aws_recon 0.2.32 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws_recon/collectors/emr.rb +1 -0
- data/lib/aws_recon/collectors/guardduty.rb +37 -8
- data/lib/aws_recon/collectors/rds.rb +27 -9
- data/lib/aws_recon/collectors/route53.rb +1 -1
- data/lib/aws_recon/collectors/ses.rb +1 -1
- data/lib/aws_recon/collectors/ssm.rb +1 -1
- data/lib/aws_recon/collectors/wafv2.rb +5 -5
- data/lib/aws_recon/collectors/xray.rb +1 -0
- data/lib/aws_recon/version.rb +1 -1
- data/readme.md +4 -4
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9a7f479006111ba869fcdccea5264ffb5a3cc4c0536e0b2cf4a6b3581ff65146
|
|
4
|
+
data.tar.gz: dfa1191aea8a07fcd9a54be418f913b777f0bd43cf5cf9cbdfb0b8f8707dc8aa
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8f5a65342608fd58234383c704ddb416333e1439ca024e8e09bb0b3e96cfe2df0d53b5489ad040317b7b47b0f523c4c8252753af81e018866f081ef2c06cf414
|
|
7
|
+
data.tar.gz: '0867e52a15899ff2e63f141ab376b2992f968c4b19a0a64b57b1506d1cc036a8724b289c231a8a15dd4118bad65eff6945b891629150d8fe6bf9afb284bca0dd'
|
|
@@ -22,20 +22,26 @@ class GuardDuty < Mapper
|
|
|
22
22
|
# get_detector
|
|
23
23
|
struct = OpenStruct.new(@client.get_detector({ detector_id: detector }).to_h)
|
|
24
24
|
struct.type = 'detector'
|
|
25
|
-
struct.arn = "arn:aws:guardduty:#{@region}:detector/#{detector}"
|
|
25
|
+
struct.arn = "arn:aws:guardduty:#{@region}:#{@account}:detector/#{detector}"
|
|
26
26
|
|
|
27
27
|
# get_findings_statistics (only active findings)
|
|
28
28
|
struct.findings_statistics = @client.get_findings_statistics({
|
|
29
29
|
detector_id: detector,
|
|
30
30
|
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
|
31
|
-
finding_criteria:
|
|
32
|
-
criterion: {
|
|
33
|
-
'service.archived': {
|
|
34
|
-
eq: ['false']
|
|
35
|
-
}
|
|
36
|
-
}
|
|
37
|
-
}
|
|
31
|
+
finding_criteria: finding_criteria
|
|
38
32
|
}).finding_statistics.to_h
|
|
33
|
+
# get_findings_statistics (only active findings older than 7 days)
|
|
34
|
+
struct.findings_statistics_aged_short = @client.get_findings_statistics({
|
|
35
|
+
detector_id: detector,
|
|
36
|
+
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
|
37
|
+
finding_criteria: finding_criteria(7)
|
|
38
|
+
}).finding_statistics.to_h
|
|
39
|
+
# get_findings_statistics (only active findings older than 30 days)
|
|
40
|
+
struct.findings_statistics_aged_long = @client.get_findings_statistics({
|
|
41
|
+
detector_id: detector,
|
|
42
|
+
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
|
43
|
+
finding_criteria: finding_criteria(30)
|
|
44
|
+
}).finding_statistics.to_h
|
|
39
45
|
|
|
40
46
|
# get_master_account
|
|
41
47
|
struct.master_account = @client.get_master_account({ detector_id: detector }).master.to_h
|
|
@@ -46,4 +52,27 @@ class GuardDuty < Mapper
|
|
|
46
52
|
|
|
47
53
|
resources
|
|
48
54
|
end
|
|
55
|
+
|
|
56
|
+
private
|
|
57
|
+
|
|
58
|
+
def finding_criteria(days = 1)
|
|
59
|
+
criteria = {
|
|
60
|
+
criterion: {
|
|
61
|
+
'service.archived': { eq: ['false'] }
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
if days > 1
|
|
66
|
+
days_ago = (Time.now.to_f * 1000).to_i - (60 * 60 * 24 * 1000 * days) # with miliseconds
|
|
67
|
+
|
|
68
|
+
criteria = {
|
|
69
|
+
criterion: {
|
|
70
|
+
'service.archived': { eq: ['false'] },
|
|
71
|
+
'updatedAt': { less_than: days_ago }
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
criteria
|
|
77
|
+
end
|
|
49
78
|
end
|
|
@@ -68,21 +68,39 @@ class RDS < Mapper
|
|
|
68
68
|
end
|
|
69
69
|
|
|
70
70
|
#
|
|
71
|
-
#
|
|
71
|
+
# describe_db_cluster_snapshots
|
|
72
72
|
#
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
log(response.context.operation_name, page)
|
|
73
|
+
@client.describe_db_cluster_snapshots.each_with_index do |response, page|
|
|
74
|
+
log(response.context.operation_name, page)
|
|
76
75
|
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
struct.type = 'db_engine_version'
|
|
76
|
+
response.db_cluster_snapshots.each do |snapshot|
|
|
77
|
+
log(response.context.operation_name, snapshot.db_cluster_snapshot_identifier)
|
|
80
78
|
|
|
81
|
-
|
|
82
|
-
|
|
79
|
+
struct = OpenStruct.new(snapshot.to_h)
|
|
80
|
+
struct.type = 'db_cluster_snapshot'
|
|
81
|
+
struct.arn = snapshot.db_cluster_snapshot_arn
|
|
82
|
+
struct.parent_id = snapshot.db_cluster_identifier
|
|
83
|
+
|
|
84
|
+
resources.push(struct.to_h)
|
|
83
85
|
end
|
|
84
86
|
end
|
|
85
87
|
|
|
88
|
+
#
|
|
89
|
+
# describe_db_engine_versions
|
|
90
|
+
#
|
|
91
|
+
### unless @options.skip_slow
|
|
92
|
+
### @client.describe_db_engine_versions.each_with_index do |response, page|
|
|
93
|
+
### log(response.context.operation_name, page)
|
|
94
|
+
|
|
95
|
+
### response.db_engine_versions.each do |version|
|
|
96
|
+
### struct = OpenStruct.new(version.to_h)
|
|
97
|
+
### struct.type = 'db_engine_version'
|
|
98
|
+
|
|
99
|
+
### resources.push(struct.to_h)
|
|
100
|
+
### end
|
|
101
|
+
### end
|
|
102
|
+
### end
|
|
103
|
+
|
|
86
104
|
resources
|
|
87
105
|
end
|
|
88
106
|
end
|
|
@@ -19,7 +19,7 @@ class Route53 < Mapper
|
|
|
19
19
|
response.hosted_zones.each do |zone|
|
|
20
20
|
struct = OpenStruct.new(zone.to_h)
|
|
21
21
|
struct.type = 'zone'
|
|
22
|
-
struct.arn = zone.
|
|
22
|
+
struct.arn = "aws:route53:#{@region}:#{@account}:zone/#{zone.name}"
|
|
23
23
|
struct.logging_config = @client
|
|
24
24
|
.list_query_logging_configs({ hosted_zone_id: zone.id })
|
|
25
25
|
.query_logging_configs.first.to_h
|
|
@@ -19,7 +19,7 @@ class SES < Mapper
|
|
|
19
19
|
response.identities.each do |identity|
|
|
20
20
|
struct = OpenStruct.new
|
|
21
21
|
struct.type = 'identity'
|
|
22
|
-
struct.arn = "aws:ses:#{@region}
|
|
22
|
+
struct.arn = "arn:aws:ses:#{@region}:#{@account}:identity/#{identity}"
|
|
23
23
|
|
|
24
24
|
# get_identity_dkim_attributes
|
|
25
25
|
struct.dkim_attributes = @client.get_identity_dkim_attributes({ identities: [identity] }).dkim_attributes[identity].to_h
|
|
@@ -35,7 +35,7 @@ class SSM < Mapper
|
|
|
35
35
|
struct = OpenStruct.new(parameter.to_h)
|
|
36
36
|
struct.string_type = parameter.type
|
|
37
37
|
struct.type = 'parameter'
|
|
38
|
-
struct.arn = "arn:aws:#{@service}:#{@region}
|
|
38
|
+
struct.arn = "arn:aws:#{@service}:#{@region}:#{@account}:parameter:#{parameter.name}"
|
|
39
39
|
|
|
40
40
|
resources.push(struct.to_h)
|
|
41
41
|
end
|
|
@@ -34,14 +34,14 @@ class WAFV2 < Mapper
|
|
|
34
34
|
}
|
|
35
35
|
|
|
36
36
|
# get_web_acl
|
|
37
|
-
@client.get_web_acl(params).each do |
|
|
38
|
-
struct.arn =
|
|
39
|
-
struct.details =
|
|
37
|
+
@client.get_web_acl(params).each do |r|
|
|
38
|
+
struct.arn = r.web_acl.arn
|
|
39
|
+
struct.details = r.web_acl
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
# list_resources_for_web_acl
|
|
43
|
-
@client.list_resources_for_web_acl({ web_acl_arn: 'ResourceArn' }).each do |
|
|
44
|
-
struct.resources =
|
|
43
|
+
@client.list_resources_for_web_acl({ web_acl_arn: 'ResourceArn' }).each do |r|
|
|
44
|
+
struct.resources = r.resource_arns.map(&:to_h)
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
resources.push(struct.to_h)
|
data/lib/aws_recon/version.rb
CHANGED
data/readme.md
CHANGED
|
@@ -54,13 +54,13 @@ To run locally, first install the gem:
|
|
|
54
54
|
|
|
55
55
|
```
|
|
56
56
|
$ gem install aws_recon
|
|
57
|
-
Fetching aws_recon-0.
|
|
57
|
+
Fetching aws_recon-0.3.0.gem
|
|
58
58
|
Fetching aws-sdk-3.0.1.gem
|
|
59
59
|
Fetching parallel-1.20.1.gem
|
|
60
60
|
...
|
|
61
61
|
Successfully installed aws-sdk-3.0.1
|
|
62
62
|
Successfully installed parallel-1.20.1
|
|
63
|
-
Successfully installed aws_recon-0.
|
|
63
|
+
Successfully installed aws_recon-0.3.0
|
|
64
64
|
```
|
|
65
65
|
|
|
66
66
|
Or add it to your Gemfile using `bundle`:
|
|
@@ -72,7 +72,7 @@ Resolving dependencies...
|
|
|
72
72
|
...
|
|
73
73
|
Using aws-sdk 3.0.1
|
|
74
74
|
Using parallel-1.20.1
|
|
75
|
-
Using aws_recon 0.
|
|
75
|
+
Using aws_recon 0.3.0
|
|
76
76
|
```
|
|
77
77
|
|
|
78
78
|
## Usage
|
|
@@ -225,7 +225,7 @@ Most users will want to limit collection to relevant services and regions. Runni
|
|
|
225
225
|
```
|
|
226
226
|
$ aws_recon -h
|
|
227
227
|
|
|
228
|
-
AWS Recon - AWS Inventory Collector (0.
|
|
228
|
+
AWS Recon - AWS Inventory Collector (0.3.0)
|
|
229
229
|
|
|
230
230
|
Usage: aws_recon [options]
|
|
231
231
|
-r, --regions [REGIONS] Regions to scan, separated by comma (default: all)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws_recon
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Josh Larsen
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-
|
|
12
|
+
date: 2021-02-03 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: aws-sdk
|