aws_recon 0.2.35 → 0.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws_recon/aws_recon.rb +4 -4
- data/lib/aws_recon/collectors/ec2.rb +1 -0
- data/lib/aws_recon/collectors/emr.rb +1 -0
- data/lib/aws_recon/collectors/guardduty.rb +36 -7
- data/lib/aws_recon/collectors/iam.rb +22 -0
- data/lib/aws_recon/collectors/rds.rb +12 -12
- data/lib/aws_recon/collectors/ses.rb +1 -1
- data/lib/aws_recon/collectors/wafv2.rb +5 -5
- data/lib/aws_recon/collectors/xray.rb +1 -0
- data/lib/aws_recon/services.yaml +22 -0
- data/lib/aws_recon/version.rb +1 -1
- data/readme.md +4 -4
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 78fc6d22af7befa021cb4dba0e0a625ba9066a96c6d5ea749d8585f1e32f9bb1
|
4
|
+
data.tar.gz: e2225ffdcdb745e37dfb3c79be07bea53e6ff1652c030132b87f4581cc879d7e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dbd8bd93d81b95f989965a0578fefe96f6111dd02f78d5c88db1e989c3b1362aca8af0bb61a14f931eadf8429ccff2f5c63550efc48e5687d6124cda133208e5
|
7
|
+
data.tar.gz: c6d70f5d870b3322237563d65b325c461398499cd26aebafbb12c095fd8ff00291aa6ef59af35fde3c68fd269a60bc90ad4aa47269af2f3c47577842f83d26ca
|
data/lib/aws_recon/aws_recon.rb
CHANGED
@@ -6,7 +6,7 @@ module AwsRecon
|
|
6
6
|
class CLI
|
7
7
|
def initialize
|
8
8
|
# parse options
|
9
|
-
@options = Parser.parse ARGV.
|
9
|
+
@options = Parser.parse ARGV.empty? ? %w[-h] : ARGV
|
10
10
|
|
11
11
|
# timing
|
12
12
|
@starting = Process.clock_gettime(Process::CLOCK_MONOTONIC)
|
@@ -15,11 +15,11 @@ module AwsRecon
|
|
15
15
|
@account_id = Aws::STS::Client.new.get_caller_identity.account
|
16
16
|
|
17
17
|
# AWS services
|
18
|
-
@aws_services = YAML.
|
18
|
+
@aws_services = YAML.safe_load(File.read(SERVICES_CONFIG_FILE), symbolize_names: true)
|
19
19
|
|
20
20
|
# User config services
|
21
21
|
if @options.config_file
|
22
|
-
user_config = YAML.
|
22
|
+
user_config = YAML.safe_load(File.read(@options.config_file), symbolize_names: true)
|
23
23
|
|
24
24
|
@services = user_config[:services]
|
25
25
|
@regions = user_config[:regions]
|
@@ -94,7 +94,7 @@ module AwsRecon
|
|
94
94
|
next unless @regions.include?(region) && !skip_region
|
95
95
|
|
96
96
|
# user included this service in the args
|
97
|
-
next unless @services.include?(service.name) || @services.include?(service.alias)
|
97
|
+
next unless @services.include?(service.name) || @services.include?(service.alias)
|
98
98
|
|
99
99
|
collect(service, region)
|
100
100
|
end
|
@@ -28,14 +28,20 @@ class GuardDuty < Mapper
|
|
28
28
|
struct.findings_statistics = @client.get_findings_statistics({
|
29
29
|
detector_id: detector,
|
30
30
|
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
31
|
-
finding_criteria:
|
32
|
-
criterion: {
|
33
|
-
'service.archived': {
|
34
|
-
eq: ['false']
|
35
|
-
}
|
36
|
-
}
|
37
|
-
}
|
31
|
+
finding_criteria: finding_criteria
|
38
32
|
}).finding_statistics.to_h
|
33
|
+
# get_findings_statistics (only active findings older than 7 days)
|
34
|
+
struct.findings_statistics_aged_short = @client.get_findings_statistics({
|
35
|
+
detector_id: detector,
|
36
|
+
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
37
|
+
finding_criteria: finding_criteria(7)
|
38
|
+
}).finding_statistics.to_h
|
39
|
+
# get_findings_statistics (only active findings older than 30 days)
|
40
|
+
struct.findings_statistics_aged_long = @client.get_findings_statistics({
|
41
|
+
detector_id: detector,
|
42
|
+
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
43
|
+
finding_criteria: finding_criteria(30)
|
44
|
+
}).finding_statistics.to_h
|
39
45
|
|
40
46
|
# get_master_account
|
41
47
|
struct.master_account = @client.get_master_account({ detector_id: detector }).master.to_h
|
@@ -46,4 +52,27 @@ class GuardDuty < Mapper
|
|
46
52
|
|
47
53
|
resources
|
48
54
|
end
|
55
|
+
|
56
|
+
private
|
57
|
+
|
58
|
+
def finding_criteria(days = 1)
|
59
|
+
criteria = {
|
60
|
+
criterion: {
|
61
|
+
'service.archived': { eq: ['false'] }
|
62
|
+
}
|
63
|
+
}
|
64
|
+
|
65
|
+
if days > 1
|
66
|
+
days_ago = (Time.now.to_f * 1000).to_i - (60 * 60 * 24 * 1000 * days) # with miliseconds
|
67
|
+
|
68
|
+
criteria = {
|
69
|
+
criterion: {
|
70
|
+
'service.archived': { eq: ['false'] },
|
71
|
+
'updatedAt': { less_than: days_ago }
|
72
|
+
}
|
73
|
+
}
|
74
|
+
end
|
75
|
+
|
76
|
+
criteria
|
77
|
+
end
|
49
78
|
end
|
@@ -91,6 +91,28 @@ class IAM < Mapper
|
|
91
91
|
end
|
92
92
|
end
|
93
93
|
|
94
|
+
#
|
95
|
+
# list_instance_profiles
|
96
|
+
#
|
97
|
+
@client.list_instance_profiles.each_with_index do |response, page|
|
98
|
+
log(response.context.operation_name, page)
|
99
|
+
|
100
|
+
# instance_profiles
|
101
|
+
response.instance_profiles.each do |profile|
|
102
|
+
struct = OpenStruct.new(profile.to_h)
|
103
|
+
struct.type = 'instance_profile'
|
104
|
+
struct.arn = profile.arn
|
105
|
+
struct.roles = []
|
106
|
+
|
107
|
+
profile.roles&.each do |role|
|
108
|
+
role.assume_role_policy_document = role.assume_role_policy_document.parse_policy
|
109
|
+
struct.roles.push(role.to_h)
|
110
|
+
end
|
111
|
+
|
112
|
+
resources.push(struct.to_h)
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
94
116
|
#
|
95
117
|
# get_account_password_policy
|
96
118
|
#
|
@@ -88,18 +88,18 @@ class RDS < Mapper
|
|
88
88
|
#
|
89
89
|
# describe_db_engine_versions
|
90
90
|
#
|
91
|
-
unless @options.skip_slow
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
end
|
91
|
+
### unless @options.skip_slow
|
92
|
+
### @client.describe_db_engine_versions.each_with_index do |response, page|
|
93
|
+
### log(response.context.operation_name, page)
|
94
|
+
|
95
|
+
### response.db_engine_versions.each do |version|
|
96
|
+
### struct = OpenStruct.new(version.to_h)
|
97
|
+
### struct.type = 'db_engine_version'
|
98
|
+
|
99
|
+
### resources.push(struct.to_h)
|
100
|
+
### end
|
101
|
+
### end
|
102
|
+
### end
|
103
103
|
|
104
104
|
resources
|
105
105
|
end
|
@@ -19,7 +19,7 @@ class SES < Mapper
|
|
19
19
|
response.identities.each do |identity|
|
20
20
|
struct = OpenStruct.new
|
21
21
|
struct.type = 'identity'
|
22
|
-
struct.arn = "aws:ses:#{@region}:#{@account}:identity/#{identity}"
|
22
|
+
struct.arn = "arn:aws:ses:#{@region}:#{@account}:identity/#{identity}"
|
23
23
|
|
24
24
|
# get_identity_dkim_attributes
|
25
25
|
struct.dkim_attributes = @client.get_identity_dkim_attributes({ identities: [identity] }).dkim_attributes[identity].to_h
|
@@ -34,14 +34,14 @@ class WAFV2 < Mapper
|
|
34
34
|
}
|
35
35
|
|
36
36
|
# get_web_acl
|
37
|
-
@client.get_web_acl(params).each do |
|
38
|
-
struct.arn =
|
39
|
-
struct.details =
|
37
|
+
@client.get_web_acl(params).each do |r|
|
38
|
+
struct.arn = r.web_acl.arn
|
39
|
+
struct.details = r.web_acl
|
40
40
|
end
|
41
41
|
|
42
42
|
# list_resources_for_web_acl
|
43
|
-
@client.list_resources_for_web_acl({ web_acl_arn: 'ResourceArn' }).each do |
|
44
|
-
struct.resources =
|
43
|
+
@client.list_resources_for_web_acl({ web_acl_arn: 'ResourceArn' }).each do |r|
|
44
|
+
struct.resources = r.resource_arns.map(&:to_h)
|
45
45
|
end
|
46
46
|
|
47
47
|
resources.push(struct.to_h)
|
data/lib/aws_recon/services.yaml
CHANGED
@@ -14,11 +14,13 @@
|
|
14
14
|
alias: codebuild
|
15
15
|
excluded_regions:
|
16
16
|
- af-south-1
|
17
|
+
- ap-northeast-3
|
17
18
|
- name: CodePipeline
|
18
19
|
alias: codepipeline
|
19
20
|
excluded_regions:
|
20
21
|
- af-south-1
|
21
22
|
- me-south-1
|
23
|
+
- ap-northeast-3
|
22
24
|
- name: AutoScaling
|
23
25
|
alias: autoscaling
|
24
26
|
- name: CloudTrail
|
@@ -51,6 +53,7 @@
|
|
51
53
|
- af-south-1
|
52
54
|
- eu-south-1
|
53
55
|
- me-south-1
|
56
|
+
- ap-northeast-3
|
54
57
|
- name: IAM
|
55
58
|
global: true
|
56
59
|
alias: iam
|
@@ -102,6 +105,7 @@
|
|
102
105
|
- ap-east-1
|
103
106
|
- af-south-1
|
104
107
|
- eu-south-1
|
108
|
+
- ap-northeast-3
|
105
109
|
- name: CloudWatch
|
106
110
|
alias: cloudwatch
|
107
111
|
- name: CloudWatchLogs
|
@@ -110,10 +114,13 @@
|
|
110
114
|
alias: kafka
|
111
115
|
excluded_regions:
|
112
116
|
- af-south-1
|
117
|
+
- ap-northeast-3
|
113
118
|
- name: SecretsManager
|
114
119
|
alias: sm
|
115
120
|
- name: SecurityHub
|
116
121
|
alias: sh
|
122
|
+
excluded_regions:
|
123
|
+
- ap-northeast-3
|
117
124
|
- name: Support
|
118
125
|
global: true
|
119
126
|
alias: support
|
@@ -123,10 +130,16 @@
|
|
123
130
|
- ap-southeast-1
|
124
131
|
- name: GuardDuty
|
125
132
|
alias: guardduty
|
133
|
+
excluded_regions:
|
134
|
+
- ap-northeast-3
|
126
135
|
- name: Athena
|
127
136
|
alias: athena
|
137
|
+
excluded_regions:
|
138
|
+
- ap-northeast-3
|
128
139
|
- name: EFS
|
129
140
|
alias: efs
|
141
|
+
excluded_regions:
|
142
|
+
- ap-northeast-3
|
130
143
|
- name: Firehose
|
131
144
|
alias: firehose
|
132
145
|
- name: Lightsail
|
@@ -139,6 +152,7 @@
|
|
139
152
|
- af-south-1
|
140
153
|
- eu-south-1
|
141
154
|
- me-south-1
|
155
|
+
- ap-northeast-3
|
142
156
|
- name: WorkSpaces
|
143
157
|
alias: workspaces
|
144
158
|
excluded_regions:
|
@@ -151,8 +165,11 @@
|
|
151
165
|
- af-south-1
|
152
166
|
- eu-south-1
|
153
167
|
- me-south-1
|
168
|
+
- ap-northeast-3
|
154
169
|
- name: SageMaker
|
155
170
|
alias: sagemaker
|
171
|
+
excluded_regions:
|
172
|
+
- ap-northeast-3
|
156
173
|
- name: ServiceQuotas
|
157
174
|
alias: servicequotas
|
158
175
|
- name: Transfer
|
@@ -162,13 +179,18 @@
|
|
162
179
|
- af-south-1
|
163
180
|
- eu-south-1
|
164
181
|
- me-south-1
|
182
|
+
- ap-northeast-3
|
165
183
|
- name: DirectConnect
|
166
184
|
alias: dc
|
167
185
|
- name: DirectoryService
|
168
186
|
alias: ds
|
187
|
+
excluded_regions:
|
188
|
+
- ap-northeast-3
|
169
189
|
- name: DatabaseMigrationService
|
170
190
|
alias: dms
|
171
191
|
- name: XRay
|
172
192
|
alias: xray
|
173
193
|
- name: WAFV2
|
174
194
|
alias: wafv2
|
195
|
+
excluded_regions:
|
196
|
+
- ap-northeast-3
|
data/lib/aws_recon/version.rb
CHANGED
data/readme.md
CHANGED
@@ -54,13 +54,13 @@ To run locally, first install the gem:
|
|
54
54
|
|
55
55
|
```
|
56
56
|
$ gem install aws_recon
|
57
|
-
Fetching aws_recon-0.
|
57
|
+
Fetching aws_recon-0.3.0.gem
|
58
58
|
Fetching aws-sdk-3.0.1.gem
|
59
59
|
Fetching parallel-1.20.1.gem
|
60
60
|
...
|
61
61
|
Successfully installed aws-sdk-3.0.1
|
62
62
|
Successfully installed parallel-1.20.1
|
63
|
-
Successfully installed aws_recon-0.
|
63
|
+
Successfully installed aws_recon-0.3.0
|
64
64
|
```
|
65
65
|
|
66
66
|
Or add it to your Gemfile using `bundle`:
|
@@ -72,7 +72,7 @@ Resolving dependencies...
|
|
72
72
|
...
|
73
73
|
Using aws-sdk 3.0.1
|
74
74
|
Using parallel-1.20.1
|
75
|
-
Using aws_recon 0.
|
75
|
+
Using aws_recon 0.3.0
|
76
76
|
```
|
77
77
|
|
78
78
|
## Usage
|
@@ -225,7 +225,7 @@ Most users will want to limit collection to relevant services and regions. Runni
|
|
225
225
|
```
|
226
226
|
$ aws_recon -h
|
227
227
|
|
228
|
-
AWS Recon - AWS Inventory Collector (0.
|
228
|
+
AWS Recon - AWS Inventory Collector (0.3.0)
|
229
229
|
|
230
230
|
Usage: aws_recon [options]
|
231
231
|
-r, --regions [REGIONS] Regions to scan, separated by comma (default: all)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws_recon
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Josh Larsen
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-
|
12
|
+
date: 2021-03-02 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: aws-sdk
|