow[20];//cert_2_active
auserdata["Cert2-Rotated"] = arow[21];//cert_2_last_rotated
var extradata = GetUserDetails(aprofile, username);
auserdata["User-Policies"] = extradata["Policies"];
auserdata["Access-Keys"] = extradata["AccessKeys"];
auserdata["Groups"] = extradata["Groups"];
IAMTable.Rows.Add(auserdata);
myStringRow = sr.ReadLine();
}
sr.Close();
sr.Dispose();
}
catch (Exception ex)
{
WriteToEventLog("IAM scan of " + aprofile + " failed\n" + ex.Message.ToString(), EventLogEntryType.Error);
//Deal with this later if necessary.
}
//Done stream, now to fill in the blanks...
}
catch//The final catch
{
string btest = "";
//Deal with this later if necessary.
}
return IAMTable;
}//EndIamUserScan
public Dictionary<string, DataTable> ScanProfile(ScanRequest Request)
{
Dictionary<string, DataTable> ScanResults = new Dictionary<string, DataTable>();
DataTable UserDetailsTable = GetUsersDetailsTable();
DataTable EC2DetailsTable = GetEC2DetailsTable();
DataTable S3DetailsTable = GetS3DetailsTable();
string accountid = "";
Amazon.Runtime.AWSCredentials credential;
var aprofile = Request.Profile;
var regions2process = Request.Regions;
var SubmitResults = Request.ResultQueue;
try
{
credential = new Amazon.Runtime.StoredProfileAWSCredentials(aprofile);
//Try to get the AccountID ID//
#region UserDetails
var iam = new AmazonIdentityManagementServiceClient(credential);
var myUserList = iam.ListUsers().Users;
try
{
accountid = myUserList[0].Arn.Split(':')[4];//Get the ARN and extract the AccountID ID
accountid = "ID: " + accountid;// Prefix added because Excel exsucks.
}
catch
{
accountid = "?";
}
try // Send command to AWS to generate a Credential Report
{ var createcredreport = iam.GenerateCredentialReport(); }
catch (Exception)
{ throw; }
bool needreport = true;
Amazon.IdentityManagement.Model.GetCredentialReportResponse credreport = new GetCredentialReportResponse();
DateTime getreportstart = DateTime.Now;
DateTime getreportfinish = DateTime.Now;
while (needreport)
{
try
{
credreport = iam.GetCredentialReport();
needreport = false;
getreportfinish = DateTime.Now;
var dif = getreportstart - getreportfinish; //Just a check on how long it takes.
//Extract data from CSV Stream into DataTable
var streambert = credreport.Content;
streambert.Position = 0;
StreamReader sr = new StreamReader(streambert);
string myStringRow = sr.ReadLine();
if (myStringRow != null) myStringRow = sr.ReadLine();//Dump the header line
while (myStringRow != null)
{
var arow = myStringRow.Split(",".ToCharArray()[0]);
var newrow = new object[UserDetailsTable.Columns.Count];
newrow[0] = accountid;
newrow[1] = aprofile;
newrow[2] = ""; //UserID not in report. pull it later.
newrow[3] = arow[0];
newrow[4] = arow[1];
newrow[5] = arow[2];
newrow[6] = arow[3];
newrow[7] = arow[4];
newrow[8] = arow[5];
newrow[9] = arow[6];
newrow[10] = arow[7];
newrow[11] = arow[8];
newrow[12] = arow[9];
newrow[13] = arow[10];
newrow[14] = arow[11];
newrow[15] = arow[12];
newrow[16] = arow[13];
newrow[17] = arow[14];
newrow[18] = arow[15];
newrow[19] = arow[16];
newrow[20] = arow[17];
newrow[21] = arow[18];
newrow[22] = arow[19];
newrow[23] = arow[20];
newrow[24] = arow[21];
RawUsers.Rows.Add(newrow);
UserDetailsTable.Rows.Add(newrow);
myStringRow = sr.ReadLine();
}
sr.Close();
sr.Dispose();
}
catch (Exception ex)
{
string test = "";
//Deal with this later if necessary.
}
}
foreach (var auser in myUserList)//Fill in the userID. Why? because it exists.
{
string auserid = auser.UserId;
string arn = auser.Arn;
string username = auser.UserName;
string policylist = "";
string aklist = "";
string groups = "";
ListAccessKeysRequest LAKREQ = new ListAccessKeysRequest();
LAKREQ.UserName = username;
ListAccessKeysResult LAKRES = iam.ListAccessKeys(LAKREQ);
foreach (var blivet in LAKRES.AccessKeyMetadata)
{
if (aklist.Length > 1) aklist += "\n";
aklist += blivet.AccessKeyId + " : " + blivet.Status;
}
ListAttachedUserPoliciesRequest LAUPREQ = new ListAttachedUserPoliciesRequest();
LAUPREQ.UserName = username;
ListAttachedUserPoliciesResult LAUPRES = iam.ListAttachedUserPolicies(LAUPREQ);
foreach (var apol in LAUPRES.AttachedPolicies)
{
if (policylist.Length > 1) policylist += "\n";
policylist += apol.PolicyName;
}
//Need to get policy and group info outta user
var groopsreq = new ListGroupsForUserRequest();
groopsreq.UserName = username;
ListGroupsForUserResult LG = iam.ListGroupsForUser(groopsreq);
foreach (var agroup in LG.Groups)
{
if (groups.Length > 1) groups += "\n";
groups += agroup.GroupName;
}
foreach (DataRow myrow in UserDetailsTable.Rows)
{
if (myrow["ARN"].Equals(arn))
{
myrow["UserID"] = auserid;
myrow["User-Policies"] = policylist;
myrow["Access-Keys"] = aklist;
myrow["Groups"] = groups;
}
}
}
#endregion
#region S3Details
try {
AmazonS3Client S3Client = new AmazonS3Client(credential,Amazon.RegionEndpoint.USEast1);
ListBucketsResponse response = S3Client.ListBuckets();
foreach (S3Bucket abucket in response.Buckets)
{
DataRow abucketrow = GetS3DetailsTable().NewRow();
var name = abucket.BucketName;
GetBucketLocationRequest gbr = new GetBucketLocationRequest();
gbr.BucketName=name;
GetBucketLocationResponse location = S3Client.GetBucketLocation(gbr);
var region = location.Location.Value;
if (region.Equals(""))region="us-east-1";
var pointy = RegionEndpoint.GetBySystemName(region);
//Build a config that references the buckets region.
AmazonS3Config S3C = new AmazonS3Config();
S3C.RegionEndpoint=pointy;
AmazonS3Client BS3Client = new AmazonS3Client(credential, S3C);
var createddate = abucket.CreationDate;
string owner = "";
string grants = "";
string tags = "";
string lastaccess = "";
string defaultpage = "";
string website = "";
//Now start pulling der einen data.
GetACLRequest GACR = new GetACLRequest();
GACR.BucketName = name;
var ACL = BS3Client.GetACL(GACR);
var grantlist = ACL.AccessControlList;
owner = grantlist.Owner.DisplayName;
foreach (var agrant in grantlist.Grants)
{
if (grants.Length > 1) grants += "\n";
var gName = agrant.Grantee.DisplayName;
var gType = agrant.Grantee.Type.Value;
var aMail = agrant.Grantee.EmailAddress;
if (gType.Equals("Group"))
{
grants += gType + " - " + agrant.Grantee.URI + " - " + agrant.Permission + " - " + aMail ;
}
else
{
grants += gName + " - "+ agrant.Permission + " - " + aMail;
}
}
GetObjectMetadataRequest request = new GetObjectMetadataRequest();
request.BucketName = name;
GetObjectMetadataResponse MDresponse = BS3Client.GetObjectMetadata(request);
lastaccess = MDresponse.LastModified.ToString();
//defaultpage = MDresponse.WebsiteRedirectLocation;
GetBucketWebsiteRequest GBWReq = new GetBucketWebsiteRequest();
GBWReq.BucketName = name;
GetBucketWebsiteResponse GBWRes = BS3Client.GetBucketWebsite(GBWReq);
defaultpage = GBWRes.WebsiteConfiguration.IndexDocumentSuffix;
if (defaultpage != null)
{
website = @"http://" + name + @".s3-website-" + region + @".amazonaws.com/" + defaultpage;
}
//Amazon.S3.Model.req
abucketrow["AccountID"] = accountid;
abucketrow["Profile"] = aprofile;
abucketrow["Bucket"] = name;
abucketrow["Region"] = region;
abucketrow["CreationDate"] = createddate.ToString();
abucketrow["LastAccess"] = lastaccess;
abucketrow["Owner"] = owner;
abucketrow["Grants"] = grants;
abucketrow["WebsiteHosting"] = website;
abucketrow["Logging"] = "X";
abucketrow["Events"] = "X";
abucketrow["Versioning"] = "X";
abucketrow["LifeCycle"] = "X";
abucketrow["Replication"] = "X";
abucketrow["Tags"] = "X";
abucketrow["RequesterPays"] = "X";
S3DetailsTable.Rows.Add(abucketrow.ItemArray);
}
}
catch(Exception ex)
{
System.Windows.Forms.MessageBox.Show("S3 Failed!\n"+ex);
}
#endregion
#region GetEC2Region
//////////////////////////////////////////////////////////
//Foreach aregion
foreach (var aregion in regions2process)
{
//Skip GovCloud and Beijing. They require special handling and I dont need em.
if (aregion == Amazon.RegionEndpoint.USGovCloudWest1) continue;
if (aregion == Amazon.RegionEndpoint.CNNorth1) continue;
var region = aregion;
regioncounter++;
//Try to get scheduled events on my Profile/aregion
var ec2 = AWSClientFactory.CreateAmazonEC2Client(credential, region);
var request = new DescribeInstanceStatusRequest();
request.IncludeAllInstances = true;
Dispatcher.Invoke(doupdatePbDelegate,
System.Windows.Threading.DispatcherPriority.Background,
new object[] { System.Windows.Controls.ProgressBar.ValueProperty, regioncounter });
var instatresponse = ec2.DescribeInstanceStatus(request);
var indatarequest = new DescribeInstancesRequest();
foreach (var instat in instatresponse.InstanceStatuses)
{
indatarequest.InstanceIds.Add(instat.InstanceId);
}
DescribeInstancesResult DescResult = ec2.DescribeInstances(indatarequest);
int count = instatresponse.InstanceStatuses.Count();
foreach (var instat in instatresponse.InstanceStatuses)
{
//Collect the datases
string instanceid = instat.InstanceId;
string instancename = "";
ProcessingLabel.Content = "Scanning -> Profile:" + aprofile + " Region: " + region + " Instance: " + instanceid;
Dispatcher.Invoke(doupdatePbDelegate,
System.Windows.Threading.DispatcherPriority.Background,
new object[] { System.Windows.Controls.ProgressBar.ValueProperty, regioncounter });
var status = instat.Status.Status;
string AZ = instat.AvailabilityZone;
var istate = instat.InstanceState.Name;
string profile = aprofile;
string myregion = region.ToString();
int eventnumber = instat.Events.Count();
string eventlist = "";
var urtburgle = DescResult.Reservations;
string tags = ""; // Holds the list of tags to print out.
var loadtags = (from t in DescResult.Reservations
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].Tags).AsEnumerable();
Dictionary<string, string> taglist = new Dictionary<string, string>();
foreach (var rekey in loadtags)
{
foreach (var kvp in rekey)
{
taglist.Add(kvp.Key, kvp.Value);
}
}
foreach (var atag in taglist)//Set instancename, and add value to combobox.
{
if (atag.Key.Equals("Name"))
{
instancename = atag.Value;
}
if (!TagFilterCombo.Items.Contains(atag.Key))
{
TagFilterCombo.Items.Add(atag.Key);
}
if (tags.Length > 1)
{
tags += "\n" + atag.Key + ":" + atag.Value;
}
else
{
tags += atag.Key + ":" + atag.Value;
}
}
if (eventnumber > 0)
{
foreach (var anevent in instat.Events)
{
eventlist += anevent.Description + "\n";
}
}
var platform = (from t in urtburgle
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].Platform).FirstOrDefault();
if (String.IsNullOrEmpty(platform)) platform = "Linux";
var Priv_IP = (from t in urtburgle
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].PrivateIpAddress).FirstOrDefault();
if (String.IsNullOrEmpty(Priv_IP)) Priv_IP = "?";
var publicIP = (from t in urtburgle
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].PublicIpAddress).FirstOrDefault();
if (String.IsNullOrEmpty(publicIP)) publicIP = "";
var publicDNS = (from t in urtburgle
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].PublicDnsName).FirstOrDefault();
if (String.IsNullOrEmpty(publicDNS)) publicDNS = "";
//Virtualization type (HVM, Paravirtual)
var ivirtType = (from t in urtburgle
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].VirtualizationType).FirstOrDefault();
if (String.IsNullOrEmpty(ivirtType)) ivirtType = "?";
// InstanceType (m3/Large etc)
var instancetype = (from t in urtburgle
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].InstanceType).FirstOrDefault();
if (String.IsNullOrEmpty(instancetype)) instancetype = "?";
var SGs = (from t in urtburgle
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].SecurityGroups);
string sglist = "";
if (SGs.Count() > 0)
{
foreach (var ansg in SGs.FirstOrDefault())
{
if (sglist.Length > 2) { sglist += "\n"; }
sglist += ansg.GroupName;
}
}
else
{
sglist = "_NONE!_";
}
//Add to table
if (String.IsNullOrEmpty(sglist)) sglist = "NullOrEmpty";
if (String.IsNullOrEmpty(instancename)) instancename = "";
string rabbit = accountid + profile + myregion + instancename + instanceid + AZ + status + eventnumber + eventlist + tags + Priv_IP + publicIP + publicDNS + istate + ivirtType + instancetype + sglist;
if(instancename.Contains("p1-job"))
{
string yup = "y";
}
EC2DetailsTable.Rows.Add(accountid, profile, myregion, instancename, instanceid, AZ, platform, status, eventnumber, eventlist, tags, Priv_IP, publicIP, publicDNS, istate, ivirtType, instancetype, sglist);
}
}
#endregion
ScanResults.Add("EC2", EC2DetailsTable);
ScanResults.Add("Users", UserDetailsTable);
ScanResults.Add("S3", S3DetailsTable);
return ScanResults;
}
catch (Exception ex)
{
//If we failed to connect with creds.
string error = new string(ex.ToString().TakeWhile(c => c != '\n').ToArray());
System.Windows.MessageBox.Show(error, Request.Profile.ToString() + " credentials failed to work.\n");
//Try to flag the menu item so it no longer selectable, and maybe make she red.
System.Windows.Controls.MenuItem Proot = (System.Windows.Controls.MenuItem)this.MainMenu.Items[1];
foreach (System.Windows.Controls.MenuItem amenuitem in Proot.Items)
{
if (amenuitem.Header.ToString() == aprofile.ToString())
{
amenuitem.IsCheckable = false;
amenuitem.IsChecked = false;
amenuitem.Background = Brushes.Red;
amenuitem.ToolTip = Request.Profile.ToString() + " credentials failed to work.\n";
}
}
ScanResults.Add("EC2", GetEC2DetailsTable());
ScanResults.Add("Users", GetUsersDetailsTable());
ScanResults.Add("S3", GetS3DetailsTable());
return ScanResults;
}
}