schwartz1375/gdBypass.py

## gdBypass.py
# GuardDuty detects common pen testing distros (i.e. Kali, Parrot, etc) and reports PenTest Findings
# https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-kalilinux
# This done by the awsCLI/botocore package in the sessions.py code.
# platform.system() and platform.release() this script attempts to replace both of these

import inspect
import sys
try:
    from botocore import session
except ModuleNotFoundError:
    print("Unable to import session from botocore.")
    print("Are you sure that botocore is installed in this environment?")
    sys.exit(1)

# Calls which detect
STR1_TO_FIND = 'platform.system()'
STR2_TO_FIND = 'platform.release()'
# Replacements - you can edit these for any other thing you want
STR1_REPLACEMENT = '"GNU/Linux"'
STR2_REPLACEMENT = '"5.13.0"'

if __name__ == '__main__':
    # Get filepath to the session file of botocore library
    try:
        path_to_session = inspect.getfile(session)
    except Exception as err:
        print("Something went wrong when trying to find path to botocore/session.")
        print(err)
        sys.exit(2)

    # Get session content
    with open(path_to_session, 'r') as f:
        content = f.read()

    if_continue = True
    # Verify existence of platform calls and replace them
    if STR1_TO_FIND not in content:
        print(f"{STR1_TO_FIND} not found in {path_to_session}")
        if_continue = False
    else:
        content = content.replace(STR1_TO_FIND, STR1_REPLACEMENT)
        print(f"Successfully replaced {STR1_TO_FIND} with {STR1_REPLACEMENT}")

    if STR2_TO_FIND not in content:
        print(f"{STR2_TO_FIND} not found in {path_to_session}")
        if not if_continue:
            print("None of two platform calls were found, exiting...")
            sys.exit(3)
    else:
        content = content.replace(STR2_TO_FIND, STR2_REPLACEMENT)
        print(f"Successfully replaced {STR2_TO_FIND} with {STR2_REPLACEMENT}")

    # Overwrite session file
    with open(path_to_session, 'w') as f:
        f.write(content)
	# GuardDuty detects common pen testing distros (i.e. Kali, Parrot, etc) and reports PenTest Findings
	# https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-kalilinux
	# This done by the awsCLI/botocore package in the sessions.py code.
	# platform.system() and platform.release() this script attempts to replace both of these

	import inspect
	import sys
	try:
	from botocore import session
	except ModuleNotFoundError:
	print("Unable to import session from botocore.")
	print("Are you sure that botocore is installed in this environment?")
	sys.exit(1)

	# Calls which detect
	STR1_TO_FIND = 'platform.system()'
	STR2_TO_FIND = 'platform.release()'
	# Replacements - you can edit these for any other thing you want
	STR1_REPLACEMENT = '"GNU/Linux"'
	STR2_REPLACEMENT = '"5.13.0"'

	if __name__ == '__main__':
	# Get filepath to the session file of botocore library
	try:
	path_to_session = inspect.getfile(session)
	except Exception as err:
	print("Something went wrong when trying to find path to botocore/session.")
	print(err)
	sys.exit(2)

	# Get session content
	with open(path_to_session, 'r') as f:
	content = f.read()

	if_continue = True
	# Verify existence of platform calls and replace them
	if STR1_TO_FIND not in content:
	print(f"{STR1_TO_FIND} not found in {path_to_session}")
	if_continue = False
	else:
	content = content.replace(STR1_TO_FIND, STR1_REPLACEMENT)
	print(f"Successfully replaced {STR1_TO_FIND} with {STR1_REPLACEMENT}")

	if STR2_TO_FIND not in content:
	print(f"{STR2_TO_FIND} not found in {path_to_session}")
	if not if_continue:
	print("None of two platform calls were found, exiting...")
	sys.exit(3)
	else:
	content = content.replace(STR2_TO_FIND, STR2_REPLACEMENT)
	print(f"Successfully replaced {STR2_TO_FIND} with {STR2_REPLACEMENT}")

	# Overwrite session file
	with open(path_to_session, 'w') as f:
	f.write(content)