-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy paths3scan.py
154 lines (122 loc) · 4.47 KB
/
s3scan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
"""
:copyright: (c) 2012-2015 by Mike Taylor
:license: BSD, see LICENSE for more details.
Usage:
python s3scan.py [-f <format>]
Options:
-f | --format Output format
[Optional]
Where the output format can be either 'text' or 'csv'
"""
VERSION = (0, 2, 0, '')
__author__ = 'bear (Mike Taylor)'
__contact__ = 'bear@bear.im'
__copyright__ = 'Copyright 2012-2016, Mike Taylor'
__license__ = 'BSD 2-Clause'
__site__ = '/~https://github.com/bear/s3scan'
__version__ = u'.'.join(map(str, VERSION[0:3])) + u''.join(VERSION[3:])
from optparse import OptionParser
import boto3
def getConfig():
parser = OptionParser()
# Read API Key & Secret from Environment...
parser.add_option('-f', '--format', dest='format', default='text', help='Output format: text, csv')
parser.add_option('-p', '--profile', dest='profile', default=None, help='AWS Profile')
options, args = parser.parse_args()
return options
def discoverBuckets(profile=None):
bs = boto3.session.Session(profile_name=profile)
s3 = bs.client('s3', config=boto3.session.Config(signature_version='s3v4'))
buckets = {}
maxName = 0
bucketList = s3.list_buckets()
for b in bucketList['Buckets']:
bucketName = b['Name']
buckets[bucketName] = {}
#keep track of longest bucketName for textFormat
if len(bucketName) > maxName:
maxName = len(bucketName)
grants = s3.get_bucket_acl(Bucket=bucketName)
for grant in grants['Grants']:
grantee_name = 'None'
grantee_id = 'None'
grantee = grant['Grantee']
if 'DisplayName' in grantee:
grantee_name = grantee['DisplayName']
grantee_id = grantee['ID']
elif 'URI' in grantee:
grantee_name = grantee['URI'].split('/')[-1]
grantee_id = grantee['URI']
if grantee_name not in buckets[bucketName]:
buckets[bucketName][grantee_name] = []
buckets[bucketName][grantee_name].append((grantee_id,grant['Permission']))
return buckets, maxName
def csvFormat(bucket):
reads = []
writes = []
reads_acp = []
writes_acp = []
for grantee in bucket:
for grantee_id, permission in bucket[grantee]:
if 'READ' == permission:
reads.append(grantee)
if 'WRITE' == permission:
writes.append(grantee)
if 'READ_ACP' == permission:
reads_acp.append(grantee)
if 'WRITE_ACP' == permission:
writes_acp.append(grantee)
if 'FULL_CONTROL' == permission:
reads.append(grantee)
writes.append(grantee)
writes_acp.append(grantee)
reads_acp.append(grantee)
l = [key,
';'.join(writes),
';'.join(reads),
';'.join(writes_acp),
';'.join(reads_acp),
]
return ','.join(l)
def textFormat(bucket, maxName):
reads = []
writes = []
reads_acp = []
writes_acp = []
# Adding full_control
# see: http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions
for grantee in bucket:
for grantee_id, permission in bucket[grantee]:
if 'READ' == permission:
reads.append(grantee)
if 'WRITE' == permission:
writes.append(grantee)
if 'READ_ACP' == permission:
reads_acp.append(grantee)
if 'WRITE_ACP' == permission:
writes_acp.append(grantee)
if 'FULL_CONTROL' == permission:
reads.append(grantee)
writes.append(grantee)
reads_acp.append(grantee)
writes_acp.append(grantee)
s = '{0:>{1}} --'.format(key, maxName)
t = '\n' + ' '*(maxName + 4)
if len(writes) > 0:
s += ' Write: %s;' % ','.join(writes)
if len(reads) > 0:
s += ' Read: %s;' % ','.join(reads)
if len(writes_acp) > 0:
s += t + 'ACP Write: %s' % ','.join(writes_acp)
if len(reads_acp) > 0:
s += t + 'ACP Read: %s' % ','.join(reads_acp)
return s
if __name__ == '__main__':
options = getConfig()
buckets, maxName = discoverBuckets(options.profile)
for key in buckets:
bucket = buckets[key]
if options.format == 'csv':
print csvFormat(bucket)
else:
print textFormat(bucket, maxName)