aws_recon 0.3.1 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +0 -1
- data/lib/aws_recon/aws_recon.rb +42 -11
- data/lib/aws_recon/collectors.rb +3 -1
- data/lib/aws_recon/collectors/emr.rb +20 -6
- data/lib/aws_recon/collectors/iam.rb +22 -0
- data/lib/aws_recon/collectors/s3.rb +3 -1
- data/lib/aws_recon/options.rb +8 -0
- data/lib/aws_recon/services.yaml +31 -26
- data/lib/aws_recon/version.rb +1 -1
- data/readme.md +32 -7
- metadata +2 -3
- data/.travis.yml +0 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9647cee32c4df1624a99cf180258f43e664e7ee62b8ceee5fe00b8d6b31a2803
|
4
|
+
data.tar.gz: aca9a6383263ca7add32682df25a633ad9db031a50d2f38f319f903b6dd75c45
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 426acf5937d26974c7a7c5bc26e84487fe8b76cc28bf0f51a7302d05897356e7007b877e26a47cc3af7b54044ac45bec23b409b1b66bef0336aaa1216d340437
|
7
|
+
data.tar.gz: 790fd25c65d4fe49c2e3857f65cddb590ecfe9f481b923bcdf8def9007ddf1ccb0b16f616164e7472b43a75eebe77698146d3d2e46204af1085b276afedf2099
|
data/.rubocop.yml
CHANGED
data/lib/aws_recon/aws_recon.rb
CHANGED
@@ -6,7 +6,7 @@ module AwsRecon
|
|
6
6
|
class CLI
|
7
7
|
def initialize
|
8
8
|
# parse options
|
9
|
-
@options = Parser.parse ARGV.
|
9
|
+
@options = Parser.parse ARGV.empty? ? %w[-h] : ARGV
|
10
10
|
|
11
11
|
# timing
|
12
12
|
@starting = Process.clock_gettime(Process::CLOCK_MONOTONIC)
|
@@ -15,11 +15,11 @@ module AwsRecon
|
|
15
15
|
@account_id = Aws::STS::Client.new.get_caller_identity.account
|
16
16
|
|
17
17
|
# AWS services
|
18
|
-
@aws_services = YAML.
|
18
|
+
@aws_services = YAML.safe_load(File.read(SERVICES_CONFIG_FILE), symbolize_names: true)
|
19
19
|
|
20
20
|
# User config services
|
21
21
|
if @options.config_file
|
22
|
-
user_config = YAML.
|
22
|
+
user_config = YAML.safe_load(File.read(@options.config_file), symbolize_names: true)
|
23
23
|
|
24
24
|
@services = user_config[:services]
|
25
25
|
@regions = user_config[:regions]
|
@@ -34,9 +34,9 @@ module AwsRecon
|
|
34
34
|
# formatter
|
35
35
|
@formatter = Formatter.new
|
36
36
|
|
37
|
-
unless @options.stream_output
|
38
|
-
|
39
|
-
|
37
|
+
return unless @options.stream_output
|
38
|
+
|
39
|
+
puts "\nStarting collection with #{@options.threads} threads...\n"
|
40
40
|
end
|
41
41
|
|
42
42
|
#
|
@@ -72,7 +72,7 @@ module AwsRecon
|
|
72
72
|
#
|
73
73
|
# global services
|
74
74
|
#
|
75
|
-
@aws_services.map { |x| OpenStruct.new(x) }.filter
|
75
|
+
@aws_services.map { |x| OpenStruct.new(x) }.filter(&:global).each do |service|
|
76
76
|
# user included this service in the args
|
77
77
|
next unless @services.include?(service.name)
|
78
78
|
|
@@ -94,7 +94,7 @@ module AwsRecon
|
|
94
94
|
next unless @regions.include?(region) && !skip_region
|
95
95
|
|
96
96
|
# user included this service in the args
|
97
|
-
next unless @services.include?(service.name) || @services.include?(service.alias)
|
97
|
+
next unless @services.include?(service.name) || @services.include?(service.alias)
|
98
98
|
|
99
99
|
collect(service, region)
|
100
100
|
end
|
@@ -104,14 +104,45 @@ module AwsRecon
|
|
104
104
|
|
105
105
|
puts "\nStopped early after \x1b[32m#{elapsed.to_i}\x1b[0m seconds.\n"
|
106
106
|
ensure
|
107
|
+
elapsed = Process.clock_gettime(Process::CLOCK_MONOTONIC) - @starting
|
108
|
+
|
109
|
+
puts "\nFinished in \x1b[32m#{elapsed.to_i}\x1b[0m seconds.\n\n"
|
110
|
+
|
107
111
|
# write output file
|
108
112
|
if @options.output_file
|
109
|
-
|
110
|
-
|
111
|
-
puts "\nFinished in \x1b[32m#{elapsed.to_i}\x1b[0m seconds. Saving resources to \x1b[32m#{@options.output_file}\x1b[0m.\n\n"
|
113
|
+
puts "Saving resources to \x1b[32m#{@options.output_file}\x1b[0m.\n\n"
|
112
114
|
|
113
115
|
File.write(@options.output_file, @resources.to_json)
|
114
116
|
end
|
117
|
+
|
118
|
+
# write output file to S3 bucket
|
119
|
+
if @options.s3
|
120
|
+
t = Time.now.utc
|
121
|
+
|
122
|
+
s3_full_object_path = "AWSRecon/#{t.year}/#{t.month}/#{t.day}/#{@account_id}_aws_recon_#{t.to_i}.json.gz"
|
123
|
+
|
124
|
+
begin
|
125
|
+
# get bucket name (and region if not us-east-1)
|
126
|
+
s3_bucket, s3_region = @options.s3.split(':')
|
127
|
+
|
128
|
+
# build IO object and gzip it
|
129
|
+
io = StringIO.new
|
130
|
+
gzip_data = Zlib::GzipWriter.new(io)
|
131
|
+
gzip_data.write(@resources.to_json)
|
132
|
+
gzip_data.close
|
133
|
+
|
134
|
+
# send it to S3
|
135
|
+
s3_client = Aws::S3::Client.new(region: s3_region || 'us-east-1')
|
136
|
+
s3_resource = Aws::S3::Resource.new(client: s3_client)
|
137
|
+
obj = s3_resource.bucket(s3_bucket).object(s3_full_object_path)
|
138
|
+
obj.put(body: io.string)
|
139
|
+
|
140
|
+
puts "Saving resources to S3 \x1b[32ms3://#{s3_bucket}/#{s3_full_object_path}\x1b[0m\n\n"
|
141
|
+
rescue Aws::S3::Errors::ServiceError => e
|
142
|
+
puts "\x1b[35mError!\x1b[0m - could not save output S3 bucket\n\n"
|
143
|
+
puts "#{e.message} - #{e.code}\n"
|
144
|
+
end
|
145
|
+
end
|
115
146
|
end
|
116
147
|
end
|
117
148
|
end
|
data/lib/aws_recon/collectors.rb
CHANGED
@@ -13,14 +13,20 @@ class EMR < Mapper
|
|
13
13
|
#
|
14
14
|
# get_block_public_access_configuration
|
15
15
|
#
|
16
|
-
|
17
|
-
|
16
|
+
begin
|
17
|
+
@client.get_block_public_access_configuration.each do |response|
|
18
|
+
log(response.context.operation_name)
|
18
19
|
|
19
|
-
|
20
|
-
|
21
|
-
|
20
|
+
struct = OpenStruct.new(response.block_public_access_configuration.to_h)
|
21
|
+
struct.type = 'configuration'
|
22
|
+
struct.arn = "arn:aws:emr:#{@region}:#{@account}/block_public_access_configuration"
|
22
23
|
|
23
|
-
|
24
|
+
resources.push(struct.to_h)
|
25
|
+
end
|
26
|
+
rescue Aws::EMR::Errors::ServiceError => e
|
27
|
+
log_error(e.code)
|
28
|
+
|
29
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
24
30
|
end
|
25
31
|
|
26
32
|
#
|
@@ -42,4 +48,12 @@ class EMR < Mapper
|
|
42
48
|
|
43
49
|
resources
|
44
50
|
end
|
51
|
+
|
52
|
+
private
|
53
|
+
|
54
|
+
def suppressed_errors
|
55
|
+
%w[
|
56
|
+
InvalidRequestException
|
57
|
+
]
|
58
|
+
end
|
45
59
|
end
|
@@ -91,6 +91,28 @@ class IAM < Mapper
|
|
91
91
|
end
|
92
92
|
end
|
93
93
|
|
94
|
+
#
|
95
|
+
# list_instance_profiles
|
96
|
+
#
|
97
|
+
@client.list_instance_profiles.each_with_index do |response, page|
|
98
|
+
log(response.context.operation_name, page)
|
99
|
+
|
100
|
+
# instance_profiles
|
101
|
+
response.instance_profiles.each do |profile|
|
102
|
+
struct = OpenStruct.new(profile.to_h)
|
103
|
+
struct.type = 'instance_profile'
|
104
|
+
struct.arn = profile.arn
|
105
|
+
struct.roles = []
|
106
|
+
|
107
|
+
profile.roles&.each do |role|
|
108
|
+
role.assume_role_policy_document = role.assume_role_policy_document.parse_policy
|
109
|
+
struct.roles.push(role.to_h)
|
110
|
+
end
|
111
|
+
|
112
|
+
resources.push(struct.to_h)
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
94
116
|
#
|
95
117
|
# get_account_password_policy
|
96
118
|
#
|
@@ -48,6 +48,7 @@ class S3 < Mapper
|
|
48
48
|
{ func: 'get_bucket_policy', key: 'policy', field: 'policy' },
|
49
49
|
{ func: 'get_bucket_policy_status', key: 'public', field: 'policy_status' },
|
50
50
|
{ func: 'get_public_access_block', key: 'public_access_block', field: 'public_access_block_configuration' },
|
51
|
+
{ func: 'get_object_lock_configuration', key: 'object_lock_configuration', field: 'object_lock_configuration' },
|
51
52
|
{ func: 'get_bucket_tagging', key: 'tagging', field: nil },
|
52
53
|
{ func: 'get_bucket_logging', key: 'logging', field: 'logging_enabled' },
|
53
54
|
{ func: 'get_bucket_versioning', key: 'versioning', field: nil },
|
@@ -66,7 +67,7 @@ class S3 < Mapper
|
|
66
67
|
end
|
67
68
|
|
68
69
|
rescue Aws::S3::Errors::ServiceError => e
|
69
|
-
log_error(e.code)
|
70
|
+
log_error(bucket.name, op.func, e.code)
|
70
71
|
|
71
72
|
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
72
73
|
end
|
@@ -90,6 +91,7 @@ class S3 < Mapper
|
|
90
91
|
NoSuchWebsiteConfiguration
|
91
92
|
ReplicationConfigurationNotFoundError
|
92
93
|
NoSuchPublicAccessBlockConfiguration
|
94
|
+
ObjectLockConfigurationNotFoundError
|
93
95
|
]
|
94
96
|
end
|
95
97
|
end
|
data/lib/aws_recon/options.rb
CHANGED
@@ -6,6 +6,7 @@
|
|
6
6
|
class Parser
|
7
7
|
DEFAULT_CONFIG_FILE = nil
|
8
8
|
DEFAULT_OUTPUT_FILE = File.expand_path(File.join(Dir.pwd, 'output.json')).freeze
|
9
|
+
DEFAULT_S3_PATH = nil
|
9
10
|
SERVICES_CONFIG_FILE = File.join(File.dirname(__FILE__), 'services.yaml').freeze
|
10
11
|
DEFAULT_FORMAT = 'aws'
|
11
12
|
DEFAULT_THREADS = 8
|
@@ -15,6 +16,7 @@ class Parser
|
|
15
16
|
:regions,
|
16
17
|
:services,
|
17
18
|
:config_file,
|
19
|
+
:s3,
|
18
20
|
:output_file,
|
19
21
|
:output_format,
|
20
22
|
:threads,
|
@@ -43,6 +45,7 @@ class Parser
|
|
43
45
|
aws_regions,
|
44
46
|
aws_services.map { |service| service[:name] },
|
45
47
|
DEFAULT_CONFIG_FILE,
|
48
|
+
DEFAULT_S3_PATH,
|
46
49
|
DEFAULT_OUTPUT_FILE,
|
47
50
|
DEFAULT_FORMAT,
|
48
51
|
DEFAULT_THREADS,
|
@@ -93,6 +96,11 @@ class Parser
|
|
93
96
|
args.config_file = config
|
94
97
|
end
|
95
98
|
|
99
|
+
# write output file to S3 bucket
|
100
|
+
opts.on('-b', '--s3-bucket [BUCKET:REGION]', 'Write output file to S3 bucket (default: \'\')') do |bucket_with_region|
|
101
|
+
args.s3 = bucket_with_region
|
102
|
+
end
|
103
|
+
|
96
104
|
# output file
|
97
105
|
opts.on('-o', '--output [OUTPUT]', 'Specify output file (default: output.json)') do |output|
|
98
106
|
args.output_file = File.expand_path(File.join(Dir.pwd, output))
|
data/lib/aws_recon/services.yaml
CHANGED
@@ -13,11 +13,12 @@
|
|
13
13
|
- name: CodeBuild
|
14
14
|
alias: codebuild
|
15
15
|
excluded_regions:
|
16
|
-
-
|
16
|
+
- ap-northeast-3
|
17
17
|
- name: CodePipeline
|
18
18
|
alias: codepipeline
|
19
19
|
excluded_regions:
|
20
20
|
- af-south-1
|
21
|
+
- ap-northeast-3
|
21
22
|
- me-south-1
|
22
23
|
- name: AutoScaling
|
23
24
|
alias: autoscaling
|
@@ -40,17 +41,10 @@
|
|
40
41
|
- ap-southeast-1
|
41
42
|
- name: ElasticLoadBalancingV2
|
42
43
|
alias: elbv2
|
43
|
-
excluded_regions:
|
44
|
-
- ap-southeast-1
|
45
44
|
- name: ElastiCache
|
46
45
|
alias: elasticache
|
47
46
|
- name: EMR
|
48
47
|
alias: emr
|
49
|
-
excluded_regions:
|
50
|
-
- ap-east-1
|
51
|
-
- af-south-1
|
52
|
-
- eu-south-1
|
53
|
-
- me-south-1
|
54
48
|
- name: IAM
|
55
49
|
global: true
|
56
50
|
alias: iam
|
@@ -96,11 +90,9 @@
|
|
96
90
|
- name: SES
|
97
91
|
alias: ses
|
98
92
|
excluded_regions:
|
99
|
-
- eu-north-1
|
100
|
-
- eu-west-3
|
101
|
-
- us-west-1
|
102
|
-
- ap-east-1
|
103
93
|
- af-south-1
|
94
|
+
- ap-east-1
|
95
|
+
- ap-northeast-3
|
104
96
|
- eu-south-1
|
105
97
|
- name: CloudWatch
|
106
98
|
alias: cloudwatch
|
@@ -110,65 +102,78 @@
|
|
110
102
|
alias: kafka
|
111
103
|
excluded_regions:
|
112
104
|
- af-south-1
|
105
|
+
- ap-northeast-3
|
113
106
|
- name: SecretsManager
|
114
107
|
alias: sm
|
115
108
|
- name: SecurityHub
|
116
109
|
alias: sh
|
110
|
+
excluded_regions:
|
111
|
+
- ap-northeast-3
|
117
112
|
- name: Support
|
118
113
|
global: true
|
119
114
|
alias: support
|
120
115
|
- name: SSM
|
121
116
|
alias: ssm
|
122
|
-
excluded_regions:
|
123
|
-
- ap-southeast-1
|
124
117
|
- name: GuardDuty
|
125
118
|
alias: guardduty
|
119
|
+
excluded_regions:
|
120
|
+
- ap-northeast-3
|
126
121
|
- name: Athena
|
127
122
|
alias: athena
|
123
|
+
excluded_regions:
|
124
|
+
- ap-northeast-3
|
128
125
|
- name: EFS
|
129
126
|
alias: efs
|
127
|
+
excluded_regions:
|
128
|
+
- ap-northeast-3
|
130
129
|
- name: Firehose
|
131
130
|
alias: firehose
|
132
131
|
- name: Lightsail
|
133
132
|
alias: lightsail
|
134
133
|
excluded_regions:
|
135
|
-
- eu-north-1
|
136
|
-
- us-west-1
|
137
|
-
- sa-east-1
|
138
|
-
- ap-east-1
|
139
134
|
- af-south-1
|
135
|
+
- ap-east-1
|
136
|
+
- ap-northeast-3
|
137
|
+
- eu-north-1
|
140
138
|
- eu-south-1
|
141
139
|
- me-south-1
|
140
|
+
- sa-east-1
|
141
|
+
- us-west-1
|
142
142
|
- name: WorkSpaces
|
143
143
|
alias: workspaces
|
144
144
|
excluded_regions:
|
145
|
-
-
|
145
|
+
- af-south-1
|
146
|
+
- ap-east-1
|
147
|
+
- ap-northeast-3
|
146
148
|
- ap-south-1
|
149
|
+
- eu-north-1
|
150
|
+
- eu-south-1
|
147
151
|
- eu-west-3
|
152
|
+
- me-south-1
|
148
153
|
- us-east-2
|
149
154
|
- us-west-1
|
150
|
-
- ap-east-1
|
151
|
-
- af-south-1
|
152
|
-
- eu-south-1
|
153
|
-
- me-south-1
|
154
155
|
- name: SageMaker
|
155
156
|
alias: sagemaker
|
157
|
+
excluded_regions:
|
158
|
+
- ap-northeast-3
|
156
159
|
- name: ServiceQuotas
|
157
160
|
alias: servicequotas
|
158
161
|
- name: Transfer
|
159
162
|
alias: transfer
|
160
163
|
excluded_regions:
|
161
|
-
- ap-
|
162
|
-
- af-south-1
|
164
|
+
- ap-northeast-3
|
163
165
|
- eu-south-1
|
164
|
-
- me-south-1
|
165
166
|
- name: DirectConnect
|
166
167
|
alias: dc
|
167
168
|
- name: DirectoryService
|
168
169
|
alias: ds
|
170
|
+
excluded_regions:
|
171
|
+
- ap-northeast-3
|
169
172
|
- name: DatabaseMigrationService
|
170
173
|
alias: dms
|
171
174
|
- name: XRay
|
172
175
|
alias: xray
|
173
176
|
- name: WAFV2
|
174
177
|
alias: wafv2
|
178
|
+
excluded_regions:
|
179
|
+
- ap-northeast-3
|
data/lib/aws_recon/version.rb
CHANGED
data/readme.md
CHANGED
@@ -5,9 +5,9 @@
|
|
5
5
|
|
6
6
|
A multi-threaded AWS inventory collection tool.
|
7
7
|
|
8
|
-
|
8
|
+
This tool was created to facilitate efficient collection of a large amount of AWS resource attributes and metadata. It aims to collect nearly everything that is relevant to the security configuration and posture of an AWS environment.
|
9
9
|
|
10
|
-
Existing tools (e.g. [AWS Config](https://aws.amazon.com/config)) that do some form of resource collection lack the coverage and specificity
|
10
|
+
Existing tools (e.g. [AWS Config](https://aws.amazon.com/config)) that do some form of resource collection lack the coverage and specificity to accurately measure security posture (e.g. detailed attribute data and full policy documents).
|
11
11
|
|
12
12
|
Enter AWS Recon, multi-threaded AWS inventory collection tool written in plain Ruby. Though Python tends to dominate the AWS tooling landscape, the [Ruby SDK](https://aws.amazon.com/sdk-for-ruby/) has a few convenient advantages over the [other](https://aws.amazon.com/sdk-for-node-js/) [AWS](https://aws.amazon.com/sdk-for-python/) [SDKs](https://aws.amazon.com/sdk-for-go/) we tested. Specifically, easy handling of automatic retries, paging of large responses, and - with some help - threading huge numbers of requests.
|
13
13
|
|
@@ -15,7 +15,7 @@ Enter AWS Recon, multi-threaded AWS inventory collection tool written in plain R
|
|
15
15
|
|
16
16
|
- More complete resource coverage than available tools (especially for ECS & EKS)
|
17
17
|
- More granular resource detail, including nested related resources in the output
|
18
|
-
- Flexible output (console, JSON lines, plain JSON, file, standard out)
|
18
|
+
- Flexible output (console, JSON lines, plain JSON, file, S3 bucket, and standard out)
|
19
19
|
- Efficient (multi-threaded, rate limited, automatic retries, and automatic result paging)
|
20
20
|
- Easy to maintain and extend
|
21
21
|
|
@@ -54,13 +54,13 @@ To run locally, first install the gem:
|
|
54
54
|
|
55
55
|
```
|
56
56
|
$ gem install aws_recon
|
57
|
-
Fetching aws_recon-0.
|
57
|
+
Fetching aws_recon-0.4.0.gem
|
58
58
|
Fetching aws-sdk-3.0.1.gem
|
59
59
|
Fetching parallel-1.20.1.gem
|
60
60
|
...
|
61
61
|
Successfully installed aws-sdk-3.0.1
|
62
62
|
Successfully installed parallel-1.20.1
|
63
|
-
Successfully installed aws_recon-0.
|
63
|
+
Successfully installed aws_recon-0.4.0
|
64
64
|
```
|
65
65
|
|
66
66
|
Or add it to your Gemfile using `bundle`:
|
@@ -72,7 +72,7 @@ Resolving dependencies...
|
|
72
72
|
...
|
73
73
|
Using aws-sdk 3.0.1
|
74
74
|
Using parallel-1.20.1
|
75
|
-
Using aws_recon 0.
|
75
|
+
Using aws_recon 0.4.0
|
76
76
|
```
|
77
77
|
|
78
78
|
## Usage
|
@@ -158,13 +158,37 @@ Finished in 46 seconds. Saving resources to output.json.
|
|
158
158
|
#### Example command line options
|
159
159
|
|
160
160
|
```
|
161
|
+
# collect S3 and EC2 global resources, as well as us-east-1 and us-east-2
|
162
|
+
|
161
163
|
$ AWS_PROFILE=<profile> aws_recon -s S3,EC2 -r global,us-east-1,us-east-2
|
162
164
|
```
|
163
165
|
|
164
166
|
```
|
167
|
+
# collect S3 and EC2 global resources, as well as us-east-1 and us-east-2
|
168
|
+
|
165
169
|
$ AWS_PROFILE=<profile> aws_recon --services S3,EC2 --regions global,us-east-1,us-east-2
|
166
170
|
```
|
167
171
|
|
172
|
+
```
|
173
|
+
# save output to S3 bucket
|
174
|
+
|
175
|
+
$ AWS_PROFILE=<profile> aws_recon \
|
176
|
+
--services S3,EC2 \
|
177
|
+
--regions global,us-east-1,us-east-2 \
|
178
|
+
--verbose \
|
179
|
+
--s3-bucket my-recon-bucket
|
180
|
+
```
|
181
|
+
|
182
|
+
```
|
183
|
+
# save output to S3 bucket with a home region other than us-east-1
|
184
|
+
|
185
|
+
$ AWS_PROFILE=<profile> aws_recon \
|
186
|
+
--services S3,EC2 \
|
187
|
+
--regions global,us-east-1,us-east-2 \
|
188
|
+
--verbose \
|
189
|
+
--s3-bucket my-recon-bucket:us-west-2
|
190
|
+
```
|
191
|
+
|
168
192
|
Example [OpenCSPM](https://github.com/OpenCSPM/opencspm) formatted (NDJSON) output.
|
169
193
|
|
170
194
|
```
|
@@ -225,7 +249,7 @@ Most users will want to limit collection to relevant services and regions. Runni
|
|
225
249
|
```
|
226
250
|
$ aws_recon -h
|
227
251
|
|
228
|
-
AWS Recon - AWS Inventory Collector (0.
|
252
|
+
AWS Recon - AWS Inventory Collector (0.4.0)
|
229
253
|
|
230
254
|
Usage: aws_recon [options]
|
231
255
|
-r, --regions [REGIONS] Regions to scan, separated by comma (default: all)
|
@@ -233,6 +257,7 @@ Usage: aws_recon [options]
|
|
233
257
|
-s, --services [SERVICES] Services to scan, separated by comma (default: all)
|
234
258
|
-x, --not-services [SERVICES] Services to skip, separated by comma (default: none)
|
235
259
|
-c, --config [CONFIG] Specify config file for services & regions (e.g. config.yaml)
|
260
|
+
-b, --s3-bucket [BUCKET:REGION] Write output file to S3 bucket (default: '')
|
236
261
|
-o, --output [OUTPUT] Specify output file (default: output.json)
|
237
262
|
-f, --format [FORMAT] Specify output format (default: aws)
|
238
263
|
-t, --threads [THREADS] Specify max threads (default: 8, max: 128)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws_recon
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Josh Larsen
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-
|
12
|
+
date: 2021-03-30 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: aws-sdk
|
@@ -167,7 +167,6 @@ files:
|
|
167
167
|
- ".github/workflows/smoke-test.yml"
|
168
168
|
- ".gitignore"
|
169
169
|
- ".rubocop.yml"
|
170
|
-
- ".travis.yml"
|
171
170
|
- Dockerfile
|
172
171
|
- Gemfile
|
173
172
|
- LICENSE.txt
|