Documentation
¶
Index ¶
- Variables
- func CapeTUI(outputFiles []string)
- func EnvVarsContains(element EnvironmentVariable, array []EnvironmentVariable) bool
- func GetIamSimResult(SkipAdminCheck bool, roleArnPtr *string, iamSimulatorMod IamSimulatorModule, ...) (string, string)
- func GetPmapperResults(SkipAdminCheck bool, pmapperMod PmapperModule, roleArn *string) (string, string)
- func GetResourceNameFromArn(arn string) string
- func InitGlueClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, ...) *glue.Client
- func InitIAMClient(AWSConfig aws.Config) *iam.Client
- func InitOrgClient(AWSConfig aws.Config) *organizations.Client
- func InitSecretsManagerClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, ...) *secretsmanager.Client
- func ReadArnIgnoreListFile(filename string) ([]string, error)
- type AWSSQSClient
- type AccessKeysModule
- type Account
- type AllAccountData
- type AnalyzedRole
- type ApiGateway
- type ApiGwModule
- func (m *ApiGwModule) ApiGatewayApiKeyRequired(r string, ApiId *string, ResourceId *string, method string) bool
- func (m *ApiGwModule) GetApiGatewayApiKey(r string, ApiId string, Stage string) (string, error)
- func (m *ApiGwModule) PrintApiGws(outputDirectory string, verbosity int)
- func (m *ApiGwModule) Receiver(receiver chan ApiGateway, receiverDone chan bool)
- type AttachedPolicies
- type BucketRow
- type BucketsModule
- type CFStack
- type CapeCommand
- type CapeJSON
- type CapeJobInfo
- type CloudTrailEvent
- type CloudformationModule
- type Cluster
- type CodeBuildModule
- type Database
- type DatabasesModule
- type Directory
- type DirectoryModule
- type ECRModule
- type ECSTasksModule
- type EKSModule
- type Edge
- type ElasticNetworkInterfacesModule
- type Endpoint
- type EndpointsModule
- type EnvironmentVariable
- type EnvsModule
- type FilesystemObject
- type FilesystemsModule
- type GAADGroup
- type GAADPolicy
- type GAADRole
- type GAADUser
- type GlobalResourceCount2
- type GraphCommand
- type Group
- type IamPermissionsModule
- type IamPrincipalsModule
- type IamSimulatorModule
- type InstancesModule
- type Inventory2Module
- func (m *Inventory2Module) GetEMRInstancesPerRegion(r string, wg *sync.WaitGroup, semaphore chan struct{})
- func (m *Inventory2Module) PrintInventoryPerRegion(outputDirectory string, verbosity int)
- func (m *Inventory2Module) PrintTotalResources(AWSOutputType string)
- func (m *Inventory2Module) Receiver(receiver chan GlobalResourceCount2, receiverDone chan bool)
- type Lambda
- type LambdasModule
- type MappedECSTask
- type MappedENI
- type MappedInstance
- type NaclRule
- type NetworkAcl
- type NetworkPortsModule
- type NetworkService
- type NetworkServices
- type Node
- type Org
- type OrgModule
- func (m *OrgModule) FindMgmtAccounts(profile string, version string, wg *sync.WaitGroup, semaphore chan struct{}, ...)
- func (m *OrgModule) IsCallerAccountPartOfAnOrg() bool
- func (m *OrgModule) IsManagementAccount(Organization *types.Organization, account string) bool
- func (m *OrgModule) PrintOrgAccounts(outputDirectory string, verbosity int)
- func (m *OrgModule) ProcessMultipleAccounts(AWSProfiles []string, version string)
- func (m *OrgModule) Receiver(receiver chan Account, receiverDone chan bool)
- type OutboundAssumeRoleEntry
- type OutboundAssumedRolesModule
- type PerAccountData
- type PmapperModule
- func (m *PmapperModule) DoesPrincipalHaveAdmin(principal string) bool
- func (m *PmapperModule) DoesPrincipalHavePathToAdmin(principal string) bool
- func (m *PmapperModule) GenerateCypherStatements(goCtx context.Context, driver neo4j.DriverWithContext) error
- func (m *PmapperModule) PrintPmapperData(outputDirectory string, verbosity int)
- type PmapperOutputRow
- type Project
- type Queue
- type RAMModule
- type Record
- type Repository
- type Resource
- type Resource2
- type ResourceTrustsModule
- type Role
- type RoleTrustRow
- type RoleTrustsModule
- type Route53Module
- type SNSClientInterface
- type SNSModule
- type SNSTopic
- type SQSModule
- type Secret
- type SecretsModule
- type SecurityGroup
- type SecurityGroupRule
- type SimulatorResult
- type Tag
- type Tags
- type TagsGetResourcesAPI
- type TagsModule
- type TrustedFederatedProvider
- type TrustedPrincipal
- type TrustedService
- type User
- type UserKeys
- type Workload
- type WorkloadsModule
Constants ¶
This section is empty.
Variables ¶
View Source
var ( TCP_4_SCAN string = "sudo nmap -Pn -sV" UDP_4_SCAN string = "sudo nmap -Pn -sU -sV" TCP_6_SCAN string = "sudo nmap -6 -Pn -sV" UDP_6_SCAN string = "sudo nmap -6 -Pn -sU -sV" IPv4_BANNER string = `` /* 247-byte string literal not displayed */ IPv6_BANNER string = `` /* 318-byte string literal not displayed */ )
View Source
var AWSRegions = []string{"us-east-1", "us-east-2", "us-west-1", "us-west-2", "af-south-1", "ap-east-1", "ap-south-1", "ap-northeast-3", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ca-central-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-south-1", "eu-west-3", "eu-north-1", "me-south-1", "sa-east-1"}
View Source
var CURL_COMMAND string = "curl -X %s %s"
Functions ¶
func EnvVarsContains ¶ added in v1.9.0
func EnvVarsContains(element EnvironmentVariable, array []EnvironmentVariable) bool
func GetIamSimResult ¶ added in v1.9.0
func GetPmapperResults ¶ added in v1.9.0
func GetPmapperResults(SkipAdminCheck bool, pmapperMod PmapperModule, roleArn *string) (string, string)
func GetResourceNameFromArn ¶ added in v1.11.0
take an arn and return the resource name
func InitGlueClient ¶ added in v1.12.3
func InitOrgClient ¶ added in v1.11.0
func InitOrgClient(AWSConfig aws.Config) *organizations.Client
func InitSecretsManagerClient ¶ added in v1.12.3
func InitSecretsManagerClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) *secretsmanager.Client
func ReadArnIgnoreListFile ¶ added in v1.15.0
Types ¶
type AWSSQSClient ¶ added in v1.10.0
type AWSSQSClient interface {
ListQueues(ctx context.Context, params *sqs.ListQueuesInput, optFns ...func(*sqs.Options)) (*sqs.ListQueuesOutput, error)
GetQueueAttributes(ctx context.Context, params *sqs.GetQueueAttributesInput, optFns ...func(*sqs.Options)) (*sqs.GetQueueAttributesOutput, error)
}
type AccessKeysModule ¶
type AccessKeysModule struct {
// General configuration data
IAMClient sdk.AWSIAMClientInterface
Caller sts.GetCallerIdentityOutput
AWSProfile string
Goroutines int
WrapTable bool
AWSOutputType string
AWSTableCols string
CommandCounter internal.CommandCounter
// Main module data
AnalyzedUsers []UserKeys
// contains filtered or unexported fields
}
func (*AccessKeysModule) PrintAccessKeys ¶
func (m *AccessKeysModule) PrintAccessKeys(filter string, outputDirectory string, verbosity int)
type AllAccountData ¶ added in v1.14.0
type AllAccountData struct {
Files map[string]*PerAccountData // Map of file paths to their records
}
type AnalyzedRole ¶
type ApiGateway ¶ added in v1.13.0
type ApiGwModule ¶ added in v1.13.0
type ApiGwModule struct {
// General configuration data
APIGatewayClient sdk.APIGatewayClientInterface
APIGatewayv2Client sdk.APIGatewayv2ClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
Goroutines int
AWSProfile string
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Main module data
Gateways []ApiGateway
CommandCounter internal.CommandCounter
Errors []string
// contains filtered or unexported fields
}
func (*ApiGwModule) ApiGatewayApiKeyRequired ¶ added in v1.13.0
func (*ApiGwModule) GetApiGatewayApiKey ¶ added in v1.13.0
func (*ApiGwModule) PrintApiGws ¶ added in v1.13.0
func (m *ApiGwModule) PrintApiGws(outputDirectory string, verbosity int)
func (*ApiGwModule) Receiver ¶ added in v1.13.0
func (m *ApiGwModule) Receiver(receiver chan ApiGateway, receiverDone chan bool)
type AttachedPolicies ¶ added in v1.9.0
type BucketsModule ¶
type BucketsModule struct {
// General configuration data
//BucketsS3Client CloudFoxS3Client
CheckBucketPolicies bool
S3Client sdk.AWSS3ClientInterface
AWSRegions []string
AWSProfile string
Caller sts.GetCallerIdentityOutput
AWSTableCols string
AWSOutputType string
Goroutines int
WrapTable bool
// Main module data
Buckets []BucketRow
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*BucketsModule) PrintBuckets ¶
func (m *BucketsModule) PrintBuckets(outputDirectory string, verbosity int)
func (*BucketsModule) Receiver ¶
func (m *BucketsModule) Receiver(receiver chan BucketRow, receiverDone chan bool)
type CapeCommand ¶ added in v1.14.0
type CapeCommand struct {
// General configuration data
Cmd cobra.Command
Caller sts.GetCallerIdentityOutput
AWSRegions []string
Goroutines int
AWSProfile string
WrapTable bool
AWSOutputType string
AWSTableCols string
Verbosity int
AWSOutputDirectory string
AWSConfig aws.Config
Version string
SkipAdminCheck bool
GlobalGraph graph.Graph[string, string]
PmapperDataBasePath string
AnalyzedAccounts map[string]CapeJobInfo
CapeAdminOnly bool
AccountsNotAnalyzed []string
// contains filtered or unexported fields
}
func (*CapeCommand) RunCapeCommand ¶ added in v1.14.0
func (m *CapeCommand) RunCapeCommand()
type CapeJobInfo ¶ added in v1.14.0
type CloudTrailEvent ¶
type CloudTrailEvent struct {
EventVersion string `json:"eventVersion"`
UserIdentity struct {
Type string `json:"type"`
PrincipalID string `json:"principalId"`
Arn string `json:"arn"`
AccountID string `json:"accountId"`
AccessKeyID string `json:"accessKeyId"`
SessionContext struct {
SessionIssuer struct {
Type string `json:"type"`
PrincipalID string `json:"principalId"`
Arn string `json:"arn"`
AccountID string `json:"accountId"`
UserName string `json:"userName"`
} `json:"sessionIssuer"`
WebIDFederationData struct {
} `json:"webIdFederationData"`
Attributes struct {
CreationDate time.Time `json:"creationDate"`
MfaAuthenticated string `json:"mfaAuthenticated"`
} `json:"attributes"`
} `json:"sessionContext"`
} `json:"userIdentity"`
EventTime time.Time `json:"eventTime"`
EventSource string `json:"eventSource"`
EventName string `json:"eventName"`
AwsRegion string `json:"awsRegion"`
SourceIPAddress string `json:"sourceIPAddress"`
UserAgent string `json:"userAgent"`
RequestParameters struct {
RoleArn string `json:"roleArn"`
RoleSessionName string `json:"roleSessionName"`
} `json:"requestParameters"`
ResponseElements struct {
Credentials struct {
AccessKeyID string `json:"accessKeyId"`
SessionToken string `json:"sessionToken"`
Expiration string `json:"expiration"`
} `json:"credentials"`
AssumedRoleUser struct {
AssumedRoleID string `json:"assumedRoleId"`
Arn string `json:"arn"`
} `json:"assumedRoleUser"`
} `json:"responseElements"`
RequestID string `json:"requestID"`
EventID string `json:"eventID"`
ReadOnly bool `json:"readOnly"`
Resources []struct {
AccountID string `json:"accountId"`
Type string `json:"type"`
Arn string `json:"ARN"`
} `json:"resources"`
EventType string `json:"eventType"`
ManagementEvent bool `json:"managementEvent"`
RecipientAccountID string `json:"recipientAccountId"`
EventCategory string `json:"eventCategory"`
TLSDetails struct {
TLSVersion string `json:"tlsVersion"`
CipherSuite string `json:"cipherSuite"`
ClientProvidedHostHeader string `json:"clientProvidedHostHeader"`
} `json:"tlsDetails"`
}
type CloudformationModule ¶ added in v1.8.0
type CloudformationModule struct {
// General configuration data
CloudFormationClient sdk.CloudFormationClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
Goroutines int
AWSProfile string
WrapTable bool
AWSOutputType string
AWSTableCols string
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Main module data
CFStacks []CFStack
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*CloudformationModule) PrintCloudformationStacks ¶ added in v1.8.0
func (m *CloudformationModule) PrintCloudformationStacks(outputDirectory string, verbosity int)
func (*CloudformationModule) Receiver ¶ added in v1.8.0
func (m *CloudformationModule) Receiver(receiver chan CFStack, receiverDone chan bool)
type CodeBuildModule ¶ added in v1.11.0
type CodeBuildModule struct {
// General configuration data
CodeBuildClient sdk.CodeBuildClientInterface
IAMClient sdk.AWSIAMClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
PmapperDataBasePath string
Goroutines int
AWSProfile string
SkipAdminCheck bool
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Main module data
Projects []Project
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func InitCodeBuildClient ¶ added in v1.11.0
func InitCodeBuildClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) CodeBuildModule
func (*CodeBuildModule) PrintCodeBuildProjects ¶ added in v1.11.0
func (m *CodeBuildModule) PrintCodeBuildProjects(outputDirectory string, verbosity int)
func (*CodeBuildModule) Receiver ¶ added in v1.11.0
func (m *CodeBuildModule) Receiver(receiver chan Project, receiverDone chan bool)
type DatabasesModule ¶ added in v1.11.0
type DatabasesModule struct {
RDSClient sdk.RDSClientInterface
RedshiftClient sdk.AWSRedShiftClientInterface
DynamoDBClient sdk.DynamoDBClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
Databases []Database
CommandCounter internal.CommandCounter
Errors []string
// contains filtered or unexported fields
}
func (*DatabasesModule) PrintDatabases ¶ added in v1.11.0
func (m *DatabasesModule) PrintDatabases(outputDirectory string, verbosity int)
func (*DatabasesModule) Receiver ¶ added in v1.11.0
func (m *DatabasesModule) Receiver(receiver chan Database, receiverDone chan bool)
type DirectoryModule ¶ added in v1.14.0
type DirectoryModule struct {
// General configuration data
DSClient sdk.AWSDSClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSProfile string
Goroutines int
WrapTable bool
AWSOutputType string
AWSTableCols string
AWSMFAToken string
AWSConfig aws.Config
AWSProfileProvided string
AWSProfileStub string
CloudFoxVersion string
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
Directories []Directory
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*DirectoryModule) PrintDirectories ¶ added in v1.14.0
func (m *DirectoryModule) PrintDirectories(outputDirectory string, verbosity int)
func (*DirectoryModule) Receiver ¶ added in v1.14.0
func (m *DirectoryModule) Receiver(receiver chan Directory, receiverDone chan bool)
type ECRModule ¶
type ECRModule struct {
// General configuration data
ECRClient sdk.AWSECRClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Main module data
Repositories []Repository
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func InitECRClient ¶ added in v1.11.0
func (*ECRModule) Receiver ¶
func (m *ECRModule) Receiver(receiver chan Repository, receiverDone chan bool)
type ECSTasksModule ¶ added in v1.9.0
type ECSTasksModule struct {
ECSClient sdk.AWSECSClientInterface
EC2Client sdk.AWSEC2ClientInterface
IAMClient sdk.AWSIAMClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
PmapperDataBasePath string
AWSProfile string
Goroutines int
SkipAdminCheck bool
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
MappedECSTasks []MappedECSTask
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*ECSTasksModule) ECSTasks ¶ added in v1.9.0
func (m *ECSTasksModule) ECSTasks(outputDirectory string, verbosity int)
func (*ECSTasksModule) Receiver ¶ added in v1.9.0
func (m *ECSTasksModule) Receiver(receiver chan MappedECSTask, receiverDone chan bool)
type EKSModule ¶ added in v1.9.0
type EKSModule struct {
// General configuration data
// These interfaces are used for unit testing
EKSClient sdk.EKSClientInterface
IAMClient sdk.AWSIAMClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
PmapperDataBasePath string
Goroutines int
AWSProfile string
SkipAdminCheck bool
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Main module data
Clusters []Cluster
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
type ElasticNetworkInterfacesModule ¶ added in v1.9.0
type ElasticNetworkInterfacesModule struct {
EC2Client sdk.AWSEC2ClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
AWSProfile string
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
MappedENIs []MappedENI
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*ElasticNetworkInterfacesModule) ElasticNetworkInterfaces ¶ added in v1.9.0
func (m *ElasticNetworkInterfacesModule) ElasticNetworkInterfaces(outputDirectory string, verbosity int)
func (*ElasticNetworkInterfacesModule) Receiver ¶ added in v1.9.0
func (m *ElasticNetworkInterfacesModule) Receiver(receiver chan MappedENI, receiverDone chan bool)
type EndpointsModule ¶
type EndpointsModule struct {
// General configuration data
LambdaClient sdk.LambdaClientInterface
EKSClient sdk.EKSClientInterface
MQClient *mq.Client
OpenSearchClient *opensearch.Client
GrafanaClient *grafana.Client
ELBv2Client *elasticloadbalancingv2.Client
ELBClient *elasticloadbalancing.Client
APIGatewayClient *apigateway.Client
APIGatewayv2Client *apigatewayv2.Client
RDSClient *rds.Client
RedshiftClient *redshift.Client
S3Client *s3.Client
CloudfrontClient *cloudfront.Client
AppRunnerClient *apprunner.Client
LightsailClient *lightsail.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Main module data
Endpoints []Endpoint
CommandCounter internal.CommandCounter
Errors []string
// contains filtered or unexported fields
}
func (*EndpointsModule) PrintEndpoints ¶
func (m *EndpointsModule) PrintEndpoints(outputDirectory string, verbosity int)
func (*EndpointsModule) Receiver ¶
func (m *EndpointsModule) Receiver(receiver chan Endpoint, receiverDone chan bool)
type EnvironmentVariable ¶
type EnvironmentVariable struct {
// contains filtered or unexported fields
}
type EnvsModule ¶
type EnvsModule struct {
// General configuration data
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSProfile string
AWSOutputType string
AWSTableCols string
Goroutines int
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Service Clients
ECSClient *ecs.Client
LambdaClient *lambda.Client
AppRunnerClient *apprunner.Client
LightsailClient *lightsail.Client
SagemakerClient *sagemaker.Client
// Main module data
EnvironmentVariables []EnvironmentVariable
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*EnvsModule) PrintEnvs ¶
func (m *EnvsModule) PrintEnvs(outputDirectory string, verbosity int)
func (*EnvsModule) Receiver ¶
func (m *EnvsModule) Receiver(receiver chan EnvironmentVariable, receiverDone chan bool)
type FilesystemObject ¶
type FilesystemsModule ¶
type FilesystemsModule struct {
EFSClient *efs.Client
FSxClient *fsx.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Main module data
Filesystems []FilesystemObject
Regions [30]FilesystemObject
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func InitFileSystemsClient ¶ added in v1.11.0
func InitFileSystemsClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) FilesystemsModule
func (*FilesystemsModule) PrintFilesystems ¶
func (m *FilesystemsModule) PrintFilesystems(outputDirectory string, verbosity int)
func (*FilesystemsModule) Receiver ¶
func (m *FilesystemsModule) Receiver(receiver chan FilesystemObject, receiverDone chan bool)
type GAADGroup ¶
type GAADGroup struct {
Arn string
Name string
AttachedPolicies []types.AttachedPolicy
InlinePolicies []types.PolicyDetail
}
type GAADPolicy ¶
type GAADPolicy struct {
Name string
Arn string
PolicyVersionList []types.PolicyVersion
}
type GAADRole ¶
type GAADRole struct {
Arn string
Name string
AttachedPolicies []types.AttachedPolicy
InlinePolicies []types.PolicyDetail
}
type GAADUser ¶
type GAADUser struct {
Name string
Arn string
AttachedPolicies []types.AttachedPolicy
InlinePolicies []types.PolicyDetail
GroupList []string
}
type GlobalResourceCount2 ¶
type GlobalResourceCount2 struct {
// contains filtered or unexported fields
}
type GraphCommand ¶ added in v1.14.0
type GraphCommand struct {
// General configuration data
Caller sts.GetCallerIdentityOutput
AWSRegions []string
Goroutines int
AWSProfile string
WrapTable bool
AWSOutputType string
AWSTableCols string
Verbosity int
AWSOutputDirectory string
AWSConfig aws.Config
Version string
SkipAdminCheck bool
PmapperDataBasePath string
// contains filtered or unexported fields
}
func (*GraphCommand) RunGraphCommand ¶ added in v1.14.0
func (m *GraphCommand) RunGraphCommand()
type IamPermissionsModule ¶
type IamPermissionsModule struct {
// General configuration data
IAMClient sdk.AWSIAMClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
WrapTable bool
Policies []GAADPolicy
Users []GAADUser
Roles []GAADRole
Groups []GAADGroup
Rows []common.PermissionsRow
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func InitPermissionsClient ¶ added in v1.14.0
func InitPermissionsClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) IamPermissionsModule
func (*IamPermissionsModule) GetGAAD ¶ added in v1.14.0
func (m *IamPermissionsModule) GetGAAD()
func (*IamPermissionsModule) ParsePermissions ¶ added in v1.14.0
func (m *IamPermissionsModule) ParsePermissions(principal string)
func (*IamPermissionsModule) PrintIamPermissions ¶
func (m *IamPermissionsModule) PrintIamPermissions(outputDirectory string, verbosity int, principal string)
type IamPrincipalsModule ¶
type IamPrincipalsModule struct {
// General configuration data
IAMClient sdk.AWSIAMClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
WrapTable bool
SkipAdminCheck bool
PmapperDataBasePath string
// Main module data
Users []User
Roles []Role
Groups []Group
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*IamPrincipalsModule) PrintIamPrincipals ¶
func (m *IamPrincipalsModule) PrintIamPrincipals(outputDirectory string, verbosity int)
type IamSimulatorModule ¶
type IamSimulatorModule struct {
// General configuration data
IAMClient sdk.AWSIAMClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfileProvided string
AWSProfileStub string
WrapTable bool
// Main module data
SimulatorResults []SimulatorResult
CommandCounter internal.CommandCounter
IamSimulatorAdminCheckOnly bool
// contains filtered or unexported fields
}
func InitIamCommandClient ¶ added in v1.14.0
func InitIamCommandClient(iamSimPPClient sdk.AWSIAMClientInterface, caller sts.GetCallerIdentityOutput, AWSProfile string, Goroutines int) IamSimulatorModule
func (*IamSimulatorModule) PrintIamSimulator ¶
func (*IamSimulatorModule) Receiver ¶
func (m *IamSimulatorModule) Receiver(receiver chan SimulatorResult, receiverDone chan bool)
type InstancesModule ¶
type InstancesModule struct {
// General configuration data
EC2Client sdk.AWSEC2ClientInterface
IAMClient sdk.AWSIAMClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
PmapperDataBasePath string
Goroutines int
UserDataAttributesOnly bool
AWSProfile string
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
InstanceProfileToRolesMap map[string][]iamTypes.Role
SkipAdminCheck bool
// Module's Results
MappedInstances []MappedInstance
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*InstancesModule) Instances ¶
func (m *InstancesModule) Instances(filter string, outputDirectory string, verbosity int)
func (*InstancesModule) Receiver ¶
func (m *InstancesModule) Receiver(receiver chan MappedInstance, receiverDone chan bool)
type Inventory2Module ¶
type Inventory2Module struct {
// General configuration data
APIGatewayClient *apigateway.Client
APIGatewayv2Client *apigatewayv2.Client
AppRunnerClient *apprunner.Client
AthenaClient *athena.Client
Cloud9Client *cloud9.Client
CloudFormationClient *cloudformation.Client
CloudfrontClient *cloudfront.Client
CodeArtifactClient sdk.AWSCodeArtifactClientInterface
CodeBuildClient sdk.CodeBuildClientInterface
CodeCommitClient sdk.AWSCodeCommitClientInterface
CodeDeployClient sdk.AWSCodeDeployClientInterface
DataPipelineClient sdk.AWSDataPipelineClientInterface
DynamoDBClient *dynamodb.Client
EC2Client *ec2.Client
ECRClient sdk.AWSECRClientInterface
ECSClient *ecs.Client
EKSClient sdk.EKSClientInterface
ELBClient *elasticloadbalancing.Client
ELBv2Client *elasticloadbalancingv2.Client
ElasticacheClient sdk.AWSElastiCacheClientInterface
ElasticBeanstalkClient sdk.AWSElasticBeanstalkClientInterface
EMRClient sdk.AWSEMRClientInterface
GrafanaClient *grafana.Client
GlueClient sdk.AWSGlueClientInterface
KinesisClient sdk.AWSKinesisClientInterface
IAMClient *iam.Client
LambdaClient *lambda.Client
LightsailClient *lightsail.Client
MQClient *mq.Client
OpenSearchClient *opensearch.Client
RDSClient *rds.Client
RedshiftClient sdk.AWSRedShiftClientInterface
Route53Client sdk.AWSRoute53ClientInterface
S3Client *s3.Client
SQSClient *sqs.Client
SSMClient *ssm.Client
SNSClient *sns.Client
SecretsManagerClient *secretsmanager.Client
StepFunctionClient sdk.StepFunctionsClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Main module data
RegionResourceCount int
CommandCounter internal.CommandCounter
GlobalResourceCounts []GlobalResourceCount2
// contains filtered or unexported fields
}
func (*Inventory2Module) GetEMRInstancesPerRegion ¶ added in v1.12.0
func (m *Inventory2Module) GetEMRInstancesPerRegion(r string, wg *sync.WaitGroup, semaphore chan struct{})
func (*Inventory2Module) PrintInventoryPerRegion ¶
func (m *Inventory2Module) PrintInventoryPerRegion(outputDirectory string, verbosity int)
func (*Inventory2Module) PrintTotalResources ¶
func (m *Inventory2Module) PrintTotalResources(AWSOutputType string)
func (*Inventory2Module) Receiver ¶
func (m *Inventory2Module) Receiver(receiver chan GlobalResourceCount2, receiverDone chan bool)
type LambdasModule ¶ added in v1.8.0
type LambdasModule struct {
// General configuration data
LambdaClient *lambda.Client
IAMClient sdk.AWSIAMClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
SkipAdminCheck bool
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
PmapperDataBasePath string
// Main module data
Lambdas []Lambda
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func InitLambdaClient ¶ added in v1.11.0
func InitLambdaClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) LambdasModule
func (*LambdasModule) PrintLambdas ¶ added in v1.8.0
func (m *LambdasModule) PrintLambdas(outputDirectory string, verbosity int)
func (*LambdasModule) Receiver ¶ added in v1.8.0
func (m *LambdasModule) Receiver(receiver chan Lambda, receiverDone chan bool)
type MappedECSTask ¶ added in v1.9.0
type MappedInstance ¶
type NetworkAcl ¶ added in v1.10.0
type NetworkAcl struct {
ID string
VpcId string
Subnets []string
// contains filtered or unexported fields
}
func (*NetworkAcl) Insert ¶ added in v1.10.0
func (l *NetworkAcl) Insert(rule NaclRule)
type NetworkPortsModule ¶ added in v1.10.0
type NetworkPortsModule struct {
// General configuration data
EC2Client *ec2.Client
ECSClient *ecs.Client
EFSClient *efs.Client
ElastiCacheClient *elasticache.Client
ELBv2Client *elasticloadbalancingv2.Client
LightsailClient *lightsail.Client
RDSClient *rds.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
WrapTable bool
Verbosity int
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Main module data
IPv4_Private []NetworkService
IPv4_Public []NetworkService
IPv6 []NetworkService
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*NetworkPortsModule) Evaluate ¶ added in v1.10.0
func (m *NetworkPortsModule) Evaluate(l *NetworkAcl, port int32, proto string) (bool, *NaclRule)
func (*NetworkPortsModule) PrintNetworkPorts ¶ added in v1.10.0
func (m *NetworkPortsModule) PrintNetworkPorts(outputDirectory string)
func (*NetworkPortsModule) Receiver ¶ added in v1.10.0
func (m *NetworkPortsModule) Receiver(receiver chan NetworkServices, receiverDone chan bool)
type NetworkService ¶ added in v1.10.0
type NetworkServices ¶ added in v1.10.0
type NetworkServices struct {
IPv4_Private []NetworkService
IPv4_Public []NetworkService
IPv6 []NetworkService
}
type Node ¶ added in v1.9.0
type Node struct {
Arn string `json:"arn"`
Type string
AccountID string
Name string
IDValue string `json:"id_value"`
AttachedPolicies []AttachedPolicies `json:"attached_policies"`
GroupMemberships []interface{} `json:"group_memberships"`
TrustPolicy interface{} `json:"trust_policy"`
TrustsDoc policy.TrustPolicyDocument
TrustedPrincipals []TrustedPrincipal
TrustedServices []TrustedService
TrustedFederatedProviders []TrustedFederatedProvider
InstanceProfile interface{} `json:"instance_profile"`
ActivePassword bool `json:"active_password"`
AccessKeys int `json:"access_keys"`
IsAdmin bool `json:"is_admin"`
PathToAdmin bool
PermissionsBoundary interface{} `json:"permissions_boundary"`
HasMfa bool `json:"has_mfa"`
Tags Tags `json:"tags"`
CanPrivEscToAdminString string
IsAdminString string
VendorName string
}
func ConvertIAMRoleToNode ¶ added in v1.14.0
func ConvertIAMRoleToNode(role types.Role, vendors *knownawsaccountslookup.Vendors, analyzedAccounts map[string]CapeJobInfo) Node
func ConvertIAMUserToNode ¶ added in v1.14.0
func FindVerticesInRoleTrust ¶ added in v1.14.0
func FindVerticesInRoleTrust(a Node, vendors *knownawsaccountslookup.Vendors) []Node
func MergeNodes ¶ added in v1.14.0
type OrgModule ¶ added in v1.11.0
type OrgModule struct {
OrganizationsClient sdk.OrganizationsClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
SkipAdminCheck bool
WrapTable bool
DescribeOrgOutput *types.Organization
// Main module data
Accounts []Account
Orgs map[string]Org
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func InitOrgsClient ¶ added in v1.14.0
func (*OrgModule) FindMgmtAccounts ¶ added in v1.11.0
func (*OrgModule) IsCallerAccountPartOfAnOrg ¶ added in v1.11.0
func (*OrgModule) IsManagementAccount ¶ added in v1.11.0
func (m *OrgModule) IsManagementAccount(Organization *types.Organization, account string) bool
func (*OrgModule) PrintOrgAccounts ¶ added in v1.11.0
func (*OrgModule) ProcessMultipleAccounts ¶ added in v1.11.0
type OutboundAssumeRoleEntry ¶
type OutboundAssumedRolesModule ¶
type OutboundAssumedRolesModule struct {
// General configuration data
CloudTrailClient *cloudtrail.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Main module data
OutboundAssumeRoleEntries []OutboundAssumeRoleEntry
Days int
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*OutboundAssumedRolesModule) PrintOutboundRoleTrusts ¶
func (m *OutboundAssumedRolesModule) PrintOutboundRoleTrusts(days int, outputDirectory string, verbosity int)
func (*OutboundAssumedRolesModule) Receiver ¶
func (m *OutboundAssumedRolesModule) Receiver(receiver chan OutboundAssumeRoleEntry, receiverDone chan bool)
type PerAccountData ¶ added in v1.14.0
type PmapperModule ¶ added in v1.9.0
type PmapperModule struct {
// General configuration data
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
WrapTable bool
// Main module data
PmapperDataBasePath string
Nodes []Node
Edges []Edge
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func InitPmapperGraph ¶ added in v1.14.0
func InitPmapperGraph(Caller sts.GetCallerIdentityOutput, AWSProfile string, Goroutines int, PmapperDataBasePath string) (PmapperModule, error)
func (*PmapperModule) DoesPrincipalHaveAdmin ¶ added in v1.9.0
func (m *PmapperModule) DoesPrincipalHaveAdmin(principal string) bool
func (*PmapperModule) DoesPrincipalHavePathToAdmin ¶ added in v1.9.0
func (m *PmapperModule) DoesPrincipalHavePathToAdmin(principal string) bool
func (*PmapperModule) GenerateCypherStatements ¶ added in v1.14.0
func (m *PmapperModule) GenerateCypherStatements(goCtx context.Context, driver neo4j.DriverWithContext) error
func (*PmapperModule) PrintPmapperData ¶ added in v1.9.0
func (m *PmapperModule) PrintPmapperData(outputDirectory string, verbosity int)
type PmapperOutputRow ¶ added in v1.14.0
type RAMModule ¶
type RAMModule struct {
// General configuration data
RAMClient *ram.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Main module data
Resources []Resource
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
type Repository ¶
type ResourceTrustsModule ¶ added in v1.11.0
type ResourceTrustsModule struct {
KMSClient *sdk.KMSClientInterface
APIGatewayClient *sdk.APIGatewayClientInterface
EC2Client *sdk.AWSEC2ClientInterface
OpenSearchClient *sdk.OpenSearchClientInterface
// General configuration data
Caller sts.GetCallerIdentityOutput
AWSRegions []string
Goroutines int
WrapTable bool
AWSOutputType string
AWSTableCols string
AWSMFAToken string
AWSConfig aws.Config
AWSProfileProvided string
AWSProfileStub string
CloudFoxVersion string
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
Resources2 []Resource2
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*ResourceTrustsModule) PrintResources ¶ added in v1.11.0
func (m *ResourceTrustsModule) PrintResources(outputDirectory string, verbosity int, includeKms bool)
func (*ResourceTrustsModule) Receiver ¶ added in v1.11.0
func (m *ResourceTrustsModule) Receiver(receiver chan Resource2, receiverDone chan bool)
type RoleTrustRow ¶ added in v1.12.3
type RoleTrustsModule ¶
type RoleTrustsModule struct {
// General configuration data
IAMClient sdk.AWSIAMClientInterface
IAMSimulatePrincipalPolicyClient iam.SimulatePrincipalPolicyAPIClient
Caller sts.GetCallerIdentityOutput
AWSProfile string
Goroutines int
CommandCounter internal.CommandCounter
SkipAdminCheck bool
WrapTable bool
AWSOutputType string
AWSTableCols string
PmapperDataBasePath string
// Main module data
AnalyzedRoles []AnalyzedRole
RoleTrustTable []RoleTrustRow
// contains filtered or unexported fields
}
func (*RoleTrustsModule) PrintRoleTrusts ¶
func (m *RoleTrustsModule) PrintRoleTrusts(outputDirectory string, verbosity int)
type Route53Module ¶
type Route53Module struct {
// General configuration data
Route53Client sdk.AWSRoute53ClientInterface
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
WrapTable bool
CommandCounter internal.CommandCounter
// Main module data
Records []Record
// contains filtered or unexported fields
}
func (*Route53Module) PrintRoute53 ¶
func (m *Route53Module) PrintRoute53(outputDirectory string, verbosity int)
type SNSClientInterface ¶ added in v1.11.0
type SNSClientInterface interface {
ListTopics(ctx context.Context, params *sns.ListTopicsInput, optFns ...func(*sns.Options)) (*sns.ListTopicsOutput, error)
GetTopicAttributes(ctx context.Context, params *sns.GetTopicAttributesInput, optFns ...func(*sns.Options)) (*sns.GetTopicAttributesOutput, error)
}
type SNSModule ¶ added in v1.10.0
type SNSModule struct {
// General configuration data
SNSClient SNSClientInterface
AWSRegions []string
AWSProfile string
Caller sts.GetCallerIdentityOutput
StorePolicies bool
AWSOutputType string
AWSTableCols string
Goroutines int
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Main module data
Topics []SNSTopic
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func InitCloudFoxSNSClient ¶ added in v1.11.0
type SQSModule ¶ added in v1.10.0
type SQSModule struct {
// General configuration data
SQSClient AWSSQSClient
StorePolicies bool
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
WrapTable bool
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Main module data
Queues []Queue
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func InitSQSClient ¶ added in v1.11.0
type SecretsModule ¶
type SecretsModule struct {
// General configuration data
SecretsManagerClient *secretsmanager.Client
SSMClient *ssm.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSProfile string
Goroutines int
WrapTable bool
AWSOutputType string
AWSTableCols string
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Main module data
Secrets []Secret
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*SecretsModule) PrintSecrets ¶
func (m *SecretsModule) PrintSecrets(outputDirectory string, verbosity int)
func (*SecretsModule) Receiver ¶
func (m *SecretsModule) Receiver(receiver chan Secret, receiverDone chan bool)
type SecurityGroup ¶ added in v1.10.0
type SecurityGroup struct {
ID string
VpcId string
Rules []SecurityGroupRule
}
type SecurityGroupRule ¶ added in v1.10.0
type SimulatorResult ¶
type TagsGetResourcesAPI ¶ added in v1.10.0
type TagsGetResourcesAPI interface {
GetResources(ctx context.Context, params *resourcegroupstaggingapi.GetResourcesInput, optFns ...func(*resourcegroupstaggingapi.Options)) (*resourcegroupstaggingapi.GetResourcesOutput, error)
}
type TagsModule ¶ added in v1.8.0
type TagsModule struct {
// General configuration data
ResourceGroupsTaggingApiInterface TagsGetResourcesAPI
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSOutputType string
AWSTableCols string
Goroutines int
AWSProfile string
WrapTable bool
MaxResourcesPerRegion int
// Main module data
Tags []Tag
CommandCounter internal.CommandCounter
ResourceTypeCounts map[string]int
// contains filtered or unexported fields
}
func (*TagsModule) PrintTags ¶ added in v1.8.0
func (m *TagsModule) PrintTags(outputDirectory string, verbosity int)
func (*TagsModule) Receiver ¶ added in v1.8.0
func (m *TagsModule) Receiver(receiver chan Tag, receiverDone chan bool)
type TrustedFederatedProvider ¶ added in v1.14.0
type TrustedPrincipal ¶ added in v1.14.0
type TrustedService ¶ added in v1.14.0
type WorkloadsModule ¶ added in v1.13.0
type WorkloadsModule struct {
// General configuration data
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSProfile string
AWSOutputType string
AWSTableCols string
Goroutines int
WrapTable bool
SkipAdminCheck bool
// Service Clients
EC2Client sdk.AWSEC2ClientInterface
ECSClient sdk.AWSECSClientInterface
LambdaClient sdk.LambdaClientInterface
AppRunnerClient sdk.AppRunnerClientInterface
IAMClient sdk.AWSIAMClientInterface
PmapperDataBasePath string
InstanceProfileToRolesMap map[string][]iamTypes.Role
ServiceMap *awsservicemap.AwsServiceMap // Shared service map to avoid repeated HTTP requests
// Main module data
Workloads []Workload
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*WorkloadsModule) PrintWorkloads ¶ added in v1.13.0
func (m *WorkloadsModule) PrintWorkloads(outputDirectory string, verbosity int)
func (*WorkloadsModule) Receiver ¶ added in v1.13.0
func (m *WorkloadsModule) Receiver(receiver chan Workload, receiverDone chan bool)
Source Files
¶
- access-keys.go
- api-gws.go
- buckets.go
- cape-tui.go
- cape.go
- client-initializers.go
- cloudformation.go
- codebuild.go
- databases.go
- directory-services.go
- ecr.go
- ecs-tasks.go
- eks.go
- elastic-network-interfaces.go
- endpoints.go
- env-vars.go
- filesystems.go
- graph.go
- iam-simulator.go
- instances.go
- inventory.go
- lambda.go
- network-ports.go
- org.go
- outbound-assumed-roles.go
- permissions.go
- pmapper.go
- principals.go
- ram.go
- resource-trusts.go
- role-trusts.go
- route53.go
- secrets.go
- shared.go
- sns.go
- sqs.go
- tags.go
- workloads.go
Directories
Click to show internal directories.
Click to hide internal directories.