aws_recon 0.2.1

data/lib/aws_recon/collectors/ecr.rb

@@ -0,0 +1,39 @@
+class ECR < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+
+    #
+    # describe_repositories
+    #
+    @client.describe_repositories.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.repositories.each do |repo|
+        struct = OpenStruct.new(repo.to_h)
+        struct.type = 'repository'
+        struct.arn = repo.repository_arn
+        struct.policy = @client
+                        .get_repository_policy({ repository_name: repo.repository_name }).to_h
+
+      rescue Aws::ECR::Errors::ServiceError => e
+        raise e unless suppressed_errors.include?(e.code)
+      ensure
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+
+  private
+
+  # not an error
+  def suppressed_errors
+    %w[
+      RepositoryPolicyNotFoundException
+    ]
+  end
+end

data/lib/aws_recon/collectors/ecs.rb

@@ -0,0 +1,40 @@
+class ECS < Mapper
+  #
+  # Returns an array of resources.
+  #
+  # TODO: test live
+  #
+  def collect
+    resources = []
+
+    #
+    # describe_clusters
+    #
+    @client.describe_clusters.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.clusters.each do |cluster|
+        struct = OpenStruct.new(cluster.to_h)
+        struct.type = 'cluster'
+        struct.arn = cluster.cluster_arn
+        struct.tasks = []
+
+        # list_tasks
+        @client.list_tasks({ cluster: cluster.cluster_arn }).each_with_index do |response, page|
+          log(response.context.operation_name, 'list_tasks', page)
+
+          # describe_tasks
+          response.task_arns.each do |task_arn|
+            @client.describe_tasks({ cluster: cluster.cluster_arn, tasks: [task_arn] }).tasks.each do |task|
+              struct.tasks.push(task)
+            end
+          end
+        end
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/efs.rb

@@ -0,0 +1,25 @@
+class EFS < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+
+    #
+    # describe_file_systems
+    #
+    @client.describe_file_systems.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.file_systems.each do |filesystem|
+        struct = OpenStruct.new(filesystem.to_h)
+        struct.type = 'filesystem'
+        struct.arn = filesystem.file_system_arn
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/eks.rb

@@ -0,0 +1,36 @@
+class EKS < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+
+    #
+    # list_clusters
+    #
+    @client.list_clusters.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      # describe_cluster
+      response.clusters.each do |cluster|
+        struct = OpenStruct.new(@client.describe_cluster({ name: cluster }).cluster.to_h)
+        struct.type = 'cluster'
+        struct.nodegroups = []
+
+        # list_nodegroups
+        @client.list_nodegroups({ cluster_name: cluster }).each_with_index do |response, page|
+          log(response.context.operation_name, 'list_nodegroups', page)
+
+          # describe_nodegroup
+          response.nodegroups.each do |nodegroup|
+            struct.nodegroups.push(@client.describe_nodegroup({ cluster_name: cluster, nodegroup_name: nodegroup }).nodegroup.to_h)
+          end
+        end
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/elasticloadbalancing.rb

@@ -0,0 +1,41 @@
+class ElasticLoadBalancing < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+
+    #
+    # describe_load_balancers
+    #
+    @client.describe_load_balancers.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.load_balancer_descriptions.each do |elb|
+        struct = OpenStruct.new(elb.to_h)
+        struct.type = 'load_balancer'
+        struct.arn = elb.dns_name
+
+        # describe_load_balancer_policies
+        struct.policies = @client
+                          .describe_load_balancer_policies({ load_balancer_name: elb.load_balancer_name })
+                          .policy_descriptions.map(&:to_h)
+
+        # describe_load_balancer_attributes
+        struct.attributes = @client
+                            .describe_load_balancer_attributes({ load_balancer_name: elb.load_balancer_name })
+                            .load_balancer_attributes.to_h
+
+        # describe_tags
+        struct.tags = @client
+                      .describe_tags({ load_balancer_names: [elb.load_balancer_name] })
+                      .tag_descriptions.map(&:tags)
+                      .flatten.map(&:to_h)
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/elasticloadbalancingv2.rb

@@ -0,0 +1,63 @@
+class ElasticLoadBalancingV2 < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+
+    #
+    # describe_load_balancers
+    #
+    @client.describe_load_balancers.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.load_balancers.each do |elb|
+        struct = OpenStruct.new(elb.to_h)
+        struct.type = 'load_balancer'
+        struct.arn = elb.load_balancer_arn
+        struct.listeners = []
+        struct.target_groups = []
+
+        # describe_load_balancer_attributes
+        struct.attributes = @client
+                            .describe_load_balancer_attributes({ load_balancer_arn: elb.load_balancer_arn })
+                            .attributes.map(&:to_h)
+
+        # describe_tags
+        struct.tags = @client
+                      .describe_tags({ resource_arns: [elb.load_balancer_arn] })
+                      .tag_descriptions.map(&:tags)
+                      .flatten.map(&:to_h)
+
+        # describe_listeners
+        @client.describe_listeners({ load_balancer_arn: elb.load_balancer_arn }).each_with_index do |response, _page|
+          log(response.context.operation_name, page)
+
+          response.listeners.each do |listener|
+            struct.listeners.push(listener.to_h)
+          end
+        end
+
+        # describe_target_groups
+        @client.describe_target_groups({ load_balancer_arn: elb.load_balancer_arn }).each_with_index do |response, page|
+          log(response.context.operation_name, page)
+
+          response.target_groups.each do |target_group|
+            tg = OpenStruct.new(target_group.to_h)
+
+            # describe_target_health
+            tg.health_descriptions = @client
+                                     .describe_target_health({ target_group_arn: target_group.target_group_arn })
+                                     .target_health_descriptions.map(&:to_h)
+
+            struct.target_groups.push(tg.to_h)
+          end
+        end
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/elasticsearch.rb

@@ -0,0 +1,27 @@
+class ElasticsearchService < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+
+    #
+    # list_domain_names
+    #
+    @client.list_domain_names.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.domain_names.each do |domain|
+        log(response.context.operation_name, 'describe_elasticsearch_domain', page)
+
+        # describe_elasticsearch_domains
+        struct = OpenStruct.new(@client.describe_elasticsearch_domain({ domain_name: domain.domain_name }).domain_status.to_h)
+        struct.type = 'domain'
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/firehose.rb

@@ -0,0 +1,29 @@
+class Firehose < Mapper
+  #
+  # Returns an array of resources.
+  #
+  # TODO: test live
+  # TODO: confirm paging behavior
+  #
+  def collect
+    resources = []
+
+    #
+    # list_delivery_streams
+    #
+    @client.list_delivery_streams.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      # describe_delivery_stream
+      response.delivery_stream_names.each do |stream|
+        struct = OpenStruct.new(@client.describe_delivery_stream({ delivery_stream_name: stream }).delivery_stream_description.to_h)
+        struct.type = 'stream'
+        struct.arn = struct.delivery_stream_arn
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/guardduty.rb

@@ -0,0 +1,33 @@
+class GuardDuty < Mapper
+  #
+  # Returns an array of resources.
+  #
+  # TODO: test live
+  #
+  def collect
+    resources = []
+
+    #
+    # list_detectors
+    #
+    @client.list_detectors.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.detector_ids.each do |detector|
+        log(response.context.operation_name, 'get_detector', detector)
+
+        # get_detector
+        struct = OpenStruct.new(@client.get_detector({ detector_id: detector }).to_h)
+        struct.type = 'detector'
+        struct.arn = "arn:aws:guardduty:#{@region}:detector/#{detector}"
+
+        # get_master_account
+        struct.master_account = @client.get_master_account({ detector_id: detector }).to_h
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/iam.rb

@@ -0,0 +1,136 @@
+class IAM < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+
+    #
+    # get_account_authorization_details
+    #   list_mfa_devices
+    #   list_ssh_public_keys
+    #
+    @client.get_account_authorization_details.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      # users
+      response.user_detail_list.each do |user|
+        struct = OpenStruct.new(user.to_h)
+        struct.type = 'user'
+        struct.mfa_devices = @client.list_mfa_devices({ user_name: user.user_name }).mfa_devices.map(&:to_h)
+        struct.ssh_keys = @client.list_ssh_public_keys({ user_name: user.user_name }).ssh_public_keys.map(&:to_h)
+
+        resources.push(struct.to_h)
+      end
+
+      # groups
+      response.group_detail_list.each do |group|
+        struct = OpenStruct.new(group.to_h)
+        struct.type = 'group'
+
+        resources.push(struct.to_h)
+      end
+
+      # roles
+      response.role_detail_list.each do |role|
+        struct = OpenStruct.new(role.to_h)
+        struct.type = 'role'
+
+        resources.push(struct.to_h)
+      end
+
+      # polices
+      response.policies.each do |policy|
+        struct = OpenStruct.new(policy.to_h)
+        struct.type = 'policy'
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    #
+    # get_account_password_policy
+    #
+    @client.get_account_password_policy.each do |response|
+      log(response.context.operation_name)
+
+      struct = OpenStruct.new(response.password_policy.to_h)
+      struct.type = 'password_policy'
+
+      resources.push(struct.to_h)
+    end
+
+    #
+    # get_account_summary
+    #
+    @client.get_account_summary.each do |response|
+      log(response.context.operation_name)
+
+      struct = OpenStruct.new(response.summary_map)
+      struct.type = 'account_summary'
+
+      resources.push(struct.to_h)
+    end
+
+    #
+    # list_server_certificates
+    #
+    @client.list_server_certificates.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.server_certificate_metadata_list.each do |cert|
+        struct = OpenStruct.new(cert)
+        struct.type = 'server_certificate'
+        struct.arn = cert.arn
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    #
+    # list_virtual_mfa_devices
+    #
+    @client.list_virtual_mfa_devices.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.virtual_mfa_devices.each do |mfa_device|
+        struct = OpenStruct.new(mfa_device.to_h)
+        struct.type = 'virtual_mfa_device'
+        struct.arn = mfa_device.serial_number
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    #
+    # get_credential_report
+    #
+    begin
+      @client.get_credential_report.each do |response|
+        log(response.context.operation_name)
+
+        struct = OpenStruct.new
+        struct.type = 'credential_report'
+        struct.content = CSV.parse(response.content, headers: :first_row).map(&:to_h)
+        struct.report_format = response.report_format
+        struct.generated_time = response.generated_time
+
+        resources.push(struct.to_h)
+      end
+    rescue Aws::IAM::Errors::ServiceError => e
+      log_error(e.code)
+      raise e unless suppressed_errors.include?(e.code)
+    end
+
+    resources
+  end
+
+  private
+
+  # not an error
+  def suppressed_errors
+    %w[
+      ReportNotPresent
+    ]
+  end
+end