aws_recon 0.2.34 → 0.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws_recon/collectors/ec2.rb +1 -0
- data/lib/aws_recon/collectors/emr.rb +1 -0
- data/lib/aws_recon/collectors/guardduty.rb +36 -7
- data/lib/aws_recon/collectors/iam.rb +22 -0
- data/lib/aws_recon/collectors/rds.rb +12 -12
- data/lib/aws_recon/collectors/route53.rb +1 -1
- data/lib/aws_recon/collectors/ses.rb +1 -1
- data/lib/aws_recon/collectors/ssm.rb +1 -1
- data/lib/aws_recon/collectors/wafv2.rb +5 -5
- data/lib/aws_recon/collectors/xray.rb +1 -0
- data/lib/aws_recon/version.rb +1 -1
- data/readme.md +4 -4
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4cbcf69491befc3f3fb506855f5f11597ac6f7325e697f9e77161e80eeceea08
|
4
|
+
data.tar.gz: 00d9aaa7ca5c58f1ad05c892d50f90b8468d37b4b7b20396a19c09a84d408b30
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8e60879ad2fd773f359d5b75fdac5f846cb9c1708d223396f28c448f4a47b79e683b43135e2700171e5cbc68eefef43f75d9ff3e1a1885076fbd24e97b605c54
|
7
|
+
data.tar.gz: c58078ba779cb25cfa5600549c31381e533ae8bcbc1479581d49c5c3462e9354e0df3714d796ca0d678c8fdc2059a041c08d953c99d4ed04e6f3ee1744d2fc89
|
@@ -28,14 +28,20 @@ class GuardDuty < Mapper
|
|
28
28
|
struct.findings_statistics = @client.get_findings_statistics({
|
29
29
|
detector_id: detector,
|
30
30
|
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
31
|
-
finding_criteria:
|
32
|
-
criterion: {
|
33
|
-
'service.archived': {
|
34
|
-
eq: ['false']
|
35
|
-
}
|
36
|
-
}
|
37
|
-
}
|
31
|
+
finding_criteria: finding_criteria
|
38
32
|
}).finding_statistics.to_h
|
33
|
+
# get_findings_statistics (only active findings older than 7 days)
|
34
|
+
struct.findings_statistics_aged_short = @client.get_findings_statistics({
|
35
|
+
detector_id: detector,
|
36
|
+
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
37
|
+
finding_criteria: finding_criteria(7)
|
38
|
+
}).finding_statistics.to_h
|
39
|
+
# get_findings_statistics (only active findings older than 30 days)
|
40
|
+
struct.findings_statistics_aged_long = @client.get_findings_statistics({
|
41
|
+
detector_id: detector,
|
42
|
+
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
43
|
+
finding_criteria: finding_criteria(30)
|
44
|
+
}).finding_statistics.to_h
|
39
45
|
|
40
46
|
# get_master_account
|
41
47
|
struct.master_account = @client.get_master_account({ detector_id: detector }).master.to_h
|
@@ -46,4 +52,27 @@ class GuardDuty < Mapper
|
|
46
52
|
|
47
53
|
resources
|
48
54
|
end
|
55
|
+
|
56
|
+
private
|
57
|
+
|
58
|
+
def finding_criteria(days = 1)
|
59
|
+
criteria = {
|
60
|
+
criterion: {
|
61
|
+
'service.archived': { eq: ['false'] }
|
62
|
+
}
|
63
|
+
}
|
64
|
+
|
65
|
+
if days > 1
|
66
|
+
days_ago = (Time.now.to_f * 1000).to_i - (60 * 60 * 24 * 1000 * days) # with miliseconds
|
67
|
+
|
68
|
+
criteria = {
|
69
|
+
criterion: {
|
70
|
+
'service.archived': { eq: ['false'] },
|
71
|
+
'updatedAt': { less_than: days_ago }
|
72
|
+
}
|
73
|
+
}
|
74
|
+
end
|
75
|
+
|
76
|
+
criteria
|
77
|
+
end
|
49
78
|
end
|
@@ -91,6 +91,28 @@ class IAM < Mapper
|
|
91
91
|
end
|
92
92
|
end
|
93
93
|
|
94
|
+
#
|
95
|
+
# list_instance_profiles
|
96
|
+
#
|
97
|
+
@client.list_instance_profiles.each_with_index do |response, page|
|
98
|
+
log(response.context.operation_name, page)
|
99
|
+
|
100
|
+
# instance_profiles
|
101
|
+
response.instance_profiles.each do |profile|
|
102
|
+
struct = OpenStruct.new(profile.to_h)
|
103
|
+
struct.type = 'instance_profile'
|
104
|
+
struct.arn = profile.arn
|
105
|
+
struct.roles = []
|
106
|
+
|
107
|
+
profile.roles&.each do |role|
|
108
|
+
role.assume_role_policy_document = role.assume_role_policy_document.parse_policy
|
109
|
+
struct.roles.push(role.to_h)
|
110
|
+
end
|
111
|
+
|
112
|
+
resources.push(struct.to_h)
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
94
116
|
#
|
95
117
|
# get_account_password_policy
|
96
118
|
#
|
@@ -88,18 +88,18 @@ class RDS < Mapper
|
|
88
88
|
#
|
89
89
|
# describe_db_engine_versions
|
90
90
|
#
|
91
|
-
unless @options.skip_slow
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
end
|
91
|
+
### unless @options.skip_slow
|
92
|
+
### @client.describe_db_engine_versions.each_with_index do |response, page|
|
93
|
+
### log(response.context.operation_name, page)
|
94
|
+
|
95
|
+
### response.db_engine_versions.each do |version|
|
96
|
+
### struct = OpenStruct.new(version.to_h)
|
97
|
+
### struct.type = 'db_engine_version'
|
98
|
+
|
99
|
+
### resources.push(struct.to_h)
|
100
|
+
### end
|
101
|
+
### end
|
102
|
+
### end
|
103
103
|
|
104
104
|
resources
|
105
105
|
end
|
@@ -19,7 +19,7 @@ class Route53 < Mapper
|
|
19
19
|
response.hosted_zones.each do |zone|
|
20
20
|
struct = OpenStruct.new(zone.to_h)
|
21
21
|
struct.type = 'zone'
|
22
|
-
struct.arn = zone.
|
22
|
+
struct.arn = "aws:route53:#{@region}:#{@account}:zone/#{zone.name}"
|
23
23
|
struct.logging_config = @client
|
24
24
|
.list_query_logging_configs({ hosted_zone_id: zone.id })
|
25
25
|
.query_logging_configs.first.to_h
|
@@ -19,7 +19,7 @@ class SES < Mapper
|
|
19
19
|
response.identities.each do |identity|
|
20
20
|
struct = OpenStruct.new
|
21
21
|
struct.type = 'identity'
|
22
|
-
struct.arn = "aws:ses:#{@region}:#{@account}:identity/#{identity}"
|
22
|
+
struct.arn = "arn:aws:ses:#{@region}:#{@account}:identity/#{identity}"
|
23
23
|
|
24
24
|
# get_identity_dkim_attributes
|
25
25
|
struct.dkim_attributes = @client.get_identity_dkim_attributes({ identities: [identity] }).dkim_attributes[identity].to_h
|
@@ -35,7 +35,7 @@ class SSM < Mapper
|
|
35
35
|
struct = OpenStruct.new(parameter.to_h)
|
36
36
|
struct.string_type = parameter.type
|
37
37
|
struct.type = 'parameter'
|
38
|
-
struct.arn = "arn:aws:#{@service}:#{@region}
|
38
|
+
struct.arn = "arn:aws:#{@service}:#{@region}:#{@account}:parameter:#{parameter.name}"
|
39
39
|
|
40
40
|
resources.push(struct.to_h)
|
41
41
|
end
|
@@ -34,14 +34,14 @@ class WAFV2 < Mapper
|
|
34
34
|
}
|
35
35
|
|
36
36
|
# get_web_acl
|
37
|
-
@client.get_web_acl(params).each do |
|
38
|
-
struct.arn =
|
39
|
-
struct.details =
|
37
|
+
@client.get_web_acl(params).each do |r|
|
38
|
+
struct.arn = r.web_acl.arn
|
39
|
+
struct.details = r.web_acl
|
40
40
|
end
|
41
41
|
|
42
42
|
# list_resources_for_web_acl
|
43
|
-
@client.list_resources_for_web_acl({ web_acl_arn: 'ResourceArn' }).each do |
|
44
|
-
struct.resources =
|
43
|
+
@client.list_resources_for_web_acl({ web_acl_arn: 'ResourceArn' }).each do |r|
|
44
|
+
struct.resources = r.resource_arns.map(&:to_h)
|
45
45
|
end
|
46
46
|
|
47
47
|
resources.push(struct.to_h)
|
data/lib/aws_recon/version.rb
CHANGED
data/readme.md
CHANGED
@@ -54,13 +54,13 @@ To run locally, first install the gem:
|
|
54
54
|
|
55
55
|
```
|
56
56
|
$ gem install aws_recon
|
57
|
-
Fetching aws_recon-0.
|
57
|
+
Fetching aws_recon-0.3.0.gem
|
58
58
|
Fetching aws-sdk-3.0.1.gem
|
59
59
|
Fetching parallel-1.20.1.gem
|
60
60
|
...
|
61
61
|
Successfully installed aws-sdk-3.0.1
|
62
62
|
Successfully installed parallel-1.20.1
|
63
|
-
Successfully installed aws_recon-0.
|
63
|
+
Successfully installed aws_recon-0.3.0
|
64
64
|
```
|
65
65
|
|
66
66
|
Or add it to your Gemfile using `bundle`:
|
@@ -72,7 +72,7 @@ Resolving dependencies...
|
|
72
72
|
...
|
73
73
|
Using aws-sdk 3.0.1
|
74
74
|
Using parallel-1.20.1
|
75
|
-
Using aws_recon 0.
|
75
|
+
Using aws_recon 0.3.0
|
76
76
|
```
|
77
77
|
|
78
78
|
## Usage
|
@@ -225,7 +225,7 @@ Most users will want to limit collection to relevant services and regions. Runni
|
|
225
225
|
```
|
226
226
|
$ aws_recon -h
|
227
227
|
|
228
|
-
AWS Recon - AWS Inventory Collector (0.
|
228
|
+
AWS Recon - AWS Inventory Collector (0.3.0)
|
229
229
|
|
230
230
|
Usage: aws_recon [options]
|
231
231
|
-r, --regions [REGIONS] Regions to scan, separated by comma (default: all)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws_recon
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2
|
4
|
+
version: 0.3.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Josh Larsen
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-02-
|
12
|
+
date: 2021-02-11 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: aws-sdk
|