aws_recon 0.2.27 → 0.2.32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws_recon/collectors/accessanalyzer.rb +5 -0
- data/lib/aws_recon/collectors/acm.rb +5 -0
- data/lib/aws_recon/collectors/apigateway.rb +5 -0
- data/lib/aws_recon/collectors/apigatewayv2.rb +5 -0
- data/lib/aws_recon/collectors/applicationautoscaling.rb +5 -0
- data/lib/aws_recon/collectors/athena.rb +5 -0
- data/lib/aws_recon/collectors/autoscaling.rb +5 -0
- data/lib/aws_recon/collectors/backup.rb +5 -0
- data/lib/aws_recon/collectors/cloudformation.rb +5 -0
- data/lib/aws_recon/collectors/cloudfront.rb +5 -0
- data/lib/aws_recon/collectors/cloudtrail.rb +6 -1
- data/lib/aws_recon/collectors/cloudwatch.rb +6 -0
- data/lib/aws_recon/collectors/cloudwatchlogs.rb +5 -0
- data/lib/aws_recon/collectors/codebuild.rb +5 -0
- data/lib/aws_recon/collectors/codepipeline.rb +6 -3
- data/lib/aws_recon/collectors/configservice.rb +6 -1
- data/lib/aws_recon/collectors/directconnect.rb +5 -0
- data/lib/aws_recon/collectors/{directyservice.rb → directoryservice.rb} +5 -0
- data/lib/aws_recon/collectors/dms.rb +5 -0
- data/lib/aws_recon/collectors/dynamodb.rb +5 -0
- data/lib/aws_recon/collectors/ec2.rb +8 -5
- data/lib/aws_recon/collectors/ecr.rb +6 -3
- data/lib/aws_recon/collectors/ecs.rb +5 -2
- data/lib/aws_recon/collectors/efs.rb +5 -0
- data/lib/aws_recon/collectors/eks.rb +5 -0
- data/lib/aws_recon/collectors/elasticache.rb +5 -0
- data/lib/aws_recon/collectors/elasticloadbalancing.rb +6 -0
- data/lib/aws_recon/collectors/elasticloadbalancingv2.rb +7 -0
- data/lib/aws_recon/collectors/elasticsearch.rb +6 -0
- data/lib/aws_recon/collectors/emr.rb +5 -0
- data/lib/aws_recon/collectors/firehose.rb +5 -0
- data/lib/aws_recon/collectors/guardduty.rb +5 -2
- data/lib/aws_recon/collectors/iam.rb +8 -7
- data/lib/aws_recon/collectors/kafka.rb +5 -0
- data/lib/aws_recon/collectors/kinesis.rb +5 -0
- data/lib/aws_recon/collectors/kms.rb +7 -4
- data/lib/aws_recon/collectors/lambda.rb +5 -0
- data/lib/aws_recon/collectors/lightsail.rb +5 -0
- data/lib/aws_recon/collectors/organizations.rb +6 -3
- data/lib/aws_recon/collectors/redshift.rb +5 -0
- data/lib/aws_recon/collectors/route53.rb +5 -0
- data/lib/aws_recon/collectors/route53domains.rb +5 -0
- data/lib/aws_recon/collectors/secretsmanager.rb +5 -0
- data/lib/aws_recon/collectors/securityhub.rb +6 -3
- data/lib/aws_recon/collectors/servicequotas.rb +6 -3
- data/lib/aws_recon/collectors/ses.rb +5 -0
- data/lib/aws_recon/collectors/shield.rb +7 -4
- data/lib/aws_recon/collectors/sns.rb +5 -0
- data/lib/aws_recon/collectors/sqs.rb +5 -0
- data/lib/aws_recon/collectors/ssm.rb +5 -0
- data/lib/aws_recon/collectors/support.rb +6 -3
- data/lib/aws_recon/collectors/transfer.rb +5 -0
- data/lib/aws_recon/collectors/wafv2.rb +5 -0
- data/lib/aws_recon/collectors/workspaces.rb +5 -0
- data/lib/aws_recon/collectors/xray.rb +5 -0
- data/lib/aws_recon/lib/patch.rb +2 -0
- data/lib/aws_recon/options.rb +5 -6
- data/lib/aws_recon/version.rb +1 -1
- data/readme.md +10 -7
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a38b9447d93b385f4baa0c125bffad8b671eebac31f7cfff780ed0101c8e8c1c
|
|
4
|
+
data.tar.gz: 1cb26df32d2afee35ed0cbd8f4ce5eb3552a702f9e52806e2ecdb6c0278548ab
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e4a8304dc4ea439685262c8a34cb0861a58a7eee3c741f11fabd4de2bcf8d36a4d1ce1b2ca45746e0a5625f35a80c21d710d5c1bdc2e6cf77ac3e23f9406cd9f
|
|
7
|
+
data.tar.gz: ed1bdeed23d927ce54aaca5d7b795c03a3b7931870aa82fd14a9017cbab1a21aa23d736d3fcd915c446bbce4fcd36b07e11735c5b2aa75784926e97eb0943be7
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect CloudTrail resources
|
|
5
|
+
#
|
|
1
6
|
class CloudTrail < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -19,7 +24,7 @@ class CloudTrail < Mapper
|
|
|
19
24
|
end
|
|
20
25
|
|
|
21
26
|
struct = OpenStruct.new(trail.to_h)
|
|
22
|
-
struct.tags = client.list_tags({ resource_id_list: [trail.trail_arn] }).resource_tag_list.first.tags_list
|
|
27
|
+
struct.tags = client.list_tags({ resource_id_list: [trail.trail_arn] }).resource_tag_list.first.tags_list.map(&:to_h)
|
|
23
28
|
struct.type = 'cloud_trail'
|
|
24
29
|
struct.event_selectors = client.get_event_selectors({ trail_name: trail.name }).to_h
|
|
25
30
|
struct.status = client.get_trail_status({ name: trail.name }).to_h
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect CloudWatch resources
|
|
5
|
+
#
|
|
1
6
|
class CloudWatch < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -23,6 +28,7 @@ class CloudWatch < Mapper
|
|
|
23
28
|
struct = OpenStruct.new(alarm.to_h)
|
|
24
29
|
struct.type = 'metric_alarm'
|
|
25
30
|
struct.arn = alarm.alarm_arn
|
|
31
|
+
struct.state_reason_data = alarm.state_reason_data&.parse_policy
|
|
26
32
|
|
|
27
33
|
resources.push(struct.to_h)
|
|
28
34
|
end
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect CodePipeline resources
|
|
5
|
+
#
|
|
1
6
|
class CodePipeline < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -25,9 +30,7 @@ class CodePipeline < Mapper
|
|
|
25
30
|
rescue Aws::CodePipeline::Errors::ServiceError => e
|
|
26
31
|
log_error(e.code)
|
|
27
32
|
|
|
28
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
29
|
-
raise e
|
|
30
|
-
end
|
|
33
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
31
34
|
end
|
|
32
35
|
|
|
33
36
|
resources
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Config resources
|
|
5
|
+
#
|
|
1
6
|
class ConfigService < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -38,7 +43,7 @@ class ConfigService < Mapper
|
|
|
38
43
|
response.configuration_recorders.each do |recorder|
|
|
39
44
|
struct = OpenStruct.new(recorder.to_h)
|
|
40
45
|
struct.type = 'configuration_recorder'
|
|
41
|
-
struct.arn = "arn:aws:config:#{@region}:configuration_recorder/#{recorder.name}"
|
|
46
|
+
struct.arn = "arn:aws:config:#{@region}:#{@account}:configuration_recorder/#{recorder.name}"
|
|
42
47
|
|
|
43
48
|
# describe_configuration_recorder_status (only accepts one recorder)
|
|
44
49
|
@client.describe_configuration_recorder_status({ configuration_recorder_names: [recorder.name] }).each do |response|
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect EC2 resources
|
|
5
|
+
#
|
|
1
6
|
class EC2 < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -50,8 +55,8 @@ class EC2 < Mapper
|
|
|
50
55
|
log(response.context.operation_name, page)
|
|
51
56
|
|
|
52
57
|
# reservations
|
|
53
|
-
response.reservations.each_with_index do |reservation,
|
|
54
|
-
log(response.context.operation_name, 'reservations',
|
|
58
|
+
response.reservations.each_with_index do |reservation, rpage|
|
|
59
|
+
log(response.context.operation_name, 'reservations', rpage)
|
|
55
60
|
|
|
56
61
|
# instances
|
|
57
62
|
reservation.instances.each do |instance|
|
|
@@ -71,9 +76,7 @@ class EC2 < Mapper
|
|
|
71
76
|
if user_data_raw
|
|
72
77
|
user_data = Base64.decode64(user_data_raw)
|
|
73
78
|
|
|
74
|
-
if user_data.force_encoding('UTF-8').ascii_only?
|
|
75
|
-
struct.user_data = user_data
|
|
76
|
-
end
|
|
79
|
+
struct.user_data = user_data if user_data.force_encoding('UTF-8').ascii_only?
|
|
77
80
|
end
|
|
78
81
|
end
|
|
79
82
|
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect ECR resources
|
|
5
|
+
#
|
|
1
6
|
class ECR < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -21,9 +26,7 @@ class ECR < Mapper
|
|
|
21
26
|
rescue Aws::ECR::Errors::ServiceError => e
|
|
22
27
|
log_error(e.code)
|
|
23
28
|
|
|
24
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
25
|
-
raise e
|
|
26
|
-
end
|
|
29
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
27
30
|
ensure
|
|
28
31
|
resources.push(struct.to_h)
|
|
29
32
|
end
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect ELB resources
|
|
5
|
+
#
|
|
1
6
|
class ElasticLoadBalancing < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -15,6 +20,7 @@ class ElasticLoadBalancing < Mapper
|
|
|
15
20
|
struct = OpenStruct.new(elb.to_h)
|
|
16
21
|
struct.type = 'load_balancer'
|
|
17
22
|
struct.arn = elb.dns_name
|
|
23
|
+
struct.load_balancer_version = 'v1'
|
|
18
24
|
|
|
19
25
|
# describe_load_balancer_policies
|
|
20
26
|
struct.policies = @client
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect ELBv2 resources
|
|
5
|
+
#
|
|
1
6
|
class ElasticLoadBalancingV2 < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -15,6 +20,8 @@ class ElasticLoadBalancingV2 < Mapper
|
|
|
15
20
|
struct = OpenStruct.new(elb.to_h)
|
|
16
21
|
struct.type = 'load_balancer'
|
|
17
22
|
struct.arn = elb.load_balancer_arn
|
|
23
|
+
struct.load_balancer_version = 'v2'
|
|
24
|
+
struct.load_balancer_type = elb.type
|
|
18
25
|
struct.listeners = []
|
|
19
26
|
struct.target_groups = []
|
|
20
27
|
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect ElasticSearch resources
|
|
5
|
+
#
|
|
1
6
|
class ElasticsearchService < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -17,6 +22,7 @@ class ElasticsearchService < Mapper
|
|
|
17
22
|
# describe_elasticsearch_domains
|
|
18
23
|
struct = OpenStruct.new(@client.describe_elasticsearch_domain({ domain_name: domain.domain_name }).domain_status.to_h)
|
|
19
24
|
struct.type = 'domain'
|
|
25
|
+
struct.access_policies = struct.access_policies&.parse_policy
|
|
20
26
|
|
|
21
27
|
resources.push(struct.to_h)
|
|
22
28
|
end
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect IAM resources
|
|
5
|
+
#
|
|
1
6
|
class IAM < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -80,7 +85,7 @@ class IAM < Mapper
|
|
|
80
85
|
create_date: p.create_date
|
|
81
86
|
}
|
|
82
87
|
end
|
|
83
|
-
|
|
88
|
+
end
|
|
84
89
|
|
|
85
90
|
resources.push(struct.to_h)
|
|
86
91
|
end
|
|
@@ -102,9 +107,7 @@ class IAM < Mapper
|
|
|
102
107
|
rescue Aws::IAM::Errors::ServiceError => e
|
|
103
108
|
log_error(e.code)
|
|
104
109
|
|
|
105
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
106
|
-
raise e
|
|
107
|
-
end
|
|
110
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
108
111
|
end
|
|
109
112
|
|
|
110
113
|
#
|
|
@@ -187,9 +190,7 @@ class IAM < Mapper
|
|
|
187
190
|
rescue Aws::IAM::Errors::ServiceError => e
|
|
188
191
|
log_error(e.code)
|
|
189
192
|
|
|
190
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
191
|
-
raise e
|
|
192
|
-
end
|
|
193
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
193
194
|
end
|
|
194
195
|
|
|
195
196
|
resources
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect KMS resources
|
|
5
|
+
#
|
|
1
6
|
class KMS < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -30,9 +35,7 @@ class KMS < Mapper
|
|
|
30
35
|
rescue Aws::KMS::Errors::ServiceError => e
|
|
31
36
|
log_error(e.code)
|
|
32
37
|
|
|
33
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
34
|
-
raise e
|
|
35
|
-
end
|
|
38
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
36
39
|
end
|
|
37
40
|
|
|
38
41
|
# list_grants
|
|
@@ -48,7 +51,7 @@ class KMS < Mapper
|
|
|
48
51
|
log(response.context.operation_name, 'get_key_policy')
|
|
49
52
|
struct.policy = @client
|
|
50
53
|
.get_key_policy({ key_id: key.key_id, policy_name: 'default' })
|
|
51
|
-
.policy
|
|
54
|
+
.policy.parse_policy
|
|
52
55
|
|
|
53
56
|
# list_aliases
|
|
54
57
|
log(response.context.operation_name, 'list_aliases')
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Org resources
|
|
5
|
+
#
|
|
1
6
|
class Organizations < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -49,9 +54,7 @@ class Organizations < Mapper
|
|
|
49
54
|
rescue Aws::Organizations::Errors::ServiceError => e
|
|
50
55
|
log_error(e.code)
|
|
51
56
|
|
|
52
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
53
|
-
raise e
|
|
54
|
-
end
|
|
57
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
55
58
|
end
|
|
56
59
|
|
|
57
60
|
resources
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Security Hub resources
|
|
5
|
+
#
|
|
1
6
|
class SecurityHub < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -21,9 +26,7 @@ class SecurityHub < Mapper
|
|
|
21
26
|
rescue Aws::SecurityHub::Errors::ServiceError => e
|
|
22
27
|
log_error(e.code)
|
|
23
28
|
|
|
24
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
25
|
-
raise e
|
|
26
|
-
end
|
|
29
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
27
30
|
end
|
|
28
31
|
|
|
29
32
|
resources
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect ServiceQuota resources
|
|
5
|
+
#
|
|
1
6
|
class ServiceQuotas < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -28,9 +33,7 @@ class ServiceQuotas < Mapper
|
|
|
28
33
|
rescue Aws::ServiceQuotas::Errors::ServiceError => e
|
|
29
34
|
log_error(e.code, service)
|
|
30
35
|
|
|
31
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
32
|
-
raise e
|
|
33
|
-
end
|
|
36
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
34
37
|
end
|
|
35
38
|
|
|
36
39
|
resources
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Shield resources
|
|
5
|
+
#
|
|
1
6
|
class Shield < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -27,7 +32,7 @@ class Shield < Mapper
|
|
|
27
32
|
struct = OpenStruct.new
|
|
28
33
|
struct.type = 'contact_list'
|
|
29
34
|
struct.arn = "arn:aws:shield:#{@region}:#{@account}:contact_list"
|
|
30
|
-
struct.contacts = response
|
|
35
|
+
struct.contacts = response&.emergency_contact_list&.map(&:to_h)
|
|
31
36
|
|
|
32
37
|
resources.push(struct.to_h)
|
|
33
38
|
end
|
|
@@ -52,9 +57,7 @@ class Shield < Mapper
|
|
|
52
57
|
rescue Aws::Shield::Errors::ServiceError => e
|
|
53
58
|
log_error(e.code)
|
|
54
59
|
|
|
55
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
56
|
-
raise e
|
|
57
|
-
end
|
|
60
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
58
61
|
|
|
59
62
|
[] # no access or service isn't enabled
|
|
60
63
|
end
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Support resources
|
|
5
|
+
#
|
|
1
6
|
class Support < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -28,9 +33,7 @@ class Support < Mapper
|
|
|
28
33
|
rescue Aws::Support::Errors::ServiceError => e
|
|
29
34
|
log_error(e.code)
|
|
30
35
|
|
|
31
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
32
|
-
raise e
|
|
33
|
-
end
|
|
36
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
34
37
|
|
|
35
38
|
[] # no Support subscription
|
|
36
39
|
end
|
data/lib/aws_recon/lib/patch.rb
CHANGED
data/lib/aws_recon/options.rb
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
#
|
|
4
|
+
# Command line options parser
|
|
5
|
+
#
|
|
3
6
|
class Parser
|
|
4
7
|
DEFAULT_CONFIG_FILE = nil
|
|
5
8
|
DEFAULT_OUTPUT_FILE = File.expand_path(File.join(Dir.pwd, 'output.json')).freeze
|
|
@@ -97,16 +100,12 @@ class Parser
|
|
|
97
100
|
|
|
98
101
|
# output format
|
|
99
102
|
opts.on('-f', '--format [FORMAT]', 'Specify output format (default: aws)') do |file|
|
|
100
|
-
if %w[aws custom].include?(file.downcase)
|
|
101
|
-
args.output_format = file.downcase
|
|
102
|
-
end
|
|
103
|
+
args.output_format = file.downcase if %w[aws custom].include?(file.downcase)
|
|
103
104
|
end
|
|
104
105
|
|
|
105
106
|
# threads
|
|
106
107
|
opts.on('-t', '--threads [THREADS]', "Specify max threads (default: #{Parser::DEFAULT_THREADS}, max: 128)") do |threads|
|
|
107
|
-
if (0..Parser::MAX_THREADS).include?(threads.to_i)
|
|
108
|
-
args.threads = threads.to_i
|
|
109
|
-
end
|
|
108
|
+
args.threads = threads.to_i if (0..Parser::MAX_THREADS).include?(threads.to_i)
|
|
110
109
|
end
|
|
111
110
|
|
|
112
111
|
# collect EC2 instance user data
|
data/lib/aws_recon/version.rb
CHANGED
data/readme.md
CHANGED
|
@@ -23,7 +23,7 @@ Enter AWS Recon, multi-threaded AWS inventory collection tool written in plain R
|
|
|
23
23
|
|
|
24
24
|
### Requirements
|
|
25
25
|
|
|
26
|
-
AWS Recon needs AWS account role or credentials with `ReadOnlyAccess`. Full `AdministratorAccess` is over-privileged, but will work as well. The `SecurityAudit` policy is **not** sufficient as it omits access to many services.
|
|
26
|
+
AWS Recon needs an AWS account role or credentials with `ReadOnlyAccess`. Full `AdministratorAccess` is over-privileged, but will work as well. The `SecurityAudit` policy is **not** sufficient as it omits access to many services.
|
|
27
27
|
|
|
28
28
|
#### Running via Docker
|
|
29
29
|
|
|
@@ -54,13 +54,13 @@ To run locally, first install the gem:
|
|
|
54
54
|
|
|
55
55
|
```
|
|
56
56
|
$ gem install aws_recon
|
|
57
|
-
Fetching aws_recon-0.2.
|
|
57
|
+
Fetching aws_recon-0.2.28.gem
|
|
58
58
|
Fetching aws-sdk-3.0.1.gem
|
|
59
59
|
Fetching parallel-1.20.1.gem
|
|
60
60
|
...
|
|
61
61
|
Successfully installed aws-sdk-3.0.1
|
|
62
62
|
Successfully installed parallel-1.20.1
|
|
63
|
-
Successfully installed aws_recon-0.2.
|
|
63
|
+
Successfully installed aws_recon-0.2.28
|
|
64
64
|
```
|
|
65
65
|
|
|
66
66
|
Or add it to your Gemfile using `bundle`:
|
|
@@ -72,7 +72,7 @@ Resolving dependencies...
|
|
|
72
72
|
...
|
|
73
73
|
Using aws-sdk 3.0.1
|
|
74
74
|
Using parallel-1.20.1
|
|
75
|
-
Using aws_recon 0.2.
|
|
75
|
+
Using aws_recon 0.2.28
|
|
76
76
|
```
|
|
77
77
|
|
|
78
78
|
## Usage
|
|
@@ -165,10 +165,13 @@ $ AWS_PROFILE=<profile> aws_recon -s S3,EC2 -r global,us-east-1,us-east-2
|
|
|
165
165
|
$ AWS_PROFILE=<profile> aws_recon --services S3,EC2 --regions global,us-east-1,us-east-2
|
|
166
166
|
```
|
|
167
167
|
|
|
168
|
-
Example [OpenCSPM](https://github.com/OpenCSPM/opencspm) formatted output.
|
|
168
|
+
Example [OpenCSPM](https://github.com/OpenCSPM/opencspm) formatted (NDJSON) output.
|
|
169
169
|
|
|
170
170
|
```
|
|
171
|
-
$ AWS_PROFILE=<profile> aws_recon -
|
|
171
|
+
$ AWS_PROFILE=<profile> aws_recon -j \
|
|
172
|
+
-s S3,EC2 \
|
|
173
|
+
-r global,us-east-1,us-east-2 \
|
|
174
|
+
-f custom > output.json
|
|
172
175
|
```
|
|
173
176
|
|
|
174
177
|
#### Errors
|
|
@@ -222,7 +225,7 @@ Most users will want to limit collection to relevant services and regions. Runni
|
|
|
222
225
|
```
|
|
223
226
|
$ aws_recon -h
|
|
224
227
|
|
|
225
|
-
AWS Recon - AWS Inventory Collector (0.2.
|
|
228
|
+
AWS Recon - AWS Inventory Collector (0.2.28)
|
|
226
229
|
|
|
227
230
|
Usage: aws_recon [options]
|
|
228
231
|
-r, --regions [REGIONS] Regions to scan, separated by comma (default: all)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws_recon
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.32
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Josh Larsen
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2021-01-29 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: aws-sdk
|
|
@@ -197,7 +197,7 @@ files:
|
|
|
197
197
|
- lib/aws_recon/collectors/codepipeline.rb
|
|
198
198
|
- lib/aws_recon/collectors/configservice.rb
|
|
199
199
|
- lib/aws_recon/collectors/directconnect.rb
|
|
200
|
-
- lib/aws_recon/collectors/
|
|
200
|
+
- lib/aws_recon/collectors/directoryservice.rb
|
|
201
201
|
- lib/aws_recon/collectors/dms.rb
|
|
202
202
|
- lib/aws_recon/collectors/dynamodb.rb
|
|
203
203
|
- lib/aws_recon/collectors/ec2.rb
|