aws_recon 0.2.36 → 0.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws_recon/aws_recon.rb +4 -4
- data/lib/aws_recon/collectors/ec2.rb +1 -0
- data/lib/aws_recon/collectors/emr.rb +20 -6
- data/lib/aws_recon/collectors/guardduty.rb +36 -7
- data/lib/aws_recon/collectors/iam.rb +22 -0
- data/lib/aws_recon/collectors/rds.rb +12 -12
- data/lib/aws_recon/services.yaml +31 -26
- data/lib/aws_recon/version.rb +1 -1
- data/readme.md +4 -4
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 24978de4c7cf85dc8ed7f4a177caca6f1746ed6de3a877d921c3169817fa036d
|
4
|
+
data.tar.gz: f60ebd2d5e072656dfac5e2514edffb95b4bc059f66ed9d540608abd6cad9322
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 07fb3311cae4325997aa6b66bf9dd150a8d5a4eccff8a444dceb5a22b6cbdddd597025082afc7c02e96e889e988e23f1939d1ef2bff5772c5b51975a4bc32fdf
|
7
|
+
data.tar.gz: d09fb6a88b9e0f8f6565a49c66c302e9725817295eeb2556f292423fda0c66a6fa5975a74444f6c6597ce6703cfe84b4aaf02c62a10e3854f20f73b70b740ee0
|
data/lib/aws_recon/aws_recon.rb
CHANGED
@@ -6,7 +6,7 @@ module AwsRecon
|
|
6
6
|
class CLI
|
7
7
|
def initialize
|
8
8
|
# parse options
|
9
|
-
@options = Parser.parse ARGV.
|
9
|
+
@options = Parser.parse ARGV.empty? ? %w[-h] : ARGV
|
10
10
|
|
11
11
|
# timing
|
12
12
|
@starting = Process.clock_gettime(Process::CLOCK_MONOTONIC)
|
@@ -15,11 +15,11 @@ module AwsRecon
|
|
15
15
|
@account_id = Aws::STS::Client.new.get_caller_identity.account
|
16
16
|
|
17
17
|
# AWS services
|
18
|
-
@aws_services = YAML.
|
18
|
+
@aws_services = YAML.safe_load(File.read(SERVICES_CONFIG_FILE), symbolize_names: true)
|
19
19
|
|
20
20
|
# User config services
|
21
21
|
if @options.config_file
|
22
|
-
user_config = YAML.
|
22
|
+
user_config = YAML.safe_load(File.read(@options.config_file), symbolize_names: true)
|
23
23
|
|
24
24
|
@services = user_config[:services]
|
25
25
|
@regions = user_config[:regions]
|
@@ -94,7 +94,7 @@ module AwsRecon
|
|
94
94
|
next unless @regions.include?(region) && !skip_region
|
95
95
|
|
96
96
|
# user included this service in the args
|
97
|
-
next unless @services.include?(service.name) || @services.include?(service.alias)
|
97
|
+
next unless @services.include?(service.name) || @services.include?(service.alias)
|
98
98
|
|
99
99
|
collect(service, region)
|
100
100
|
end
|
@@ -13,14 +13,20 @@ class EMR < Mapper
|
|
13
13
|
#
|
14
14
|
# get_block_public_access_configuration
|
15
15
|
#
|
16
|
-
|
17
|
-
|
16
|
+
begin
|
17
|
+
@client.get_block_public_access_configuration.each do |response|
|
18
|
+
log(response.context.operation_name)
|
18
19
|
|
19
|
-
|
20
|
-
|
21
|
-
|
20
|
+
struct = OpenStruct.new(response.block_public_access_configuration.to_h)
|
21
|
+
struct.type = 'configuration'
|
22
|
+
struct.arn = "arn:aws:emr:#{@region}:#{@account}/block_public_access_configuration"
|
22
23
|
|
23
|
-
|
24
|
+
resources.push(struct.to_h)
|
25
|
+
end
|
26
|
+
rescue Aws::EMR::Errors::ServiceError => e
|
27
|
+
log_error(e.code)
|
28
|
+
|
29
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
24
30
|
end
|
25
31
|
|
26
32
|
#
|
@@ -42,4 +48,12 @@ class EMR < Mapper
|
|
42
48
|
|
43
49
|
resources
|
44
50
|
end
|
51
|
+
|
52
|
+
private
|
53
|
+
|
54
|
+
def suppressed_errors
|
55
|
+
%w[
|
56
|
+
InvalidRequestException
|
57
|
+
]
|
58
|
+
end
|
45
59
|
end
|
@@ -28,14 +28,20 @@ class GuardDuty < Mapper
|
|
28
28
|
struct.findings_statistics = @client.get_findings_statistics({
|
29
29
|
detector_id: detector,
|
30
30
|
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
31
|
-
finding_criteria:
|
32
|
-
criterion: {
|
33
|
-
'service.archived': {
|
34
|
-
eq: ['false']
|
35
|
-
}
|
36
|
-
}
|
37
|
-
}
|
31
|
+
finding_criteria: finding_criteria
|
38
32
|
}).finding_statistics.to_h
|
33
|
+
# get_findings_statistics (only active findings older than 7 days)
|
34
|
+
struct.findings_statistics_aged_short = @client.get_findings_statistics({
|
35
|
+
detector_id: detector,
|
36
|
+
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
37
|
+
finding_criteria: finding_criteria(7)
|
38
|
+
}).finding_statistics.to_h
|
39
|
+
# get_findings_statistics (only active findings older than 30 days)
|
40
|
+
struct.findings_statistics_aged_long = @client.get_findings_statistics({
|
41
|
+
detector_id: detector,
|
42
|
+
finding_statistic_types: ['COUNT_BY_SEVERITY'],
|
43
|
+
finding_criteria: finding_criteria(30)
|
44
|
+
}).finding_statistics.to_h
|
39
45
|
|
40
46
|
# get_master_account
|
41
47
|
struct.master_account = @client.get_master_account({ detector_id: detector }).master.to_h
|
@@ -46,4 +52,27 @@ class GuardDuty < Mapper
|
|
46
52
|
|
47
53
|
resources
|
48
54
|
end
|
55
|
+
|
56
|
+
private
|
57
|
+
|
58
|
+
def finding_criteria(days = 1)
|
59
|
+
criteria = {
|
60
|
+
criterion: {
|
61
|
+
'service.archived': { eq: ['false'] }
|
62
|
+
}
|
63
|
+
}
|
64
|
+
|
65
|
+
if days > 1
|
66
|
+
days_ago = (Time.now.to_f * 1000).to_i - (60 * 60 * 24 * 1000 * days) # with miliseconds
|
67
|
+
|
68
|
+
criteria = {
|
69
|
+
criterion: {
|
70
|
+
'service.archived': { eq: ['false'] },
|
71
|
+
'updatedAt': { less_than: days_ago }
|
72
|
+
}
|
73
|
+
}
|
74
|
+
end
|
75
|
+
|
76
|
+
criteria
|
77
|
+
end
|
49
78
|
end
|
@@ -91,6 +91,28 @@ class IAM < Mapper
|
|
91
91
|
end
|
92
92
|
end
|
93
93
|
|
94
|
+
#
|
95
|
+
# list_instance_profiles
|
96
|
+
#
|
97
|
+
@client.list_instance_profiles.each_with_index do |response, page|
|
98
|
+
log(response.context.operation_name, page)
|
99
|
+
|
100
|
+
# instance_profiles
|
101
|
+
response.instance_profiles.each do |profile|
|
102
|
+
struct = OpenStruct.new(profile.to_h)
|
103
|
+
struct.type = 'instance_profile'
|
104
|
+
struct.arn = profile.arn
|
105
|
+
struct.roles = []
|
106
|
+
|
107
|
+
profile.roles&.each do |role|
|
108
|
+
role.assume_role_policy_document = role.assume_role_policy_document.parse_policy
|
109
|
+
struct.roles.push(role.to_h)
|
110
|
+
end
|
111
|
+
|
112
|
+
resources.push(struct.to_h)
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
94
116
|
#
|
95
117
|
# get_account_password_policy
|
96
118
|
#
|
@@ -88,18 +88,18 @@ class RDS < Mapper
|
|
88
88
|
#
|
89
89
|
# describe_db_engine_versions
|
90
90
|
#
|
91
|
-
unless @options.skip_slow
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
end
|
91
|
+
### unless @options.skip_slow
|
92
|
+
### @client.describe_db_engine_versions.each_with_index do |response, page|
|
93
|
+
### log(response.context.operation_name, page)
|
94
|
+
|
95
|
+
### response.db_engine_versions.each do |version|
|
96
|
+
### struct = OpenStruct.new(version.to_h)
|
97
|
+
### struct.type = 'db_engine_version'
|
98
|
+
|
99
|
+
### resources.push(struct.to_h)
|
100
|
+
### end
|
101
|
+
### end
|
102
|
+
### end
|
103
103
|
|
104
104
|
resources
|
105
105
|
end
|
data/lib/aws_recon/services.yaml
CHANGED
@@ -13,11 +13,12 @@
|
|
13
13
|
- name: CodeBuild
|
14
14
|
alias: codebuild
|
15
15
|
excluded_regions:
|
16
|
-
-
|
16
|
+
- ap-northeast-3
|
17
17
|
- name: CodePipeline
|
18
18
|
alias: codepipeline
|
19
19
|
excluded_regions:
|
20
20
|
- af-south-1
|
21
|
+
- ap-northeast-3
|
21
22
|
- me-south-1
|
22
23
|
- name: AutoScaling
|
23
24
|
alias: autoscaling
|
@@ -40,17 +41,10 @@
|
|
40
41
|
- ap-southeast-1
|
41
42
|
- name: ElasticLoadBalancingV2
|
42
43
|
alias: elbv2
|
43
|
-
excluded_regions:
|
44
|
-
- ap-southeast-1
|
45
44
|
- name: ElastiCache
|
46
45
|
alias: elasticache
|
47
46
|
- name: EMR
|
48
47
|
alias: emr
|
49
|
-
excluded_regions:
|
50
|
-
- ap-east-1
|
51
|
-
- af-south-1
|
52
|
-
- eu-south-1
|
53
|
-
- me-south-1
|
54
48
|
- name: IAM
|
55
49
|
global: true
|
56
50
|
alias: iam
|
@@ -96,11 +90,9 @@
|
|
96
90
|
- name: SES
|
97
91
|
alias: ses
|
98
92
|
excluded_regions:
|
99
|
-
- eu-north-1
|
100
|
-
- eu-west-3
|
101
|
-
- us-west-1
|
102
|
-
- ap-east-1
|
103
93
|
- af-south-1
|
94
|
+
- ap-east-1
|
95
|
+
- ap-northeast-3
|
104
96
|
- eu-south-1
|
105
97
|
- name: CloudWatch
|
106
98
|
alias: cloudwatch
|
@@ -110,65 +102,78 @@
|
|
110
102
|
alias: kafka
|
111
103
|
excluded_regions:
|
112
104
|
- af-south-1
|
105
|
+
- ap-northeast-3
|
113
106
|
- name: SecretsManager
|
114
107
|
alias: sm
|
115
108
|
- name: SecurityHub
|
116
109
|
alias: sh
|
110
|
+
excluded_regions:
|
111
|
+
- ap-northeast-3
|
117
112
|
- name: Support
|
118
113
|
global: true
|
119
114
|
alias: support
|
120
115
|
- name: SSM
|
121
116
|
alias: ssm
|
122
|
-
excluded_regions:
|
123
|
-
- ap-southeast-1
|
124
117
|
- name: GuardDuty
|
125
118
|
alias: guardduty
|
119
|
+
excluded_regions:
|
120
|
+
- ap-northeast-3
|
126
121
|
- name: Athena
|
127
122
|
alias: athena
|
123
|
+
excluded_regions:
|
124
|
+
- ap-northeast-3
|
128
125
|
- name: EFS
|
129
126
|
alias: efs
|
127
|
+
excluded_regions:
|
128
|
+
- ap-northeast-3
|
130
129
|
- name: Firehose
|
131
130
|
alias: firehose
|
132
131
|
- name: Lightsail
|
133
132
|
alias: lightsail
|
134
133
|
excluded_regions:
|
135
|
-
- eu-north-1
|
136
|
-
- us-west-1
|
137
|
-
- sa-east-1
|
138
|
-
- ap-east-1
|
139
134
|
- af-south-1
|
135
|
+
- ap-east-1
|
136
|
+
- ap-northeast-3
|
137
|
+
- eu-north-1
|
140
138
|
- eu-south-1
|
141
139
|
- me-south-1
|
140
|
+
- sa-east-1
|
141
|
+
- us-west-1
|
142
142
|
- name: WorkSpaces
|
143
143
|
alias: workspaces
|
144
144
|
excluded_regions:
|
145
|
-
-
|
145
|
+
- af-south-1
|
146
|
+
- ap-east-1
|
147
|
+
- ap-northeast-3
|
146
148
|
- ap-south-1
|
149
|
+
- eu-north-1
|
150
|
+
- eu-south-1
|
147
151
|
- eu-west-3
|
152
|
+
- me-south-1
|
148
153
|
- us-east-2
|
149
154
|
- us-west-1
|
150
|
-
- ap-east-1
|
151
|
-
- af-south-1
|
152
|
-
- eu-south-1
|
153
|
-
- me-south-1
|
154
155
|
- name: SageMaker
|
155
156
|
alias: sagemaker
|
157
|
+
excluded_regions:
|
158
|
+
- ap-northeast-3
|
156
159
|
- name: ServiceQuotas
|
157
160
|
alias: servicequotas
|
158
161
|
- name: Transfer
|
159
162
|
alias: transfer
|
160
163
|
excluded_regions:
|
161
|
-
- ap-
|
162
|
-
- af-south-1
|
164
|
+
- ap-northeast-3
|
163
165
|
- eu-south-1
|
164
|
-
- me-south-1
|
165
166
|
- name: DirectConnect
|
166
167
|
alias: dc
|
167
168
|
- name: DirectoryService
|
168
169
|
alias: ds
|
170
|
+
excluded_regions:
|
171
|
+
- ap-northeast-3
|
169
172
|
- name: DatabaseMigrationService
|
170
173
|
alias: dms
|
171
174
|
- name: XRay
|
172
175
|
alias: xray
|
173
176
|
- name: WAFV2
|
174
177
|
alias: wafv2
|
178
|
+
excluded_regions:
|
179
|
+
- ap-northeast-3
|
data/lib/aws_recon/version.rb
CHANGED
data/readme.md
CHANGED
@@ -54,13 +54,13 @@ To run locally, first install the gem:
|
|
54
54
|
|
55
55
|
```
|
56
56
|
$ gem install aws_recon
|
57
|
-
Fetching aws_recon-0.
|
57
|
+
Fetching aws_recon-0.3.0.gem
|
58
58
|
Fetching aws-sdk-3.0.1.gem
|
59
59
|
Fetching parallel-1.20.1.gem
|
60
60
|
...
|
61
61
|
Successfully installed aws-sdk-3.0.1
|
62
62
|
Successfully installed parallel-1.20.1
|
63
|
-
Successfully installed aws_recon-0.
|
63
|
+
Successfully installed aws_recon-0.3.0
|
64
64
|
```
|
65
65
|
|
66
66
|
Or add it to your Gemfile using `bundle`:
|
@@ -72,7 +72,7 @@ Resolving dependencies...
|
|
72
72
|
...
|
73
73
|
Using aws-sdk 3.0.1
|
74
74
|
Using parallel-1.20.1
|
75
|
-
Using aws_recon 0.
|
75
|
+
Using aws_recon 0.3.0
|
76
76
|
```
|
77
77
|
|
78
78
|
## Usage
|
@@ -225,7 +225,7 @@ Most users will want to limit collection to relevant services and regions. Runni
|
|
225
225
|
```
|
226
226
|
$ aws_recon -h
|
227
227
|
|
228
|
-
AWS Recon - AWS Inventory Collector (0.
|
228
|
+
AWS Recon - AWS Inventory Collector (0.3.0)
|
229
229
|
|
230
230
|
Usage: aws_recon [options]
|
231
231
|
-r, --regions [REGIONS] Regions to scan, separated by comma (default: all)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws_recon
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Josh Larsen
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-02
|
12
|
+
date: 2021-03-02 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: aws-sdk
|