Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( AWSRegions = []string{"us-east-1", "us-east-2", "us-west-1", "us-west-2", "af-south-1", "ap-east-1", "ap-south-1", "ap-northeast-3", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ca-central-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-south-1", "eu-west-3", "eu-north-1", "me-south-1", "sa-east-1"} AWSProfile string AWSProfilesList string AWSAllProfiles bool AWSProfiles []string AWSConfirm bool AWSOutputFormat string AWSOutputDirectory string Goroutines int Verbosity int AWSCommands = &cobra.Command{ Use: "aws", Short: "See \"Available Commands\" for AWS Modules", Run: func(cmd *cobra.Command, args []string) { cmd.Help() }, } AccessKeysFilter string AccessKeysCommand = &cobra.Command{ Use: "access-keys", Aliases: []string{"accesskeys", "keys"}, Short: "Enumerate active access keys for all users", Long: "\nUse case examples:\n" + "Map active access keys:\n" + os.Args[0] + " aws access-keys --profile test_account" + os.Args[0] + " aws access-keys --filter access_key_id --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.AccessKeysModule{ IAMClient: iam.NewFromConfig(utils.AWSConfigFileLoader(profile, cmd.Root().Version)), Caller: *caller, AWSProfile: profile, Goroutines: Goroutines, } m.PrintAccessKeys(AccessKeysFilter, AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } BucketsCommand = &cobra.Command{ Use: "buckets", Aliases: []string{"bucket"}, Short: "Enumerate all of the buckets. Get loot file with s3 commands to list/download bucket contents", Long: "\nUse case examples:\n" + "List all buckets create a file with pre-populated aws s3 commands:\n" + os.Args[0] + " aws buckets --profile test_account", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.BucketsModule{ S3Client: s3.NewFromConfig(utils.AWSConfigFileLoader(profile, cmd.Root().Version)), Caller: *caller, AWSProfile: profile, Goroutines: Goroutines, } m.PrintBuckets(AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } CloudformationCommand = &cobra.Command{ Use: "cloudformation", Aliases: []string{"cf", "cfstacks", "stacks"}, Short: "Enumerate Cloudformation stacks. Get a loot file with stack details. Look for secrets.", Long: "\nUse case examples:\n" + os.Args[0] + " aws ecr --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.CloudformationModule{ CloudFormationClient: cloudformation.NewFromConfig(AWSConfig), Caller: *caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } m.PrintCloudformationStacks(AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } ECRCommand = &cobra.Command{ Use: "ecr", Aliases: []string{"repos", "repo", "repositories"}, Short: "Enumerate the most recently pushed image URI from all repositories. Get a loot file with commands to pull images", Long: "\nUse case examples:\n" + os.Args[0] + " aws ecr --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.ECRModule{ ECRClient: ecr.NewFromConfig(AWSConfig), Caller: *caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } m.PrintECR(AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } EndpointsCommand = &cobra.Command{ Use: "endpoints", Aliases: []string{"endpoint"}, Short: "Enumerates endpoints from various services. Get a loot file with http endpoints to scan.", Long: "\nUse case examples:\n" + os.Args[0] + " aws endpoints --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.EndpointsModule{ APIGatewayClient: apigateway.NewFromConfig(AWSConfig), APIGatewayv2Client: apigatewayv2.NewFromConfig(AWSConfig), AppRunnerClient: apprunner.NewFromConfig(AWSConfig), CloudfrontClient: cloudfront.NewFromConfig(AWSConfig), EKSClient: eks.NewFromConfig(AWSConfig), ELBClient: elasticloadbalancing.NewFromConfig(AWSConfig), ELBv2Client: elasticloadbalancingv2.NewFromConfig(AWSConfig), GrafanaClient: grafana.NewFromConfig(AWSConfig), LambdaClient: lambda.NewFromConfig(AWSConfig), LightsailClient: lightsail.NewFromConfig(AWSConfig), MQClient: mq.NewFromConfig(AWSConfig), OpenSearchClient: opensearch.NewFromConfig(AWSConfig), RDSClient: rds.NewFromConfig(AWSConfig), RedshiftClient: redshift.NewFromConfig(AWSConfig), S3Client: s3.NewFromConfig(AWSConfig), Caller: *caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } m.PrintEndpoints(AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } EnvsCommand = &cobra.Command{ Use: "env-vars", Aliases: []string{"envs", "envvars", "env"}, Short: "Enumerate the environment variables from mutliple services that have them", Long: "\nUse case examples:\n" + os.Args[0] + " aws env-vars --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.EnvsModule{ Caller: *caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, ECSClient: ecs.NewFromConfig(AWSConfig), AppRunnerClient: apprunner.NewFromConfig(AWSConfig), LambdaClient: lambda.NewFromConfig(AWSConfig), LightsailClient: lightsail.NewFromConfig(AWSConfig), SagemakerClient: sagemaker.NewFromConfig(AWSConfig), } m.PrintEnvs(AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } FilesystemsCommand = &cobra.Command{ Use: "filesystems", Aliases: []string{"filesystem"}, Short: "Enumerate the EFS and FSx filesystems. Get a loot file with mount commands", Long: "\nUse case examples:\n" + os.Args[0] + " aws filesystems --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } filesystems := aws.FilesystemsModule{ EFSClient: efs.NewFromConfig(AWSConfig), FSxClient: fsx.NewFromConfig(AWSConfig), Caller: *caller, AWSProfile: profile, Goroutines: Goroutines, AWSRegions: AWSRegions, } filesystems.PrintFilesystems(AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } SimulatorResource string SimulatorAction string SimulatorPrincipal string IamSimulatorCommand = &cobra.Command{ Use: "iam-simulator", Aliases: []string{"iamsimulator", "simulator"}, Short: "Wrapper around the AWS IAM Simulate Principal Policy command", Long: "\nUse case examples:\n" + os.Args[0] + " aws iam-simulator --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.IamSimulatorModule{ IAMClient: iam.NewFromConfig(AWSConfig), Caller: *caller, AWSProfile: profile, Goroutines: Goroutines, } m.PrintIamSimulator(SimulatorPrincipal, SimulatorAction, SimulatorResource, AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } // This filter could be an instance ID or a TXT file with instance IDs separated by a new line. InstancesFilter string InstanceMapUserDataAttributesOnly bool InstancesCommand = &cobra.Command{ Use: "instances", Aliases: []string{"instance"}, Short: "Enumerate all instances along with assigned IPs, profiles, and user-data", Long: "\nUse case examples:\n" + os.Args[0] + " aws instances --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.InstancesModule{ EC2Client: ec2.NewFromConfig(utils.AWSConfigFileLoader(profile, cmd.Root().Version)), IAMClient: iam.NewFromConfig(utils.AWSConfigFileLoader(profile, cmd.Root().Version)), Caller: *caller, AWSRegions: AWSRegions, UserDataAttributesOnly: InstanceMapUserDataAttributesOnly, AWSProfile: profile, } m.Instances(InstancesFilter, AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } InventoryCommand = &cobra.Command{ Use: "inventory", Short: "Gain a rough understanding of size of the account and preferred regions", Long: "\nUse case examples:\n" + os.Args[0] + " aws inventory --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.Inventory2Module{ APIGatewayClient: apigateway.NewFromConfig(AWSConfig), APIGatewayv2Client: apigatewayv2.NewFromConfig(AWSConfig), AppRunnerClient: apprunner.NewFromConfig(AWSConfig), CloudFormationClient: cloudformation.NewFromConfig(AWSConfig), CloudfrontClient: cloudfront.NewFromConfig(AWSConfig), DynamoDBClient: dynamodb.NewFromConfig(AWSConfig), EC2Client: ec2.NewFromConfig(AWSConfig), ECSClient: ecs.NewFromConfig(AWSConfig), EKSClient: eks.NewFromConfig(AWSConfig), ELBClient: elasticloadbalancing.NewFromConfig(AWSConfig), ELBv2Client: elasticloadbalancingv2.NewFromConfig(AWSConfig), GlueClient: glue.NewFromConfig(AWSConfig), GrafanaClient: grafana.NewFromConfig(AWSConfig), IAMClient: iam.NewFromConfig(AWSConfig), LambdaClient: lambda.NewFromConfig(AWSConfig), LightsailClient: lightsail.NewFromConfig(AWSConfig), MQClient: mq.NewFromConfig(AWSConfig), OpenSearchClient: opensearch.NewFromConfig(AWSConfig), RDSClient: rds.NewFromConfig(AWSConfig), RedshiftClient: redshift.NewFromConfig(AWSConfig), S3Client: s3.NewFromConfig(AWSConfig), SecretsManagerClient: secretsmanager.NewFromConfig(AWSConfig), SNSClient: sns.NewFromConfig(AWSConfig), SQSClient: sqs.NewFromConfig(AWSConfig), SSMClient: ssm.NewFromConfig(AWSConfig), Caller: *caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } m.PrintInventoryPerRegion(AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } LambdasCommand = &cobra.Command{ Use: "lambda", Aliases: []string{"lambdas", "functions"}, Short: "Enumerate lambdas.", Long: "\nUse case examples:\n" + os.Args[0] + " aws lambda --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.LambdasModule{ LambdaClient: lambda.NewFromConfig(AWSConfig), IAMClient: iam.NewFromConfig(AWSConfig), Caller: *caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } m.PrintLambdas(AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } OutboundAssumedRolesDays int OutboundAssumedRolesCommand = &cobra.Command{ Use: "outbound-assumed-roles", Aliases: []string{"assumedroles", "assumeroles", "outboundassumedroles"}, Short: "Find the roles that have been assumed by principals in this account", Long: "\nUse case examples:\n" + os.Args[0] + " aws outbound-assumed-roles --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.OutboundAssumedRolesModule{ CloudTrailClient: cloudtrail.NewFromConfig(AWSConfig), Caller: *caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } m.PrintOutboundRoleTrusts(OutboundAssumedRolesDays, AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } PermissionsPrincipal string PermissionsCommand = &cobra.Command{ Use: "permissions", Aliases: []string{"perms", "permission"}, Short: "Enumerate IAM permissions per principal", Long: "\nUse case examples:\n" + os.Args[0] + " aws permissions --profile profile\n" + os.Args[0] + " aws permissions --profile profile --principal arn:aws:iam::111111111111:role/test123", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.IamPermissionsModule{ IAMClient: iam.NewFromConfig(AWSConfig), Caller: *caller, AWSProfile: profile, Goroutines: Goroutines, } m.PrintIamPermissions(AWSOutputFormat, AWSOutputDirectory, Verbosity, PermissionsPrincipal) } }, } PrincipalsCommand = &cobra.Command{ Use: "principals", Aliases: []string{"principal"}, Short: "Enumerate IAM users and Roles so you have the data at your fingertips", Long: "\nUse case examples:\n" + os.Args[0] + " aws principals --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.IamPrincipalsModule{ IAMClient: iam.NewFromConfig(AWSConfig), Caller: *caller, AWSProfile: profile, Goroutines: Goroutines, } m.PrintIamPrincipals(AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } RAMCommand = &cobra.Command{ Use: "ram", Short: "Enumerate cross-account shared resources", Long: "\nUse case examples:\n" + os.Args[0] + " aws ram --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } ram := aws.RAMModule{ RAMClient: ram.NewFromConfig(AWSConfig), Caller: *caller, AWSProfile: profile, Goroutines: Goroutines, AWSRegions: AWSRegions, } ram.PrintRAM(AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } // The filter is set to "all" when the flag "--filter" is not used RoleTrustFilter string RoleTrustCommand = &cobra.Command{ Use: "role-trusts", Aliases: []string{"roletrusts", "role-trust"}, Short: "Enumerate all role trusts", Long: "\nUse case examples:\n" + "Map all role trusts for caller's account:\n" + os.Args[0] + " aws role-trusts\n", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.RoleTrustsModule{ IAMClient: iam.NewFromConfig(utils.AWSConfigFileLoader(profile, cmd.Root().Version)), Caller: *caller, AWSProfile: profile, Goroutines: Goroutines, } m.PrintRoleTrusts(AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } Route53Command = &cobra.Command{ Use: "route53", Aliases: []string{"dns", "route", "routes"}, Short: "Enumerate all records from all zones managed by route53. Get a loot file with A records you can scan", Long: "\nUse case examples:\n" + os.Args[0] + " aws route53 --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.Route53Module{ Route53Client: route53.NewFromConfig(AWSConfig), Caller: *caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } m.PrintRoute53(AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } SecretsCommand = &cobra.Command{ Use: "secrets", Aliases: []string{"secret"}, Short: "Enumerate secrets from secrets manager and SSM", Long: "\nUse case examples:\n" + os.Args[0] + " aws secrets --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.SecretsModule{ SecretsManagerClient: secretsmanager.NewFromConfig(AWSConfig), SSMClient: ssm.NewFromConfig(AWSConfig), Caller: *caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } m.PrintSecrets(AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } TagsCommand = &cobra.Command{ Use: "tags", Aliases: []string{"tag"}, Short: "Enumerate resources with tags.", Long: "\nUse case examples:\n" + os.Args[0] + " aws tags --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } m := aws.TagsModule{ ResourceGroupsTaggingApiClient: resourcegroupstaggingapi.NewFromConfig(AWSConfig), Caller: *caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } m.PrintTags(AWSOutputFormat, AWSOutputDirectory, Verbosity) } }, } AllChecksCommand = &cobra.Command{ Use: "all-checks", Aliases: []string{"allchecks", "all"}, Short: "Run all of the other checks (excluding outbound-assumed-roles)", Long: "\nUse case examples:\n" + os.Args[0] + " aws all-checks --profile readonly_profile", PreRun: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } fmt.Printf("[%s] AWS Caller Identity: %s\n", cyan(emoji.Sprintf(":fox:cloudfox v%s :fox:", cmd.Root().Version)), *caller.Arn) } }, Run: func(cmd *cobra.Command, args []string) { for _, profile := range AWSProfiles { var AWSConfig = utils.AWSConfigFileLoader(profile, cmd.Root().Version) Caller, err := utils.AWSWhoami(profile, cmd.Root().Version) if err != nil { continue } apiGatewayClient := apigateway.NewFromConfig(AWSConfig) apiGatewayv2Client := apigatewayv2.NewFromConfig(AWSConfig) appRunnerClient := apprunner.NewFromConfig(AWSConfig) cloudFormationClient := cloudformation.NewFromConfig(AWSConfig) cloudfrontClient := cloudfront.NewFromConfig(AWSConfig) dynamodbClient := dynamodb.NewFromConfig(AWSConfig) ec2Client := ec2.NewFromConfig(AWSConfig) ecrClient := ecr.NewFromConfig(AWSConfig) ecsClient := ecs.NewFromConfig(AWSConfig) efsClient := efs.NewFromConfig(AWSConfig) eksClient := eks.NewFromConfig(AWSConfig) elbClient := elasticloadbalancing.NewFromConfig(AWSConfig) elbv2Client := elasticloadbalancingv2.NewFromConfig(AWSConfig) fsxClient := fsx.NewFromConfig(AWSConfig) glueClient := glue.NewFromConfig(AWSConfig) grafanaClient := grafana.NewFromConfig(AWSConfig) iamClient := iam.NewFromConfig(AWSConfig) lambdaClient := lambda.NewFromConfig(AWSConfig) lightsailClient := lightsail.NewFromConfig(AWSConfig) mqClient := mq.NewFromConfig(AWSConfig) openSearchClient := opensearch.NewFromConfig(AWSConfig) ramClient := ram.NewFromConfig(AWSConfig) rdsClient := rds.NewFromConfig(AWSConfig) redshiftClient := redshift.NewFromConfig(AWSConfig) resourceClient := resourcegroupstaggingapi.NewFromConfig(AWSConfig) route53Client := route53.NewFromConfig(AWSConfig) s3Client := s3.NewFromConfig(AWSConfig) sagemakerClient := sagemaker.NewFromConfig(AWSConfig) secretsManagerClient := secretsmanager.NewFromConfig(AWSConfig) snsClient := sns.NewFromConfig(AWSConfig) sqsClient := sqs.NewFromConfig(AWSConfig) ssmClient := ssm.NewFromConfig(AWSConfig) fmt.Printf("[%s] %s\n", cyan(emoji.Sprintf(":fox:cloudfox :fox:")), green("Getting a lay of the land, aka \"What regions is this account using?\"")) inventory2 := aws.Inventory2Module{ APIGatewayClient: apiGatewayClient, APIGatewayv2Client: apiGatewayv2Client, AppRunnerClient: appRunnerClient, CloudFormationClient: cloudFormationClient, CloudfrontClient: cloudfrontClient, DynamoDBClient: dynamodbClient, EC2Client: ec2Client, ECSClient: ecsClient, EKSClient: eksClient, ELBClient: elbClient, ELBv2Client: elbv2Client, GlueClient: glueClient, GrafanaClient: grafanaClient, IAMClient: iamClient, LambdaClient: lambdaClient, LightsailClient: lightsailClient, MQClient: mqClient, OpenSearchClient: openSearchClient, RDSClient: rdsClient, RedshiftClient: redshiftClient, S3Client: s3Client, SecretsManagerClient: secretsManagerClient, SNSClient: snsClient, SQSClient: sqsClient, SSMClient: ssmClient, Caller: *Caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } inventory2.PrintInventoryPerRegion(AWSOutputFormat, AWSOutputDirectory, Verbosity) tagsMod := aws.TagsModule{ ResourceGroupsTaggingApiClient: resourceClient, Caller: *Caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } tagsMod.PrintTags(AWSOutputFormat, AWSOutputDirectory, Verbosity) fmt.Printf("[%s] %s\n", cyan(emoji.Sprintf(":fox:cloudfox :fox:")), green("Gathering the info you'll want for your application & service enumeration needs.")) instances := aws.InstancesModule{ EC2Client: ec2Client, IAMClient: iamClient, Caller: *Caller, AWSRegions: AWSRegions, UserDataAttributesOnly: false, AWSProfile: profile, } instances.Instances(InstancesFilter, AWSOutputFormat, AWSOutputDirectory, Verbosity) route53 := aws.Route53Module{ Route53Client: route53Client, Caller: *Caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } lambdasMod := aws.LambdasModule{ LambdaClient: lambdaClient, IAMClient: iamClient, Caller: *Caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } lambdasMod.PrintLambdas(AWSOutputFormat, AWSOutputDirectory, Verbosity) route53.PrintRoute53(AWSOutputFormat, AWSOutputDirectory, Verbosity) filesystems := aws.FilesystemsModule{ EFSClient: efsClient, FSxClient: fsxClient, Caller: *Caller, AWSProfile: profile, AWSRegions: AWSRegions, Goroutines: Goroutines, } filesystems.PrintFilesystems(AWSOutputFormat, AWSOutputDirectory, Verbosity) endpoints := aws.EndpointsModule{ EKSClient: eksClient, S3Client: s3Client, LambdaClient: lambdaClient, RDSClient: rdsClient, APIGatewayv2Client: apiGatewayv2Client, APIGatewayClient: apiGatewayClient, ELBClient: elbClient, ELBv2Client: elbv2Client, MQClient: mqClient, OpenSearchClient: openSearchClient, GrafanaClient: grafanaClient, RedshiftClient: redshiftClient, CloudfrontClient: cloudfrontClient, AppRunnerClient: appRunnerClient, LightsailClient: lightsailClient, Caller: *Caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } endpoints.PrintEndpoints(AWSOutputFormat, AWSOutputDirectory, Verbosity) fmt.Printf("[%s] %s\n", cyan(emoji.Sprintf(":fox:cloudfox :fox:")), green("Looking for secrets hidden between the seat cushions.")) ec2UserData := aws.InstancesModule{ EC2Client: ec2Client, IAMClient: iamClient, Caller: *Caller, AWSRegions: AWSRegions, UserDataAttributesOnly: true, AWSProfile: profile, Goroutines: Goroutines, } ec2UserData.Instances(InstancesFilter, AWSOutputFormat, AWSOutputDirectory, Verbosity) envsMod := aws.EnvsModule{ Caller: *Caller, AWSRegions: AWSRegions, AWSProfile: profile, ECSClient: ecsClient, AppRunnerClient: appRunnerClient, LambdaClient: lambdaClient, LightsailClient: lightsailClient, SagemakerClient: sagemakerClient, Goroutines: Goroutines, } envsMod.PrintEnvs(AWSOutputFormat, AWSOutputDirectory, Verbosity) cfMod := aws.CloudformationModule{ CloudFormationClient: cloudFormationClient, Caller: *Caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } cfMod.PrintCloudformationStacks(AWSOutputFormat, AWSOutputDirectory, Verbosity) fmt.Printf("[%s] %s\n", cyan(emoji.Sprintf(":fox:cloudfox :fox:")), green("Arming you with the data you'll need for privesc quests.")) buckets := aws.BucketsModule{ S3Client: s3Client, Caller: *Caller, AWSProfile: profile, Goroutines: Goroutines, } buckets.PrintBuckets(AWSOutputFormat, AWSOutputDirectory, Verbosity) ecr := aws.ECRModule{ ECRClient: ecrClient, Caller: *Caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } ecr.PrintECR(AWSOutputFormat, AWSOutputDirectory, Verbosity) secrets := aws.SecretsModule{ SecretsManagerClient: secretsManagerClient, SSMClient: ssmClient, Caller: *Caller, AWSRegions: AWSRegions, AWSProfile: profile, Goroutines: Goroutines, } secrets.PrintSecrets(AWSOutputFormat, AWSOutputDirectory, Verbosity) ram := aws.RAMModule{ RAMClient: ramClient, Caller: *Caller, AWSProfile: profile, Goroutines: Goroutines, AWSRegions: AWSRegions, } ram.PrintRAM(AWSOutputFormat, AWSOutputDirectory, Verbosity) fmt.Printf("[%s] %s\n", cyan(emoji.Sprintf(":fox:cloudfox :fox:")), green("IAM is complicated. Complicated usually means misconfigurations. You'll want to pay attention here.")) principals := aws.IamPrincipalsModule{ IAMClient: iamClient, Caller: *Caller, AWSProfile: profile, Goroutines: Goroutines, } principals.PrintIamPrincipals(AWSOutputFormat, AWSOutputDirectory, Verbosity) permissions := aws.IamPermissionsModule{ IAMClient: iamClient, Caller: *Caller, AWSProfile: profile, Goroutines: Goroutines, } permissions.PrintIamPermissions(AWSOutputFormat, AWSOutputDirectory, Verbosity, PermissionsPrincipal) accessKeys := aws.AccessKeysModule{ IAMClient: iam.NewFromConfig(AWSConfig), Caller: *Caller, AWSProfile: profile, Goroutines: Goroutines, } accessKeys.PrintAccessKeys(AccessKeysFilter, AWSOutputFormat, AWSOutputDirectory, Verbosity) roleTrusts := aws.RoleTrustsModule{ IAMClient: iamClient, Caller: *Caller, AWSProfile: profile, Goroutines: Goroutines, } roleTrusts.PrintRoleTrusts(AWSOutputFormat, AWSOutputDirectory, Verbosity) iamSimulator := aws.IamSimulatorModule{ IAMClient: iamClient, Caller: *Caller, AWSProfile: profile, Goroutines: Goroutines, } iamSimulator.PrintIamSimulator(SimulatorPrincipal, SimulatorAction, SimulatorResource, AWSOutputFormat, AWSOutputDirectory, Verbosity) fmt.Printf("[%s] %s\n", cyan(emoji.Sprintf(":fox:cloudfox :fox:")), green("That's it! Check your output files for situational awareness and check your loot files for next steps.")) fmt.Printf("[%s] %s\n\n", cyan(emoji.Sprintf(":fox:cloudfox :fox:")), green("FYI, we skipped the outbound-assumed-roles module in all-checks (really long run time). Make sure to try it out manually.")) } }, } )
View Source
var ( AzOutputFormat string AzOutputDirectory string AzVerbosity int AzCommands = &cobra.Command{ Use: "azure", Aliases: []string{"az"}, Long: ` See \"Available Commands\" for Azure Modules`, Short: "See \"Available Commands\" for Azure Modules", Run: func(cmd *cobra.Command, args []string) { cmd.Help() }, } AzInstancesMapRGFilter string AzInstancesMapCommand = &cobra.Command{ Use: "instances", Aliases: []string{"instances-map"}, Short: `Enumerates compute instances for specified Resource Group`, Long: ` Enumerates compute instances for specified Resource Group`, Run: func(cmd *cobra.Command, args []string) { color.Red("This subcommand is under development! Use at your own risk!") m := azure.InstancesMapModule{Scope: utils.AzGetScopeInformation()} m.InstancesMap(AzVerbosity, AzOutputFormat, AzOutputDirectory, AzInstancesMapRGFilter) }, } AzUserFilter string AzRBACMapCommand = &cobra.Command{ Use: "rbac-map", Aliases: []string{"rbac"}, Short: "Display all role assignemts for all principals", Long: ` Display all role assignemts for all principals`, Run: func(cmd *cobra.Command, args []string) { color.Red("This subcommand is under development! Use at your own risk!") m := azure.RBACMapModule{Scope: utils.AzGetScopeInformation()} m.RBACMap(AzVerbosity, AzOutputFormat, AzOutputDirectory, AzUserFilter) }, } )
Functions ¶
This section is empty.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.