cli

package
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 8, 2022 License: MIT Imports: 35 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	AWSRegions = []string{"us-east-1", "us-east-2", "us-west-1", "us-west-2", "af-south-1", "ap-east-1", "ap-south-1", "ap-northeast-3", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ca-central-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-south-1", "eu-west-3", "eu-north-1", "me-south-1", "sa-east-1"}

	AWSProfile         string
	AWSOutputFormat    string
	AWSOutputDirectory string
	Verbosity          int
	AWSCommands        = &cobra.Command{
		Use:   "aws",
		Short: "See \"Available Commands\" for AWS Modules",
		Run: func(cmd *cobra.Command, args []string) {
			cmd.Help()
		},
	}

	// The filter is set to "all" when the flag "--filter" is not used
	RoleTrustFilter  string
	RoleTrustCommand = &cobra.Command{
		Use:     "role-trusts",
		Aliases: []string{"roletrusts", "role-trust"},
		Short:   "Enumerate all role trusts",
		Long: "\nUse case examples:\n" +
			"Map all role trusts for caller's account:\n" +
			os.Args[0] + " aws role-trusts\n",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {
			m := aws.RoleTrustsModule{
				IAMClient:  iam.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSProfile: AWSProfile}
			m.PrintRoleTrusts(AWSOutputFormat, AWSOutputDirectory, Verbosity)
		},
	}

	AccessKeysFilter  string
	AccessKeysCommand = &cobra.Command{
		Use:     "access-keys",
		Aliases: []string{"accesskeys", "keys"},
		Short:   "Enumerate active access keys for all users",
		Long: "\nUse case examples:\n" +
			"Map active access keys:\n" +
			os.Args[0] + " aws access-keys --profile test_account" +
			os.Args[0] + " aws access-keys --filter access_key_id --profile readonly_profile",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {
			m := aws.AccessKeysModule{
				IAMClient:  iam.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSProfile: AWSProfile,
			}
			m.PrintAccessKeys(AccessKeysFilter, AWSOutputFormat, AWSOutputDirectory, Verbosity)
		},
	}

	BucketsCommand = &cobra.Command{
		Use:     "buckets",
		Aliases: []string{"bucket"},
		Short:   "Enumerate all of the buckets. Get loot file with s3 commands to list/download bucket contents",
		Long: "\nUse case examples:\n" +
			"List all buckets create a file with pre-populated aws s3 commands:\n" +
			os.Args[0] + " aws buckets --profile test_account",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {
			m := aws.BucketsModule{
				S3Client:   s3.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSProfile: AWSProfile,
			}
			m.PrintBuckets(AWSOutputFormat, AWSOutputDirectory, Verbosity)

		},
	}

	// This filter could be an instance ID or a TXT file with instance IDs separated by a new line.
	InstancesFilter                   string
	InstanceMapUserDataAttributesOnly bool
	InstancesCommand                  = &cobra.Command{
		Use:     "instances",
		Aliases: []string{"instance"},
		Short:   "Enumerate all instances along with assigned IPs, profiles, and user-data",
		Long: "\nUse case examples:\n" +
			os.Args[0] + " aws instances --profile readonly_profile",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {

			m := aws.InstancesModule{
				EC2Client:  ec2.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSRegions: AWSRegions,

				UserDataAttributesOnly: InstanceMapUserDataAttributesOnly,
				AWSProfile:             AWSProfile,
			}
			m.Instances(InstancesFilter, AWSOutputFormat, AWSOutputDirectory, Verbosity)
		},
	}

	InventoryCommand = &cobra.Command{
		Use:   "inventory",
		Short: "Gain a rough understanding of size of the account and preferred regions",
		Long: "\nUse case examples:\n" +
			os.Args[0] + " aws inventory --profile readonly_profile",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {
			m := aws.Inventory2Module{
				EC2Client:            ec2.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				ECSClient:            ecs.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				EKSClient:            eks.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				S3Client:             s3.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				LambdaClient:         lambda.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				CloudFormationClient: cloudformation.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				SecretsManagerClient: secretsmanager.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				SSMClient:            ssm.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				RDSClient:            rds.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				APIGatewayv2Client:   apigatewayv2.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				ELBClient:            elasticloadbalancing.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				ELBv2Client:          elasticloadbalancingv2.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				IAMClient:            iam.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				MQClient:             mq.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				OpenSearchClient:     opensearch.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				GrafanaClient:        grafana.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				APIGatewayClient:     apigateway.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				RedshiftClient:       redshift.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				CloudfrontClient:     cloudfront.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				AppRunnerClient:      apprunner.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				LightsailClient:      lightsail.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),

				Caller:     utils.AWSWhoami(AWSProfile),
				AWSRegions: AWSRegions,
				AWSProfile: AWSProfile,
			}
			m.PrintInventoryPerRegion(AWSOutputFormat, AWSOutputDirectory, Verbosity)
		},
	}

	EndpointsCommand = &cobra.Command{
		Use:     "endpoints",
		Aliases: []string{"endpoint"},
		Short:   "Enumerates endpoints from various services. Get a loot file with http endpoints to scan.",
		Long: "\nUse case examples:\n" +
			os.Args[0] + " aws endpoints --profile readonly_profile",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {
			m := aws.EndpointsModule{
				EKSClient:          eks.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				LambdaClient:       lambda.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				MQClient:           mq.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				OpenSearchClient:   opensearch.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				GrafanaClient:      grafana.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				ELBClient:          elasticloadbalancing.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				APIGatewayClient:   apigateway.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				ELBv2Client:        elasticloadbalancingv2.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				APIGatewayv2Client: apigatewayv2.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				RDSClient:          rds.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				RedshiftClient:     redshift.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				S3Client:           s3.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				CloudfrontClient:   cloudfront.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				AppRunnerClient:    apprunner.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				LightsailClient:    lightsail.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),

				Caller:     utils.AWSWhoami(AWSProfile),
				AWSRegions: AWSRegions,
				AWSProfile: AWSProfile,
			}
			m.PrintEndpoints(AWSOutputFormat, AWSOutputDirectory, Verbosity)
		},
	}

	SecretsCommand = &cobra.Command{
		Use:     "secrets",
		Aliases: []string{"secret"},
		Short:   "Enumerate secrets from secrets manager and SSM",
		Long: "\nUse case examples:\n" +
			os.Args[0] + " aws secrets --profile readonly_profile",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {
			m := aws.SecretsModule{
				SecretsManagerClient: secretsmanager.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				SSMClient:            ssm.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),

				Caller:     utils.AWSWhoami(AWSProfile),
				AWSRegions: AWSRegions,
				AWSProfile: AWSProfile,
			}
			m.PrintSecrets(AWSOutputFormat, AWSOutputDirectory, Verbosity)
		},
	}

	Route53Command = &cobra.Command{
		Use:     "route53",
		Aliases: []string{"dns", "route", "routes"},
		Short:   "Enumerate all records from all zones managed by route53. Get a loot file with A records you can scan",
		Long: "\nUse case examples:\n" +
			os.Args[0] + " aws route53 --profile readonly_profile",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {
			m := aws.Route53Module{
				Route53Client: route53.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),

				Caller:     utils.AWSWhoami(AWSProfile),
				AWSRegions: AWSRegions,
				AWSProfile: AWSProfile,
			}
			m.PrintRoute53(AWSOutputFormat, AWSOutputDirectory, Verbosity)
		},
	}

	ECRCommand = &cobra.Command{
		Use:     "ecr",
		Aliases: []string{"repos", "repo", "repositories"},
		Short:   "Enumerate the most recently pushed image URI from all repositories. Get a loot file with commands to pull images",
		Long: "\nUse case examples:\n" +
			os.Args[0] + " aws ecr --profile readonly_profile",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {
			m := aws.ECRModule{
				ECRClient: ecr.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),

				Caller:     utils.AWSWhoami(AWSProfile),
				AWSRegions: AWSRegions,
				AWSProfile: AWSProfile,
			}
			m.PrintECR(AWSOutputFormat, AWSOutputDirectory, Verbosity)
		},
	}
	OutboundAssumedRolesDays    int
	OutboundAssumedRolesCommand = &cobra.Command{
		Use:     "outbound-assumed-roles",
		Aliases: []string{"assumedroles", "assumeroles", "outboundassumedroles"},
		Short:   "Find the roles that have been assumed by principals in this account",
		Long: "\nUse case examples:\n" +
			os.Args[0] + " aws outbound-assumed-roles --profile readonly_profile",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {
			m := aws.OutboundAssumedRolesModule{
				CloudTrailClient: cloudtrail.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),

				Caller:     utils.AWSWhoami(AWSProfile),
				AWSRegions: AWSRegions,
				AWSProfile: AWSProfile,
			}
			m.PrintOutboundRoleTrusts(OutboundAssumedRolesDays, AWSOutputFormat, AWSOutputDirectory, Verbosity)
		},
	}

	EnvsCommand = &cobra.Command{
		Use:     "env-vars",
		Aliases: []string{"envs", "envvars", "env"},
		Short:   "Enumerate the environment variables from mutliple services that have them",
		Long: "\nUse case examples:\n" +
			os.Args[0] + " aws env-vars --profile readonly_profile",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {
			m := aws.EnvsModule{

				Caller:          utils.AWSWhoami(AWSProfile),
				AWSRegions:      AWSRegions,
				AWSProfile:      AWSProfile,
				ECSClient:       ecs.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				AppRunnerClient: apprunner.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				LambdaClient:    lambda.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				LightsailClient: lightsail.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				SagemakerClient: sagemaker.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
			}
			m.PrintEnvs(AWSOutputFormat, AWSOutputDirectory, Verbosity)
		},
	}

	PrincipalsCommand = &cobra.Command{
		Use:     "principals",
		Aliases: []string{"principal"},
		Short:   "Enumerate IAM users and Roles so you have the data at your fingertips",
		Long: "\nUse case examples:\n" +
			os.Args[0] + " aws principals --profile readonly_profile",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {
			m := aws.IamPrincipalsModule{
				IAMClient:  iam.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSProfile: AWSProfile,
			}
			m.PrintIamPrincipals(AWSOutputFormat, AWSOutputDirectory, Verbosity)
		},
	}

	PermissionsPrincipal string
	PermissionsCommand   = &cobra.Command{
		Use:     "permissions",
		Aliases: []string{"perms", "permission"},
		Short:   "Enumerate IAM permissions per principal",
		Long: "\nUse case examples:\n" +
			os.Args[0] + " aws permissions --profile profile\n" +
			os.Args[0] + " aws permissions --profile profile --principal arn:aws:iam::111111111111:role/test123",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {
			m := aws.IamPermissionsModule{
				IAMClient:  iam.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSProfile: AWSProfile,
			}
			m.PrintIamPermissions(AWSOutputFormat, AWSOutputDirectory, Verbosity, PermissionsPrincipal)
		},
	}

	SimulatorResource   string
	SimulatorAction     string
	SimulatorPrincipal  string
	IamSimulatorCommand = &cobra.Command{
		Use:     "iam-simulator",
		Aliases: []string{"iamsimulator", "simulator"},
		Short:   "Wrapper around the AWS IAM Simulate Principal Policy command",
		Long: "\nUse case examples:\n" +
			os.Args[0] + " aws iam-simulator --profile readonly_profile",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {
			m := aws.IamSimulatorModule{
				IAMClient: iam.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),

				Caller:     utils.AWSWhoami(AWSProfile),
				AWSProfile: AWSProfile,
			}
			m.PrintIamSimulator(SimulatorPrincipal, SimulatorAction, SimulatorResource, AWSOutputFormat, AWSOutputDirectory, Verbosity)
		},
	}

	FilesystemsCommand = &cobra.Command{
		Use:     "filesystems",
		Aliases: []string{"filesystem"},
		Short:   "Enumerate the EFS and FSx filesystems. Get a loot file with mount commands",
		Long: "\nUse case examples:\n" +
			os.Args[0] + " aws filesystems --profile readonly_profile",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {
			filesystems := aws.FilesystemsModule{
				EFSClient: efs.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				FSxClient: fsx.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),

				Caller:     utils.AWSWhoami(AWSProfile),
				AWSProfile: AWSProfile,
				AWSRegions: AWSRegions,
			}
			filesystems.PrintFilesystems(AWSOutputFormat, AWSOutputDirectory, Verbosity)
		},
	}

	AllChecksCommand = &cobra.Command{

		Use:     "all-checks",
		Aliases: []string{"allchecks", "all"},
		Short:   "Run all of the other checks (excluding outbound-assumed-roles)",
		Long: "\nUse case examples:\n" +
			os.Args[0] + " aws all-checks --profile readonly_profile",
		PreRun: func(cmd *cobra.Command, args []string) {
			var caller = utils.AWSWhoami(AWSProfile)
			fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn)
		},
		Run: func(cmd *cobra.Command, args []string) {

			ec2Client := ec2.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			eksClient := eks.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			s3Client := s3.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			lambdaClient := lambda.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			cloudFormationClient := cloudformation.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			secretsManagerClient := secretsmanager.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			rdsClient := rds.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			apiGatewayv2Client := apigatewayv2.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			apiGatewayClient := apigateway.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			elbClient := elasticloadbalancing.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			elbv2Client := elasticloadbalancingv2.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			iamClient := iam.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			mqClient := mq.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			openSearchClient := opensearch.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			grafanaClient := grafana.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			redshiftClient := redshift.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			cloudfrontClient := cloudfront.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			appRunnerClient := apprunner.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			lightsailClient := lightsail.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			route53Client := route53.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			efsClient := efs.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			fsxClient := fsx.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			ecsClient := ecs.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			sagemakerClient := sagemaker.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			ecrClient := ecr.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))
			ssmClient := ssm.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile))

			fmt.Printf("[%s] %s\n", cyan(emoji.Sprintf(":fox:cloudfox :fox:")), green("Getting a lay of the land, aka \"What regions is this account using?\""))
			inventory2 := aws.Inventory2Module{
				EC2Client:            ec2Client,
				ECSClient:            ecsClient,
				EKSClient:            eksClient,
				S3Client:             s3Client,
				LambdaClient:         lambdaClient,
				CloudFormationClient: cloudFormationClient,
				SecretsManagerClient: secretsManagerClient,
				SSMClient:            ssmClient,
				RDSClient:            rdsClient,
				APIGatewayv2Client:   apiGatewayv2Client,
				APIGatewayClient:     apiGatewayClient,
				ELBClient:            elbClient,
				ELBv2Client:          elbv2Client,
				IAMClient:            iamClient,
				MQClient:             mqClient,
				OpenSearchClient:     openSearchClient,
				GrafanaClient:        grafanaClient,
				RedshiftClient:       redshiftClient,
				CloudfrontClient:     cloudfrontClient,
				AppRunnerClient:      appRunnerClient,
				LightsailClient:      lightsailClient,

				Caller:     utils.AWSWhoami(AWSProfile),
				AWSRegions: AWSRegions,
				AWSProfile: AWSProfile,
			}
			inventory2.PrintInventoryPerRegion(AWSOutputFormat, AWSOutputDirectory, Verbosity)

			fmt.Printf("[%s] %s\n", cyan(emoji.Sprintf(":fox:cloudfox :fox:")), green("Gathering the info you'll want for your application & service enumeration needs."))

			instances := aws.InstancesModule{
				EC2Client:  ec2Client,
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSRegions: AWSRegions,

				UserDataAttributesOnly: false,
				AWSProfile:             AWSProfile,
			}
			instances.Instances(InstancesFilter, AWSOutputFormat, AWSOutputDirectory, Verbosity)
			route53 := aws.Route53Module{
				Route53Client: route53Client,

				Caller:     utils.AWSWhoami(AWSProfile),
				AWSRegions: AWSRegions,
				AWSProfile: AWSProfile,
			}
			route53.PrintRoute53(AWSOutputFormat, AWSOutputDirectory, Verbosity)

			filesystems := aws.FilesystemsModule{
				EFSClient:  efsClient,
				FSxClient:  fsxClient,
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSProfile: AWSProfile,
				AWSRegions: AWSRegions,
			}
			filesystems.PrintFilesystems(AWSOutputFormat, AWSOutputDirectory, Verbosity)

			endpoints := aws.EndpointsModule{

				EKSClient:          eksClient,
				S3Client:           s3Client,
				LambdaClient:       lambdaClient,
				RDSClient:          rdsClient,
				APIGatewayv2Client: apiGatewayv2Client,
				APIGatewayClient:   apiGatewayClient,
				ELBClient:          elbClient,
				ELBv2Client:        elbv2Client,
				MQClient:           mqClient,
				OpenSearchClient:   openSearchClient,
				GrafanaClient:      grafanaClient,
				RedshiftClient:     redshiftClient,
				CloudfrontClient:   cloudfrontClient,
				AppRunnerClient:    appRunnerClient,
				LightsailClient:    lightsailClient,

				Caller:     utils.AWSWhoami(AWSProfile),
				AWSRegions: AWSRegions,
				AWSProfile: AWSProfile,
			}

			endpoints.PrintEndpoints(AWSOutputFormat, AWSOutputDirectory, Verbosity)

			fmt.Printf("[%s] %s\n", cyan(emoji.Sprintf(":fox:cloudfox :fox:")), green("Looking for secrets hidden between the seat cushions."))

			ec2UserData := aws.InstancesModule{
				EC2Client:  ec2Client,
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSRegions: AWSRegions,

				UserDataAttributesOnly: true,
				AWSProfile:             AWSProfile,
			}
			ec2UserData.Instances(InstancesFilter, AWSOutputFormat, AWSOutputDirectory, Verbosity)
			envsMod := aws.EnvsModule{

				Caller:          utils.AWSWhoami(AWSProfile),
				AWSRegions:      AWSRegions,
				AWSProfile:      AWSProfile,
				ECSClient:       ecsClient,
				AppRunnerClient: appRunnerClient,
				LambdaClient:    lambdaClient,
				LightsailClient: lightsailClient,
				SagemakerClient: sagemakerClient,
			}
			envsMod.PrintEnvs(AWSOutputFormat, AWSOutputDirectory, Verbosity)

			fmt.Printf("[%s] %s\n", cyan(emoji.Sprintf(":fox:cloudfox :fox:")), green("Arming you with the data you'll need for privesc quests."))

			buckets := aws.BucketsModule{
				S3Client:   s3Client,
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSProfile: AWSProfile,
			}
			buckets.PrintBuckets(AWSOutputFormat, AWSOutputDirectory, Verbosity)

			ecr := aws.ECRModule{
				ECRClient:  ecrClient,
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSRegions: AWSRegions,
				AWSProfile: AWSProfile,
			}
			ecr.PrintECR(AWSOutputFormat, AWSOutputDirectory, Verbosity)

			secrets := aws.SecretsModule{
				SecretsManagerClient: secretsManagerClient,
				SSMClient:            ssmClient,

				Caller:     utils.AWSWhoami(AWSProfile),
				AWSRegions: AWSRegions,
				AWSProfile: AWSProfile,
			}
			secrets.PrintSecrets(AWSOutputFormat, AWSOutputDirectory, Verbosity)

			fmt.Printf("[%s] %s\n", cyan(emoji.Sprintf(":fox:cloudfox :fox:")), green("IAM is complicated. Complicated usually means misconfigurations. You'll want to pay attention here."))
			principals := aws.IamPrincipalsModule{
				IAMClient:  iamClient,
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSProfile: AWSProfile,
			}
			principals.PrintIamPrincipals(AWSOutputFormat, AWSOutputDirectory, Verbosity)
			permissions := aws.IamPermissionsModule{
				IAMClient:  iamClient,
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSProfile: AWSProfile,
			}
			permissions.PrintIamPermissions(AWSOutputFormat, AWSOutputDirectory, Verbosity, PermissionsPrincipal)
			accessKeys := aws.AccessKeysModule{
				IAMClient:  iam.NewFromConfig(utils.AWSConfigFileLoader(AWSProfile)),
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSProfile: AWSProfile,
			}
			accessKeys.PrintAccessKeys(AccessKeysFilter, AWSOutputFormat, AWSOutputDirectory, Verbosity)
			inboundRoleTrusts := aws.RoleTrustsModule{
				IAMClient:  iamClient,
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSProfile: AWSProfile,
			}
			inboundRoleTrusts.PrintRoleTrusts(AWSOutputFormat, AWSOutputDirectory, Verbosity)
			iamSimulator := aws.IamSimulatorModule{
				IAMClient:  iamClient,
				Caller:     utils.AWSWhoami(AWSProfile),
				AWSProfile: AWSProfile,
			}
			iamSimulator.PrintIamSimulator(SimulatorPrincipal, SimulatorAction, SimulatorResource, AWSOutputFormat, AWSOutputDirectory, Verbosity)

			fmt.Printf("[%s] %s\n", cyan(emoji.Sprintf(":fox:cloudfox :fox:")), green("That's it! Check your output files for situational awareness and check your loot files for next steps."))
			fmt.Printf("[%s] %s\n", cyan(emoji.Sprintf(":fox:cloudfox :fox:")), green("FYI, we skipped the outbound-assumed-roles module in all-checks (really long run time). Make sure to try it out manually."))
		},
	}
)
View Source 
var (
	AzOutputFormat string
	AzCommands     = &cobra.Command{
		Use:     "azure",
		Aliases: []string{"az"},
		Long: `
See \"Available Commands\" for Azure Modules`,
		Short: "See \"Available Commands\" for Azure Modules",

		Run: func(cmd *cobra.Command, args []string) {
			cmd.Help()
		},
	}

	AzInstancesMapRGFilter string
	AzInstancesMapCommand  = &cobra.Command{
		Use:     "instances-map",
		Aliases: []string{"instances"},
		Short:   `Enumerates compute instances for specified Resource Group`,
		Long: `
Enumerates compute instances for specified Resource Group`,
		Run: func(cmd *cobra.Command, args []string) {
			m := azure.InstancesMapModule{Scope: utils.AzGetScopeInformation()}
			m.InstancesMap(AzOutputFormat, AzInstancesMapRGFilter)
		},
	}
	AzUserFilter     string
	AzRBACMapCommand = &cobra.Command{
		Use:     "rbac-map",
		Aliases: []string{"rbac"},
		Short:   "Display all role assignemts for all principals",
		Long: `
Display all role assignemts for all principals`,
		Run: func(cmd *cobra.Command, args []string) {
			m := azure.RBACMapModule{Scope: utils.AzGetScopeInformation()}
			m.RBACMapModule(AzOutputFormat, AzUserFilter)
		},
	}
)

Functions

This section is empty.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.