Skip to content

Instantly share code, notes, and snippets.

@VGostyuzhov
Last active April 20, 2018 12:11
Show Gist options
  • Save VGostyuzhov/07eff5c4622d1cafca20a7581cdc22a9 to your computer and use it in GitHub Desktop.
Save VGostyuzhov/07eff5c4622d1cafca20a7581cdc22a9 to your computer and use it in GitHub Desktop.
Proof-of-Concept GuardDuty API script

Installation

pip3 install boto3 colorama

Edit ~/.aws/credetnials

[default]
aws_access_key_id = YOUR_KEY
aws_secret_access_key = YOUR_SECRET

Edit ~/.aws/config

[default]
output = text
region = eu-central-1

Usage

Run without modificators. It will get all the findings and print it to terminal.

python guardduty.py

--type (-t) Get only EC2-related or IAM-related findings

python guardduty.py --type EC2
python guardduty.py -t IAM

--sort (-s) Sort findings by Severity. Sort in ascending order to show Hign severity last and in descending to show last.

python guardduty.py --sort asc
python guardduty.py -s desc

--list-accounts (-l) List Account IDs discovered in findings

python3 guardduty.py --list-accounts
python3 guardduty.py -l

--account (-a) Show fidnings for particular Account ID

python3 guardduty.py --account 1234567890
python3 guardduty.py -a 1234567890

--interactive (-i) Interactive mode

python3 guardduty.py --interactive

--output (-o) Specify filename to save findings in JSON format

python3 guardduty.py --output findings.json

Usage examples

Show only EC2-types findings for Account ID 1234567890, sort by Severity ascending:

python3 guardduty.py --type EC2 --account 1234567890 --sort asc

Show all findings for Account ID 1234567890, sort by Severity descending and save to file:

python3 guardduty.py --account 1234567890 --sort desc --output findings.json
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment