├── .gitignore ├── CloudBot.py ├── Doc ├── AWS_CIS_Foundations_Benchmark.pdf └── Comandos.md ├── Dockerfile ├── README.md ├── Readme-Docker.md └── requirements.txt /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | *.egg-info/ 24 | .installed.cfg 25 | *.egg 26 | MANIFEST 27 | *.idea/ 28 | # PyInstaller 29 | # Usually these files are written by a python script from a template 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .coverage.* 43 | .cache 44 | nosetests.xml 45 | coverage.xml 46 | *.cover 47 | .hypothesis/ 48 | 49 | # Translations 50 | *.mo 51 | *.pot 52 | .python-version 53 | 54 | # Environments 55 | .env 56 | .venv 57 | env/ 58 | venv/ 59 | ENV/ 60 | env.bak/ 61 | venv.bak/ 62 | 63 | # Spyder project settings 64 | .spyderproject 65 | .spyproject 66 | 67 | # Rope project settings 68 | .ropeproject 69 | 70 | # mkdocs documentation 71 | /site 72 | 73 | # mypy 74 | .mypy_cache/ 75 | 76 | # credentials AWS 77 | credentials 78 | -------------------------------------------------------------------------------- /CloudBot.py: -------------------------------------------------------------------------------- 1 | import json 2 | import requests 3 | import subprocess 4 | import argparse 5 | import logging 6 | import sys 7 | 8 | 9 | class botCli(object): 10 | 11 | def __init__(self,path,url,token): 12 | self.path = path 13 | self.url= url.format(token) 14 | 15 | def get_url(self,url): 16 | try: 17 | response = requests.get(url) 18 | content = response.content.decode("utf8") 19 | return content 20 | except requests.exceptions.ConnectionError: 21 | logging.error("Problem with Telegram Connection") 22 | 23 | def send_message(self,text, chat_id): 24 | url = self.url + "sendMessage?text={}&chat_id={}".format(text, chat_id) 25 | self.get_url(url) 26 | 27 | def get_json_from_url(self,url): 28 | js = {} 29 | try: 30 | content = self.get_url(url) 31 | js = json.loads(content) 32 | except TypeError: 33 | logging.error("Problem parsing JSON") 34 | return js 35 | 36 | def get_updates(self): 37 | url = self.url + "getUpdates?timeout=5" 38 | js = self.get_json_from_url(url) 39 | return js 40 | 41 | def get_last_chat_id_and_text(self,updates): 42 | num_updates = len(updates["result"]) 43 | last_update = num_updates - 1 44 | text = updates["result"][last_update]["message"]["text"] 45 | chat_id = updates["result"][last_update]["message"]["chat"]["id"] 46 | m_id = updates["result"][last_update]["update_id"] 47 | return (chat_id,text,m_id) 48 | 49 | 50 | def execute_analysis_aws(self,chat_id,args): 51 | try: 52 | cmd =[self.path,"-M","mono"] 53 | args.pop(0) 54 | for i in args: 55 | cmd.append(i) 56 | p = subprocess.Popen(cmd, 57 | stdout=subprocess.PIPE, 58 | stderr=subprocess.STDOUT) 59 | 60 | for line in iter(p.stdout.readline, b''): 61 | logging.info(line.decode('utf-8')) 62 | self.send_message(line.decode('utf-8'),chat_id) 63 | except FileNotFoundError: 64 | logging.error("Prowler not found") 65 | def execute_nmap(self,chat_id,args): 66 | cmd = ["nmap"] 67 | args.pop(0) 68 | try: 69 | for i in args: 70 | cmd.append(i) 71 | p = subprocess.Popen(cmd, 72 | stdout=subprocess.PIPE, 73 | stderr=subprocess.STDOUT) 74 | 75 | for line in iter(p.stdout.readline, b''): 76 | logging.info(line.decode('utf-8')) 77 | self.send_message(line.decode('utf-8'),chat_id) 78 | except FileNotFoundError: 79 | logging.error("Nmap not found") 80 | 81 | def get_initID(self): 82 | init_update = 0 83 | if(len(self.get_json_from_url(self.url + "getUpdates?")["result"])==0): 84 | init_update = 0 85 | else: 86 | _, _, init_update = self.get_last_chat_id_and_text(self.get_updates()) 87 | 88 | return init_update 89 | 90 | def run(self,chat_id): 91 | last_id = self.get_initID() 92 | logging.info("[*][*][*][*][*] Running Telegram Server Bot ... [*][*][*][*][*]") 93 | while True: 94 | try: 95 | user_id, msg, current_id = self.get_last_chat_id_and_text(self.get_updates()) 96 | 97 | if user_id in chat_id and current_id > last_id: 98 | last_id = current_id 99 | if msg.split(' ', 1)[0] == "/ScanAWS": 100 | if len(msg.split())==1: 101 | self.send_message( 102 | "Unable to locate credentials. You can configure credentials by running \"aws configure\"", 103 | user_id) 104 | else: 105 | self.execute_analysis_aws(user_id, msg.split()) 106 | logging.info("Request of %i User to execute ScanAWS",user_id) 107 | if msg.split(' ', 1)[0] == "/Nmap": 108 | self.execute_nmap(user_id,msg.split()) 109 | logging.info("Request of %i User to execute Nmap", user_id) 110 | 111 | else: 112 | self.send_message("To scan your AWS Account use /ScanAWS -p \"profileAWS\", to scan another network could use /Nmap with {nmap args}",user_id) 113 | logging.info("Request Failed of %i User without corrects parameters", user_id) 114 | 115 | except IndexError: 116 | logging.error("Problem parsing JSON") 117 | except TypeError: 118 | logging.error("Problem parsing JSON") 119 | except KeyError: 120 | logging.error("Problem parsing JSON") 121 | 122 | if __name__ == '__main__': 123 | 124 | if sys.version_info < (3, 5,): 125 | print("To run Telegram Bot Server you must use Python 3.5+") 126 | sys.exit(0) 127 | 128 | FORMAT = '%(asctime)s - %(name)s - %(levelname)s - %(message)s' 129 | logging.basicConfig(format=FORMAT,level=logging.INFO) 130 | 131 | 132 | #Arguments 133 | parser = argparse.ArgumentParser(description='[+][+] Telegram Bot Server to audit AWS Security Checks') 134 | parser.add_argument('--token','-t', type=str, required=True ,help='Token API Telegram Bot') 135 | parser.add_argument('--path',"-p", type=str, required=True, help='Prowler Path') 136 | parser.add_argument('--users', '-u',type=int ,required=True , nargs='+', help='Users allowed') 137 | 138 | args = parser.parse_args() 139 | 140 | url = "https://api.telegram.org/bot{}/" 141 | 142 | #Create de cli 143 | botcli = botCli(args.path,url,args.token) 144 | #Your ID's user 145 | botcli.run(args.users) 146 | 147 | 148 | -------------------------------------------------------------------------------- /Doc/AWS_CIS_Foundations_Benchmark.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/i4specete/ServerTelegramBot/d58e10d34314e6a85e2e19cbed693bbd92066780/Doc/AWS_CIS_Foundations_Benchmark.pdf -------------------------------------------------------------------------------- /Doc/Comandos.md: -------------------------------------------------------------------------------- 1 | # Construir Contenedor 2 | `sudo docker build -t cloudbot .` 3 | 4 | # Consola Interactiva del Contenedor 5 | `sudo docker run -ti cloudbot /bin/bash` 6 | 7 | # Interactuar Telegram 8 | `https://api.telegram.org/botxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/getUpdates` 9 | 10 | # Ejecución 11 | `sudo docker run cloudbot python /CloudBot/ServerTelegramBot/CloudBot.py -t xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-Ls -p ./CloudBot/prowler/prowler -u xxxxxxxxx` 12 | 13 | 14 | # Ejecucion Telegram 15 | `/ScanAWS -p default` -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # CloudBot.py Dockerized 2 | FROM python:3@sha256:98149ed5f37f48ea3fad26ae6c0042dd2b08228d58edc95ef0fce35f1b3d9e9f 3 | 4 | MAINTAINER kxuan.celtik@gmail.com: 0.1 5 | 6 | RUN apt-get update \ 7 | && apt-get install -y nmap awscli git \ 8 | && mkdir /CloudBot && cd /CloudBot \ 9 | && git clone https://github.com/Alfresco/prowler /CloudBot/prowler \ 10 | && git clone https://github.com/i4specete/ServerTelegramBot.git /CloudBot/ServerTelegramBot \ 11 | && cd /CloudBot/ServerTelegramBot \ 12 | && pip3 install -r requirements.txt \ 13 | && cd /CloudBot 14 | 15 | RUN mkdir /root/.aws 16 | 17 | ADD credentials /root/.aws/ 18 | 19 | CMD ["python /CloudBot/ServerTelegramBot/CloudBot.py"] 20 | 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CloudBot to monitoring your AWS Account or others nertworks/services 2 | 3 | ## Introduction 4 | 5 | CloudBot to scan your AWS Account with the tool Prowler https://github.com/Alfresco/prowler, which aplies CIS Security Controls in your AWS Account. Also, you can use Nmap command remotely from your phone. 6 | 7 | ## Requirements 8 | 9 | First of all, you need to have installed: 10 | 11 | - Create a Telegram Bot with @BotFather 12 | - awscli https://github.com/aws/aws-cli and use "aws configure" to create a profile. 13 | - Install nmap https://nmap.org/ 14 | - prowler https://github.com/Alfresco/prowler 15 | 16 | To run the server: 17 | 18 | - pip3 install -r requirements.txt 19 | - python3.6 CloudBot.py 20 | 21 | 22 | 23 | usage: CloudBot.py [-h] --token TOKEN --path PATH --users USERS [USERS ...] 24 | 25 | [+][+] Telegram Bot Server to audit CIS AWS Security Checks 26 | 27 | -h, --help show this help message and exit 28 | 29 | --token TOKEN, -t TOKEN Token API Telegram Bot 30 | 31 | --path PATH, -p PATH Prowler Path 32 | 33 | --users USERS [USERS ...], -u USERS [USERS ...] 34 | Users allowed 35 | 36 | Ex: id":7390313", you can find out this ID in your Telegram Bot API: 37 | https://api.telegram.org/bot{}/getUpdates 38 | 39 | 40 | 41 | 42 | ## Examples 43 | 44 | Example: 45 | 46 | python CloudBot.py -t 4kjnfjdhahjfadf62627288373 -p "./prowler" -u 73903 7950749 72378932083 47 | 48 | Search the bot previously created. Torun the scan from your Telegram Account you have to send de command "/ScanAWS -p {profile}" 49 | 50 | ![Telegram](https://i.imgur.com/8Wej4bL.png) 51 | 52 | ![Telegram](https://i.imgur.com/TePXVyP.jpg) 53 | 54 | 55 | Example: /Nmap 56 | ![Telegram](https://i.imgur.com/5FCy9xh.png) 57 | 58 | ## To do: 59 | 60 | - Add more hacking tools to conquer the world 61 | - Add module to parse the output of diferents tools 62 | - Refactor and reestructure the code 63 | 64 | 65 | 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /Readme-Docker.md: -------------------------------------------------------------------------------- 1 | # CloudBot Dockerized 2 | 3 | ### Telegram Bot 4 | 5 | > Create the bot with BotFather 6 | 7 | > Take the TOKEN API Telegram Bot. 8 | 9 | > Extract your ID with the following URL: 10 | 11 | `https://api.telegram.org/bot{TOKEN}/getUpdates` 12 | 13 | > The ID is the json `id:` 14 | 15 | 16 | ### Install AWS CLI in the Host that run Docker 17 | 18 | `sudo apt-get install aws-cli` 19 | 20 | 21 | ### Write Amazon API Key and Secret 22 | 23 | `aws configure` 24 | 25 | 26 | ### Copy credentials File to repository 27 | 28 | `mkdir CloudBot` 29 | 30 | `cd CloudBot` 31 | 32 | `cp ~/.aws/credentials .` 33 | 34 | ### Add to .gitignore credentials File 35 | 36 | `# Credentials AWS 37 | 38 | credentials` 39 | 40 | 41 | ### Build Container 42 | 43 | `sudo docker build -t cloudbot .` 44 | 45 | 46 | ### Run and Lauch Interactive Shell 47 | 48 | `sudo docker run -ti cloudbot /bin/bash` 49 | 50 | 51 | ### Execution 52 | `sudo docker run cloudbot python /CloudBot/ServerTelegramBot/CloudBot.py -t xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-Ls -p ./CloudBot/prowler/prowler -u xxxxxxxxx` 53 | 54 | 55 | ### Execution from Telegram 56 | `/ScanAWS -p default` -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | argparse==1.4.0 2 | requests==2.18.4 --------------------------------------------------------------------------------