aws_recon 0.2.35 → 0.3.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e0e56eb0ec39b06ea92cbf5ea236dc2049ffe349b8081b1e31ea83280f987298
-  data.tar.gz: 1639da4ecc67a230b36ce9c4bb3eb38012b57a02c0fc33850916063ec9bb8fd5
+  metadata.gz: 78fc6d22af7befa021cb4dba0e0a625ba9066a96c6d5ea749d8585f1e32f9bb1
+  data.tar.gz: e2225ffdcdb745e37dfb3c79be07bea53e6ff1652c030132b87f4581cc879d7e
 SHA512:
-  metadata.gz: a941be401c91901d2309dc11bebd494dae518ea3f8ac23896919e78223fce30acd211b2b05ae406994502a44d53e3870d1dc93b107189813c70a794e2199c490
-  data.tar.gz: 9b7d77b54ea0818084451c7d339b0c5d1244e0c45ad0a5665458470a5e5225ef05301aed61f0d93085429f2f2251382d15f98c4d66310b093d197fb858558b80
+  metadata.gz: dbd8bd93d81b95f989965a0578fefe96f6111dd02f78d5c88db1e989c3b1362aca8af0bb61a14f931eadf8429ccff2f5c63550efc48e5687d6124cda133208e5
+  data.tar.gz: c6d70f5d870b3322237563d65b325c461398499cd26aebafbb12c095fd8ff00291aa6ef59af35fde3c68fd269a60bc90ad4aa47269af2f3c47577842f83d26ca

data/lib/aws_recon/aws_recon.rb

@@ -6,7 +6,7 @@ module AwsRecon
   class CLI
     def initialize
       # parse options
-      @options = Parser.parse ARGV.length < 1 ? %w[-h] : ARGV
+      @options = Parser.parse ARGV.empty? ? %w[-h] : ARGV
 
       # timing
       @starting = Process.clock_gettime(Process::CLOCK_MONOTONIC)
@@ -15,11 +15,11 @@ module AwsRecon
       @account_id = Aws::STS::Client.new.get_caller_identity.account
 
       # AWS services
-      @aws_services = YAML.load(File.read(SERVICES_CONFIG_FILE), symbolize_names: true)
+      @aws_services = YAML.safe_load(File.read(SERVICES_CONFIG_FILE), symbolize_names: true)
 
       # User config services
       if @options.config_file
-        user_config = YAML.load(File.read(@options.config_file), symbolize_names: true)
+        user_config = YAML.safe_load(File.read(@options.config_file), symbolize_names: true)
 
         @services = user_config[:services]
         @regions = user_config[:regions]
@@ -94,7 +94,7 @@ module AwsRecon
           next unless @regions.include?(region) && !skip_region
 
           # user included this service in the args
-          next unless @services.include?(service.name) || @services.include?(service.alias) # rubocop:disable Layout/LineLength
+          next unless @services.include?(service.name) || @services.include?(service.alias)
 
           collect(service, region)
         end

data/lib/aws_recon/collectors/ec2.rb

@@ -29,6 +29,7 @@ class EC2 < Mapper
         struct = OpenStruct.new
         struct.attributes = response.account_attributes.map(&:to_h)
         struct.type = 'account'
+        struct.arn = "arn:aws::#{@account}"
 
         resources.push(struct.to_h)
       end

data/lib/aws_recon/collectors/emr.rb

@@ -18,6 +18,7 @@ class EMR < Mapper
 
       struct = OpenStruct.new(response.block_public_access_configuration.to_h)
       struct.type = 'configuration'
+      struct.arn = "arn:aws:emr:#{@region}:#{@account}/block_public_access_configuration"
 
       resources.push(struct.to_h)
     end

data/lib/aws_recon/collectors/guardduty.rb

@@ -28,14 +28,20 @@ class GuardDuty < Mapper
         struct.findings_statistics = @client.get_findings_statistics({
                                                                        detector_id: detector,
                                                                        finding_statistic_types: ['COUNT_BY_SEVERITY'],
-                                                                       finding_criteria: {
-                                                                         criterion: {
-                                                                           'service.archived': {
-                                                                             eq: ['false']
-                                                                           }
-                                                                         }
-                                                                       }
+                                                                       finding_criteria: finding_criteria
                                                                      }).finding_statistics.to_h
+        # get_findings_statistics (only active findings older than 7 days)
+        struct.findings_statistics_aged_short = @client.get_findings_statistics({
+                                                                                  detector_id: detector,
+                                                                                  finding_statistic_types: ['COUNT_BY_SEVERITY'],
+                                                                                  finding_criteria: finding_criteria(7)
+                                                                                }).finding_statistics.to_h
+        # get_findings_statistics (only active findings older than 30 days)
+        struct.findings_statistics_aged_long = @client.get_findings_statistics({
+                                                                                 detector_id: detector,
+                                                                                 finding_statistic_types: ['COUNT_BY_SEVERITY'],
+                                                                                 finding_criteria: finding_criteria(30)
+                                                                               }).finding_statistics.to_h
 
         # get_master_account
         struct.master_account = @client.get_master_account({ detector_id: detector }).master.to_h
@@ -46,4 +52,27 @@ class GuardDuty < Mapper
 
     resources
   end
+
+  private
+
+  def finding_criteria(days = 1)
+    criteria = {
+      criterion: {
+        'service.archived': { eq: ['false'] }
+      }
+    }
+
+    if days > 1
+      days_ago = (Time.now.to_f * 1000).to_i - (60 * 60 * 24 * 1000 * days) # with miliseconds
+
+      criteria = {
+        criterion: {
+          'service.archived': { eq: ['false'] },
+          'updatedAt': { less_than: days_ago }
+        }
+      }
+    end
+
+    criteria
+  end
 end

data/lib/aws_recon/collectors/iam.rb

@@ -91,6 +91,28 @@ class IAM < Mapper
       end
     end
 
+    #
+    # list_instance_profiles
+    #
+    @client.list_instance_profiles.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      # instance_profiles
+      response.instance_profiles.each do |profile|
+        struct = OpenStruct.new(profile.to_h)
+        struct.type = 'instance_profile'
+        struct.arn = profile.arn
+        struct.roles = []
+
+        profile.roles&.each do |role|
+          role.assume_role_policy_document = role.assume_role_policy_document.parse_policy
+          struct.roles.push(role.to_h)
+        end
+
+        resources.push(struct.to_h)
+      end
+    end
+
     #
     # get_account_password_policy
     #

data/lib/aws_recon/collectors/rds.rb

@@ -88,18 +88,18 @@ class RDS < Mapper
     #
     # describe_db_engine_versions
     #
-    unless @options.skip_slow
-      @client.describe_db_engine_versions.each_with_index do |response, page|
-        log(response.context.operation_name, page)
-
-        response.db_engine_versions.each do |version|
-          struct = OpenStruct.new(version.to_h)
-          struct.type = 'db_engine_version'
-
-          resources.push(struct.to_h)
-        end
-      end
-    end
+    ### unless @options.skip_slow
+    ###   @client.describe_db_engine_versions.each_with_index do |response, page|
+    ###     log(response.context.operation_name, page)
+
+    ###     response.db_engine_versions.each do |version|
+    ###       struct = OpenStruct.new(version.to_h)
+    ###       struct.type = 'db_engine_version'
+
+    ###       resources.push(struct.to_h)
+    ###     end
+    ###   end
+    ### end
 
     resources
   end

data/lib/aws_recon/collectors/ses.rb

@@ -19,7 +19,7 @@ class SES < Mapper
       response.identities.each do |identity|
         struct = OpenStruct.new
         struct.type = 'identity'
-        struct.arn = "aws:ses:#{@region}:#{@account}:identity/#{identity}"
+        struct.arn = "arn:aws:ses:#{@region}:#{@account}:identity/#{identity}"
 
         # get_identity_dkim_attributes
         struct.dkim_attributes = @client.get_identity_dkim_attributes({ identities: [identity] }).dkim_attributes[identity].to_h

data/lib/aws_recon/collectors/wafv2.rb

@@ -34,14 +34,14 @@ class WAFV2 < Mapper
           }
 
           # get_web_acl
-          @client.get_web_acl(params).each do |response|
-            struct.arn = response.web_acl.arn
-            struct.details = response.web_acl
+          @client.get_web_acl(params).each do |r|
+            struct.arn = r.web_acl.arn
+            struct.details = r.web_acl
           end
 
           # list_resources_for_web_acl
-          @client.list_resources_for_web_acl({ web_acl_arn: 'ResourceArn' }).each do |response|
-            struct.resources = response.resource_arns.map(&:to_h)
+          @client.list_resources_for_web_acl({ web_acl_arn: 'ResourceArn' }).each do |r|
+            struct.resources = r.resource_arns.map(&:to_h)
           end
 
           resources.push(struct.to_h)

data/lib/aws_recon/collectors/xray.rb

@@ -16,6 +16,7 @@ class XRay < Mapper
     struct = OpenStruct.new
     struct.config = @client.get_encryption_config.encryption_config.to_h
     struct.type = 'config'
+    struct.arn = "arn:aws:xray:#{@region}:#{@account}/config"
 
     resources.push(struct.to_h)
 

data/lib/aws_recon/services.yaml

@@ -14,11 +14,13 @@
   alias: codebuild
   excluded_regions:
     - af-south-1
+    - ap-northeast-3
 - name: CodePipeline
   alias: codepipeline
   excluded_regions:
     - af-south-1
     - me-south-1
+    - ap-northeast-3
 - name: AutoScaling
   alias: autoscaling
 - name: CloudTrail
@@ -51,6 +53,7 @@
     - af-south-1
     - eu-south-1
     - me-south-1
+    - ap-northeast-3
 - name: IAM
   global: true
   alias: iam
@@ -102,6 +105,7 @@
     - ap-east-1
     - af-south-1
     - eu-south-1
+    - ap-northeast-3
 - name: CloudWatch
   alias: cloudwatch
 - name: CloudWatchLogs
@@ -110,10 +114,13 @@
   alias: kafka
   excluded_regions:
     - af-south-1
+    - ap-northeast-3
 - name: SecretsManager
   alias: sm
 - name: SecurityHub
   alias: sh
+  excluded_regions:
+    - ap-northeast-3
 - name: Support
   global: true
   alias: support
@@ -123,10 +130,16 @@
     - ap-southeast-1
 - name: GuardDuty
   alias: guardduty
+  excluded_regions:
+    - ap-northeast-3
 - name: Athena
   alias: athena
+  excluded_regions:
+    - ap-northeast-3
 - name: EFS
   alias: efs
+  excluded_regions:
+    - ap-northeast-3
 - name: Firehose
   alias: firehose
 - name: Lightsail
@@ -139,6 +152,7 @@
     - af-south-1
     - eu-south-1
     - me-south-1
+    - ap-northeast-3
 - name: WorkSpaces
   alias: workspaces
   excluded_regions:
@@ -151,8 +165,11 @@
     - af-south-1
     - eu-south-1
     - me-south-1
+    - ap-northeast-3
 - name: SageMaker
   alias: sagemaker
+  excluded_regions:
+    - ap-northeast-3
 - name: ServiceQuotas
   alias: servicequotas
 - name: Transfer
@@ -162,13 +179,18 @@
     - af-south-1
     - eu-south-1
     - me-south-1
+    - ap-northeast-3
 - name: DirectConnect
   alias: dc
 - name: DirectoryService
   alias: ds
+  excluded_regions:
+    - ap-northeast-3
 - name: DatabaseMigrationService
   alias: dms
 - name: XRay
   alias: xray
 - name: WAFV2
   alias: wafv2
+  excluded_regions:
+    - ap-northeast-3

data/lib/aws_recon/version.rb

@@ -1,3 +1,3 @@
 module AwsRecon
-  VERSION = "0.2.35"
+  VERSION = "0.3.3"
 end

data/readme.md

@@ -54,13 +54,13 @@ To run locally, first install the gem:
 
 ```
 $ gem install aws_recon
-Fetching aws_recon-0.2.28.gem
+Fetching aws_recon-0.3.0.gem
 Fetching aws-sdk-3.0.1.gem
 Fetching parallel-1.20.1.gem
 ...
 Successfully installed aws-sdk-3.0.1
 Successfully installed parallel-1.20.1
-Successfully installed aws_recon-0.2.28
+Successfully installed aws_recon-0.3.0
 ```
 
 Or add it to your Gemfile using `bundle`:
@@ -72,7 +72,7 @@ Resolving dependencies...
 ...
 Using aws-sdk 3.0.1
 Using parallel-1.20.1
-Using aws_recon 0.2.28
+Using aws_recon 0.3.0
 ```
 
 ## Usage
@@ -225,7 +225,7 @@ Most users will want to limit collection to relevant services and regions. Runni
 ```
 $ aws_recon -h
 
-AWS Recon - AWS Inventory Collector (0.2.28)
+AWS Recon - AWS Inventory Collector (0.3.0)
 
 Usage: aws_recon [options]
     -r, --regions [REGIONS]          Regions to scan, separated by comma (default: all)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws_recon
 version: !ruby/object:Gem::Version
-  version: 0.2.35
+  version: 0.3.3
 platform: ruby
 authors:
 - Josh Larsen
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-02 00:00:00.000000000 Z
+date: 2021-03-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk