public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context) { GetCredentialReportResponse response = new GetCredentialReportResponse(); context.Read(); int targetDepth = context.CurrentDepth; while (context.ReadAtDepth(targetDepth)) { if (context.IsStartElement) { if(context.TestExpression("GetCredentialReportResult", 2)) { UnmarshallResult(context, response); continue; } if (context.TestExpression("ResponseMetadata", 2)) { response.ResponseMetadata = ResponseMetadataUnmarshaller.Instance.Unmarshall(context); } } } return response; }
private static void UnmarshallResult(XmlUnmarshallerContext context, GetCredentialReportResponse response) { int originalDepth = context.CurrentDepth; int targetDepth = originalDepth + 1; if (context.IsStartOfDocument) targetDepth += 2; while (context.ReadAtDepth(originalDepth)) { if (context.IsStartElement || context.IsAttribute) { if (context.TestExpression("Content", targetDepth)) { var unmarshaller = MemoryStreamUnmarshaller.Instance; response.Content = unmarshaller.Unmarshall(context); continue; } if (context.TestExpression("GeneratedTime", targetDepth)) { var unmarshaller = DateTimeUnmarshaller.Instance; response.GeneratedTime = unmarshaller.Unmarshall(context); continue; } if (context.TestExpression("ReportFormat", targetDepth)) { var unmarshaller = StringUnmarshaller.Instance; response.ReportFormat = unmarshaller.Unmarshall(context); continue; } } } return; }
public DataTable GetIAMUsers(string aprofile) { DataTable IAMTable = AWSTables.GetComponentTable("IAM"); //Blank table to fill out. Dictionary<string, string> UserNameIdMap = new Dictionary<string, string>();//Usernames to UserIDs to fill in row later. Amazon.Runtime.AWSCredentials credential; try { string accountid = GetAccountID(aprofile); credential = new Amazon.Runtime.StoredProfileAWSCredentials(aprofile); var iam = new AmazonIdentityManagementServiceClient(credential); Dictionary<string, string> unamelookup = new Dictionary<string, string>(); var myUserList = iam.ListUsers().Users; foreach (var rabbit in myUserList) { unamelookup.Add(rabbit.UserId, rabbit.UserName); } var createcredreport = iam.GenerateCredentialReport(); bool notdone = true; var genstart = DateTime.Now; while (notdone) { var status = createcredreport.State; if (status == ReportStateType.COMPLETE) notdone = false; else { if (DateTime.Now > genstart + TimeSpan.FromMinutes(2)) { DataRow auserdata = IAMTable.NewRow(); auserdata["AccountID"] = accountid; auserdata["Profile"] = aprofile; auserdata["UserID"] = "Credential Report"; auserdata["UserName"] = "******"; IAMTable.Rows.Add(auserdata); return IAMTable; } //Sometimes reports take a LOOOOONG time. } } foreach (var auser in myUserList) { UserNameIdMap.Add(auser.UserName, auser.UserId); } Amazon.IdentityManagement.Model.GetCredentialReportResponse credreport = new GetCredentialReportResponse(); DateTime getreportstart = DateTime.Now; DateTime getreportfinish = DateTime.Now; try { credreport = iam.GetCredentialReport(); //Wait for report to finish... how? var goombah = credreport.ResponseMetadata.Metadata; //while(credreport.ResponseMetadata.Metadata) getreportfinish = DateTime.Now; var dif = getreportstart - getreportfinish; //Just a check on how long it takes. //Extract data from CSV Stream into DataTable var streambert = credreport.Content; streambert.Position = 0; StreamReader sr = new StreamReader(streambert); string myStringRow = sr.ReadLine(); var headers = myStringRow.Split(",".ToCharArray()[0]); if (myStringRow != null) myStringRow = sr.ReadLine();//Dump the header line Dictionary<string, string> mydata = new Dictionary<string, string>(); while (myStringRow != null) { DataRow auserdata = IAMTable.NewRow(); var arow = myStringRow.Split(",".ToCharArray()[0]); //Letsa dumpa da data... auserdata["AccountID"] = accountid; auserdata["Profile"] = aprofile; string thisid = ""; string username = ""; try { thisid = UserNameIdMap[arow[0]]; auserdata["UserID"] = thisid; auserdata["UserName"] = unamelookup[thisid]; if (unamelookup[thisid] == "<root_account>") { auserdata["UserID"] = "*-" + accountid + "-* root"; } username = unamelookup[thisid]; } catch { auserdata["UserID"] = "*-" + accountid + "-* root"; auserdata["UserName"] = "******"; } auserdata["ARN"] = arow[1]; auserdata["CreateDate"] = arow[2]; auserdata["PwdEnabled"] = arow[3]; auserdata["PwdLastUsed"] = arow[4]; auserdata["PwdLastChanged"] = arow[5]; auserdata["PwdNxtRotation"] = arow[6].ToString(); auserdata["MFA Active"] = arow[7]; auserdata["AccessKey1-Active"] = arow[8];//access_key_1_active auserdata["AccessKey1-Rotated"] = arow[9];//access_key_1_last_rotated auserdata["AccessKey1-LastUsedDate"] = arow[10];//access_key_1_last_used_date auserdata["AccessKey1-LastUsedRegion"] = arow[11];//access_key_1_last_used_region auserdata["AccessKey1-LastUsedService"] = arow[12];//access_key_1_last_used_service auserdata["AccessKey2-Active"] = arow[13];//access_key_2_active auserdata["AccessKey2-Rotated"] = arow[14];//access_key_2_last_rotated auserdata["AccessKey2-LastUsedDate"] = arow[15];//access_key_2_last_used_date auserdata["AccessKey2-LastUsedRegion"] = arow[16];//access_key_2_last_used_region auserdata["AccessKey2-LastUsedService"] = arow[17];//access_key_2_last_used_service auserdata["Cert1-Active"] = arow[18];//cert_1_active auserdata["Cert1-Rotated"] = arow[19];//cert_1_last_rotated auserdata["Cert2-Active"] = arow[20];//cert_2_active auserdata["Cert2-Rotated"] = arow[21];//cert_2_last_rotated var extradata = GetUserDetails(aprofile, username); auserdata["User-Policies"] = extradata["Policies"]; auserdata["Access-Keys"] = extradata["AccessKeys"]; auserdata["Groups"] = extradata["Groups"]; IAMTable.Rows.Add(auserdata); myStringRow = sr.ReadLine(); } sr.Close(); sr.Dispose(); } catch (Exception ex) { WriteToEventLog("IAM scan of " + aprofile + " failed\n" + ex.Message.ToString(), EventLogEntryType.Error); //Deal with this later if necessary. } //Done stream, now to fill in the blanks... } catch//The final catch { string btest = ""; //Deal with this later if necessary. } return IAMTable; }//EndIamUserScan
public Dictionary<string, DataTable> ScanProfile(ScanRequest Request) { Dictionary<string, DataTable> ScanResults = new Dictionary<string, DataTable>(); DataTable UserDetailsTable = GetUsersDetailsTable(); DataTable EC2DetailsTable = GetEC2DetailsTable(); DataTable S3DetailsTable = GetS3DetailsTable(); string accountid = ""; Amazon.Runtime.AWSCredentials credential; var aprofile = Request.Profile; var regions2process = Request.Regions; var SubmitResults = Request.ResultQueue; try { credential = new Amazon.Runtime.StoredProfileAWSCredentials(aprofile); //Try to get the AccountID ID// #region UserDetails var iam = new AmazonIdentityManagementServiceClient(credential); var myUserList = iam.ListUsers().Users; try { accountid = myUserList[0].Arn.Split(':')[4];//Get the ARN and extract the AccountID ID accountid = "ID: " + accountid;// Prefix added because Excel exsucks. } catch { accountid = "?"; } try // Send command to AWS to generate a Credential Report { var createcredreport = iam.GenerateCredentialReport(); } catch (Exception) { throw; } bool needreport = true; Amazon.IdentityManagement.Model.GetCredentialReportResponse credreport = new GetCredentialReportResponse(); DateTime getreportstart = DateTime.Now; DateTime getreportfinish = DateTime.Now; while (needreport) { try { credreport = iam.GetCredentialReport(); needreport = false; getreportfinish = DateTime.Now; var dif = getreportstart - getreportfinish; //Just a check on how long it takes. //Extract data from CSV Stream into DataTable var streambert = credreport.Content; streambert.Position = 0; StreamReader sr = new StreamReader(streambert); string myStringRow = sr.ReadLine(); if (myStringRow != null) myStringRow = sr.ReadLine();//Dump the header line while (myStringRow != null) { var arow = myStringRow.Split(",".ToCharArray()[0]); var newrow = new object[UserDetailsTable.Columns.Count]; newrow[0] = accountid; newrow[1] = aprofile; newrow[2] = ""; //UserID not in report. pull it later. newrow[3] = arow[0]; newrow[4] = arow[1]; newrow[5] = arow[2]; newrow[6] = arow[3]; newrow[7] = arow[4]; newrow[8] = arow[5]; newrow[9] = arow[6]; newrow[10] = arow[7]; newrow[11] = arow[8]; newrow[12] = arow[9]; newrow[13] = arow[10]; newrow[14] = arow[11]; newrow[15] = arow[12]; newrow[16] = arow[13]; newrow[17] = arow[14]; newrow[18] = arow[15]; newrow[19] = arow[16]; newrow[20] = arow[17]; newrow[21] = arow[18]; newrow[22] = arow[19]; newrow[23] = arow[20]; newrow[24] = arow[21]; RawUsers.Rows.Add(newrow); UserDetailsTable.Rows.Add(newrow); myStringRow = sr.ReadLine(); } sr.Close(); sr.Dispose(); } catch (Exception ex) { string test = ""; //Deal with this later if necessary. } } foreach (var auser in myUserList)//Fill in the userID. Why? because it exists. { string auserid = auser.UserId; string arn = auser.Arn; string username = auser.UserName; string policylist = ""; string aklist = ""; string groups = ""; ListAccessKeysRequest LAKREQ = new ListAccessKeysRequest(); LAKREQ.UserName = username; ListAccessKeysResult LAKRES = iam.ListAccessKeys(LAKREQ); foreach (var blivet in LAKRES.AccessKeyMetadata) { if (aklist.Length > 1) aklist += "\n"; aklist += blivet.AccessKeyId + " : " + blivet.Status; } ListAttachedUserPoliciesRequest LAUPREQ = new ListAttachedUserPoliciesRequest(); LAUPREQ.UserName = username; ListAttachedUserPoliciesResult LAUPRES = iam.ListAttachedUserPolicies(LAUPREQ); foreach (var apol in LAUPRES.AttachedPolicies) { if (policylist.Length > 1) policylist += "\n"; policylist += apol.PolicyName; } //Need to get policy and group info outta user var groopsreq = new ListGroupsForUserRequest(); groopsreq.UserName = username; ListGroupsForUserResult LG = iam.ListGroupsForUser(groopsreq); foreach (var agroup in LG.Groups) { if (groups.Length > 1) groups += "\n"; groups += agroup.GroupName; } foreach (DataRow myrow in UserDetailsTable.Rows) { if (myrow["ARN"].Equals(arn)) { myrow["UserID"] = auserid; myrow["User-Policies"] = policylist; myrow["Access-Keys"] = aklist; myrow["Groups"] = groups; } } } #endregion #region S3Details try { AmazonS3Client S3Client = new AmazonS3Client(credential,Amazon.RegionEndpoint.USEast1); ListBucketsResponse response = S3Client.ListBuckets(); foreach (S3Bucket abucket in response.Buckets) { DataRow abucketrow = GetS3DetailsTable().NewRow(); var name = abucket.BucketName; GetBucketLocationRequest gbr = new GetBucketLocationRequest(); gbr.BucketName=name; GetBucketLocationResponse location = S3Client.GetBucketLocation(gbr); var region = location.Location.Value; if (region.Equals(""))region="us-east-1"; var pointy = RegionEndpoint.GetBySystemName(region); //Build a config that references the buckets region. AmazonS3Config S3C = new AmazonS3Config(); S3C.RegionEndpoint=pointy; AmazonS3Client BS3Client = new AmazonS3Client(credential, S3C); var createddate = abucket.CreationDate; string owner = ""; string grants = ""; string tags = ""; string lastaccess = ""; string defaultpage = ""; string website = ""; //Now start pulling der einen data. GetACLRequest GACR = new GetACLRequest(); GACR.BucketName = name; var ACL = BS3Client.GetACL(GACR); var grantlist = ACL.AccessControlList; owner = grantlist.Owner.DisplayName; foreach (var agrant in grantlist.Grants) { if (grants.Length > 1) grants += "\n"; var gName = agrant.Grantee.DisplayName; var gType = agrant.Grantee.Type.Value; var aMail = agrant.Grantee.EmailAddress; if (gType.Equals("Group")) { grants += gType + " - " + agrant.Grantee.URI + " - " + agrant.Permission + " - " + aMail ; } else { grants += gName + " - "+ agrant.Permission + " - " + aMail; } } GetObjectMetadataRequest request = new GetObjectMetadataRequest(); request.BucketName = name; GetObjectMetadataResponse MDresponse = BS3Client.GetObjectMetadata(request); lastaccess = MDresponse.LastModified.ToString(); //defaultpage = MDresponse.WebsiteRedirectLocation; GetBucketWebsiteRequest GBWReq = new GetBucketWebsiteRequest(); GBWReq.BucketName = name; GetBucketWebsiteResponse GBWRes = BS3Client.GetBucketWebsite(GBWReq); defaultpage = GBWRes.WebsiteConfiguration.IndexDocumentSuffix; if (defaultpage != null) { website = @"http://" + name + @".s3-website-" + region + @".amazonaws.com/" + defaultpage; } //Amazon.S3.Model.req abucketrow["AccountID"] = accountid; abucketrow["Profile"] = aprofile; abucketrow["Bucket"] = name; abucketrow["Region"] = region; abucketrow["CreationDate"] = createddate.ToString(); abucketrow["LastAccess"] = lastaccess; abucketrow["Owner"] = owner; abucketrow["Grants"] = grants; abucketrow["WebsiteHosting"] = website; abucketrow["Logging"] = "X"; abucketrow["Events"] = "X"; abucketrow["Versioning"] = "X"; abucketrow["LifeCycle"] = "X"; abucketrow["Replication"] = "X"; abucketrow["Tags"] = "X"; abucketrow["RequesterPays"] = "X"; S3DetailsTable.Rows.Add(abucketrow.ItemArray); } } catch(Exception ex) { System.Windows.Forms.MessageBox.Show("S3 Failed!\n"+ex); } #endregion #region GetEC2Region ////////////////////////////////////////////////////////// //Foreach aregion foreach (var aregion in regions2process) { //Skip GovCloud and Beijing. They require special handling and I dont need em. if (aregion == Amazon.RegionEndpoint.USGovCloudWest1) continue; if (aregion == Amazon.RegionEndpoint.CNNorth1) continue; var region = aregion; regioncounter++; //Try to get scheduled events on my Profile/aregion var ec2 = AWSClientFactory.CreateAmazonEC2Client(credential, region); var request = new DescribeInstanceStatusRequest(); request.IncludeAllInstances = true; Dispatcher.Invoke(doupdatePbDelegate, System.Windows.Threading.DispatcherPriority.Background, new object[] { System.Windows.Controls.ProgressBar.ValueProperty, regioncounter }); var instatresponse = ec2.DescribeInstanceStatus(request); var indatarequest = new DescribeInstancesRequest(); foreach (var instat in instatresponse.InstanceStatuses) { indatarequest.InstanceIds.Add(instat.InstanceId); } DescribeInstancesResult DescResult = ec2.DescribeInstances(indatarequest); int count = instatresponse.InstanceStatuses.Count(); foreach (var instat in instatresponse.InstanceStatuses) { //Collect the datases string instanceid = instat.InstanceId; string instancename = ""; ProcessingLabel.Content = "Scanning -> Profile:" + aprofile + " Region: " + region + " Instance: " + instanceid; Dispatcher.Invoke(doupdatePbDelegate, System.Windows.Threading.DispatcherPriority.Background, new object[] { System.Windows.Controls.ProgressBar.ValueProperty, regioncounter }); var status = instat.Status.Status; string AZ = instat.AvailabilityZone; var istate = instat.InstanceState.Name; string profile = aprofile; string myregion = region.ToString(); int eventnumber = instat.Events.Count(); string eventlist = ""; var urtburgle = DescResult.Reservations; string tags = ""; // Holds the list of tags to print out. var loadtags = (from t in DescResult.Reservations where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].Tags).AsEnumerable(); Dictionary<string, string> taglist = new Dictionary<string, string>(); foreach (var rekey in loadtags) { foreach (var kvp in rekey) { taglist.Add(kvp.Key, kvp.Value); } } foreach (var atag in taglist)//Set instancename, and add value to combobox. { if (atag.Key.Equals("Name")) { instancename = atag.Value; } if (!TagFilterCombo.Items.Contains(atag.Key)) { TagFilterCombo.Items.Add(atag.Key); } if (tags.Length > 1) { tags += "\n" + atag.Key + ":" + atag.Value; } else { tags += atag.Key + ":" + atag.Value; } } if (eventnumber > 0) { foreach (var anevent in instat.Events) { eventlist += anevent.Description + "\n"; } } var platform = (from t in urtburgle where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].Platform).FirstOrDefault(); if (String.IsNullOrEmpty(platform)) platform = "Linux"; var Priv_IP = (from t in urtburgle where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].PrivateIpAddress).FirstOrDefault(); if (String.IsNullOrEmpty(Priv_IP)) Priv_IP = "?"; var publicIP = (from t in urtburgle where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].PublicIpAddress).FirstOrDefault(); if (String.IsNullOrEmpty(publicIP)) publicIP = ""; var publicDNS = (from t in urtburgle where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].PublicDnsName).FirstOrDefault(); if (String.IsNullOrEmpty(publicDNS)) publicDNS = ""; //Virtualization type (HVM, Paravirtual) var ivirtType = (from t in urtburgle where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].VirtualizationType).FirstOrDefault(); if (String.IsNullOrEmpty(ivirtType)) ivirtType = "?"; // InstanceType (m3/Large etc) var instancetype = (from t in urtburgle where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].InstanceType).FirstOrDefault(); if (String.IsNullOrEmpty(instancetype)) instancetype = "?"; var SGs = (from t in urtburgle where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].SecurityGroups); string sglist = ""; if (SGs.Count() > 0) { foreach (var ansg in SGs.FirstOrDefault()) { if (sglist.Length > 2) { sglist += "\n"; } sglist += ansg.GroupName; } } else { sglist = "_NONE!_"; } //Add to table if (String.IsNullOrEmpty(sglist)) sglist = "NullOrEmpty"; if (String.IsNullOrEmpty(instancename)) instancename = ""; string rabbit = accountid + profile + myregion + instancename + instanceid + AZ + status + eventnumber + eventlist + tags + Priv_IP + publicIP + publicDNS + istate + ivirtType + instancetype + sglist; if(instancename.Contains("p1-job")) { string yup = "y"; } EC2DetailsTable.Rows.Add(accountid, profile, myregion, instancename, instanceid, AZ, platform, status, eventnumber, eventlist, tags, Priv_IP, publicIP, publicDNS, istate, ivirtType, instancetype, sglist); } } #endregion ScanResults.Add("EC2", EC2DetailsTable); ScanResults.Add("Users", UserDetailsTable); ScanResults.Add("S3", S3DetailsTable); return ScanResults; } catch (Exception ex) { //If we failed to connect with creds. string error = new string(ex.ToString().TakeWhile(c => c != '\n').ToArray()); System.Windows.MessageBox.Show(error, Request.Profile.ToString() + " credentials failed to work.\n"); //Try to flag the menu item so it no longer selectable, and maybe make she red. System.Windows.Controls.MenuItem Proot = (System.Windows.Controls.MenuItem)this.MainMenu.Items[1]; foreach (System.Windows.Controls.MenuItem amenuitem in Proot.Items) { if (amenuitem.Header.ToString() == aprofile.ToString()) { amenuitem.IsCheckable = false; amenuitem.IsChecked = false; amenuitem.Background = Brushes.Red; amenuitem.ToolTip = Request.Profile.ToString() + " credentials failed to work.\n"; } } ScanResults.Add("EC2", GetEC2DetailsTable()); ScanResults.Add("Users", GetUsersDetailsTable()); ScanResults.Add("S3", GetS3DetailsTable()); return ScanResults; } }