-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathS3Complex.py
More file actions
73 lines (63 loc) · 1.94 KB
/
S3Complex.py
File metadata and controls
73 lines (63 loc) · 1.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
from attacktree.models import Action, Block, Detect, Discovery
from attacktree.renderer import Renderer
with Renderer(root="Reality", goal="Attacker gets data from bucket") as graph:
apiCache = Action(
label="Search API Caches",
chain="recon",
cost=0,
time=3,
objective="Discover bucket paths",
pSuccess=1.0,
)
siteMapsDisabled = Block(
label="Sitemaps disabled",
cost=0,
description="Ensure sitemaps are disabled",
complexity=1,
implemented=False,
pDefend=1.0,
)
awsPublicBucketSearch = Action(
label="AWS Public Bucket Search",
chain="recon",
cost=200,
time=1,
objective="Discover bucket paths",
pSuccess=1.0,
)
s3urls = Discovery(
label="S3 Urls",
description="The URL paths to various S3 buckets",
sensitivity=3,
value=0,
)
downloadFiles = Action(
chain="exfiltration",
label="Download files from all buckets",
cost=0,
time=1,
objective="Access confidential information stored in S3",
pSuccess=1.0,
detections=["CloudWatch", "DLP"],
)
bucketACLs = Block(
label="Buckets are private",
cost=0,
description="All S3 buckets are set to private",
complexity=0,
implemented=False,
pDefend=1.0,
)
graph.root.connectTo(apiCache, label="#Yolosec").connectTo(
siteMapsDisabled, label="Fail"
).connectTo(awsPublicBucketSearch, label="Next").connectTo(
s3urls, label="Next"
).connectTo(
downloadFiles, label="#Yolosec"
).connectTo(
graph.goal, label="#Yolosec"
)
apiCache.connectTo(s3urls, label="#Yolosec")
downloadFiles.connectTo(bucketACLs, label="Fail")
awsPublicBucketSearch.connectTo(bucketACLs, label="Fail")
graph.render(renderUnimplemented=True, fname="example_complexS3", fout="png")