aws_recon 0.5.18 → 0.5.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/aws_recon.gemspec +1 -1
- data/lib/aws_recon/collectors/ec2.rb +25 -8
- data/lib/aws_recon/collectors/organizations.rb +12 -5
- data/lib/aws_recon/collectors/s3.rb +3 -1
- data/lib/aws_recon/services.yaml +0 -1
- data/lib/aws_recon/version.rb +1 -1
- data/readme.md +1 -0
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a0225940b06ce4f050b76411a63eef4d83fab157ff64524214ecc37aaa9b4763
|
4
|
+
data.tar.gz: 5bbcdb94d22cfe23caa9f5d43ddc1c7dd5a2e58a7784f19ff6f0defb753f324a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cc712417ee38a98f13aea07c7809aa4412598b4165f775a9c1986aa1981474194b90d35ddfc86992cb9faa705b3dc9d5b0ca0122d1070f995c4d072e4e4c3b27
|
7
|
+
data.tar.gz: de820cc2a6551defd85fca374d3aa875c494d0c9c1dd9084f09e371618623fb53edeaf4864aad04d126a6a4fc3831115d9419a175a40a961f2567c139b66d8b1
|
data/aws_recon.gemspec
CHANGED
@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
|
|
23
23
|
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
24
24
|
spec.require_paths = ['lib']
|
25
25
|
|
26
|
-
spec.add_dependency 'aws-sdk', '~> 3.
|
26
|
+
spec.add_dependency 'aws-sdk', '~> 3.1'
|
27
27
|
spec.add_dependency 'parallel', '~> 1.20.1'
|
28
28
|
|
29
29
|
spec.add_development_dependency 'bundler', '~> 2.2.17'
|
@@ -98,7 +98,10 @@ class EC2 < Mapper
|
|
98
98
|
struct.type = 'vpc'
|
99
99
|
struct.arn = "arn:aws:ec2:#{@region}:#{@account}:vpc/#{vpc.vpc_id}" # no true ARN
|
100
100
|
struct.flow_logs = @client
|
101
|
-
.describe_flow_logs({ filter: [{
|
101
|
+
.describe_flow_logs({ filter: [{
|
102
|
+
name: 'resource-id',
|
103
|
+
values: [vpc.vpc_id]
|
104
|
+
}] })
|
102
105
|
.flow_logs.first.to_h
|
103
106
|
|
104
107
|
resources.push(struct.to_h)
|
@@ -337,19 +340,33 @@ class EC2 < Mapper
|
|
337
340
|
#
|
338
341
|
# describe_managed_prefix_lists
|
339
342
|
#
|
340
|
-
|
341
|
-
|
343
|
+
begin
|
344
|
+
@client.describe_managed_prefix_lists.each_with_index do |response, page|
|
345
|
+
log(response.context.operation_name, page)
|
342
346
|
|
343
|
-
|
344
|
-
|
345
|
-
|
346
|
-
|
347
|
+
response.prefix_lists.each do |list|
|
348
|
+
struct = OpenStruct.new(list.to_h)
|
349
|
+
struct.type = 'prefix_list'
|
350
|
+
struct.arn = list.prefix_list_arn
|
347
351
|
|
348
|
-
|
352
|
+
resources.push(struct.to_h)
|
353
|
+
end
|
349
354
|
end
|
355
|
+
rescue Aws::EC2::Errors::ServiceError => e
|
356
|
+
log_error(e.code)
|
357
|
+
|
358
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
350
359
|
end
|
351
360
|
end
|
352
361
|
|
353
362
|
resources
|
354
363
|
end
|
364
|
+
|
365
|
+
private
|
366
|
+
|
367
|
+
def suppressed_errors
|
368
|
+
%w[
|
369
|
+
InvalidAction
|
370
|
+
]
|
371
|
+
end
|
355
372
|
end
|
@@ -13,13 +13,19 @@ class Organizations < Mapper
|
|
13
13
|
#
|
14
14
|
# describe_organization
|
15
15
|
#
|
16
|
-
|
17
|
-
|
16
|
+
begin
|
17
|
+
@client.describe_organization.each do |response|
|
18
|
+
log(response.context.operation_name)
|
18
19
|
|
19
|
-
|
20
|
-
|
20
|
+
struct = OpenStruct.new(response.organization.to_h)
|
21
|
+
struct.type = 'organization'
|
21
22
|
|
22
|
-
|
23
|
+
resources.push(struct.to_h)
|
24
|
+
end
|
25
|
+
rescue Aws::Organizations::Errors::ServiceError => e
|
26
|
+
log_error(e.code)
|
27
|
+
|
28
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
23
29
|
end
|
24
30
|
|
25
31
|
#
|
@@ -66,6 +72,7 @@ class Organizations < Mapper
|
|
66
72
|
def suppressed_errors
|
67
73
|
%w[
|
68
74
|
AccessDeniedException
|
75
|
+
AWSOrganizationsNotInUseException
|
69
76
|
]
|
70
77
|
end
|
71
78
|
end
|
@@ -53,7 +53,8 @@ class S3 < Mapper
|
|
53
53
|
{ func: 'get_bucket_tagging', key: 'tagging', field: nil },
|
54
54
|
{ func: 'get_bucket_logging', key: 'logging', field: 'logging_enabled' },
|
55
55
|
{ func: 'get_bucket_versioning', key: 'versioning', field: nil },
|
56
|
-
{ func: 'get_bucket_website', key: 'website', field: nil }
|
56
|
+
{ func: 'get_bucket_website', key: 'website', field: nil },
|
57
|
+
{ func: 'get_bucket_ownership_controls', key: 'ownership_controls', field: 'ownership_controls' }
|
57
58
|
]
|
58
59
|
|
59
60
|
operations.each do |operation|
|
@@ -96,6 +97,7 @@ class S3 < Mapper
|
|
96
97
|
ReplicationConfigurationNotFoundError
|
97
98
|
NoSuchPublicAccessBlockConfiguration
|
98
99
|
ObjectLockConfigurationNotFoundError
|
100
|
+
OwnershipControlsNotFoundError
|
99
101
|
]
|
100
102
|
end
|
101
103
|
end
|
data/lib/aws_recon/services.yaml
CHANGED
data/lib/aws_recon/version.rb
CHANGED
data/readme.md
CHANGED
@@ -37,6 +37,7 @@ AWS Recon handles collection from large accounts by taking advantage of automati
|
|
37
37
|
- [Pinterest](https://www.pinterest.com/)
|
38
38
|
- [HackerOne](https://www.hackerone.com/)
|
39
39
|
- [MuleSoft](https://www.mulesoft.com/)
|
40
|
+
- [Slack](https://slack.com/)
|
40
41
|
- [Drata](https://drata.com/)
|
41
42
|
|
42
43
|
> ** usage does not imply endorsement
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws_recon
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.22
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Josh Larsen
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-
|
12
|
+
date: 2021-12-02 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: aws-sdk
|
@@ -17,14 +17,14 @@ dependencies:
|
|
17
17
|
requirements:
|
18
18
|
- - "~>"
|
19
19
|
- !ruby/object:Gem::Version
|
20
|
-
version: '3.
|
20
|
+
version: '3.1'
|
21
21
|
type: :runtime
|
22
22
|
prerelease: false
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
24
24
|
requirements:
|
25
25
|
- - "~>"
|
26
26
|
- !ruby/object:Gem::Version
|
27
|
-
version: '3.
|
27
|
+
version: '3.1'
|
28
28
|
- !ruby/object:Gem::Dependency
|
29
29
|
name: parallel
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|