aws_recon 0.2.27 → 0.2.28
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws_recon/collectors/accessanalyzer.rb +5 -0
- data/lib/aws_recon/collectors/acm.rb +5 -0
- data/lib/aws_recon/collectors/apigateway.rb +5 -0
- data/lib/aws_recon/collectors/apigatewayv2.rb +5 -0
- data/lib/aws_recon/collectors/applicationautoscaling.rb +5 -0
- data/lib/aws_recon/collectors/athena.rb +5 -0
- data/lib/aws_recon/collectors/autoscaling.rb +5 -0
- data/lib/aws_recon/collectors/backup.rb +5 -0
- data/lib/aws_recon/collectors/cloudformation.rb +5 -0
- data/lib/aws_recon/collectors/cloudfront.rb +5 -0
- data/lib/aws_recon/collectors/cloudtrail.rb +5 -0
- data/lib/aws_recon/collectors/cloudwatch.rb +5 -0
- data/lib/aws_recon/collectors/cloudwatchlogs.rb +5 -0
- data/lib/aws_recon/collectors/codebuild.rb +5 -0
- data/lib/aws_recon/collectors/codepipeline.rb +6 -3
- data/lib/aws_recon/collectors/configservice.rb +5 -0
- data/lib/aws_recon/collectors/directconnect.rb +5 -0
- data/lib/aws_recon/collectors/{directyservice.rb → directoryservice.rb} +5 -0
- data/lib/aws_recon/collectors/dms.rb +5 -0
- data/lib/aws_recon/collectors/dynamodb.rb +5 -0
- data/lib/aws_recon/collectors/ec2.rb +6 -3
- data/lib/aws_recon/collectors/ecr.rb +6 -3
- data/lib/aws_recon/collectors/ecs.rb +5 -2
- data/lib/aws_recon/collectors/efs.rb +5 -0
- data/lib/aws_recon/collectors/eks.rb +5 -0
- data/lib/aws_recon/collectors/elasticache.rb +5 -0
- data/lib/aws_recon/collectors/elasticloadbalancing.rb +5 -0
- data/lib/aws_recon/collectors/elasticloadbalancingv2.rb +5 -0
- data/lib/aws_recon/collectors/elasticsearch.rb +5 -0
- data/lib/aws_recon/collectors/emr.rb +5 -0
- data/lib/aws_recon/collectors/firehose.rb +5 -0
- data/lib/aws_recon/collectors/guardduty.rb +5 -2
- data/lib/aws_recon/collectors/iam.rb +7 -6
- data/lib/aws_recon/collectors/kafka.rb +5 -0
- data/lib/aws_recon/collectors/kinesis.rb +5 -0
- data/lib/aws_recon/collectors/kms.rb +6 -3
- data/lib/aws_recon/collectors/lambda.rb +5 -0
- data/lib/aws_recon/collectors/lightsail.rb +5 -0
- data/lib/aws_recon/collectors/organizations.rb +6 -3
- data/lib/aws_recon/collectors/redshift.rb +5 -0
- data/lib/aws_recon/collectors/route53.rb +5 -0
- data/lib/aws_recon/collectors/route53domains.rb +5 -0
- data/lib/aws_recon/collectors/secretsmanager.rb +5 -0
- data/lib/aws_recon/collectors/securityhub.rb +6 -3
- data/lib/aws_recon/collectors/servicequotas.rb +6 -3
- data/lib/aws_recon/collectors/ses.rb +5 -0
- data/lib/aws_recon/collectors/shield.rb +6 -3
- data/lib/aws_recon/collectors/sns.rb +5 -0
- data/lib/aws_recon/collectors/sqs.rb +5 -0
- data/lib/aws_recon/collectors/ssm.rb +5 -0
- data/lib/aws_recon/collectors/support.rb +6 -3
- data/lib/aws_recon/collectors/transfer.rb +5 -0
- data/lib/aws_recon/collectors/wafv2.rb +5 -0
- data/lib/aws_recon/collectors/workspaces.rb +5 -0
- data/lib/aws_recon/collectors/xray.rb +5 -0
- data/lib/aws_recon/lib/patch.rb +2 -0
- data/lib/aws_recon/options.rb +5 -6
- data/lib/aws_recon/version.rb +1 -1
- data/readme.md +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8df2a508259a0c930a5bfa6c9c01965eeb1fe9955fb6dc48e812303a79062d85
|
4
|
+
data.tar.gz: 4118ae4e81b0361d8e6c5193eb4adeb69f7c6c0e37e2e8c13ed6e4357c4b377b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 633d6e44f13ffb2d1cb34aad13cb0139db582e62fe195564f476d41ac267762d28a5f2c9baacc5fee97344d960fff19ef95fc21d72f2bdbf96f701c107107b4a
|
7
|
+
data.tar.gz: e61afaa923d73cf1d48708f8eff4ca5462cc24fd59a3227178356451cb31a1553a7ad9f5818d52da597171bfa49ef58b8259ff4e5a49ae89c1c3bd8f8a3feb4a
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#
|
4
|
+
# Collect CodePipeline resources
|
5
|
+
#
|
1
6
|
class CodePipeline < Mapper
|
2
7
|
#
|
3
8
|
# Returns an array of resources.
|
@@ -25,9 +30,7 @@ class CodePipeline < Mapper
|
|
25
30
|
rescue Aws::CodePipeline::Errors::ServiceError => e
|
26
31
|
log_error(e.code)
|
27
32
|
|
28
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
29
|
-
raise e
|
30
|
-
end
|
33
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
31
34
|
end
|
32
35
|
|
33
36
|
resources
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#
|
4
|
+
# Collect EC2 resources
|
5
|
+
#
|
1
6
|
class EC2 < Mapper
|
2
7
|
#
|
3
8
|
# Returns an array of resources.
|
@@ -71,9 +76,7 @@ class EC2 < Mapper
|
|
71
76
|
if user_data_raw
|
72
77
|
user_data = Base64.decode64(user_data_raw)
|
73
78
|
|
74
|
-
if user_data.force_encoding('UTF-8').ascii_only?
|
75
|
-
struct.user_data = user_data
|
76
|
-
end
|
79
|
+
struct.user_data = user_data if user_data.force_encoding('UTF-8').ascii_only?
|
77
80
|
end
|
78
81
|
end
|
79
82
|
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#
|
4
|
+
# Collect ECR resources
|
5
|
+
#
|
1
6
|
class ECR < Mapper
|
2
7
|
#
|
3
8
|
# Returns an array of resources.
|
@@ -21,9 +26,7 @@ class ECR < Mapper
|
|
21
26
|
rescue Aws::ECR::Errors::ServiceError => e
|
22
27
|
log_error(e.code)
|
23
28
|
|
24
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
25
|
-
raise e
|
26
|
-
end
|
29
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
27
30
|
ensure
|
28
31
|
resources.push(struct.to_h)
|
29
32
|
end
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#
|
4
|
+
# Collect IAM resources
|
5
|
+
#
|
1
6
|
class IAM < Mapper
|
2
7
|
#
|
3
8
|
# Returns an array of resources.
|
@@ -102,9 +107,7 @@ class IAM < Mapper
|
|
102
107
|
rescue Aws::IAM::Errors::ServiceError => e
|
103
108
|
log_error(e.code)
|
104
109
|
|
105
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
106
|
-
raise e
|
107
|
-
end
|
110
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
108
111
|
end
|
109
112
|
|
110
113
|
#
|
@@ -187,9 +190,7 @@ class IAM < Mapper
|
|
187
190
|
rescue Aws::IAM::Errors::ServiceError => e
|
188
191
|
log_error(e.code)
|
189
192
|
|
190
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
191
|
-
raise e
|
192
|
-
end
|
193
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
193
194
|
end
|
194
195
|
|
195
196
|
resources
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#
|
4
|
+
# Collect KMS resources
|
5
|
+
#
|
1
6
|
class KMS < Mapper
|
2
7
|
#
|
3
8
|
# Returns an array of resources.
|
@@ -30,9 +35,7 @@ class KMS < Mapper
|
|
30
35
|
rescue Aws::KMS::Errors::ServiceError => e
|
31
36
|
log_error(e.code)
|
32
37
|
|
33
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
34
|
-
raise e
|
35
|
-
end
|
38
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
36
39
|
end
|
37
40
|
|
38
41
|
# list_grants
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#
|
4
|
+
# Collect Org resources
|
5
|
+
#
|
1
6
|
class Organizations < Mapper
|
2
7
|
#
|
3
8
|
# Returns an array of resources.
|
@@ -49,9 +54,7 @@ class Organizations < Mapper
|
|
49
54
|
rescue Aws::Organizations::Errors::ServiceError => e
|
50
55
|
log_error(e.code)
|
51
56
|
|
52
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
53
|
-
raise e
|
54
|
-
end
|
57
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
55
58
|
end
|
56
59
|
|
57
60
|
resources
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#
|
4
|
+
# Collect Security Hub resources
|
5
|
+
#
|
1
6
|
class SecurityHub < Mapper
|
2
7
|
#
|
3
8
|
# Returns an array of resources.
|
@@ -21,9 +26,7 @@ class SecurityHub < Mapper
|
|
21
26
|
rescue Aws::SecurityHub::Errors::ServiceError => e
|
22
27
|
log_error(e.code)
|
23
28
|
|
24
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
25
|
-
raise e
|
26
|
-
end
|
29
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
27
30
|
end
|
28
31
|
|
29
32
|
resources
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#
|
4
|
+
# Collect ServiceQuota resources
|
5
|
+
#
|
1
6
|
class ServiceQuotas < Mapper
|
2
7
|
#
|
3
8
|
# Returns an array of resources.
|
@@ -28,9 +33,7 @@ class ServiceQuotas < Mapper
|
|
28
33
|
rescue Aws::ServiceQuotas::Errors::ServiceError => e
|
29
34
|
log_error(e.code, service)
|
30
35
|
|
31
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
32
|
-
raise e
|
33
|
-
end
|
36
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
34
37
|
end
|
35
38
|
|
36
39
|
resources
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#
|
4
|
+
# Collect Shield resources
|
5
|
+
#
|
1
6
|
class Shield < Mapper
|
2
7
|
#
|
3
8
|
# Returns an array of resources.
|
@@ -52,9 +57,7 @@ class Shield < Mapper
|
|
52
57
|
rescue Aws::Shield::Errors::ServiceError => e
|
53
58
|
log_error(e.code)
|
54
59
|
|
55
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
56
|
-
raise e
|
57
|
-
end
|
60
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
58
61
|
|
59
62
|
[] # no access or service isn't enabled
|
60
63
|
end
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#
|
4
|
+
# Collect Support resources
|
5
|
+
#
|
1
6
|
class Support < Mapper
|
2
7
|
#
|
3
8
|
# Returns an array of resources.
|
@@ -28,9 +33,7 @@ class Support < Mapper
|
|
28
33
|
rescue Aws::Support::Errors::ServiceError => e
|
29
34
|
log_error(e.code)
|
30
35
|
|
31
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
32
|
-
raise e
|
33
|
-
end
|
36
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
34
37
|
|
35
38
|
[] # no Support subscription
|
36
39
|
end
|
data/lib/aws_recon/lib/patch.rb
CHANGED
data/lib/aws_recon/options.rb
CHANGED
@@ -1,5 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
#
|
4
|
+
# Command line options parser
|
5
|
+
#
|
3
6
|
class Parser
|
4
7
|
DEFAULT_CONFIG_FILE = nil
|
5
8
|
DEFAULT_OUTPUT_FILE = File.expand_path(File.join(Dir.pwd, 'output.json')).freeze
|
@@ -97,16 +100,12 @@ class Parser
|
|
97
100
|
|
98
101
|
# output format
|
99
102
|
opts.on('-f', '--format [FORMAT]', 'Specify output format (default: aws)') do |file|
|
100
|
-
if %w[aws custom].include?(file.downcase)
|
101
|
-
args.output_format = file.downcase
|
102
|
-
end
|
103
|
+
args.output_format = file.downcase if %w[aws custom].include?(file.downcase)
|
103
104
|
end
|
104
105
|
|
105
106
|
# threads
|
106
107
|
opts.on('-t', '--threads [THREADS]', "Specify max threads (default: #{Parser::DEFAULT_THREADS}, max: 128)") do |threads|
|
107
|
-
if (0..Parser::MAX_THREADS).include?(threads.to_i)
|
108
|
-
args.threads = threads.to_i
|
109
|
-
end
|
108
|
+
args.threads = threads.to_i if (0..Parser::MAX_THREADS).include?(threads.to_i)
|
110
109
|
end
|
111
110
|
|
112
111
|
# collect EC2 instance user data
|
data/lib/aws_recon/version.rb
CHANGED
data/readme.md
CHANGED
@@ -23,7 +23,7 @@ Enter AWS Recon, multi-threaded AWS inventory collection tool written in plain R
|
|
23
23
|
|
24
24
|
### Requirements
|
25
25
|
|
26
|
-
AWS Recon needs AWS account role or credentials with `ReadOnlyAccess`. Full `AdministratorAccess` is over-privileged, but will work as well. The `SecurityAudit` policy is **not** sufficient as it omits access to many services.
|
26
|
+
AWS Recon needs an AWS account role or credentials with `ReadOnlyAccess`. Full `AdministratorAccess` is over-privileged, but will work as well. The `SecurityAudit` policy is **not** sufficient as it omits access to many services.
|
27
27
|
|
28
28
|
#### Running via Docker
|
29
29
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws_recon
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.28
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Josh Larsen
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2021-01-05 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: aws-sdk
|
@@ -197,7 +197,7 @@ files:
|
|
197
197
|
- lib/aws_recon/collectors/codepipeline.rb
|
198
198
|
- lib/aws_recon/collectors/configservice.rb
|
199
199
|
- lib/aws_recon/collectors/directconnect.rb
|
200
|
-
- lib/aws_recon/collectors/
|
200
|
+
- lib/aws_recon/collectors/directoryservice.rb
|
201
201
|
- lib/aws_recon/collectors/dms.rb
|
202
202
|
- lib/aws_recon/collectors/dynamodb.rb
|
203
203
|
- lib/aws_recon/collectors/ec2.rb
|