aws_recon 0.2.36 → 0.3.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws_recon/aws_recon.rb +4 -4
  3. data/lib/aws_recon/collectors/ec2.rb +1 -0
  4. data/lib/aws_recon/collectors/emr.rb +20 -6
  5. data/lib/aws_recon/collectors/guardduty.rb +36 -7
  6. data/lib/aws_recon/collectors/iam.rb +22 -0
  7. data/lib/aws_recon/collectors/rds.rb +12 -12
  8. data/lib/aws_recon/services.yaml +31 -26
  9. data/lib/aws_recon/version.rb +1 -1
  10. data/readme.md +4 -4
  11. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 62093b7a66219dac2bd3ccc799808c28c1581b7e94ea3eebc3f86b7263e8e82c
4
- data.tar.gz: 64f2ff5a86901e57fa5786c180251dd72ba0c8672ca38e1aba93f3eb65d5efec
3
+ metadata.gz: 24978de4c7cf85dc8ed7f4a177caca6f1746ed6de3a877d921c3169817fa036d
4
+ data.tar.gz: f60ebd2d5e072656dfac5e2514edffb95b4bc059f66ed9d540608abd6cad9322
5
5
  SHA512:
6
- metadata.gz: 5611e7a73ebdab34a6b71079d7d59159d4f48317f96a811a91a7f3eef5720941b71f8c8c328a95aaea361c457d47f680dfa80afa79655a439afb8dd616b2d5a4
7
- data.tar.gz: fa6cf46957c186d0808d7932280ce8fba1707fdb71ad68443ddb979f9d89d42cc05c2c54ce6acc4e4c187f74eb5ddd1d26c43e5ca832bbcaaa7087157878eb2e
6
+ metadata.gz: 07fb3311cae4325997aa6b66bf9dd150a8d5a4eccff8a444dceb5a22b6cbdddd597025082afc7c02e96e889e988e23f1939d1ef2bff5772c5b51975a4bc32fdf
7
+ data.tar.gz: d09fb6a88b9e0f8f6565a49c66c302e9725817295eeb2556f292423fda0c66a6fa5975a74444f6c6597ce6703cfe84b4aaf02c62a10e3854f20f73b70b740ee0
data/lib/aws_recon/aws_recon.rb CHANGED
@@ -6,7 +6,7 @@ module AwsRecon
6
6
  class CLI
7
7
  def initialize
8
8
  # parse options
9
- @options = Parser.parse ARGV.length < 1 ? %w[-h] : ARGV
9
+ @options = Parser.parse ARGV.empty? ? %w[-h] : ARGV
10
10
 
11
11
  # timing
12
12
  @starting = Process.clock_gettime(Process::CLOCK_MONOTONIC)
@@ -15,11 +15,11 @@ module AwsRecon
15
15
  @account_id = Aws::STS::Client.new.get_caller_identity.account
16
16
 
17
17
  # AWS services
18
- @aws_services = YAML.load(File.read(SERVICES_CONFIG_FILE), symbolize_names: true)
18
+ @aws_services = YAML.safe_load(File.read(SERVICES_CONFIG_FILE), symbolize_names: true)
19
19
 
20
20
  # User config services
21
21
  if @options.config_file
22
- user_config = YAML.load(File.read(@options.config_file), symbolize_names: true)
22
+ user_config = YAML.safe_load(File.read(@options.config_file), symbolize_names: true)
23
23
 
24
24
  @services = user_config[:services]
25
25
  @regions = user_config[:regions]
@@ -94,7 +94,7 @@ module AwsRecon
94
94
  next unless @regions.include?(region) && !skip_region
95
95
 
96
96
  # user included this service in the args
97
- next unless @services.include?(service.name) || @services.include?(service.alias) # rubocop:disable Layout/LineLength
97
+ next unless @services.include?(service.name) || @services.include?(service.alias)
98
98
 
99
99
  collect(service, region)
100
100
  end
data/lib/aws_recon/collectors/ec2.rb CHANGED
@@ -29,6 +29,7 @@ class EC2 < Mapper
29
29
  struct = OpenStruct.new
30
30
  struct.attributes = response.account_attributes.map(&:to_h)
31
31
  struct.type = 'account'
32
+ struct.arn = "arn:aws::#{@account}"
32
33
 
33
34
  resources.push(struct.to_h)
34
35
  end
data/lib/aws_recon/collectors/emr.rb CHANGED
@@ -13,14 +13,20 @@ class EMR < Mapper
13
13
  #
14
14
  # get_block_public_access_configuration
15
15
  #
16
- @client.get_block_public_access_configuration.each do |response|
17
- log(response.context.operation_name)
16
+ begin
17
+ @client.get_block_public_access_configuration.each do |response|
18
+ log(response.context.operation_name)
18
19
 
19
- struct = OpenStruct.new(response.block_public_access_configuration.to_h)
20
- struct.type = 'configuration'
21
- struct.arn = "arn:aws:emr:#{@region}:#{@account}/block_public_access_configuration"
20
+ struct = OpenStruct.new(response.block_public_access_configuration.to_h)
21
+ struct.type = 'configuration'
22
+ struct.arn = "arn:aws:emr:#{@region}:#{@account}/block_public_access_configuration"
22
23
 
23
- resources.push(struct.to_h)
24
+ resources.push(struct.to_h)
25
+ end
26
+ rescue Aws::EMR::Errors::ServiceError => e
27
+ log_error(e.code)
28
+
29
+ raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
24
30
  end
25
31
 
26
32
  #
@@ -42,4 +48,12 @@ class EMR < Mapper
42
48
 
43
49
  resources
44
50
  end
51
+
52
+ private
53
+
54
+ def suppressed_errors
55
+ %w[
56
+ InvalidRequestException
57
+ ]
58
+ end
45
59
  end
data/lib/aws_recon/collectors/guardduty.rb CHANGED
@@ -28,14 +28,20 @@ class GuardDuty < Mapper
28
28
  struct.findings_statistics = @client.get_findings_statistics({
29
29
  detector_id: detector,
30
30
  finding_statistic_types: ['COUNT_BY_SEVERITY'],
31
- finding_criteria: {
32
- criterion: {
33
- 'service.archived': {
34
- eq: ['false']
35
- }
36
- }
37
- }
31
+ finding_criteria: finding_criteria
38
32
  }).finding_statistics.to_h
33
+ # get_findings_statistics (only active findings older than 7 days)
34
+ struct.findings_statistics_aged_short = @client.get_findings_statistics({
35
+ detector_id: detector,
36
+ finding_statistic_types: ['COUNT_BY_SEVERITY'],
37
+ finding_criteria: finding_criteria(7)
38
+ }).finding_statistics.to_h
39
+ # get_findings_statistics (only active findings older than 30 days)
40
+ struct.findings_statistics_aged_long = @client.get_findings_statistics({
41
+ detector_id: detector,
42
+ finding_statistic_types: ['COUNT_BY_SEVERITY'],
43
+ finding_criteria: finding_criteria(30)
44
+ }).finding_statistics.to_h
39
45
 
40
46
  # get_master_account
41
47
  struct.master_account = @client.get_master_account({ detector_id: detector }).master.to_h
@@ -46,4 +52,27 @@ class GuardDuty < Mapper
46
52
 
47
53
  resources
48
54
  end
55
+
56
+ private
57
+
58
+ def finding_criteria(days = 1)
59
+ criteria = {
60
+ criterion: {
61
+ 'service.archived': { eq: ['false'] }
62
+ }
63
+ }
64
+
65
+ if days > 1
66
+ days_ago = (Time.now.to_f * 1000).to_i - (60 * 60 * 24 * 1000 * days) # with miliseconds
67
+
68
+ criteria = {
69
+ criterion: {
70
+ 'service.archived': { eq: ['false'] },
71
+ 'updatedAt': { less_than: days_ago }
72
+ }
73
+ }
74
+ end
75
+
76
+ criteria
77
+ end
49
78
  end
data/lib/aws_recon/collectors/iam.rb CHANGED
@@ -91,6 +91,28 @@ class IAM < Mapper
91
91
  end
92
92
  end
93
93
 
94
+ #
95
+ # list_instance_profiles
96
+ #
97
+ @client.list_instance_profiles.each_with_index do |response, page|
98
+ log(response.context.operation_name, page)
99
+
100
+ # instance_profiles
101
+ response.instance_profiles.each do |profile|
102
+ struct = OpenStruct.new(profile.to_h)
103
+ struct.type = 'instance_profile'
104
+ struct.arn = profile.arn
105
+ struct.roles = []
106
+
107
+ profile.roles&.each do |role|
108
+ role.assume_role_policy_document = role.assume_role_policy_document.parse_policy
109
+ struct.roles.push(role.to_h)
110
+ end
111
+
112
+ resources.push(struct.to_h)
113
+ end
114
+ end
115
+
94
116
  #
95
117
  # get_account_password_policy
96
118
  #
data/lib/aws_recon/collectors/rds.rb CHANGED
@@ -88,18 +88,18 @@ class RDS < Mapper
88
88
  #
89
89
  # describe_db_engine_versions
90
90
  #
91
- unless @options.skip_slow
92
- @client.describe_db_engine_versions.each_with_index do |response, page|
93
- log(response.context.operation_name, page)
94
-
95
- response.db_engine_versions.each do |version|
96
- struct = OpenStruct.new(version.to_h)
97
- struct.type = 'db_engine_version'
98
-
99
- resources.push(struct.to_h)
100
- end
101
- end
102
- end
91
+ ### unless @options.skip_slow
92
+ ### @client.describe_db_engine_versions.each_with_index do |response, page|
93
+ ### log(response.context.operation_name, page)
94
+
95
+ ### response.db_engine_versions.each do |version|
96
+ ### struct = OpenStruct.new(version.to_h)
97
+ ### struct.type = 'db_engine_version'
98
+
99
+ ### resources.push(struct.to_h)
100
+ ### end
101
+ ### end
102
+ ### end
103
103
 
104
104
  resources
105
105
  end
data/lib/aws_recon/services.yaml CHANGED
@@ -13,11 +13,12 @@
13
13
  - name: CodeBuild
14
14
  alias: codebuild
15
15
  excluded_regions:
16
- - af-south-1
16
+ - ap-northeast-3
17
17
  - name: CodePipeline
18
18
  alias: codepipeline
19
19
  excluded_regions:
20
20
  - af-south-1
21
+ - ap-northeast-3
21
22
  - me-south-1
22
23
  - name: AutoScaling
23
24
  alias: autoscaling
@@ -40,17 +41,10 @@
40
41
  - ap-southeast-1
41
42
  - name: ElasticLoadBalancingV2
42
43
  alias: elbv2
43
- excluded_regions:
44
- - ap-southeast-1
45
44
  - name: ElastiCache
46
45
  alias: elasticache
47
46
  - name: EMR
48
47
  alias: emr
49
- excluded_regions:
50
- - ap-east-1
51
- - af-south-1
52
- - eu-south-1
53
- - me-south-1
54
48
  - name: IAM
55
49
  global: true
56
50
  alias: iam
@@ -96,11 +90,9 @@
96
90
  - name: SES
97
91
  alias: ses
98
92
  excluded_regions:
99
- - eu-north-1
100
- - eu-west-3
101
- - us-west-1
102
- - ap-east-1
103
93
  - af-south-1
94
+ - ap-east-1
95
+ - ap-northeast-3
104
96
  - eu-south-1
105
97
  - name: CloudWatch
106
98
  alias: cloudwatch
@@ -110,65 +102,78 @@
110
102
  alias: kafka
111
103
  excluded_regions:
112
104
  - af-south-1
105
+ - ap-northeast-3
113
106
  - name: SecretsManager
114
107
  alias: sm
115
108
  - name: SecurityHub
116
109
  alias: sh
110
+ excluded_regions:
111
+ - ap-northeast-3
117
112
  - name: Support
118
113
  global: true
119
114
  alias: support
120
115
  - name: SSM
121
116
  alias: ssm
122
- excluded_regions:
123
- - ap-southeast-1
124
117
  - name: GuardDuty
125
118
  alias: guardduty
119
+ excluded_regions:
120
+ - ap-northeast-3
126
121
  - name: Athena
127
122
  alias: athena
123
+ excluded_regions:
124
+ - ap-northeast-3
128
125
  - name: EFS
129
126
  alias: efs
127
+ excluded_regions:
128
+ - ap-northeast-3
130
129
  - name: Firehose
131
130
  alias: firehose
132
131
  - name: Lightsail
133
132
  alias: lightsail
134
133
  excluded_regions:
135
- - eu-north-1
136
- - us-west-1
137
- - sa-east-1
138
- - ap-east-1
139
134
  - af-south-1
135
+ - ap-east-1
136
+ - ap-northeast-3
137
+ - eu-north-1
140
138
  - eu-south-1
141
139
  - me-south-1
140
+ - sa-east-1
141
+ - us-west-1
142
142
  - name: WorkSpaces
143
143
  alias: workspaces
144
144
  excluded_regions:
145
- - eu-north-1
145
+ - af-south-1
146
+ - ap-east-1
147
+ - ap-northeast-3
146
148
  - ap-south-1
149
+ - eu-north-1
150
+ - eu-south-1
147
151
  - eu-west-3
152
+ - me-south-1
148
153
  - us-east-2
149
154
  - us-west-1
150
- - ap-east-1
151
- - af-south-1
152
- - eu-south-1
153
- - me-south-1
154
155
  - name: SageMaker
155
156
  alias: sagemaker
157
+ excluded_regions:
158
+ - ap-northeast-3
156
159
  - name: ServiceQuotas
157
160
  alias: servicequotas
158
161
  - name: Transfer
159
162
  alias: transfer
160
163
  excluded_regions:
161
- - ap-east-1
162
- - af-south-1
164
+ - ap-northeast-3
163
165
  - eu-south-1
164
- - me-south-1
165
166
  - name: DirectConnect
166
167
  alias: dc
167
168
  - name: DirectoryService
168
169
  alias: ds
170
+ excluded_regions:
171
+ - ap-northeast-3
169
172
  - name: DatabaseMigrationService
170
173
  alias: dms
171
174
  - name: XRay
172
175
  alias: xray
173
176
  - name: WAFV2
174
177
  alias: wafv2
178
+ excluded_regions:
179
+ - ap-northeast-3
data/lib/aws_recon/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AwsRecon
2
- VERSION = "0.2.36"
2
+ VERSION = "0.3.4"
3
3
  end
data/readme.md CHANGED
@@ -54,13 +54,13 @@ To run locally, first install the gem:
54
54
 
55
55
  ```
56
56
  $ gem install aws_recon
57
- Fetching aws_recon-0.2.28.gem
57
+ Fetching aws_recon-0.3.0.gem
58
58
  Fetching aws-sdk-3.0.1.gem
59
59
  Fetching parallel-1.20.1.gem
60
60
  ...
61
61
  Successfully installed aws-sdk-3.0.1
62
62
  Successfully installed parallel-1.20.1
63
- Successfully installed aws_recon-0.2.28
63
+ Successfully installed aws_recon-0.3.0
64
64
  ```
65
65
 
66
66
  Or add it to your Gemfile using `bundle`:
@@ -72,7 +72,7 @@ Resolving dependencies...
72
72
  ...
73
73
  Using aws-sdk 3.0.1
74
74
  Using parallel-1.20.1
75
- Using aws_recon 0.2.28
75
+ Using aws_recon 0.3.0
76
76
  ```
77
77
 
78
78
  ## Usage
@@ -225,7 +225,7 @@ Most users will want to limit collection to relevant services and regions. Runni
225
225
  ```
226
226
  $ aws_recon -h
227
227
 
228
- AWS Recon - AWS Inventory Collector (0.2.28)
228
+ AWS Recon - AWS Inventory Collector (0.3.0)
229
229
 
230
230
  Usage: aws_recon [options]
231
231
  -r, --regions [REGIONS] Regions to scan, separated by comma (default: all)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws_recon
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.36
4
+ version: 0.3.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Larsen
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-02-03 00:00:00.000000000 Z
12
+ date: 2021-03-02 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: aws-sdk