aws_recon 0.2.13 → 0.2.18

Sign up to get free protection for your applications and to get access to all the features.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/docker-build.yml +1 -1
  3. data/lib/aws_recon.rb +3 -0
  4. data/lib/aws_recon/collectors/cloudtrail.rb +1 -0
  5. data/lib/aws_recon/collectors/ec2.rb +19 -0
  6. data/lib/aws_recon/collectors/lambda.rb +4 -0
  7. data/lib/aws_recon/collectors/s3.rb +7 -1
  8. data/lib/aws_recon/collectors/sns.rb +2 -0
  9. data/lib/aws_recon/collectors/sqs.rb +1 -1
  10. data/lib/aws_recon/collectors/ssm.rb +1 -1
  11. data/lib/aws_recon/lib/patch.rb +10 -0
  12. data/lib/aws_recon/version.rb +1 -1
  13. data/readme.md +3 -2
  14. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a7898588f7e210d1467a7778c88f4d9c63c1bf60383071fca0632157a3b865ad
4
- data.tar.gz: e7e61fdbe18430ea7f4409bc3a916723b6e2ea76103bb254537ea7b64836d421
3
+ metadata.gz: eda49a53171d4ca65cdead1238f92429a594e80a644a199eb5bbcccc13514671
4
+ data.tar.gz: 1fa1d7b45fe39c8ef90f49e31bebbf7a5c5569b524fc9a5aa0bfe08262d760fa
5
5
  SHA512:
6
- metadata.gz: ef31d6b755b2ca26f978ca16f7a3dff9f1db3d8f29c6ec5bfe3c2b2c0dbdccc965a4382bafbbe4fd778ec519c2406d829a48d2c174cca4a70808a1be7ce43fb5
7
- data.tar.gz: c1d132733f149b3a985e0093bbc2d504127556b352fbc687707c0e24d79395ca5f4098031c65efb5218e0ceea381551dae2e3c71cb7f78f9e92d8af3b5cccad3
6
+ metadata.gz: b68650f9efd7f4a522b5aa6240ddaba6d31837634b5d897361838fb17abab065fb756f8d5e9cd94480980fefdfd89317fabbcf1245add3e8fda83a2e5ccf259c
7
+ data.tar.gz: 85a2604470ec75b83cb82ad2829411fa6927183cba241a6fb72ed409c0ee277443101f999cf883620d056ee90d13edbb3e84787e1e37dde415670a9ff196bdb0
data/.github/workflows/docker-build.yml CHANGED
@@ -4,7 +4,7 @@ on:
4
4
  push:
5
5
  branches: build
6
6
  paths:
7
- - 'lib/aws_recon/version.rb '
7
+ - 'lib/aws_recon/version.rb'
8
8
 
9
9
  jobs:
10
10
  docker-build:
data/lib/aws_recon.rb CHANGED
@@ -3,6 +3,9 @@
3
3
  module AwsRecon
4
4
  end
5
5
 
6
+ require 'aws_recon/lib/patch.rb'
7
+ String.include PolicyStringParser
8
+
6
9
  require 'parallel'
7
10
  require 'ostruct'
8
11
  require 'optparse'
data/lib/aws_recon/collectors/cloudtrail.rb CHANGED
@@ -21,6 +21,7 @@ class CloudTrail < Mapper
21
21
  struct = OpenStruct.new(trail.to_h)
22
22
  struct.tags = client.list_tags({ resource_id_list: [trail.trail_arn] }).resource_tag_list.first.tags_list
23
23
  struct.type = 'cloud_trail'
24
+ struct.event_selectors = client.get_event_selectors({ trail_name: trail.name }).to_h
24
25
  struct.status = client.get_trail_status({ name: trail.name }).to_h
25
26
  struct.arn = trail.trail_arn
26
27
 
data/lib/aws_recon/collectors/ec2.rb CHANGED
@@ -175,6 +175,21 @@ class EC2 < Mapper
175
175
  end
176
176
  end
177
177
 
178
+ #
179
+ # describe_internet_gateways
180
+ #
181
+ @client.describe_internet_gateways.each_with_index do |response, page|
182
+ log(response.context.operation_name, page)
183
+
184
+ response.internet_gateways.each do |gateway|
185
+ struct = OpenStruct.new(gateway.to_h)
186
+ struct.type = 'internet_gateway'
187
+ struct.arn = gateway.internet_gateway_id # no true ARN
188
+
189
+ resources.push(struct.to_h)
190
+ end
191
+ end
192
+
178
193
  #
179
194
  # describe_route_tables
180
195
  #
@@ -215,6 +230,10 @@ class EC2 < Mapper
215
230
  struct = OpenStruct.new(snapshot.to_h)
216
231
  struct.type = 'snapshot'
217
232
  struct.arn = snapshot.snapshot_id # no true ARN
233
+ struct.create_volume_permissions = @client.describe_snapshot_attribute({
234
+ attribute: 'createVolumePermission',
235
+ snapshot_id: snapshot.snapshot_id
236
+ }).create_volume_permissions.map(&:to_h)
218
237
 
219
238
  resources.push(struct.to_h)
220
239
  end
data/lib/aws_recon/collectors/lambda.rb CHANGED
@@ -12,7 +12,11 @@ class Lambda < Mapper
12
12
  struct = OpenStruct.new(function)
13
13
  struct.type = 'function'
14
14
  struct.arn = function.function_arn
15
+ struct.policy = @client.get_policy({ function_name: function.function_name }).policy.parse_policy
15
16
 
17
+ rescue Aws::Lambda::Errors::ResourceNotFoundException => e
18
+ log_error(e.code)
19
+ ensure
16
20
  resources.push(struct.to_h)
17
21
  end
18
22
  end
data/lib/aws_recon/collectors/s3.rb CHANGED
@@ -29,16 +29,20 @@ class S3 < Mapper
29
29
  # to create a bucket, you must set the location_constraint
30
30
  # bucket parameter to the same region. (https://docs.aws.amazon.com/general/latest/gr/s3.html)
31
31
  client = if location.empty?
32
+ struct.location = 'us-east-1'
32
33
  @client
33
34
  else
35
+ struct.location = location
34
36
  Aws::S3::Client.new({ region: location })
35
37
  end
36
38
 
37
39
  operations = [
38
40
  { func: 'get_bucket_acl', key: 'acl', field: nil },
39
41
  { func: 'get_bucket_encryption', key: 'encryption', field: 'server_side_encryption_configuration' },
42
+ { func: 'get_bucket_replication', key: 'replication', field: 'replication_configuration' },
40
43
  { func: 'get_bucket_policy', key: 'policy', field: 'policy' },
41
44
  { func: 'get_bucket_policy_status', key: 'public', field: 'policy_status' },
45
+ { func: 'get_public_access_block', key: 'public_access_block', field: 'public_access_block_configuration' },
42
46
  { func: 'get_bucket_tagging', key: 'tagging', field: nil },
43
47
  { func: 'get_bucket_logging', key: 'logging', field: 'logging_enabled' },
44
48
  { func: 'get_bucket_versioning', key: 'versioning', field: nil },
@@ -51,7 +55,7 @@ class S3 < Mapper
51
55
  resp = client.send(op.func, { bucket: bucket.name })
52
56
 
53
57
  struct[op.key] = if op.key == 'policy'
54
- resp.policy.string
58
+ JSON.parse(CGI.unescape(resp.policy.string))
55
59
  else
56
60
  op.field ? resp.send(op.field).to_h : resp.to_h
57
61
  end
@@ -77,6 +81,8 @@ class S3 < Mapper
77
81
  NoSuchBucketPolicy
78
82
  NoSuchTagSet
79
83
  NoSuchWebsiteConfiguration
84
+ ReplicationConfigurationNotFoundError
85
+ NoSuchPublicAccessBlockConfiguration
80
86
  ]
81
87
  end
82
88
  end
data/lib/aws_recon/collectors/sns.rb CHANGED
@@ -18,6 +18,8 @@ class SNS < Mapper
18
18
  struct = OpenStruct.new(@client.get_topic_attributes({ topic_arn: topic.topic_arn }).attributes.to_h)
19
19
  struct.type = 'topic'
20
20
  struct.arn = topic.topic_arn
21
+ struct.policy = JSON.parse(CGI.unescape(struct.Policy))
22
+ struct.effective_delivery_policy = JSON.parse(CGI.unescape(struct.EffectiveDeliveryPolicy))
21
23
  struct.subscriptions = []
22
24
 
23
25
  # list_subscriptions_by_topic
data/lib/aws_recon/collectors/sqs.rb CHANGED
@@ -18,7 +18,7 @@ class SQS < Mapper
18
18
  struct = OpenStruct.new(@client.get_queue_attributes({ queue_url: queue, attribute_names: ['All'] }).attributes.to_h)
19
19
  struct.type = 'queue'
20
20
  struct.arn = struct.QueueArn
21
- struct.Policy = JSON.parse(CGI.unescape(struct.Policy))
21
+ struct.policy = JSON.parse(CGI.unescape(struct.Policy))
22
22
 
23
23
  resources.push(struct.to_h)
24
24
  end
data/lib/aws_recon/collectors/ssm.rb CHANGED
@@ -30,7 +30,7 @@ class SSM < Mapper
30
30
  struct = OpenStruct.new(parameter.to_h)
31
31
  struct.string_type = parameter.type
32
32
  struct.type = 'parameter'
33
- struct.arn = "arn:aws:#{@service}:#{@region}::parameter/#{parameter.name}"
33
+ struct.arn = "arn:aws:#{@service}:#{@region}::parameter:#{parameter.name}"
34
34
 
35
35
  resources.push(struct.to_h)
36
36
  end
data/lib/aws_recon/lib/patch.rb ADDED
@@ -0,0 +1,10 @@
1
+ #
2
+ # Parse and unescape AWS policy document string
3
+ #
4
+ module PolicyStringParser
5
+ def parse_policy
6
+ JSON.parse(CGI.unescape(self))
7
+ rescue StandardError
8
+ nil
9
+ end
10
+ end
data/lib/aws_recon/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AwsRecon
2
- VERSION = "0.2.13"
2
+ VERSION = "0.2.18"
3
3
  end
data/readme.md CHANGED
@@ -1,5 +1,5 @@
1
- ![smoke-test](https://github.com/darkbitio/aws-recon/workflows/smoke-test/badge.svg)
2
- [![Gem Version](https://badge.fury.io/rb/aws_recon.svg)](https://badge.fury.io/rb/aws_recon)
1
+ [![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/darkbitio/aws-recon/smoke-test/main)](https://github.com/darkbitio/aws-recon/actions?query=branch%3Amain)
2
+ [![Gem Version](https://badge.fury.io/rb/aws_recon.svg)](https://rubygems.org/gems/aws_recon)
3
3
 
4
4
  # AWS Recon
5
5
 
@@ -222,6 +222,7 @@ Current "coverage" by service is listed below. The services without coverage wil
222
222
 
223
223
  AWS Recon aims to collect all resources and metadata that are relevant in determining the security posture of your AWS account(s). However, it does not actually examine the resources for security posture - that is the job of other tools that take the output of AWS Recon as input.
224
224
 
225
+ - [x] AccessAnalyzer
225
226
  - [x] AdvancedShield
226
227
  - [x] Athena
227
228
  - [x] GuardDuty
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws_recon
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.13
4
+ version: 0.2.18
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Larsen
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2020-11-18 00:00:00.000000000 Z
12
+ date: 2020-11-25 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: aws-sdk
@@ -235,6 +235,7 @@ files:
235
235
  - lib/aws_recon/collectors/xray.rb
236
236
  - lib/aws_recon/lib/formatter.rb
237
237
  - lib/aws_recon/lib/mapper.rb
238
+ - lib/aws_recon/lib/patch.rb
238
239
  - lib/aws_recon/options.rb
239
240
  - lib/aws_recon/services.yaml
240
241
  - lib/aws_recon/version.rb