aws_recon 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +13 -0
- data/.rubocop.yml +12 -0
- data/.ruby-gemset +1 -0
- data/.ruby-version +1 -0
- data/.travis.yml +7 -0
- data/Gemfile +6 -0
- data/Gemfile.lock +1000 -0
- data/LICENSE.txt +21 -0
- data/Rakefile +10 -0
- data/aws_recon.gemspec +36 -0
- data/bin/aws_recon +5 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/lib/aws_recon.rb +19 -0
- data/lib/aws_recon/aws_recon.rb +115 -0
- data/lib/aws_recon/collectors/acm.rb +32 -0
- data/lib/aws_recon/collectors/apigateway.rb +50 -0
- data/lib/aws_recon/collectors/apigatewayv2.rb +37 -0
- data/lib/aws_recon/collectors/athena.rb +28 -0
- data/lib/aws_recon/collectors/autoscaling.rb +35 -0
- data/lib/aws_recon/collectors/cloudformation.rb +29 -0
- data/lib/aws_recon/collectors/cloudfront.rb +28 -0
- data/lib/aws_recon/collectors/cloudtrail.rb +33 -0
- data/lib/aws_recon/collectors/cloudwatch.rb +33 -0
- data/lib/aws_recon/collectors/cloudwatchlogs.rb +36 -0
- data/lib/aws_recon/collectors/codebuild.rb +29 -0
- data/lib/aws_recon/collectors/codepipeline.rb +27 -0
- data/lib/aws_recon/collectors/collectors.rb +2 -0
- data/lib/aws_recon/collectors/configservice.rb +80 -0
- data/lib/aws_recon/collectors/directconnect.rb +25 -0
- data/lib/aws_recon/collectors/directyservice.rb +27 -0
- data/lib/aws_recon/collectors/dms.rb +25 -0
- data/lib/aws_recon/collectors/dynamodb.rb +26 -0
- data/lib/aws_recon/collectors/ec2.rb +257 -0
- data/lib/aws_recon/collectors/ecr.rb +39 -0
- data/lib/aws_recon/collectors/ecs.rb +40 -0
- data/lib/aws_recon/collectors/efs.rb +25 -0
- data/lib/aws_recon/collectors/eks.rb +36 -0
- data/lib/aws_recon/collectors/elasticloadbalancing.rb +41 -0
- data/lib/aws_recon/collectors/elasticloadbalancingv2.rb +63 -0
- data/lib/aws_recon/collectors/elasticsearch.rb +27 -0
- data/lib/aws_recon/collectors/firehose.rb +29 -0
- data/lib/aws_recon/collectors/guardduty.rb +33 -0
- data/lib/aws_recon/collectors/iam.rb +136 -0
- data/lib/aws_recon/collectors/kafka.rb +27 -0
- data/lib/aws_recon/collectors/kinesis.rb +26 -0
- data/lib/aws_recon/collectors/kms.rb +71 -0
- data/lib/aws_recon/collectors/lambda.rb +42 -0
- data/lib/aws_recon/collectors/lightsail.rb +38 -0
- data/lib/aws_recon/collectors/organizations.rb +36 -0
- data/lib/aws_recon/collectors/rds.rb +81 -0
- data/lib/aws_recon/collectors/redshift.rb +40 -0
- data/lib/aws_recon/collectors/route53.rb +28 -0
- data/lib/aws_recon/collectors/route53domains.rb +25 -0
- data/lib/aws_recon/collectors/s3.rb +80 -0
- data/lib/aws_recon/collectors/sagemaker.rb +25 -0
- data/lib/aws_recon/collectors/servicequotas.rb +44 -0
- data/lib/aws_recon/collectors/ses.rb +28 -0
- data/lib/aws_recon/collectors/shield.rb +67 -0
- data/lib/aws_recon/collectors/sns.rb +38 -0
- data/lib/aws_recon/collectors/sqs.rb +28 -0
- data/lib/aws_recon/collectors/ssm.rb +41 -0
- data/lib/aws_recon/collectors/support.rb +43 -0
- data/lib/aws_recon/collectors/transfer.rb +24 -0
- data/lib/aws_recon/collectors/wafv2.rb +49 -0
- data/lib/aws_recon/collectors/workspaces.rb +24 -0
- data/lib/aws_recon/collectors/xray.rb +19 -0
- data/lib/aws_recon/lib/formatter.rb +32 -0
- data/lib/aws_recon/lib/mapper.rb +69 -0
- data/lib/aws_recon/options.rb +141 -0
- data/lib/aws_recon/services.yaml +134 -0
- data/lib/aws_recon/version.rb +3 -0
- data/readme.md +226 -0
- data/readme_gem.md +39 -0
- metadata +245 -0
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2020 Darkbit
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|
data/Rakefile
ADDED
data/aws_recon.gemspec
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
lib = File.expand_path('lib', __dir__)
|
4
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
5
|
+
require 'aws_recon/version'
|
6
|
+
|
7
|
+
Gem::Specification.new do |spec|
|
8
|
+
spec.name = 'aws_recon'
|
9
|
+
spec.version = AwsRecon::VERSION
|
10
|
+
spec.authors = ['Josh Larsen']
|
11
|
+
spec.required_ruby_version = '>= 2.5.0'
|
12
|
+
spec.summary = 'A multi-threaded AWS inventory collection tool.'
|
13
|
+
spec.description = spec.summary
|
14
|
+
spec.homepage = 'https://github.com/darkbitio/aws-recon'
|
15
|
+
spec.license = 'MIT'
|
16
|
+
|
17
|
+
# Specify which files should be added to the gem when it is released.
|
18
|
+
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
19
|
+
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
20
|
+
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
21
|
+
end
|
22
|
+
spec.bindir = 'bin'
|
23
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
24
|
+
spec.require_paths = ['lib']
|
25
|
+
|
26
|
+
spec.add_dependency 'aws-sdk', '~> 3.0'
|
27
|
+
spec.add_dependency 'parallel', '~> 1.19'
|
28
|
+
|
29
|
+
spec.add_development_dependency 'bundler', '~> 1.17'
|
30
|
+
spec.add_development_dependency 'gem-release', '~> 2.1'
|
31
|
+
spec.add_development_dependency 'rake', '~> 10.0'
|
32
|
+
spec.add_development_dependency 'minitest', '~> 5.0'
|
33
|
+
spec.add_development_dependency 'solargraph', '~> 0.39.11'
|
34
|
+
spec.add_development_dependency 'rubocop', '~> 0.87.1'
|
35
|
+
spec.add_development_dependency 'pry', '~> 0.13.1'
|
36
|
+
end
|
data/bin/aws_recon
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "aws_recon"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start(__FILE__)
|
data/bin/setup
ADDED
data/lib/aws_recon.rb
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module AwsRecon
|
4
|
+
end
|
5
|
+
|
6
|
+
require 'parallel'
|
7
|
+
require 'ostruct'
|
8
|
+
require 'optparse'
|
9
|
+
require 'yaml'
|
10
|
+
require 'csv'
|
11
|
+
require 'pry'
|
12
|
+
require 'aws-sdk'
|
13
|
+
require 'aws_recon/options.rb'
|
14
|
+
require 'aws_recon/lib/mapper.rb'
|
15
|
+
require 'aws_recon/lib/formatter.rb'
|
16
|
+
require 'aws_recon/collectors/collectors.rb'
|
17
|
+
|
18
|
+
require 'aws_recon/version'
|
19
|
+
require 'aws_recon/aws_recon'
|
@@ -0,0 +1,115 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
SERVICES_CONFIG_FILE = File.join(File.dirname(__FILE__), 'services.yaml').freeze
|
4
|
+
|
5
|
+
module AwsRecon
|
6
|
+
class CLI
|
7
|
+
# parse options
|
8
|
+
@options = Parser.parse ARGV.length < 1 ? %w[-h] : ARGV
|
9
|
+
|
10
|
+
# timing
|
11
|
+
starting = Process.clock_gettime(Process::CLOCK_MONOTONIC)
|
12
|
+
|
13
|
+
# AWS account id
|
14
|
+
@account_id = Aws::STS::Client.new.get_caller_identity.account
|
15
|
+
|
16
|
+
# AWS services
|
17
|
+
aws_services = YAML.load(File.read(SERVICES_CONFIG_FILE), symbolize_names: true)
|
18
|
+
|
19
|
+
# User config services
|
20
|
+
if @options.config_file
|
21
|
+
user_config = YAML.load(File.read(@options.config_file), symbolize_names: true)
|
22
|
+
|
23
|
+
services = user_config[:services]
|
24
|
+
regions = user_config[:regions]
|
25
|
+
else
|
26
|
+
regions = @options.regions
|
27
|
+
services = @options.services
|
28
|
+
end
|
29
|
+
|
30
|
+
# collection
|
31
|
+
@resources = []
|
32
|
+
|
33
|
+
# formatter
|
34
|
+
@formatter = Formatter.new
|
35
|
+
|
36
|
+
unless @options.stream_output
|
37
|
+
puts "\nStarting collection with #{@options.threads} threads...\n"
|
38
|
+
end
|
39
|
+
|
40
|
+
#
|
41
|
+
# collector wrapper
|
42
|
+
#
|
43
|
+
def collect(service, region)
|
44
|
+
mapper = Object.const_get(service.name)
|
45
|
+
resources = mapper.new(service.name, region, @options)
|
46
|
+
|
47
|
+
collection = resources.collect.map do |resource|
|
48
|
+
if @options.output_format == 'custom'
|
49
|
+
@formatter.custom(@account_id, region, service, resource)
|
50
|
+
else
|
51
|
+
@formatter.aws(@account_id, region, service, resource)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
# write resources to stdout
|
56
|
+
if @options.stream_output
|
57
|
+
collection.each do |item|
|
58
|
+
puts item.to_json
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
# add resources to resources array for output to file
|
63
|
+
@resources.concat(collection) if @options.output_file
|
64
|
+
end
|
65
|
+
|
66
|
+
#
|
67
|
+
# main wrapper
|
68
|
+
#
|
69
|
+
def start
|
70
|
+
#
|
71
|
+
# global services
|
72
|
+
#
|
73
|
+
aws_services.map { |x| OpenStruct.new(x) }.filter { |s| s.global }.each do |service|
|
74
|
+
# user included this service in the args
|
75
|
+
next unless services.include?(service.name)
|
76
|
+
|
77
|
+
# user did not exclude 'global'
|
78
|
+
next unless regions.include?('global')
|
79
|
+
|
80
|
+
collect(service, 'global')
|
81
|
+
end
|
82
|
+
|
83
|
+
#
|
84
|
+
# regional services
|
85
|
+
#
|
86
|
+
regions.filter { |x| x != 'global' }.each do |region|
|
87
|
+
Parallel.map(aws_services.map { |x| OpenStruct.new(x) }.filter { |s| !s.global }.each, in_threads: @options.threads) do |service|
|
88
|
+
# some services aren't available in some regions
|
89
|
+
skip_region = service&.excluded_regions&.include?(region)
|
90
|
+
|
91
|
+
# user included this region in the args
|
92
|
+
next unless regions.include?(region) && !skip_region
|
93
|
+
|
94
|
+
# user included this service in the args
|
95
|
+
next unless services.include?(service.name) || services.include?(service.alias) # rubocop:disable Layout/LineLength
|
96
|
+
|
97
|
+
collect(service, region)
|
98
|
+
end
|
99
|
+
end
|
100
|
+
rescue Interrupt # ctrl-c
|
101
|
+
elapsed = Process.clock_gettime(Process::CLOCK_MONOTONIC) - starting
|
102
|
+
|
103
|
+
puts "\nStopped early after \x1b[32m#{elapsed.to_i}\x1b[0m seconds.\n"
|
104
|
+
ensure
|
105
|
+
# write output file
|
106
|
+
if @options.output_file
|
107
|
+
elapsed = Process.clock_gettime(Process::CLOCK_MONOTONIC) - starting
|
108
|
+
|
109
|
+
puts "\nFinished in \x1b[32m#{elapsed.to_i}\x1b[0m seconds. Saving resources to \x1b[32m#{@options.output_file}\x1b[0m.\n\n"
|
110
|
+
|
111
|
+
File.write(@options.output_file, @resources.to_json)
|
112
|
+
end
|
113
|
+
end
|
114
|
+
end
|
115
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
class ACM < Mapper
|
2
|
+
#
|
3
|
+
# Returns an array of resources.
|
4
|
+
#
|
5
|
+
def collect
|
6
|
+
resources = []
|
7
|
+
|
8
|
+
#
|
9
|
+
# list_certificates
|
10
|
+
#
|
11
|
+
@client.list_certificates.each_with_index do |response, page|
|
12
|
+
log(response.context.operation_name, page)
|
13
|
+
|
14
|
+
response.certificate_summary_list.each do |cert|
|
15
|
+
log(response.context.operation_name, cert.domain_name, page)
|
16
|
+
|
17
|
+
struct = OpenStruct.new(cert.to_h)
|
18
|
+
struct.type = 'certificate'
|
19
|
+
struct.arn = cert.certificate_arn
|
20
|
+
|
21
|
+
# describe_certificate
|
22
|
+
struct.details = @client
|
23
|
+
.describe_certificate({ certificate_arn: cert.certificate_arn })
|
24
|
+
.certificate.to_h
|
25
|
+
|
26
|
+
resources.push(struct.to_h)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
resources
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
class APIGateway < Mapper
|
2
|
+
#
|
3
|
+
# Returns an array of resources.
|
4
|
+
#
|
5
|
+
def collect
|
6
|
+
resources = []
|
7
|
+
|
8
|
+
#
|
9
|
+
# get_rest_apis
|
10
|
+
#
|
11
|
+
@client.get_rest_apis.each_with_index do |response, page|
|
12
|
+
log(response.context.operation_name, page)
|
13
|
+
|
14
|
+
response.items.each do |api|
|
15
|
+
struct = OpenStruct.new(api.to_h)
|
16
|
+
struct.type = 'api'
|
17
|
+
struct.arn = api.id
|
18
|
+
|
19
|
+
# get_authorizers
|
20
|
+
struct.authorizers = @client.get_authorizers({ rest_api_id: api.id }).items.map(&:to_h)
|
21
|
+
|
22
|
+
# get_stages
|
23
|
+
struct.stages = @client.get_stages({ rest_api_id: api.id }).item.map(&:to_h)
|
24
|
+
|
25
|
+
# get_models
|
26
|
+
struct.models = @client.get_models({ rest_api_id: api.id }).items.map(&:to_h)
|
27
|
+
|
28
|
+
# get_resources
|
29
|
+
struct.resources = @client.get_resources({ rest_api_id: api.id }).items.map(&:to_h)
|
30
|
+
|
31
|
+
resources.push(struct.to_h)
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
# get_domain_names
|
36
|
+
@client.get_domain_names.each_with_index do |response, page|
|
37
|
+
log(response.context.operation_name, page)
|
38
|
+
|
39
|
+
response.items.each do |domain|
|
40
|
+
struct = OpenStruct.new(domain.to_h)
|
41
|
+
struct.type = 'domain'
|
42
|
+
struct.arn = domain.domain_name
|
43
|
+
|
44
|
+
resources.push(struct.to_h)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
resources
|
49
|
+
end
|
50
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
class ApiGatewayV2 < Mapper
|
2
|
+
#
|
3
|
+
# Returns an array of resources.
|
4
|
+
#
|
5
|
+
def collect
|
6
|
+
resources = []
|
7
|
+
|
8
|
+
#
|
9
|
+
# get_apis
|
10
|
+
#
|
11
|
+
@client.get_apis.each_with_index do |response, page|
|
12
|
+
log(response.context.operation_name, page)
|
13
|
+
|
14
|
+
response.items.each do |api|
|
15
|
+
struct = OpenStruct.new(api.to_h)
|
16
|
+
struct.type = 'api'
|
17
|
+
struct.arn = api.api_id
|
18
|
+
|
19
|
+
# get_authorizers
|
20
|
+
struct.authorizers = @client.get_authorizers({ api_id: api.api_id }).items.map(&:to_h)
|
21
|
+
|
22
|
+
# get_stages
|
23
|
+
struct.stages = @client.get_stages({ api_id: api.api_id }).items.map(&:to_h)
|
24
|
+
|
25
|
+
# get_models
|
26
|
+
struct.models = @client.get_models({ api_id: api.api_id }).items.map(&:to_h)
|
27
|
+
|
28
|
+
# get_deployments
|
29
|
+
struct.deployments = @client.get_deployments({ api_id: api.api_id }).items.map(&:to_h)
|
30
|
+
|
31
|
+
resources.push(struct.to_h)
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
resources
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
class Athena < Mapper
|
2
|
+
#
|
3
|
+
# Returns an array of resources.
|
4
|
+
#
|
5
|
+
def collect
|
6
|
+
resources = []
|
7
|
+
|
8
|
+
#
|
9
|
+
# list_work_groups
|
10
|
+
#
|
11
|
+
@client.list_work_groups.each_with_index do |response, page|
|
12
|
+
log(response.context.operation_name, page)
|
13
|
+
|
14
|
+
response.work_groups.each do |workgroup|
|
15
|
+
struct = OpenStruct.new(workgroup.to_h)
|
16
|
+
struct.type = 'workgroup'
|
17
|
+
struct.arn = "arn:aws:athena:#{@region}::workgroup/#{workgroup.name}"
|
18
|
+
|
19
|
+
# get_work_group
|
20
|
+
struct.details = @client.get_work_group({ work_group: workgroup.name }).to_h
|
21
|
+
|
22
|
+
resources.push(struct.to_h)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
resources
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
class AutoScaling < Mapper
|
2
|
+
#
|
3
|
+
# Returns an array of resources.
|
4
|
+
#
|
5
|
+
def collect
|
6
|
+
resources = []
|
7
|
+
|
8
|
+
#
|
9
|
+
# describe_auto_scaling_groups
|
10
|
+
#
|
11
|
+
@client.describe_auto_scaling_groups.each_with_index do |response, page|
|
12
|
+
log(response.context.operation_name, page)
|
13
|
+
|
14
|
+
response.auto_scaling_groups.each do |asg|
|
15
|
+
struct = OpenStruct.new(asg.to_h)
|
16
|
+
struct.type = 'auto_scaling_group'
|
17
|
+
struct.arn = asg.auto_scaling_group_arn
|
18
|
+
struct.policies = []
|
19
|
+
|
20
|
+
# describe_policies
|
21
|
+
@client.describe_policies({ auto_scaling_group_name: asg.auto_scaling_group_name }).each_with_index do |response, page|
|
22
|
+
log(response.context.operation_name, page)
|
23
|
+
|
24
|
+
response.scaling_policies.each do |policy|
|
25
|
+
struct.policies.push(policy.to_h)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
resources.push(struct.to_h)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
resources
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
class CloudFormation < Mapper
|
2
|
+
#
|
3
|
+
# Returns an array of resources.
|
4
|
+
#
|
5
|
+
def collect
|
6
|
+
resources = []
|
7
|
+
|
8
|
+
#
|
9
|
+
# describe_stacks
|
10
|
+
#
|
11
|
+
@client.describe_stacks.each_with_index do |response, page|
|
12
|
+
log(response.context.operation_name, page)
|
13
|
+
|
14
|
+
response.stacks.each do |stack|
|
15
|
+
struct = OpenStruct.new(stack.to_h)
|
16
|
+
struct.type = 'stack'
|
17
|
+
struct.arn = stack.stack_id
|
18
|
+
|
19
|
+
# get_template
|
20
|
+
struct.tempate = @client.get_template({ stack_name: stack.stack_name }).to_h
|
21
|
+
log(response.context.operation_name, 'get_template', stack.stack_name)
|
22
|
+
|
23
|
+
resources.push(struct.to_h)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
resources
|
28
|
+
end
|
29
|
+
end
|