aws_recon 0.2.27 → 0.2.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws_recon/collectors/accessanalyzer.rb +5 -0
- data/lib/aws_recon/collectors/acm.rb +5 -0
- data/lib/aws_recon/collectors/apigateway.rb +5 -0
- data/lib/aws_recon/collectors/apigatewayv2.rb +5 -0
- data/lib/aws_recon/collectors/applicationautoscaling.rb +5 -0
- data/lib/aws_recon/collectors/athena.rb +5 -0
- data/lib/aws_recon/collectors/autoscaling.rb +5 -0
- data/lib/aws_recon/collectors/backup.rb +5 -0
- data/lib/aws_recon/collectors/cloudformation.rb +5 -0
- data/lib/aws_recon/collectors/cloudfront.rb +5 -0
- data/lib/aws_recon/collectors/cloudtrail.rb +6 -1
- data/lib/aws_recon/collectors/cloudwatch.rb +6 -0
- data/lib/aws_recon/collectors/cloudwatchlogs.rb +5 -0
- data/lib/aws_recon/collectors/codebuild.rb +5 -0
- data/lib/aws_recon/collectors/codepipeline.rb +6 -3
- data/lib/aws_recon/collectors/configservice.rb +6 -1
- data/lib/aws_recon/collectors/directconnect.rb +5 -0
- data/lib/aws_recon/collectors/{directyservice.rb → directoryservice.rb} +5 -0
- data/lib/aws_recon/collectors/dms.rb +5 -0
- data/lib/aws_recon/collectors/dynamodb.rb +5 -0
- data/lib/aws_recon/collectors/ec2.rb +8 -5
- data/lib/aws_recon/collectors/ecr.rb +6 -3
- data/lib/aws_recon/collectors/ecs.rb +5 -2
- data/lib/aws_recon/collectors/efs.rb +5 -0
- data/lib/aws_recon/collectors/eks.rb +5 -0
- data/lib/aws_recon/collectors/elasticache.rb +5 -0
- data/lib/aws_recon/collectors/elasticloadbalancing.rb +6 -0
- data/lib/aws_recon/collectors/elasticloadbalancingv2.rb +7 -0
- data/lib/aws_recon/collectors/elasticsearch.rb +6 -0
- data/lib/aws_recon/collectors/emr.rb +5 -0
- data/lib/aws_recon/collectors/firehose.rb +5 -0
- data/lib/aws_recon/collectors/guardduty.rb +5 -2
- data/lib/aws_recon/collectors/iam.rb +8 -7
- data/lib/aws_recon/collectors/kafka.rb +5 -0
- data/lib/aws_recon/collectors/kinesis.rb +5 -0
- data/lib/aws_recon/collectors/kms.rb +7 -4
- data/lib/aws_recon/collectors/lambda.rb +5 -0
- data/lib/aws_recon/collectors/lightsail.rb +5 -0
- data/lib/aws_recon/collectors/organizations.rb +6 -3
- data/lib/aws_recon/collectors/redshift.rb +5 -0
- data/lib/aws_recon/collectors/route53.rb +5 -0
- data/lib/aws_recon/collectors/route53domains.rb +5 -0
- data/lib/aws_recon/collectors/secretsmanager.rb +5 -0
- data/lib/aws_recon/collectors/securityhub.rb +6 -3
- data/lib/aws_recon/collectors/servicequotas.rb +6 -3
- data/lib/aws_recon/collectors/ses.rb +5 -0
- data/lib/aws_recon/collectors/shield.rb +7 -4
- data/lib/aws_recon/collectors/sns.rb +5 -0
- data/lib/aws_recon/collectors/sqs.rb +5 -0
- data/lib/aws_recon/collectors/ssm.rb +5 -0
- data/lib/aws_recon/collectors/support.rb +6 -3
- data/lib/aws_recon/collectors/transfer.rb +5 -0
- data/lib/aws_recon/collectors/wafv2.rb +5 -0
- data/lib/aws_recon/collectors/workspaces.rb +5 -0
- data/lib/aws_recon/collectors/xray.rb +5 -0
- data/lib/aws_recon/lib/patch.rb +2 -0
- data/lib/aws_recon/options.rb +5 -6
- data/lib/aws_recon/version.rb +1 -1
- data/readme.md +10 -7
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a38b9447d93b385f4baa0c125bffad8b671eebac31f7cfff780ed0101c8e8c1c
|
|
4
|
+
data.tar.gz: 1cb26df32d2afee35ed0cbd8f4ce5eb3552a702f9e52806e2ecdb6c0278548ab
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e4a8304dc4ea439685262c8a34cb0861a58a7eee3c741f11fabd4de2bcf8d36a4d1ce1b2ca45746e0a5625f35a80c21d710d5c1bdc2e6cf77ac3e23f9406cd9f
|
|
7
|
+
data.tar.gz: ed1bdeed23d927ce54aaca5d7b795c03a3b7931870aa82fd14a9017cbab1a21aa23d736d3fcd915c446bbce4fcd36b07e11735c5b2aa75784926e97eb0943be7
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect CloudTrail resources
|
|
5
|
+
#
|
|
1
6
|
class CloudTrail < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -19,7 +24,7 @@ class CloudTrail < Mapper
|
|
|
19
24
|
end
|
|
20
25
|
|
|
21
26
|
struct = OpenStruct.new(trail.to_h)
|
|
22
|
-
struct.tags = client.list_tags({ resource_id_list: [trail.trail_arn] }).resource_tag_list.first.tags_list
|
|
27
|
+
struct.tags = client.list_tags({ resource_id_list: [trail.trail_arn] }).resource_tag_list.first.tags_list.map(&:to_h)
|
|
23
28
|
struct.type = 'cloud_trail'
|
|
24
29
|
struct.event_selectors = client.get_event_selectors({ trail_name: trail.name }).to_h
|
|
25
30
|
struct.status = client.get_trail_status({ name: trail.name }).to_h
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect CloudWatch resources
|
|
5
|
+
#
|
|
1
6
|
class CloudWatch < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -23,6 +28,7 @@ class CloudWatch < Mapper
|
|
|
23
28
|
struct = OpenStruct.new(alarm.to_h)
|
|
24
29
|
struct.type = 'metric_alarm'
|
|
25
30
|
struct.arn = alarm.alarm_arn
|
|
31
|
+
struct.state_reason_data = alarm.state_reason_data&.parse_policy
|
|
26
32
|
|
|
27
33
|
resources.push(struct.to_h)
|
|
28
34
|
end
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect CodePipeline resources
|
|
5
|
+
#
|
|
1
6
|
class CodePipeline < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -25,9 +30,7 @@ class CodePipeline < Mapper
|
|
|
25
30
|
rescue Aws::CodePipeline::Errors::ServiceError => e
|
|
26
31
|
log_error(e.code)
|
|
27
32
|
|
|
28
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
29
|
-
raise e
|
|
30
|
-
end
|
|
33
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
31
34
|
end
|
|
32
35
|
|
|
33
36
|
resources
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Config resources
|
|
5
|
+
#
|
|
1
6
|
class ConfigService < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -38,7 +43,7 @@ class ConfigService < Mapper
|
|
|
38
43
|
response.configuration_recorders.each do |recorder|
|
|
39
44
|
struct = OpenStruct.new(recorder.to_h)
|
|
40
45
|
struct.type = 'configuration_recorder'
|
|
41
|
-
struct.arn = "arn:aws:config:#{@region}:configuration_recorder/#{recorder.name}"
|
|
46
|
+
struct.arn = "arn:aws:config:#{@region}:#{@account}:configuration_recorder/#{recorder.name}"
|
|
42
47
|
|
|
43
48
|
# describe_configuration_recorder_status (only accepts one recorder)
|
|
44
49
|
@client.describe_configuration_recorder_status({ configuration_recorder_names: [recorder.name] }).each do |response|
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect EC2 resources
|
|
5
|
+
#
|
|
1
6
|
class EC2 < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -50,8 +55,8 @@ class EC2 < Mapper
|
|
|
50
55
|
log(response.context.operation_name, page)
|
|
51
56
|
|
|
52
57
|
# reservations
|
|
53
|
-
response.reservations.each_with_index do |reservation,
|
|
54
|
-
log(response.context.operation_name, 'reservations',
|
|
58
|
+
response.reservations.each_with_index do |reservation, rpage|
|
|
59
|
+
log(response.context.operation_name, 'reservations', rpage)
|
|
55
60
|
|
|
56
61
|
# instances
|
|
57
62
|
reservation.instances.each do |instance|
|
|
@@ -71,9 +76,7 @@ class EC2 < Mapper
|
|
|
71
76
|
if user_data_raw
|
|
72
77
|
user_data = Base64.decode64(user_data_raw)
|
|
73
78
|
|
|
74
|
-
if user_data.force_encoding('UTF-8').ascii_only?
|
|
75
|
-
struct.user_data = user_data
|
|
76
|
-
end
|
|
79
|
+
struct.user_data = user_data if user_data.force_encoding('UTF-8').ascii_only?
|
|
77
80
|
end
|
|
78
81
|
end
|
|
79
82
|
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect ECR resources
|
|
5
|
+
#
|
|
1
6
|
class ECR < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -21,9 +26,7 @@ class ECR < Mapper
|
|
|
21
26
|
rescue Aws::ECR::Errors::ServiceError => e
|
|
22
27
|
log_error(e.code)
|
|
23
28
|
|
|
24
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
25
|
-
raise e
|
|
26
|
-
end
|
|
29
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
27
30
|
ensure
|
|
28
31
|
resources.push(struct.to_h)
|
|
29
32
|
end
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect ELB resources
|
|
5
|
+
#
|
|
1
6
|
class ElasticLoadBalancing < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -15,6 +20,7 @@ class ElasticLoadBalancing < Mapper
|
|
|
15
20
|
struct = OpenStruct.new(elb.to_h)
|
|
16
21
|
struct.type = 'load_balancer'
|
|
17
22
|
struct.arn = elb.dns_name
|
|
23
|
+
struct.load_balancer_version = 'v1'
|
|
18
24
|
|
|
19
25
|
# describe_load_balancer_policies
|
|
20
26
|
struct.policies = @client
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect ELBv2 resources
|
|
5
|
+
#
|
|
1
6
|
class ElasticLoadBalancingV2 < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -15,6 +20,8 @@ class ElasticLoadBalancingV2 < Mapper
|
|
|
15
20
|
struct = OpenStruct.new(elb.to_h)
|
|
16
21
|
struct.type = 'load_balancer'
|
|
17
22
|
struct.arn = elb.load_balancer_arn
|
|
23
|
+
struct.load_balancer_version = 'v2'
|
|
24
|
+
struct.load_balancer_type = elb.type
|
|
18
25
|
struct.listeners = []
|
|
19
26
|
struct.target_groups = []
|
|
20
27
|
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect ElasticSearch resources
|
|
5
|
+
#
|
|
1
6
|
class ElasticsearchService < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -17,6 +22,7 @@ class ElasticsearchService < Mapper
|
|
|
17
22
|
# describe_elasticsearch_domains
|
|
18
23
|
struct = OpenStruct.new(@client.describe_elasticsearch_domain({ domain_name: domain.domain_name }).domain_status.to_h)
|
|
19
24
|
struct.type = 'domain'
|
|
25
|
+
struct.access_policies = struct.access_policies&.parse_policy
|
|
20
26
|
|
|
21
27
|
resources.push(struct.to_h)
|
|
22
28
|
end
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect IAM resources
|
|
5
|
+
#
|
|
1
6
|
class IAM < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -80,7 +85,7 @@ class IAM < Mapper
|
|
|
80
85
|
create_date: p.create_date
|
|
81
86
|
}
|
|
82
87
|
end
|
|
83
|
-
|
|
88
|
+
end
|
|
84
89
|
|
|
85
90
|
resources.push(struct.to_h)
|
|
86
91
|
end
|
|
@@ -102,9 +107,7 @@ class IAM < Mapper
|
|
|
102
107
|
rescue Aws::IAM::Errors::ServiceError => e
|
|
103
108
|
log_error(e.code)
|
|
104
109
|
|
|
105
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
106
|
-
raise e
|
|
107
|
-
end
|
|
110
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
108
111
|
end
|
|
109
112
|
|
|
110
113
|
#
|
|
@@ -187,9 +190,7 @@ class IAM < Mapper
|
|
|
187
190
|
rescue Aws::IAM::Errors::ServiceError => e
|
|
188
191
|
log_error(e.code)
|
|
189
192
|
|
|
190
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
191
|
-
raise e
|
|
192
|
-
end
|
|
193
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
193
194
|
end
|
|
194
195
|
|
|
195
196
|
resources
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect KMS resources
|
|
5
|
+
#
|
|
1
6
|
class KMS < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -30,9 +35,7 @@ class KMS < Mapper
|
|
|
30
35
|
rescue Aws::KMS::Errors::ServiceError => e
|
|
31
36
|
log_error(e.code)
|
|
32
37
|
|
|
33
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
34
|
-
raise e
|
|
35
|
-
end
|
|
38
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
36
39
|
end
|
|
37
40
|
|
|
38
41
|
# list_grants
|
|
@@ -48,7 +51,7 @@ class KMS < Mapper
|
|
|
48
51
|
log(response.context.operation_name, 'get_key_policy')
|
|
49
52
|
struct.policy = @client
|
|
50
53
|
.get_key_policy({ key_id: key.key_id, policy_name: 'default' })
|
|
51
|
-
.policy
|
|
54
|
+
.policy.parse_policy
|
|
52
55
|
|
|
53
56
|
# list_aliases
|
|
54
57
|
log(response.context.operation_name, 'list_aliases')
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Org resources
|
|
5
|
+
#
|
|
1
6
|
class Organizations < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -49,9 +54,7 @@ class Organizations < Mapper
|
|
|
49
54
|
rescue Aws::Organizations::Errors::ServiceError => e
|
|
50
55
|
log_error(e.code)
|
|
51
56
|
|
|
52
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
53
|
-
raise e
|
|
54
|
-
end
|
|
57
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
55
58
|
end
|
|
56
59
|
|
|
57
60
|
resources
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Security Hub resources
|
|
5
|
+
#
|
|
1
6
|
class SecurityHub < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -21,9 +26,7 @@ class SecurityHub < Mapper
|
|
|
21
26
|
rescue Aws::SecurityHub::Errors::ServiceError => e
|
|
22
27
|
log_error(e.code)
|
|
23
28
|
|
|
24
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
25
|
-
raise e
|
|
26
|
-
end
|
|
29
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
27
30
|
end
|
|
28
31
|
|
|
29
32
|
resources
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect ServiceQuota resources
|
|
5
|
+
#
|
|
1
6
|
class ServiceQuotas < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -28,9 +33,7 @@ class ServiceQuotas < Mapper
|
|
|
28
33
|
rescue Aws::ServiceQuotas::Errors::ServiceError => e
|
|
29
34
|
log_error(e.code, service)
|
|
30
35
|
|
|
31
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
32
|
-
raise e
|
|
33
|
-
end
|
|
36
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
34
37
|
end
|
|
35
38
|
|
|
36
39
|
resources
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Shield resources
|
|
5
|
+
#
|
|
1
6
|
class Shield < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -27,7 +32,7 @@ class Shield < Mapper
|
|
|
27
32
|
struct = OpenStruct.new
|
|
28
33
|
struct.type = 'contact_list'
|
|
29
34
|
struct.arn = "arn:aws:shield:#{@region}:#{@account}:contact_list"
|
|
30
|
-
struct.contacts = response
|
|
35
|
+
struct.contacts = response&.emergency_contact_list&.map(&:to_h)
|
|
31
36
|
|
|
32
37
|
resources.push(struct.to_h)
|
|
33
38
|
end
|
|
@@ -52,9 +57,7 @@ class Shield < Mapper
|
|
|
52
57
|
rescue Aws::Shield::Errors::ServiceError => e
|
|
53
58
|
log_error(e.code)
|
|
54
59
|
|
|
55
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
56
|
-
raise e
|
|
57
|
-
end
|
|
60
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
58
61
|
|
|
59
62
|
[] # no access or service isn't enabled
|
|
60
63
|
end
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Support resources
|
|
5
|
+
#
|
|
1
6
|
class Support < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -28,9 +33,7 @@ class Support < Mapper
|
|
|
28
33
|
rescue Aws::Support::Errors::ServiceError => e
|
|
29
34
|
log_error(e.code)
|
|
30
35
|
|
|
31
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
32
|
-
raise e
|
|
33
|
-
end
|
|
36
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
34
37
|
|
|
35
38
|
[] # no Support subscription
|
|
36
39
|
end
|
data/lib/aws_recon/lib/patch.rb
CHANGED
data/lib/aws_recon/options.rb
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
#
|
|
4
|
+
# Command line options parser
|
|
5
|
+
#
|
|
3
6
|
class Parser
|
|
4
7
|
DEFAULT_CONFIG_FILE = nil
|
|
5
8
|
DEFAULT_OUTPUT_FILE = File.expand_path(File.join(Dir.pwd, 'output.json')).freeze
|
|
@@ -97,16 +100,12 @@ class Parser
|
|
|
97
100
|
|
|
98
101
|
# output format
|
|
99
102
|
opts.on('-f', '--format [FORMAT]', 'Specify output format (default: aws)') do |file|
|
|
100
|
-
if %w[aws custom].include?(file.downcase)
|
|
101
|
-
args.output_format = file.downcase
|
|
102
|
-
end
|
|
103
|
+
args.output_format = file.downcase if %w[aws custom].include?(file.downcase)
|
|
103
104
|
end
|
|
104
105
|
|
|
105
106
|
# threads
|
|
106
107
|
opts.on('-t', '--threads [THREADS]', "Specify max threads (default: #{Parser::DEFAULT_THREADS}, max: 128)") do |threads|
|
|
107
|
-
if (0..Parser::MAX_THREADS).include?(threads.to_i)
|
|
108
|
-
args.threads = threads.to_i
|
|
109
|
-
end
|
|
108
|
+
args.threads = threads.to_i if (0..Parser::MAX_THREADS).include?(threads.to_i)
|
|
110
109
|
end
|
|
111
110
|
|
|
112
111
|
# collect EC2 instance user data
|
data/lib/aws_recon/version.rb
CHANGED
data/readme.md
CHANGED
|
@@ -23,7 +23,7 @@ Enter AWS Recon, multi-threaded AWS inventory collection tool written in plain R
|
|
|
23
23
|
|
|
24
24
|
### Requirements
|
|
25
25
|
|
|
26
|
-
AWS Recon needs AWS account role or credentials with `ReadOnlyAccess`. Full `AdministratorAccess` is over-privileged, but will work as well. The `SecurityAudit` policy is **not** sufficient as it omits access to many services.
|
|
26
|
+
AWS Recon needs an AWS account role or credentials with `ReadOnlyAccess`. Full `AdministratorAccess` is over-privileged, but will work as well. The `SecurityAudit` policy is **not** sufficient as it omits access to many services.
|
|
27
27
|
|
|
28
28
|
#### Running via Docker
|
|
29
29
|
|
|
@@ -54,13 +54,13 @@ To run locally, first install the gem:
|
|
|
54
54
|
|
|
55
55
|
```
|
|
56
56
|
$ gem install aws_recon
|
|
57
|
-
Fetching aws_recon-0.2.
|
|
57
|
+
Fetching aws_recon-0.2.28.gem
|
|
58
58
|
Fetching aws-sdk-3.0.1.gem
|
|
59
59
|
Fetching parallel-1.20.1.gem
|
|
60
60
|
...
|
|
61
61
|
Successfully installed aws-sdk-3.0.1
|
|
62
62
|
Successfully installed parallel-1.20.1
|
|
63
|
-
Successfully installed aws_recon-0.2.
|
|
63
|
+
Successfully installed aws_recon-0.2.28
|
|
64
64
|
```
|
|
65
65
|
|
|
66
66
|
Or add it to your Gemfile using `bundle`:
|
|
@@ -72,7 +72,7 @@ Resolving dependencies...
|
|
|
72
72
|
...
|
|
73
73
|
Using aws-sdk 3.0.1
|
|
74
74
|
Using parallel-1.20.1
|
|
75
|
-
Using aws_recon 0.2.
|
|
75
|
+
Using aws_recon 0.2.28
|
|
76
76
|
```
|
|
77
77
|
|
|
78
78
|
## Usage
|
|
@@ -165,10 +165,13 @@ $ AWS_PROFILE=<profile> aws_recon -s S3,EC2 -r global,us-east-1,us-east-2
|
|
|
165
165
|
$ AWS_PROFILE=<profile> aws_recon --services S3,EC2 --regions global,us-east-1,us-east-2
|
|
166
166
|
```
|
|
167
167
|
|
|
168
|
-
Example [OpenCSPM](https://github.com/OpenCSPM/opencspm) formatted output.
|
|
168
|
+
Example [OpenCSPM](https://github.com/OpenCSPM/opencspm) formatted (NDJSON) output.
|
|
169
169
|
|
|
170
170
|
```
|
|
171
|
-
$ AWS_PROFILE=<profile> aws_recon -
|
|
171
|
+
$ AWS_PROFILE=<profile> aws_recon -j \
|
|
172
|
+
-s S3,EC2 \
|
|
173
|
+
-r global,us-east-1,us-east-2 \
|
|
174
|
+
-f custom > output.json
|
|
172
175
|
```
|
|
173
176
|
|
|
174
177
|
#### Errors
|
|
@@ -222,7 +225,7 @@ Most users will want to limit collection to relevant services and regions. Runni
|
|
|
222
225
|
```
|
|
223
226
|
$ aws_recon -h
|
|
224
227
|
|
|
225
|
-
AWS Recon - AWS Inventory Collector (0.2.
|
|
228
|
+
AWS Recon - AWS Inventory Collector (0.2.28)
|
|
226
229
|
|
|
227
230
|
Usage: aws_recon [options]
|
|
228
231
|
-r, --regions [REGIONS] Regions to scan, separated by comma (default: all)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws_recon
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.32
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Josh Larsen
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2021-01-29 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: aws-sdk
|
|
@@ -197,7 +197,7 @@ files:
|
|
|
197
197
|
- lib/aws_recon/collectors/codepipeline.rb
|
|
198
198
|
- lib/aws_recon/collectors/configservice.rb
|
|
199
199
|
- lib/aws_recon/collectors/directconnect.rb
|
|
200
|
-
- lib/aws_recon/collectors/
|
|
200
|
+
- lib/aws_recon/collectors/directoryservice.rb
|
|
201
201
|
- lib/aws_recon/collectors/dms.rb
|
|
202
202
|
- lib/aws_recon/collectors/dynamodb.rb
|
|
203
203
|
- lib/aws_recon/collectors/ec2.rb
|