aws_recon 0.2.28 → 0.2.33
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws_recon/collectors/cloudtrail.rb +1 -1
- data/lib/aws_recon/collectors/cloudwatch.rb +1 -0
- data/lib/aws_recon/collectors/configservice.rb +1 -1
- data/lib/aws_recon/collectors/ec2.rb +2 -2
- data/lib/aws_recon/collectors/elasticloadbalancing.rb +1 -0
- data/lib/aws_recon/collectors/elasticloadbalancingv2.rb +2 -0
- data/lib/aws_recon/collectors/elasticsearch.rb +1 -0
- data/lib/aws_recon/collectors/iam.rb +1 -1
- data/lib/aws_recon/collectors/kms.rb +1 -1
- data/lib/aws_recon/collectors/rds.rb +18 -0
- data/lib/aws_recon/collectors/shield.rb +1 -1
- data/lib/aws_recon/version.rb +1 -1
- data/readme.md +9 -6
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '049b5ee7040e057fade76bdfaa07078ad216d95b134049ca5d0575bb540f5547'
|
4
|
+
data.tar.gz: f4e8d67b732aa5b15252bf2acbf1a2f31aa7cc2341d058c9ad9ffe51290d532e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9ee4a95c41437dc33a6b9e7089ab76be8caf0055b06a50f60347258bbc1f487ddae10574c6b1b5f744a58ad91776af4555c3e67e8753cda7b59e6a27a4757665
|
7
|
+
data.tar.gz: 7bff1e16da379ec100973e0928c56b861c8c0fbf48705add34fe00e52e30da37655b93133516df78ac4c6b9fbcae3612ceb86c7baa5fa0ce5a2448e474d5cff3
|
@@ -24,7 +24,7 @@ class CloudTrail < Mapper
|
|
24
24
|
end
|
25
25
|
|
26
26
|
struct = OpenStruct.new(trail.to_h)
|
27
|
-
struct.tags = client.list_tags({ resource_id_list: [trail.trail_arn] }).resource_tag_list.first.tags_list
|
27
|
+
struct.tags = client.list_tags({ resource_id_list: [trail.trail_arn] }).resource_tag_list.first.tags_list.map(&:to_h)
|
28
28
|
struct.type = 'cloud_trail'
|
29
29
|
struct.event_selectors = client.get_event_selectors({ trail_name: trail.name }).to_h
|
30
30
|
struct.status = client.get_trail_status({ name: trail.name }).to_h
|
@@ -43,7 +43,7 @@ class ConfigService < Mapper
|
|
43
43
|
response.configuration_recorders.each do |recorder|
|
44
44
|
struct = OpenStruct.new(recorder.to_h)
|
45
45
|
struct.type = 'configuration_recorder'
|
46
|
-
struct.arn = "arn:aws:config:#{@region}:configuration_recorder/#{recorder.name}"
|
46
|
+
struct.arn = "arn:aws:config:#{@region}:#{@account}:configuration_recorder/#{recorder.name}"
|
47
47
|
|
48
48
|
# describe_configuration_recorder_status (only accepts one recorder)
|
49
49
|
@client.describe_configuration_recorder_status({ configuration_recorder_names: [recorder.name] }).each do |response|
|
@@ -55,8 +55,8 @@ class EC2 < Mapper
|
|
55
55
|
log(response.context.operation_name, page)
|
56
56
|
|
57
57
|
# reservations
|
58
|
-
response.reservations.each_with_index do |reservation,
|
59
|
-
log(response.context.operation_name, 'reservations',
|
58
|
+
response.reservations.each_with_index do |reservation, rpage|
|
59
|
+
log(response.context.operation_name, 'reservations', rpage)
|
60
60
|
|
61
61
|
# instances
|
62
62
|
reservation.instances.each do |instance|
|
@@ -20,6 +20,8 @@ class ElasticLoadBalancingV2 < Mapper
|
|
20
20
|
struct = OpenStruct.new(elb.to_h)
|
21
21
|
struct.type = 'load_balancer'
|
22
22
|
struct.arn = elb.load_balancer_arn
|
23
|
+
struct.load_balancer_version = 'v2'
|
24
|
+
struct.load_balancer_type = elb.type
|
23
25
|
struct.listeners = []
|
24
26
|
struct.target_groups = []
|
25
27
|
|
@@ -22,6 +22,7 @@ class ElasticsearchService < Mapper
|
|
22
22
|
# describe_elasticsearch_domains
|
23
23
|
struct = OpenStruct.new(@client.describe_elasticsearch_domain({ domain_name: domain.domain_name }).domain_status.to_h)
|
24
24
|
struct.type = 'domain'
|
25
|
+
struct.access_policies = struct.access_policies&.parse_policy
|
25
26
|
|
26
27
|
resources.push(struct.to_h)
|
27
28
|
end
|
@@ -51,7 +51,7 @@ class KMS < Mapper
|
|
51
51
|
log(response.context.operation_name, 'get_key_policy')
|
52
52
|
struct.policy = @client
|
53
53
|
.get_key_policy({ key_id: key.key_id, policy_name: 'default' })
|
54
|
-
.policy
|
54
|
+
.policy.parse_policy
|
55
55
|
|
56
56
|
# list_aliases
|
57
57
|
log(response.context.operation_name, 'list_aliases')
|
@@ -67,6 +67,24 @@ class RDS < Mapper
|
|
67
67
|
end
|
68
68
|
end
|
69
69
|
|
70
|
+
#
|
71
|
+
# describe_db_cluster_snapshots
|
72
|
+
#
|
73
|
+
@client.describe_db_cluster_snapshots.each_with_index do |response, page|
|
74
|
+
log(response.context.operation_name, page)
|
75
|
+
|
76
|
+
response.db_cluster_snapshots.each do |snapshot|
|
77
|
+
log(response.context.operation_name, snapshot.db_cluster_snapshot_identifier)
|
78
|
+
|
79
|
+
struct = OpenStruct.new(snapshot.to_h)
|
80
|
+
struct.type = 'db_cluster_snapshot'
|
81
|
+
struct.arn = snapshot.db_cluster_snapshot_arn
|
82
|
+
struct.parent_id = snapshot.db_cluster_identifier
|
83
|
+
|
84
|
+
resources.push(struct.to_h)
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
70
88
|
#
|
71
89
|
# describe_db_engine_versions
|
72
90
|
#
|
@@ -32,7 +32,7 @@ class Shield < Mapper
|
|
32
32
|
struct = OpenStruct.new
|
33
33
|
struct.type = 'contact_list'
|
34
34
|
struct.arn = "arn:aws:shield:#{@region}:#{@account}:contact_list"
|
35
|
-
struct.contacts = response
|
35
|
+
struct.contacts = response&.emergency_contact_list&.map(&:to_h)
|
36
36
|
|
37
37
|
resources.push(struct.to_h)
|
38
38
|
end
|
data/lib/aws_recon/version.rb
CHANGED
data/readme.md
CHANGED
@@ -54,13 +54,13 @@ To run locally, first install the gem:
|
|
54
54
|
|
55
55
|
```
|
56
56
|
$ gem install aws_recon
|
57
|
-
Fetching aws_recon-0.2.
|
57
|
+
Fetching aws_recon-0.2.28.gem
|
58
58
|
Fetching aws-sdk-3.0.1.gem
|
59
59
|
Fetching parallel-1.20.1.gem
|
60
60
|
...
|
61
61
|
Successfully installed aws-sdk-3.0.1
|
62
62
|
Successfully installed parallel-1.20.1
|
63
|
-
Successfully installed aws_recon-0.2.
|
63
|
+
Successfully installed aws_recon-0.2.28
|
64
64
|
```
|
65
65
|
|
66
66
|
Or add it to your Gemfile using `bundle`:
|
@@ -72,7 +72,7 @@ Resolving dependencies...
|
|
72
72
|
...
|
73
73
|
Using aws-sdk 3.0.1
|
74
74
|
Using parallel-1.20.1
|
75
|
-
Using aws_recon 0.2.
|
75
|
+
Using aws_recon 0.2.28
|
76
76
|
```
|
77
77
|
|
78
78
|
## Usage
|
@@ -165,10 +165,13 @@ $ AWS_PROFILE=<profile> aws_recon -s S3,EC2 -r global,us-east-1,us-east-2
|
|
165
165
|
$ AWS_PROFILE=<profile> aws_recon --services S3,EC2 --regions global,us-east-1,us-east-2
|
166
166
|
```
|
167
167
|
|
168
|
-
Example [OpenCSPM](https://github.com/OpenCSPM/opencspm) formatted output.
|
168
|
+
Example [OpenCSPM](https://github.com/OpenCSPM/opencspm) formatted (NDJSON) output.
|
169
169
|
|
170
170
|
```
|
171
|
-
$ AWS_PROFILE=<profile> aws_recon -
|
171
|
+
$ AWS_PROFILE=<profile> aws_recon -j \
|
172
|
+
-s S3,EC2 \
|
173
|
+
-r global,us-east-1,us-east-2 \
|
174
|
+
-f custom > output.json
|
172
175
|
```
|
173
176
|
|
174
177
|
#### Errors
|
@@ -222,7 +225,7 @@ Most users will want to limit collection to relevant services and regions. Runni
|
|
222
225
|
```
|
223
226
|
$ aws_recon -h
|
224
227
|
|
225
|
-
AWS Recon - AWS Inventory Collector (0.2.
|
228
|
+
AWS Recon - AWS Inventory Collector (0.2.28)
|
226
229
|
|
227
230
|
Usage: aws_recon [options]
|
228
231
|
-r, --regions [REGIONS] Regions to scan, separated by comma (default: all)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws_recon
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.33
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Josh Larsen
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-01-
|
12
|
+
date: 2021-01-31 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: aws-sdk
|