aws_recon 0.5.19 → 0.5.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/aws_recon.gemspec +1 -1
  3. data/lib/aws_recon/collectors/ec2.rb +25 -8
  4. data/lib/aws_recon/collectors/organizations.rb +12 -5
  5. data/lib/aws_recon/collectors/s3.rb +3 -1
  6. data/lib/aws_recon/services.yaml +0 -5
  7. data/lib/aws_recon/version.rb +1 -1
  8. data/readme.md +1 -0
  9. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4ad9424a430c12245df3339fbc2356755911e011b3535e64023ea407dfac9e5b
4
- data.tar.gz: df268326477fe481c0e81bd40cb28322a00fd3e21f9151334ef93e93c6e1bf33
3
+ metadata.gz: 16ecfd7450fa61b8b8f1cc82db74c2e7b1e3efc3b1c7daf083545711c52f3b60
4
+ data.tar.gz: f23e6e0b17d2bf3bfe8c630b40fa075723269f043624db6fa464697a81469547
5
5
  SHA512:
6
- metadata.gz: c1a16352d62d9c48a19b7e30b4b263a94c9cece99e05abbebfc88eaac54384748b6626e4b35514153797bab09b5a967910602d8805a3bedfc93005811dd58cc7
7
- data.tar.gz: 89e8f6630f7486ea8f4aecfc50f19143fe5e0caa6d0e0de77d15f63b1a8bdbbb1b7ecb84810713eeb5ce3610976d11556bb40928914db9d68b9e260a22c04ae9
6
+ metadata.gz: 0426ef57a308f85ef9b26c25bbb92d07cb5b1b8204a85b5cc94e1d13982efc5d68f8eaa16f476a8a1af174016942e38544e9cd36a7b0c9be2b69a0bfd7242618
7
+ data.tar.gz: e21daf50ee294ce7b17b9bb70499fd536a7f584cbf65e5eb387d770ffe0e40afeefe737509a3e9ce292532575d58d03ab621d45d627dcb582a489fc863cc361b
data/aws_recon.gemspec CHANGED
@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
23
23
  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
24
24
  spec.require_paths = ['lib']
25
25
 
26
- spec.add_dependency 'aws-sdk', '~> 3.0'
26
+ spec.add_dependency 'aws-sdk', '~> 3.1'
27
27
  spec.add_dependency 'parallel', '~> 1.20.1'
28
28
 
29
29
  spec.add_development_dependency 'bundler', '~> 2.2.17'
data/lib/aws_recon/collectors/ec2.rb CHANGED
@@ -98,7 +98,10 @@ class EC2 < Mapper
98
98
  struct.type = 'vpc'
99
99
  struct.arn = "arn:aws:ec2:#{@region}:#{@account}:vpc/#{vpc.vpc_id}" # no true ARN
100
100
  struct.flow_logs = @client
101
- .describe_flow_logs({ filter: [{ name: 'resource-id', values: [vpc.vpc_id] }] })
101
+ .describe_flow_logs({ filter: [{
102
+ name: 'resource-id',
103
+ values: [vpc.vpc_id]
104
+ }] })
102
105
  .flow_logs.first.to_h
103
106
 
104
107
  resources.push(struct.to_h)
@@ -337,19 +340,33 @@ class EC2 < Mapper
337
340
  #
338
341
  # describe_managed_prefix_lists
339
342
  #
340
- @client.describe_managed_prefix_lists.each_with_index do |response, page|
341
- log(response.context.operation_name, page)
343
+ begin
344
+ @client.describe_managed_prefix_lists.each_with_index do |response, page|
345
+ log(response.context.operation_name, page)
342
346
 
343
- response.prefix_lists.each do |list|
344
- struct = OpenStruct.new(list.to_h)
345
- struct.type = 'prefix_list'
346
- struct.arn = list.prefix_list_arn
347
+ response.prefix_lists.each do |list|
348
+ struct = OpenStruct.new(list.to_h)
349
+ struct.type = 'prefix_list'
350
+ struct.arn = list.prefix_list_arn
347
351
 
348
- resources.push(struct.to_h)
352
+ resources.push(struct.to_h)
353
+ end
349
354
  end
355
+ rescue Aws::EC2::Errors::ServiceError => e
356
+ log_error(e.code)
357
+
358
+ raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
350
359
  end
351
360
  end
352
361
 
353
362
  resources
354
363
  end
364
+
365
+ private
366
+
367
+ def suppressed_errors
368
+ %w[
369
+ InvalidAction
370
+ ]
371
+ end
355
372
  end
data/lib/aws_recon/collectors/organizations.rb CHANGED
@@ -13,13 +13,19 @@ class Organizations < Mapper
13
13
  #
14
14
  # describe_organization
15
15
  #
16
- @client.describe_organization.each do |response|
17
- log(response.context.operation_name)
16
+ begin
17
+ @client.describe_organization.each do |response|
18
+ log(response.context.operation_name)
18
19
 
19
- struct = OpenStruct.new(response.organization.to_h)
20
- struct.type = 'organization'
20
+ struct = OpenStruct.new(response.organization.to_h)
21
+ struct.type = 'organization'
21
22
 
22
- resources.push(struct.to_h)
23
+ resources.push(struct.to_h)
24
+ end
25
+ rescue Aws::Organizations::Errors::ServiceError => e
26
+ log_error(e.code)
27
+
28
+ raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
23
29
  end
24
30
 
25
31
  #
@@ -66,6 +72,7 @@ class Organizations < Mapper
66
72
  def suppressed_errors
67
73
  %w[
68
74
  AccessDeniedException
75
+ AWSOrganizationsNotInUseException
69
76
  ]
70
77
  end
71
78
  end
data/lib/aws_recon/collectors/s3.rb CHANGED
@@ -53,7 +53,8 @@ class S3 < Mapper
53
53
  { func: 'get_bucket_tagging', key: 'tagging', field: nil },
54
54
  { func: 'get_bucket_logging', key: 'logging', field: 'logging_enabled' },
55
55
  { func: 'get_bucket_versioning', key: 'versioning', field: nil },
56
- { func: 'get_bucket_website', key: 'website', field: nil }
56
+ { func: 'get_bucket_website', key: 'website', field: nil },
57
+ { func: 'get_bucket_ownership_controls', key: 'ownership_controls', field: 'ownership_controls' }
57
58
  ]
58
59
 
59
60
  operations.each do |operation|
@@ -96,6 +97,7 @@ class S3 < Mapper
96
97
  ReplicationConfigurationNotFoundError
97
98
  NoSuchPublicAccessBlockConfiguration
98
99
  ObjectLockConfigurationNotFoundError
100
+ OwnershipControlsNotFoundError
99
101
  ]
100
102
  end
101
103
  end
data/lib/aws_recon/services.yaml CHANGED
@@ -93,9 +93,6 @@
93
93
  alias: cloudwatchlogs
94
94
  - name: Kafka
95
95
  alias: kafka
96
- excluded_regions:
97
- - af-south-1
98
- - ap-northeast-3
99
96
  - name: SecretsManager
100
97
  alias: secretsmanager
101
98
  - name: SecurityHub
@@ -141,8 +138,6 @@
141
138
  alias: servicequotas
142
139
  - name: Transfer
143
140
  alias: transfer
144
- excluded_regions:
145
- - ap-northeast-3
146
141
  - name: DirectConnect
147
142
  alias: directconnect
148
143
  - name: DirectoryService
data/lib/aws_recon/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AwsRecon
2
- VERSION = "0.5.19"
2
+ VERSION = "0.5.23"
3
3
  end
data/readme.md CHANGED
@@ -37,6 +37,7 @@ AWS Recon handles collection from large accounts by taking advantage of automati
37
37
  - [Pinterest](https://www.pinterest.com/)
38
38
  - [HackerOne](https://www.hackerone.com/)
39
39
  - [MuleSoft](https://www.mulesoft.com/)
40
+ - [Slack](https://slack.com/)
40
41
  - [Drata](https://drata.com/)
41
42
 
42
43
  > ** usage does not imply endorsement
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws_recon
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.19
4
+ version: 0.5.23
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Larsen
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-09-27 00:00:00.000000000 Z
12
+ date: 2022-02-19 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: aws-sdk
@@ -17,14 +17,14 @@ dependencies:
17
17
  requirements:
18
18
  - - "~>"
19
19
  - !ruby/object:Gem::Version
20
- version: '3.0'
20
+ version: '3.1'
21
21
  type: :runtime
22
22
  prerelease: false
23
23
  version_requirements: !ruby/object:Gem::Requirement
24
24
  requirements:
25
25
  - - "~>"
26
26
  - !ruby/object:Gem::Version
27
- version: '3.0'
27
+ version: '3.1'
28
28
  - !ruby/object:Gem::Dependency
29
29
  name: parallel
30
30
  requirement: !ruby/object:Gem::Requirement
@@ -277,7 +277,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
277
277
  - !ruby/object:Gem::Version
278
278
  version: '0'
279
279
  requirements: []
280
- rubygems_version: 3.2.3
280
+ rubygems_version: 3.0.8
281
281
  signing_key:
282
282
  specification_version: 4
283
283
  summary: A multi-threaded AWS security-focused inventory collection tool.