aws_recon 0.2.35 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws_recon/aws_recon.rb +4 -4
  3. data/lib/aws_recon/collectors/ec2.rb +1 -0
  4. data/lib/aws_recon/collectors/emr.rb +1 -0
  5. data/lib/aws_recon/collectors/guardduty.rb +36 -7
  6. data/lib/aws_recon/collectors/iam.rb +22 -0
  7. data/lib/aws_recon/collectors/rds.rb +12 -12
  8. data/lib/aws_recon/collectors/ses.rb +1 -1
  9. data/lib/aws_recon/collectors/wafv2.rb +5 -5
  10. data/lib/aws_recon/collectors/xray.rb +1 -0
  11. data/lib/aws_recon/services.yaml +22 -0
  12. data/lib/aws_recon/version.rb +1 -1
  13. data/readme.md +4 -4
  14. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e0e56eb0ec39b06ea92cbf5ea236dc2049ffe349b8081b1e31ea83280f987298
4
- data.tar.gz: 1639da4ecc67a230b36ce9c4bb3eb38012b57a02c0fc33850916063ec9bb8fd5
3
+ metadata.gz: 78fc6d22af7befa021cb4dba0e0a625ba9066a96c6d5ea749d8585f1e32f9bb1
4
+ data.tar.gz: e2225ffdcdb745e37dfb3c79be07bea53e6ff1652c030132b87f4581cc879d7e
5
5
  SHA512:
6
- metadata.gz: a941be401c91901d2309dc11bebd494dae518ea3f8ac23896919e78223fce30acd211b2b05ae406994502a44d53e3870d1dc93b107189813c70a794e2199c490
7
- data.tar.gz: 9b7d77b54ea0818084451c7d339b0c5d1244e0c45ad0a5665458470a5e5225ef05301aed61f0d93085429f2f2251382d15f98c4d66310b093d197fb858558b80
6
+ metadata.gz: dbd8bd93d81b95f989965a0578fefe96f6111dd02f78d5c88db1e989c3b1362aca8af0bb61a14f931eadf8429ccff2f5c63550efc48e5687d6124cda133208e5
7
+ data.tar.gz: c6d70f5d870b3322237563d65b325c461398499cd26aebafbb12c095fd8ff00291aa6ef59af35fde3c68fd269a60bc90ad4aa47269af2f3c47577842f83d26ca
data/lib/aws_recon/aws_recon.rb CHANGED
@@ -6,7 +6,7 @@ module AwsRecon
6
6
  class CLI
7
7
  def initialize
8
8
  # parse options
9
- @options = Parser.parse ARGV.length < 1 ? %w[-h] : ARGV
9
+ @options = Parser.parse ARGV.empty? ? %w[-h] : ARGV
10
10
 
11
11
  # timing
12
12
  @starting = Process.clock_gettime(Process::CLOCK_MONOTONIC)
@@ -15,11 +15,11 @@ module AwsRecon
15
15
  @account_id = Aws::STS::Client.new.get_caller_identity.account
16
16
 
17
17
  # AWS services
18
- @aws_services = YAML.load(File.read(SERVICES_CONFIG_FILE), symbolize_names: true)
18
+ @aws_services = YAML.safe_load(File.read(SERVICES_CONFIG_FILE), symbolize_names: true)
19
19
 
20
20
  # User config services
21
21
  if @options.config_file
22
- user_config = YAML.load(File.read(@options.config_file), symbolize_names: true)
22
+ user_config = YAML.safe_load(File.read(@options.config_file), symbolize_names: true)
23
23
 
24
24
  @services = user_config[:services]
25
25
  @regions = user_config[:regions]
@@ -94,7 +94,7 @@ module AwsRecon
94
94
  next unless @regions.include?(region) && !skip_region
95
95
 
96
96
  # user included this service in the args
97
- next unless @services.include?(service.name) || @services.include?(service.alias) # rubocop:disable Layout/LineLength
97
+ next unless @services.include?(service.name) || @services.include?(service.alias)
98
98
 
99
99
  collect(service, region)
100
100
  end
data/lib/aws_recon/collectors/ec2.rb CHANGED
@@ -29,6 +29,7 @@ class EC2 < Mapper
29
29
  struct = OpenStruct.new
30
30
  struct.attributes = response.account_attributes.map(&:to_h)
31
31
  struct.type = 'account'
32
+ struct.arn = "arn:aws::#{@account}"
32
33
 
33
34
  resources.push(struct.to_h)
34
35
  end
data/lib/aws_recon/collectors/emr.rb CHANGED
@@ -18,6 +18,7 @@ class EMR < Mapper
18
18
 
19
19
  struct = OpenStruct.new(response.block_public_access_configuration.to_h)
20
20
  struct.type = 'configuration'
21
+ struct.arn = "arn:aws:emr:#{@region}:#{@account}/block_public_access_configuration"
21
22
 
22
23
  resources.push(struct.to_h)
23
24
  end
data/lib/aws_recon/collectors/guardduty.rb CHANGED
@@ -28,14 +28,20 @@ class GuardDuty < Mapper
28
28
  struct.findings_statistics = @client.get_findings_statistics({
29
29
  detector_id: detector,
30
30
  finding_statistic_types: ['COUNT_BY_SEVERITY'],
31
- finding_criteria: {
32
- criterion: {
33
- 'service.archived': {
34
- eq: ['false']
35
- }
36
- }
37
- }
31
+ finding_criteria: finding_criteria
38
32
  }).finding_statistics.to_h
33
+ # get_findings_statistics (only active findings older than 7 days)
34
+ struct.findings_statistics_aged_short = @client.get_findings_statistics({
35
+ detector_id: detector,
36
+ finding_statistic_types: ['COUNT_BY_SEVERITY'],
37
+ finding_criteria: finding_criteria(7)
38
+ }).finding_statistics.to_h
39
+ # get_findings_statistics (only active findings older than 30 days)
40
+ struct.findings_statistics_aged_long = @client.get_findings_statistics({
41
+ detector_id: detector,
42
+ finding_statistic_types: ['COUNT_BY_SEVERITY'],
43
+ finding_criteria: finding_criteria(30)
44
+ }).finding_statistics.to_h
39
45
 
40
46
  # get_master_account
41
47
  struct.master_account = @client.get_master_account({ detector_id: detector }).master.to_h
@@ -46,4 +52,27 @@ class GuardDuty < Mapper
46
52
 
47
53
  resources
48
54
  end
55
+
56
+ private
57
+
58
+ def finding_criteria(days = 1)
59
+ criteria = {
60
+ criterion: {
61
+ 'service.archived': { eq: ['false'] }
62
+ }
63
+ }
64
+
65
+ if days > 1
66
+ days_ago = (Time.now.to_f * 1000).to_i - (60 * 60 * 24 * 1000 * days) # with miliseconds
67
+
68
+ criteria = {
69
+ criterion: {
70
+ 'service.archived': { eq: ['false'] },
71
+ 'updatedAt': { less_than: days_ago }
72
+ }
73
+ }
74
+ end
75
+
76
+ criteria
77
+ end
49
78
  end
data/lib/aws_recon/collectors/iam.rb CHANGED
@@ -91,6 +91,28 @@ class IAM < Mapper
91
91
  end
92
92
  end
93
93
 
94
+ #
95
+ # list_instance_profiles
96
+ #
97
+ @client.list_instance_profiles.each_with_index do |response, page|
98
+ log(response.context.operation_name, page)
99
+
100
+ # instance_profiles
101
+ response.instance_profiles.each do |profile|
102
+ struct = OpenStruct.new(profile.to_h)
103
+ struct.type = 'instance_profile'
104
+ struct.arn = profile.arn
105
+ struct.roles = []
106
+
107
+ profile.roles&.each do |role|
108
+ role.assume_role_policy_document = role.assume_role_policy_document.parse_policy
109
+ struct.roles.push(role.to_h)
110
+ end
111
+
112
+ resources.push(struct.to_h)
113
+ end
114
+ end
115
+
94
116
  #
95
117
  # get_account_password_policy
96
118
  #
data/lib/aws_recon/collectors/rds.rb CHANGED
@@ -88,18 +88,18 @@ class RDS < Mapper
88
88
  #
89
89
  # describe_db_engine_versions
90
90
  #
91
- unless @options.skip_slow
92
- @client.describe_db_engine_versions.each_with_index do |response, page|
93
- log(response.context.operation_name, page)
94
-
95
- response.db_engine_versions.each do |version|
96
- struct = OpenStruct.new(version.to_h)
97
- struct.type = 'db_engine_version'
98
-
99
- resources.push(struct.to_h)
100
- end
101
- end
102
- end
91
+ ### unless @options.skip_slow
92
+ ### @client.describe_db_engine_versions.each_with_index do |response, page|
93
+ ### log(response.context.operation_name, page)
94
+
95
+ ### response.db_engine_versions.each do |version|
96
+ ### struct = OpenStruct.new(version.to_h)
97
+ ### struct.type = 'db_engine_version'
98
+
99
+ ### resources.push(struct.to_h)
100
+ ### end
101
+ ### end
102
+ ### end
103
103
 
104
104
  resources
105
105
  end
data/lib/aws_recon/collectors/ses.rb CHANGED
@@ -19,7 +19,7 @@ class SES < Mapper
19
19
  response.identities.each do |identity|
20
20
  struct = OpenStruct.new
21
21
  struct.type = 'identity'
22
- struct.arn = "aws:ses:#{@region}:#{@account}:identity/#{identity}"
22
+ struct.arn = "arn:aws:ses:#{@region}:#{@account}:identity/#{identity}"
23
23
 
24
24
  # get_identity_dkim_attributes
25
25
  struct.dkim_attributes = @client.get_identity_dkim_attributes({ identities: [identity] }).dkim_attributes[identity].to_h
data/lib/aws_recon/collectors/wafv2.rb CHANGED
@@ -34,14 +34,14 @@ class WAFV2 < Mapper
34
34
  }
35
35
 
36
36
  # get_web_acl
37
- @client.get_web_acl(params).each do |response|
38
- struct.arn = response.web_acl.arn
39
- struct.details = response.web_acl
37
+ @client.get_web_acl(params).each do |r|
38
+ struct.arn = r.web_acl.arn
39
+ struct.details = r.web_acl
40
40
  end
41
41
 
42
42
  # list_resources_for_web_acl
43
- @client.list_resources_for_web_acl({ web_acl_arn: 'ResourceArn' }).each do |response|
44
- struct.resources = response.resource_arns.map(&:to_h)
43
+ @client.list_resources_for_web_acl({ web_acl_arn: 'ResourceArn' }).each do |r|
44
+ struct.resources = r.resource_arns.map(&:to_h)
45
45
  end
46
46
 
47
47
  resources.push(struct.to_h)
data/lib/aws_recon/collectors/xray.rb CHANGED
@@ -16,6 +16,7 @@ class XRay < Mapper
16
16
  struct = OpenStruct.new
17
17
  struct.config = @client.get_encryption_config.encryption_config.to_h
18
18
  struct.type = 'config'
19
+ struct.arn = "arn:aws:xray:#{@region}:#{@account}/config"
19
20
 
20
21
  resources.push(struct.to_h)
21
22
 
data/lib/aws_recon/services.yaml CHANGED
@@ -14,11 +14,13 @@
14
14
  alias: codebuild
15
15
  excluded_regions:
16
16
  - af-south-1
17
+ - ap-northeast-3
17
18
  - name: CodePipeline
18
19
  alias: codepipeline
19
20
  excluded_regions:
20
21
  - af-south-1
21
22
  - me-south-1
23
+ - ap-northeast-3
22
24
  - name: AutoScaling
23
25
  alias: autoscaling
24
26
  - name: CloudTrail
@@ -51,6 +53,7 @@
51
53
  - af-south-1
52
54
  - eu-south-1
53
55
  - me-south-1
56
+ - ap-northeast-3
54
57
  - name: IAM
55
58
  global: true
56
59
  alias: iam
@@ -102,6 +105,7 @@
102
105
  - ap-east-1
103
106
  - af-south-1
104
107
  - eu-south-1
108
+ - ap-northeast-3
105
109
  - name: CloudWatch
106
110
  alias: cloudwatch
107
111
  - name: CloudWatchLogs
@@ -110,10 +114,13 @@
110
114
  alias: kafka
111
115
  excluded_regions:
112
116
  - af-south-1
117
+ - ap-northeast-3
113
118
  - name: SecretsManager
114
119
  alias: sm
115
120
  - name: SecurityHub
116
121
  alias: sh
122
+ excluded_regions:
123
+ - ap-northeast-3
117
124
  - name: Support
118
125
  global: true
119
126
  alias: support
@@ -123,10 +130,16 @@
123
130
  - ap-southeast-1
124
131
  - name: GuardDuty
125
132
  alias: guardduty
133
+ excluded_regions:
134
+ - ap-northeast-3
126
135
  - name: Athena
127
136
  alias: athena
137
+ excluded_regions:
138
+ - ap-northeast-3
128
139
  - name: EFS
129
140
  alias: efs
141
+ excluded_regions:
142
+ - ap-northeast-3
130
143
  - name: Firehose
131
144
  alias: firehose
132
145
  - name: Lightsail
@@ -139,6 +152,7 @@
139
152
  - af-south-1
140
153
  - eu-south-1
141
154
  - me-south-1
155
+ - ap-northeast-3
142
156
  - name: WorkSpaces
143
157
  alias: workspaces
144
158
  excluded_regions:
@@ -151,8 +165,11 @@
151
165
  - af-south-1
152
166
  - eu-south-1
153
167
  - me-south-1
168
+ - ap-northeast-3
154
169
  - name: SageMaker
155
170
  alias: sagemaker
171
+ excluded_regions:
172
+ - ap-northeast-3
156
173
  - name: ServiceQuotas
157
174
  alias: servicequotas
158
175
  - name: Transfer
@@ -162,13 +179,18 @@
162
179
  - af-south-1
163
180
  - eu-south-1
164
181
  - me-south-1
182
+ - ap-northeast-3
165
183
  - name: DirectConnect
166
184
  alias: dc
167
185
  - name: DirectoryService
168
186
  alias: ds
187
+ excluded_regions:
188
+ - ap-northeast-3
169
189
  - name: DatabaseMigrationService
170
190
  alias: dms
171
191
  - name: XRay
172
192
  alias: xray
173
193
  - name: WAFV2
174
194
  alias: wafv2
195
+ excluded_regions:
196
+ - ap-northeast-3
data/lib/aws_recon/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AwsRecon
2
- VERSION = "0.2.35"
2
+ VERSION = "0.3.3"
3
3
  end
data/readme.md CHANGED
@@ -54,13 +54,13 @@ To run locally, first install the gem:
54
54
 
55
55
  ```
56
56
  $ gem install aws_recon
57
- Fetching aws_recon-0.2.28.gem
57
+ Fetching aws_recon-0.3.0.gem
58
58
  Fetching aws-sdk-3.0.1.gem
59
59
  Fetching parallel-1.20.1.gem
60
60
  ...
61
61
  Successfully installed aws-sdk-3.0.1
62
62
  Successfully installed parallel-1.20.1
63
- Successfully installed aws_recon-0.2.28
63
+ Successfully installed aws_recon-0.3.0
64
64
  ```
65
65
 
66
66
  Or add it to your Gemfile using `bundle`:
@@ -72,7 +72,7 @@ Resolving dependencies...
72
72
  ...
73
73
  Using aws-sdk 3.0.1
74
74
  Using parallel-1.20.1
75
- Using aws_recon 0.2.28
75
+ Using aws_recon 0.3.0
76
76
  ```
77
77
 
78
78
  ## Usage
@@ -225,7 +225,7 @@ Most users will want to limit collection to relevant services and regions. Runni
225
225
  ```
226
226
  $ aws_recon -h
227
227
 
228
- AWS Recon - AWS Inventory Collector (0.2.28)
228
+ AWS Recon - AWS Inventory Collector (0.3.0)
229
229
 
230
230
  Usage: aws_recon [options]
231
231
  -r, --regions [REGIONS] Regions to scan, separated by comma (default: all)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws_recon
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.35
4
+ version: 0.3.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Larsen
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-02-02 00:00:00.000000000 Z
12
+ date: 2021-03-02 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: aws-sdk