https://github.com/cxxr/long-evans

A test script to see if your monitoring can catch an AWS Lambda backdoor
https://github.com/cxxr/long-evans

Last synced: 10 days ago
JSON representation

A test script to see if your monitoring can catch an AWS Lambda backdoor

• Host: GitHub
• URL: https://github.com/cxxr/long-evans
• Owner: cxxr
• License: other
• Created: 2017-11-14T12:52:46.000Z (about 7 years ago)
• Default Branch: master
• Last Pushed: 2017-11-14T16:13:32.000Z (about 7 years ago)
• Last Synced: 2024-11-08T10:11:55.541Z (2 months ago)
• Language: Python
• Size: 6.84 KB
• Stars: 2
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Long-evans AWS Test Backdoor

This is a test script which can be run to see if your monitoring catches

someone uploading an AWS Lambda backdoor. It also includes a delete function

which removes itself.

The included AWS Lambda backdoor does nothing as it is just a test, but a more

interesting one could be written easily.

This is to be used for research and penetration testing purposes only. Do not

use this to commit any crime.

# Installation

Long-evans depends on boto3. To install:

    $ pip install boto3

# Usage

Example usage:

    $ python long-evans.py --region us-west-2 --disable-logging

To remove, specify the same arguments as you did when you created, but add

`--delete`.

## Help

    usage: long-evans.py [-h] [--region REGION] [--disable-logging]

                        [--re-enable-logging] [--source SOURCE]

                        [--runtime RUNTIME] [--handler HANDLER]

                        [--role-name ROLE_NAME] [--function-name FUNCTION_NAME]

                        [--rule-name RULE_NAME] [--delete]

    Long-Evans AWS Remote Access Tool

    optional arguments:

    -h, --help            show this help message and exit

    --region REGION       Which region to set the default client to. Default:

                            us-west-2

    --disable-logging     Disables CloudTrail logging

    --re-enable-logging   Re-enables CloudTrail logging after disabling

    --source SOURCE       Which python file to use as the lambda

    --runtime RUNTIME     Python runtime to use, either python2.7 or python3.6

    --handler HANDLER     Which function in the Python file to call in AWS

                            Lambda

    --role-name ROLE_NAME

                            The name of the admin role to create

    --function-name FUNCTION_NAME

                            The name of the lambda function to create

    --rule-name RULE_NAME

                            The name of the CloudWatch Events rule to create

    --delete              Tries to undo long-evans in this account

    Github: https://github.com/cxxr/long-evans