aws_recon 0.2.32 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws_recon/collectors/emr.rb +1 -0
- data/lib/aws_recon/collectors/guardduty.rb +37 -8
- data/lib/aws_recon/collectors/rds.rb +27 -9
- data/lib/aws_recon/collectors/route53.rb +1 -1
- data/lib/aws_recon/collectors/ses.rb +1 -1
- data/lib/aws_recon/collectors/ssm.rb +1 -1
- data/lib/aws_recon/collectors/wafv2.rb +5 -5
- data/lib/aws_recon/collectors/xray.rb +1 -0
- data/lib/aws_recon/version.rb +1 -1
- data/readme.md +4 -4
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9a7f479006111ba869fcdccea5264ffb5a3cc4c0536e0b2cf4a6b3581ff65146
|
|
4
|
+
data.tar.gz: dfa1191aea8a07fcd9a54be418f913b777f0bd43cf5cf9cbdfb0b8f8707dc8aa
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8f5a65342608fd58234383c704ddb416333e1439ca024e8e09bb0b3e96cfe2df0d53b5489ad040317b7b47b0f523c4c8252753af81e018866f081ef2c06cf414
|
|
7
|
+
data.tar.gz: '0867e52a15899ff2e63f141ab376b2992f968c4b19a0a64b57b1506d1cc036a8724b289c231a8a15dd4118bad65eff6945b891629150d8fe6bf9afb284bca0dd'
|
|
@@ -22,20 +22,26 @@ class GuardDuty < Mapper
|
|
|
22
22
|
# get_detector
|
|
23
23
|
struct = OpenStruct.new(@client.get_detector({ detector_id: detector }).to_h)
|
|
24
24
|
struct.type = 'detector'
|
|
25
|
-
struct.arn = "arn:aws:guardduty:#{@region}:detector/#{detector}"
|
|
25
|
+
struct.arn = "arn:aws:guardduty:#{@region}:#{@account}:detector/#{detector}"
|
|
26
26
|
|
|
27
27
|
# get_findings_statistics (only active findings)
|
|
28
28
|
struct.findings_statistics = @client.get_findings_statistics({
|
|
29
29
|
detector_id: detector,
|
|
30
30
|
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
|
31
|
-
finding_criteria:
|
|
32
|
-
criterion: {
|
|
33
|
-
'service.archived': {
|
|
34
|
-
eq: ['false']
|
|
35
|
-
}
|
|
36
|
-
}
|
|
37
|
-
}
|
|
31
|
+
finding_criteria: finding_criteria
|
|
38
32
|
}).finding_statistics.to_h
|
|
33
|
+
# get_findings_statistics (only active findings older than 7 days)
|
|
34
|
+
struct.findings_statistics_aged_short = @client.get_findings_statistics({
|
|
35
|
+
detector_id: detector,
|
|
36
|
+
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
|
37
|
+
finding_criteria: finding_criteria(7)
|
|
38
|
+
}).finding_statistics.to_h
|
|
39
|
+
# get_findings_statistics (only active findings older than 30 days)
|
|
40
|
+
struct.findings_statistics_aged_long = @client.get_findings_statistics({
|
|
41
|
+
detector_id: detector,
|
|
42
|
+
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
|
43
|
+
finding_criteria: finding_criteria(30)
|
|
44
|
+
}).finding_statistics.to_h
|
|
39
45
|
|
|
40
46
|
# get_master_account
|
|
41
47
|
struct.master_account = @client.get_master_account({ detector_id: detector }).master.to_h
|
|
@@ -46,4 +52,27 @@ class GuardDuty < Mapper
|
|
|
46
52
|
|
|
47
53
|
resources
|
|
48
54
|
end
|
|
55
|
+
|
|
56
|
+
private
|
|
57
|
+
|
|
58
|
+
def finding_criteria(days = 1)
|
|
59
|
+
criteria = {
|
|
60
|
+
criterion: {
|
|
61
|
+
'service.archived': { eq: ['false'] }
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
if days > 1
|
|
66
|
+
days_ago = (Time.now.to_f * 1000).to_i - (60 * 60 * 24 * 1000 * days) # with miliseconds
|
|
67
|
+
|
|
68
|
+
criteria = {
|
|
69
|
+
criterion: {
|
|
70
|
+
'service.archived': { eq: ['false'] },
|
|
71
|
+
'updatedAt': { less_than: days_ago }
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
criteria
|
|
77
|
+
end
|
|
49
78
|
end
|
|
@@ -68,21 +68,39 @@ class RDS < Mapper
|
|
|
68
68
|
end
|
|
69
69
|
|
|
70
70
|
#
|
|
71
|
-
#
|
|
71
|
+
# describe_db_cluster_snapshots
|
|
72
72
|
#
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
log(response.context.operation_name, page)
|
|
73
|
+
@client.describe_db_cluster_snapshots.each_with_index do |response, page|
|
|
74
|
+
log(response.context.operation_name, page)
|
|
76
75
|
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
struct.type = 'db_engine_version'
|
|
76
|
+
response.db_cluster_snapshots.each do |snapshot|
|
|
77
|
+
log(response.context.operation_name, snapshot.db_cluster_snapshot_identifier)
|
|
80
78
|
|
|
81
|
-
|
|
82
|
-
|
|
79
|
+
struct = OpenStruct.new(snapshot.to_h)
|
|
80
|
+
struct.type = 'db_cluster_snapshot'
|
|
81
|
+
struct.arn = snapshot.db_cluster_snapshot_arn
|
|
82
|
+
struct.parent_id = snapshot.db_cluster_identifier
|
|
83
|
+
|
|
84
|
+
resources.push(struct.to_h)
|
|
83
85
|
end
|
|
84
86
|
end
|
|
85
87
|
|
|
88
|
+
#
|
|
89
|
+
# describe_db_engine_versions
|
|
90
|
+
#
|
|
91
|
+
### unless @options.skip_slow
|
|
92
|
+
### @client.describe_db_engine_versions.each_with_index do |response, page|
|
|
93
|
+
### log(response.context.operation_name, page)
|
|
94
|
+
|
|
95
|
+
### response.db_engine_versions.each do |version|
|
|
96
|
+
### struct = OpenStruct.new(version.to_h)
|
|
97
|
+
### struct.type = 'db_engine_version'
|
|
98
|
+
|
|
99
|
+
### resources.push(struct.to_h)
|
|
100
|
+
### end
|
|
101
|
+
### end
|
|
102
|
+
### end
|
|
103
|
+
|
|
86
104
|
resources
|
|
87
105
|
end
|
|
88
106
|
end
|
|
@@ -19,7 +19,7 @@ class Route53 < Mapper
|
|
|
19
19
|
response.hosted_zones.each do |zone|
|
|
20
20
|
struct = OpenStruct.new(zone.to_h)
|
|
21
21
|
struct.type = 'zone'
|
|
22
|
-
struct.arn = zone.
|
|
22
|
+
struct.arn = "aws:route53:#{@region}:#{@account}:zone/#{zone.name}"
|
|
23
23
|
struct.logging_config = @client
|
|
24
24
|
.list_query_logging_configs({ hosted_zone_id: zone.id })
|
|
25
25
|
.query_logging_configs.first.to_h
|
|
@@ -19,7 +19,7 @@ class SES < Mapper
|
|
|
19
19
|
response.identities.each do |identity|
|
|
20
20
|
struct = OpenStruct.new
|
|
21
21
|
struct.type = 'identity'
|
|
22
|
-
struct.arn = "aws:ses:#{@region}
|
|
22
|
+
struct.arn = "arn:aws:ses:#{@region}:#{@account}:identity/#{identity}"
|
|
23
23
|
|
|
24
24
|
# get_identity_dkim_attributes
|
|
25
25
|
struct.dkim_attributes = @client.get_identity_dkim_attributes({ identities: [identity] }).dkim_attributes[identity].to_h
|
|
@@ -35,7 +35,7 @@ class SSM < Mapper
|
|
|
35
35
|
struct = OpenStruct.new(parameter.to_h)
|
|
36
36
|
struct.string_type = parameter.type
|
|
37
37
|
struct.type = 'parameter'
|
|
38
|
-
struct.arn = "arn:aws:#{@service}:#{@region}
|
|
38
|
+
struct.arn = "arn:aws:#{@service}:#{@region}:#{@account}:parameter:#{parameter.name}"
|
|
39
39
|
|
|
40
40
|
resources.push(struct.to_h)
|
|
41
41
|
end
|
|
@@ -34,14 +34,14 @@ class WAFV2 < Mapper
|
|
|
34
34
|
}
|
|
35
35
|
|
|
36
36
|
# get_web_acl
|
|
37
|
-
@client.get_web_acl(params).each do |
|
|
38
|
-
struct.arn =
|
|
39
|
-
struct.details =
|
|
37
|
+
@client.get_web_acl(params).each do |r|
|
|
38
|
+
struct.arn = r.web_acl.arn
|
|
39
|
+
struct.details = r.web_acl
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
# list_resources_for_web_acl
|
|
43
|
-
@client.list_resources_for_web_acl({ web_acl_arn: 'ResourceArn' }).each do |
|
|
44
|
-
struct.resources =
|
|
43
|
+
@client.list_resources_for_web_acl({ web_acl_arn: 'ResourceArn' }).each do |r|
|
|
44
|
+
struct.resources = r.resource_arns.map(&:to_h)
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
resources.push(struct.to_h)
|
data/lib/aws_recon/version.rb
CHANGED
data/readme.md
CHANGED
|
@@ -54,13 +54,13 @@ To run locally, first install the gem:
|
|
|
54
54
|
|
|
55
55
|
```
|
|
56
56
|
$ gem install aws_recon
|
|
57
|
-
Fetching aws_recon-0.
|
|
57
|
+
Fetching aws_recon-0.3.0.gem
|
|
58
58
|
Fetching aws-sdk-3.0.1.gem
|
|
59
59
|
Fetching parallel-1.20.1.gem
|
|
60
60
|
...
|
|
61
61
|
Successfully installed aws-sdk-3.0.1
|
|
62
62
|
Successfully installed parallel-1.20.1
|
|
63
|
-
Successfully installed aws_recon-0.
|
|
63
|
+
Successfully installed aws_recon-0.3.0
|
|
64
64
|
```
|
|
65
65
|
|
|
66
66
|
Or add it to your Gemfile using `bundle`:
|
|
@@ -72,7 +72,7 @@ Resolving dependencies...
|
|
|
72
72
|
...
|
|
73
73
|
Using aws-sdk 3.0.1
|
|
74
74
|
Using parallel-1.20.1
|
|
75
|
-
Using aws_recon 0.
|
|
75
|
+
Using aws_recon 0.3.0
|
|
76
76
|
```
|
|
77
77
|
|
|
78
78
|
## Usage
|
|
@@ -225,7 +225,7 @@ Most users will want to limit collection to relevant services and regions. Runni
|
|
|
225
225
|
```
|
|
226
226
|
$ aws_recon -h
|
|
227
227
|
|
|
228
|
-
AWS Recon - AWS Inventory Collector (0.
|
|
228
|
+
AWS Recon - AWS Inventory Collector (0.3.0)
|
|
229
229
|
|
|
230
230
|
Usage: aws_recon [options]
|
|
231
231
|
-r, --regions [REGIONS] Regions to scan, separated by comma (default: all)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws_recon
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Josh Larsen
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-
|
|
12
|
+
date: 2021-02-03 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: aws-sdk
|