aws_recon 0.2.36 → 0.3.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws_recon/aws_recon.rb +4 -4
- data/lib/aws_recon/collectors/ec2.rb +1 -0
- data/lib/aws_recon/collectors/emr.rb +20 -6
- data/lib/aws_recon/collectors/guardduty.rb +36 -7
- data/lib/aws_recon/collectors/iam.rb +22 -0
- data/lib/aws_recon/collectors/rds.rb +12 -12
- data/lib/aws_recon/services.yaml +31 -26
- data/lib/aws_recon/version.rb +1 -1
- data/readme.md +4 -4
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 24978de4c7cf85dc8ed7f4a177caca6f1746ed6de3a877d921c3169817fa036d
|
4
|
+
data.tar.gz: f60ebd2d5e072656dfac5e2514edffb95b4bc059f66ed9d540608abd6cad9322
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 07fb3311cae4325997aa6b66bf9dd150a8d5a4eccff8a444dceb5a22b6cbdddd597025082afc7c02e96e889e988e23f1939d1ef2bff5772c5b51975a4bc32fdf
|
7
|
+
data.tar.gz: d09fb6a88b9e0f8f6565a49c66c302e9725817295eeb2556f292423fda0c66a6fa5975a74444f6c6597ce6703cfe84b4aaf02c62a10e3854f20f73b70b740ee0
|
data/lib/aws_recon/aws_recon.rb
CHANGED
@@ -6,7 +6,7 @@ module AwsRecon
|
|
6
6
|
class CLI
|
7
7
|
def initialize
|
8
8
|
# parse options
|
9
|
-
@options = Parser.parse ARGV.
|
9
|
+
@options = Parser.parse ARGV.empty? ? %w[-h] : ARGV
|
10
10
|
|
11
11
|
# timing
|
12
12
|
@starting = Process.clock_gettime(Process::CLOCK_MONOTONIC)
|
@@ -15,11 +15,11 @@ module AwsRecon
|
|
15
15
|
@account_id = Aws::STS::Client.new.get_caller_identity.account
|
16
16
|
|
17
17
|
# AWS services
|
18
|
-
@aws_services = YAML.
|
18
|
+
@aws_services = YAML.safe_load(File.read(SERVICES_CONFIG_FILE), symbolize_names: true)
|
19
19
|
|
20
20
|
# User config services
|
21
21
|
if @options.config_file
|
22
|
-
user_config = YAML.
|
22
|
+
user_config = YAML.safe_load(File.read(@options.config_file), symbolize_names: true)
|
23
23
|
|
24
24
|
@services = user_config[:services]
|
25
25
|
@regions = user_config[:regions]
|
@@ -94,7 +94,7 @@ module AwsRecon
|
|
94
94
|
next unless @regions.include?(region) && !skip_region
|
95
95
|
|
96
96
|
# user included this service in the args
|
97
|
-
next unless @services.include?(service.name) || @services.include?(service.alias)
|
97
|
+
next unless @services.include?(service.name) || @services.include?(service.alias)
|
98
98
|
|
99
99
|
collect(service, region)
|
100
100
|
end
|
@@ -13,14 +13,20 @@ class EMR < Mapper
|
|
13
13
|
#
|
14
14
|
# get_block_public_access_configuration
|
15
15
|
#
|
16
|
-
|
17
|
-
|
16
|
+
begin
|
17
|
+
@client.get_block_public_access_configuration.each do |response|
|
18
|
+
log(response.context.operation_name)
|
18
19
|
|
19
|
-
|
20
|
-
|
21
|
-
|
20
|
+
struct = OpenStruct.new(response.block_public_access_configuration.to_h)
|
21
|
+
struct.type = 'configuration'
|
22
|
+
struct.arn = "arn:aws:emr:#{@region}:#{@account}/block_public_access_configuration"
|
22
23
|
|
23
|
-
|
24
|
+
resources.push(struct.to_h)
|
25
|
+
end
|
26
|
+
rescue Aws::EMR::Errors::ServiceError => e
|
27
|
+
log_error(e.code)
|
28
|
+
|
29
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
24
30
|
end
|
25
31
|
|
26
32
|
#
|
@@ -42,4 +48,12 @@ class EMR < Mapper
|
|
42
48
|
|
43
49
|
resources
|
44
50
|
end
|
51
|
+
|
52
|
+
private
|
53
|
+
|
54
|
+
def suppressed_errors
|
55
|
+
%w[
|
56
|
+
InvalidRequestException
|
57
|
+
]
|
58
|
+
end
|
45
59
|
end
|
@@ -28,14 +28,20 @@ class GuardDuty < Mapper
|
|
28
28
|
struct.findings_statistics = @client.get_findings_statistics({
|
29
29
|
detector_id: detector,
|
30
30
|
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
31
|
-
finding_criteria:
|
32
|
-
criterion: {
|
33
|
-
'service.archived': {
|
34
|
-
eq: ['false']
|
35
|
-
}
|
36
|
-
}
|
37
|
-
}
|
31
|
+
finding_criteria: finding_criteria
|
38
32
|
}).finding_statistics.to_h
|
33
|
+
# get_findings_statistics (only active findings older than 7 days)
|
34
|
+
struct.findings_statistics_aged_short = @client.get_findings_statistics({
|
35
|
+
detector_id: detector,
|
36
|
+
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
37
|
+
finding_criteria: finding_criteria(7)
|
38
|
+
}).finding_statistics.to_h
|
39
|
+
# get_findings_statistics (only active findings older than 30 days)
|
40
|
+
struct.findings_statistics_aged_long = @client.get_findings_statistics({
|
41
|
+
detector_id: detector,
|
42
|
+
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
43
|
+
finding_criteria: finding_criteria(30)
|
44
|
+
}).finding_statistics.to_h
|
39
45
|
|
40
46
|
# get_master_account
|
41
47
|
struct.master_account = @client.get_master_account({ detector_id: detector }).master.to_h
|
@@ -46,4 +52,27 @@ class GuardDuty < Mapper
|
|
46
52
|
|
47
53
|
resources
|
48
54
|
end
|
55
|
+
|
56
|
+
private
|
57
|
+
|
58
|
+
def finding_criteria(days = 1)
|
59
|
+
criteria = {
|
60
|
+
criterion: {
|
61
|
+
'service.archived': { eq: ['false'] }
|
62
|
+
}
|
63
|
+
}
|
64
|
+
|
65
|
+
if days > 1
|
66
|
+
days_ago = (Time.now.to_f * 1000).to_i - (60 * 60 * 24 * 1000 * days) # with miliseconds
|
67
|
+
|
68
|
+
criteria = {
|
69
|
+
criterion: {
|
70
|
+
'service.archived': { eq: ['false'] },
|
71
|
+
'updatedAt': { less_than: days_ago }
|
72
|
+
}
|
73
|
+
}
|
74
|
+
end
|
75
|
+
|
76
|
+
criteria
|
77
|
+
end
|
49
78
|
end
|
@@ -91,6 +91,28 @@ class IAM < Mapper
|
|
91
91
|
end
|
92
92
|
end
|
93
93
|
|
94
|
+
#
|
95
|
+
# list_instance_profiles
|
96
|
+
#
|
97
|
+
@client.list_instance_profiles.each_with_index do |response, page|
|
98
|
+
log(response.context.operation_name, page)
|
99
|
+
|
100
|
+
# instance_profiles
|
101
|
+
response.instance_profiles.each do |profile|
|
102
|
+
struct = OpenStruct.new(profile.to_h)
|
103
|
+
struct.type = 'instance_profile'
|
104
|
+
struct.arn = profile.arn
|
105
|
+
struct.roles = []
|
106
|
+
|
107
|
+
profile.roles&.each do |role|
|
108
|
+
role.assume_role_policy_document = role.assume_role_policy_document.parse_policy
|
109
|
+
struct.roles.push(role.to_h)
|
110
|
+
end
|
111
|
+
|
112
|
+
resources.push(struct.to_h)
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
94
116
|
#
|
95
117
|
# get_account_password_policy
|
96
118
|
#
|
@@ -88,18 +88,18 @@ class RDS < Mapper
|
|
88
88
|
#
|
89
89
|
# describe_db_engine_versions
|
90
90
|
#
|
91
|
-
unless @options.skip_slow
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
end
|
91
|
+
### unless @options.skip_slow
|
92
|
+
### @client.describe_db_engine_versions.each_with_index do |response, page|
|
93
|
+
### log(response.context.operation_name, page)
|
94
|
+
|
95
|
+
### response.db_engine_versions.each do |version|
|
96
|
+
### struct = OpenStruct.new(version.to_h)
|
97
|
+
### struct.type = 'db_engine_version'
|
98
|
+
|
99
|
+
### resources.push(struct.to_h)
|
100
|
+
### end
|
101
|
+
### end
|
102
|
+
### end
|
103
103
|
|
104
104
|
resources
|
105
105
|
end
|
data/lib/aws_recon/services.yaml
CHANGED
@@ -13,11 +13,12 @@
|
|
13
13
|
- name: CodeBuild
|
14
14
|
alias: codebuild
|
15
15
|
excluded_regions:
|
16
|
-
-
|
16
|
+
- ap-northeast-3
|
17
17
|
- name: CodePipeline
|
18
18
|
alias: codepipeline
|
19
19
|
excluded_regions:
|
20
20
|
- af-south-1
|
21
|
+
- ap-northeast-3
|
21
22
|
- me-south-1
|
22
23
|
- name: AutoScaling
|
23
24
|
alias: autoscaling
|
@@ -40,17 +41,10 @@
|
|
40
41
|
- ap-southeast-1
|
41
42
|
- name: ElasticLoadBalancingV2
|
42
43
|
alias: elbv2
|
43
|
-
excluded_regions:
|
44
|
-
- ap-southeast-1
|
45
44
|
- name: ElastiCache
|
46
45
|
alias: elasticache
|
47
46
|
- name: EMR
|
48
47
|
alias: emr
|
49
|
-
excluded_regions:
|
50
|
-
- ap-east-1
|
51
|
-
- af-south-1
|
52
|
-
- eu-south-1
|
53
|
-
- me-south-1
|
54
48
|
- name: IAM
|
55
49
|
global: true
|
56
50
|
alias: iam
|
@@ -96,11 +90,9 @@
|
|
96
90
|
- name: SES
|
97
91
|
alias: ses
|
98
92
|
excluded_regions:
|
99
|
-
- eu-north-1
|
100
|
-
- eu-west-3
|
101
|
-
- us-west-1
|
102
|
-
- ap-east-1
|
103
93
|
- af-south-1
|
94
|
+
- ap-east-1
|
95
|
+
- ap-northeast-3
|
104
96
|
- eu-south-1
|
105
97
|
- name: CloudWatch
|
106
98
|
alias: cloudwatch
|
@@ -110,65 +102,78 @@
|
|
110
102
|
alias: kafka
|
111
103
|
excluded_regions:
|
112
104
|
- af-south-1
|
105
|
+
- ap-northeast-3
|
113
106
|
- name: SecretsManager
|
114
107
|
alias: sm
|
115
108
|
- name: SecurityHub
|
116
109
|
alias: sh
|
110
|
+
excluded_regions:
|
111
|
+
- ap-northeast-3
|
117
112
|
- name: Support
|
118
113
|
global: true
|
119
114
|
alias: support
|
120
115
|
- name: SSM
|
121
116
|
alias: ssm
|
122
|
-
excluded_regions:
|
123
|
-
- ap-southeast-1
|
124
117
|
- name: GuardDuty
|
125
118
|
alias: guardduty
|
119
|
+
excluded_regions:
|
120
|
+
- ap-northeast-3
|
126
121
|
- name: Athena
|
127
122
|
alias: athena
|
123
|
+
excluded_regions:
|
124
|
+
- ap-northeast-3
|
128
125
|
- name: EFS
|
129
126
|
alias: efs
|
127
|
+
excluded_regions:
|
128
|
+
- ap-northeast-3
|
130
129
|
- name: Firehose
|
131
130
|
alias: firehose
|
132
131
|
- name: Lightsail
|
133
132
|
alias: lightsail
|
134
133
|
excluded_regions:
|
135
|
-
- eu-north-1
|
136
|
-
- us-west-1
|
137
|
-
- sa-east-1
|
138
|
-
- ap-east-1
|
139
134
|
- af-south-1
|
135
|
+
- ap-east-1
|
136
|
+
- ap-northeast-3
|
137
|
+
- eu-north-1
|
140
138
|
- eu-south-1
|
141
139
|
- me-south-1
|
140
|
+
- sa-east-1
|
141
|
+
- us-west-1
|
142
142
|
- name: WorkSpaces
|
143
143
|
alias: workspaces
|
144
144
|
excluded_regions:
|
145
|
-
-
|
145
|
+
- af-south-1
|
146
|
+
- ap-east-1
|
147
|
+
- ap-northeast-3
|
146
148
|
- ap-south-1
|
149
|
+
- eu-north-1
|
150
|
+
- eu-south-1
|
147
151
|
- eu-west-3
|
152
|
+
- me-south-1
|
148
153
|
- us-east-2
|
149
154
|
- us-west-1
|
150
|
-
- ap-east-1
|
151
|
-
- af-south-1
|
152
|
-
- eu-south-1
|
153
|
-
- me-south-1
|
154
155
|
- name: SageMaker
|
155
156
|
alias: sagemaker
|
157
|
+
excluded_regions:
|
158
|
+
- ap-northeast-3
|
156
159
|
- name: ServiceQuotas
|
157
160
|
alias: servicequotas
|
158
161
|
- name: Transfer
|
159
162
|
alias: transfer
|
160
163
|
excluded_regions:
|
161
|
-
- ap-
|
162
|
-
- af-south-1
|
164
|
+
- ap-northeast-3
|
163
165
|
- eu-south-1
|
164
|
-
- me-south-1
|
165
166
|
- name: DirectConnect
|
166
167
|
alias: dc
|
167
168
|
- name: DirectoryService
|
168
169
|
alias: ds
|
170
|
+
excluded_regions:
|
171
|
+
- ap-northeast-3
|
169
172
|
- name: DatabaseMigrationService
|
170
173
|
alias: dms
|
171
174
|
- name: XRay
|
172
175
|
alias: xray
|
173
176
|
- name: WAFV2
|
174
177
|
alias: wafv2
|
178
|
+
excluded_regions:
|
179
|
+
- ap-northeast-3
|
data/lib/aws_recon/version.rb
CHANGED
data/readme.md
CHANGED
@@ -54,13 +54,13 @@ To run locally, first install the gem:
|
|
54
54
|
|
55
55
|
```
|
56
56
|
$ gem install aws_recon
|
57
|
-
Fetching aws_recon-0.
|
57
|
+
Fetching aws_recon-0.3.0.gem
|
58
58
|
Fetching aws-sdk-3.0.1.gem
|
59
59
|
Fetching parallel-1.20.1.gem
|
60
60
|
...
|
61
61
|
Successfully installed aws-sdk-3.0.1
|
62
62
|
Successfully installed parallel-1.20.1
|
63
|
-
Successfully installed aws_recon-0.
|
63
|
+
Successfully installed aws_recon-0.3.0
|
64
64
|
```
|
65
65
|
|
66
66
|
Or add it to your Gemfile using `bundle`:
|
@@ -72,7 +72,7 @@ Resolving dependencies...
|
|
72
72
|
...
|
73
73
|
Using aws-sdk 3.0.1
|
74
74
|
Using parallel-1.20.1
|
75
|
-
Using aws_recon 0.
|
75
|
+
Using aws_recon 0.3.0
|
76
76
|
```
|
77
77
|
|
78
78
|
## Usage
|
@@ -225,7 +225,7 @@ Most users will want to limit collection to relevant services and regions. Runni
|
|
225
225
|
```
|
226
226
|
$ aws_recon -h
|
227
227
|
|
228
|
-
AWS Recon - AWS Inventory Collector (0.
|
228
|
+
AWS Recon - AWS Inventory Collector (0.3.0)
|
229
229
|
|
230
230
|
Usage: aws_recon [options]
|
231
231
|
-r, --regions [REGIONS] Regions to scan, separated by comma (default: all)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws_recon
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Josh Larsen
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-02
|
12
|
+
date: 2021-03-02 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: aws-sdk
|