aws

package

v1.14.0 Latest Latest Go to latest Published: Apr 16, 2024 License: MIT Imports: 99 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/BishopFox/cloudfox

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func CapeTUI(outputFiles []string)
func EnvVarsContains(element EnvironmentVariable, array []EnvironmentVariable) bool
func GetIamSimResult(SkipAdminCheck bool, roleArnPtr *string, iamSimulatorMod IamSimulatorModule, ...) (string, string)
func GetPmapperResults(SkipAdminCheck bool, pmapperMod PmapperModule, roleArn *string) (string, string)
func GetResourceNameFromArn(arn string) string
func InitGlueClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, ...) *glue.Client
func InitIAMClient(AWSConfig aws.Config) *iam.Client
func InitOrgClient(AWSConfig aws.Config) *organizations.Client
func InitSecretsManagerClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, ...) *secretsmanager.Client
type AWSSQSClient
type AccessKeysModule
- func (m *AccessKeysModule) PrintAccessKeys(filter string, outputDirectory string, verbosity int)
type Account
type AllAccountData
type AnalyzedRole
type ApiGateway
type ApiGwModule
- func (m *ApiGwModule) ApiGatewayApiKeyRequired(r string, ApiId *string, ResourceId *string, method string) bool
- func (m *ApiGwModule) GetApiGatewayApiKey(r string, ApiId string, Stage string) (string, error)
- func (m *ApiGwModule) PrintApiGws(outputDirectory string, verbosity int)
- func (m *ApiGwModule) Receiver(receiver chan ApiGateway, receiverDone chan bool)
type AttachedPolicies
type BucketRow
type BucketsModule
- func (m *BucketsModule) PrintBuckets(outputDirectory string, verbosity int)
- func (m *BucketsModule) Receiver(receiver chan BucketRow, receiverDone chan bool)
type CFStack
type CapeCommand
- func (m *CapeCommand) RunCapeCommand()
type CapeJSON
type CapeJobInfo
type CloudTrailEvent
type CloudformationModule
- func (m *CloudformationModule) PrintCloudformationStacks(outputDirectory string, verbosity int)
- func (m *CloudformationModule) Receiver(receiver chan CFStack, receiverDone chan bool)
type Cluster
type CodeBuildModule
- func InitCodeBuildClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, ...) CodeBuildModule
- func (m *CodeBuildModule) PrintCodeBuildProjects(outputDirectory string, verbosity int)
- func (m *CodeBuildModule) Receiver(receiver chan Project, receiverDone chan bool)
type Database
type DatabasesModule
- func (m *DatabasesModule) PrintDatabases(outputDirectory string, verbosity int)
- func (m *DatabasesModule) Receiver(receiver chan Database, receiverDone chan bool)
type Directory
type DirectoryModule
- func (m *DirectoryModule) PrintDirectories(outputDirectory string, verbosity int)
- func (m *DirectoryModule) Receiver(receiver chan Directory, receiverDone chan bool)
type ECRModule
- func InitECRClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, ...) ECRModule
- func (m *ECRModule) PrintECR(outputDirectory string, verbosity int)
- func (m *ECRModule) Receiver(receiver chan Repository, receiverDone chan bool)
type ECSTasksModule
- func (m *ECSTasksModule) ECSTasks(outputDirectory string, verbosity int)
- func (m *ECSTasksModule) Receiver(receiver chan MappedECSTask, receiverDone chan bool)
type EKSModule
- func (m *EKSModule) EKS(outputDirectory string, verbosity int)
- func (m *EKSModule) Receiver(receiver chan Cluster, receiverDone chan bool)
type Edge
type ElasticNetworkInterfacesModule
- func (m *ElasticNetworkInterfacesModule) ElasticNetworkInterfaces(outputDirectory string, verbosity int)
- func (m *ElasticNetworkInterfacesModule) Receiver(receiver chan MappedENI, receiverDone chan bool)
type Endpoint
type EndpointsModule
- func (m *EndpointsModule) PrintEndpoints(outputDirectory string, verbosity int)
- func (m *EndpointsModule) Receiver(receiver chan Endpoint, receiverDone chan bool)
type EnvironmentVariable
type EnvsModule
- func (m *EnvsModule) PrintEnvs(outputDirectory string, verbosity int)
- func (m *EnvsModule) Receiver(receiver chan EnvironmentVariable, receiverDone chan bool)
type FilesystemObject
type FilesystemsModule
- func InitFileSystemsClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, ...) FilesystemsModule
- func (m *FilesystemsModule) PrintFilesystems(outputDirectory string, verbosity int)
- func (m *FilesystemsModule) Receiver(receiver chan FilesystemObject, receiverDone chan bool)
type GAADGroup
type GAADPolicy
type GAADRole
type GAADUser
type GlobalResourceCount2
type GraphCommand
- func (m *GraphCommand) RunGraphCommand()
type Group
type IamPermissionsModule
- func InitPermissionsClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, ...) IamPermissionsModule
- func (m *IamPermissionsModule) GetGAAD()
- func (m *IamPermissionsModule) ParsePermissions(principal string)
- func (m *IamPermissionsModule) PrintIamPermissions(outputDirectory string, verbosity int, principal string)
type IamPrincipalsModule
- func (m *IamPrincipalsModule) PrintIamPrincipals(outputDirectory string, verbosity int)
type IamSimulatorModule
- func InitIamCommandClient(iamSimPPClient sdk.AWSIAMClientInterface, caller sts.GetCallerIdentityOutput, ...) IamSimulatorModule
- func (m *IamSimulatorModule) PrintIamSimulator(principal string, action string, resource string, outputDirectory string, ...)
- func (m *IamSimulatorModule) Receiver(receiver chan SimulatorResult, receiverDone chan bool)
type InstancesModule
- func (m *InstancesModule) Instances(filter string, outputDirectory string, verbosity int)
- func (m *InstancesModule) Receiver(receiver chan MappedInstance, receiverDone chan bool)
type Inventory2Module
- func (m *Inventory2Module) GetEMRInstancesPerRegion(r string, wg *sync.WaitGroup, semaphore chan struct{})
- func (m *Inventory2Module) PrintInventoryPerRegion(outputDirectory string, verbosity int)
- func (m *Inventory2Module) PrintTotalResources(AWSOutputType string)
- func (m *Inventory2Module) Receiver(receiver chan GlobalResourceCount2, receiverDone chan bool)
type Lambda
type LambdasModule
- func InitLambdaClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, ...) LambdasModule
- func (m *LambdasModule) PrintLambdas(outputDirectory string, verbosity int)
- func (m *LambdasModule) Receiver(receiver chan Lambda, receiverDone chan bool)
type MappedECSTask
type MappedENI
type MappedInstance
type NaclRule
type NetworkAcl
- func (l *NetworkAcl) Insert(rule NaclRule)
type NetworkPortsModule
- func (m *NetworkPortsModule) Evaluate(l *NetworkAcl, port int32, proto string) (bool, *NaclRule)
- func (m *NetworkPortsModule) PrintNetworkPorts(outputDirectory string)
- func (m *NetworkPortsModule) Receiver(receiver chan NetworkServices, receiverDone chan bool)
type NetworkService
type NetworkServices
type Node
- func ConvertIAMRoleToNode(role types.Role, vendors *knownawsaccountslookup.Vendors, ...) Node
- func ConvertIAMUserToNode(user types.User) Node
- func FindVerticesInRoleTrust(a Node, vendors *knownawsaccountslookup.Vendors) []Node
- func MergeNodes(nodes []Node) []Node
- func (a *Node) MakeRoleEdges(GlobalGraph graph.Graph[string, string])
type Org
type OrgModule
- func InitOrgsClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, ...) OrgModule
- func (m *OrgModule) FindMgmtAccounts(profile string, version string, wg *sync.WaitGroup, semaphore chan struct{}, ...)
- func (m *OrgModule) IsCallerAccountPartOfAnOrg() bool
- func (m *OrgModule) IsManagementAccount(Organization *types.Organization, account string) bool
- func (m *OrgModule) PrintOrgAccounts(outputDirectory string, verbosity int)
- func (m *OrgModule) ProcessMultipleAccounts(AWSProfiles []string, version string)
- func (m *OrgModule) Receiver(receiver chan Account, receiverDone chan bool)
type OutboundAssumeRoleEntry
type OutboundAssumedRolesModule
- func (m *OutboundAssumedRolesModule) PrintOutboundRoleTrusts(days int, outputDirectory string, verbosity int)
- func (m *OutboundAssumedRolesModule) Receiver(receiver chan OutboundAssumeRoleEntry, receiverDone chan bool)
type PerAccountData
type PmapperModule
- func InitPmapperGraph(Caller sts.GetCallerIdentityOutput, AWSProfile string, Goroutines int, ...) (PmapperModule, error)
- func (m *PmapperModule) DoesPrincipalHaveAdmin(principal string) bool
- func (m *PmapperModule) DoesPrincipalHavePathToAdmin(principal string) bool
- func (m *PmapperModule) GenerateCypherStatements(goCtx context.Context, driver neo4j.DriverWithContext) error
- func (m *PmapperModule) PrintPmapperData(outputDirectory string, verbosity int)
type PmapperOutputRow
type Project
type Queue
type RAMModule
- func (m *RAMModule) PrintRAM(outputDirectory string, verbosity int)
- func (m *RAMModule) Receiver(receiver chan Resource, receiverDone chan bool)
type Record
type Repository
type Resource
type Resource2
type ResourceTrustsModule
- func (m *ResourceTrustsModule) PrintResources(outputDirectory string, verbosity int)
- func (m *ResourceTrustsModule) Receiver(receiver chan Resource2, receiverDone chan bool)
type Role
type RoleTrustRow
type RoleTrustsModule
- func (m *RoleTrustsModule) PrintRoleTrusts(outputDirectory string, verbosity int)
type Route53Module
- func (m *Route53Module) PrintRoute53(outputDirectory string, verbosity int)
type SNSClientInterface
type SNSModule
- func InitCloudFoxSNSClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, ...) SNSModule
- func (m *SNSModule) PrintSNS(outputDirectory string, verbosity int)
- func (m *SNSModule) Receiver(receiver chan SNSTopic, receiverDone chan bool)
type SNSTopic
type SQSModule
- func InitSQSClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, ...) SQSModule
- func (m *SQSModule) PrintSQS(outputDirectory string, verbosity int)
- func (m *SQSModule) Receiver(receiver chan Queue, receiverDone chan bool)
type Secret
type SecretsModule
- func (m *SecretsModule) PrintSecrets(outputDirectory string, verbosity int)
- func (m *SecretsModule) Receiver(receiver chan Secret, receiverDone chan bool)
type SecurityGroup
type SecurityGroupRule
type SimulatorResult
type Tag
type Tags
type TagsGetResourcesAPI
type TagsModule
- func (m *TagsModule) PrintTags(outputDirectory string, verbosity int)
- func (m *TagsModule) Receiver(receiver chan Tag, receiverDone chan bool)
type TrustedFederatedProvider
type TrustedPrincipal
type TrustedService
type User
type UserKeys
type Workload
type WorkloadsModule
- func (m *WorkloadsModule) PrintWorkloads(outputDirectory string, verbosity int)
- func (m *WorkloadsModule) Receiver(receiver chan Workload, receiverDone chan bool)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	TCP_4_SCAN string = "sudo nmap -Pn -sV"
	UDP_4_SCAN string = "sudo nmap -Pn -sU -sV"
	TCP_6_SCAN string = "sudo nmap -6 -Pn -sV"
	UDP_6_SCAN string = "sudo nmap -6 -Pn -sU -sV"

	IPv4_BANNER string = `` /* 247-byte string literal not displayed */

	IPv6_BANNER string = `` /* 318-byte string literal not displayed */

)

View Source

var AWSRegions = []string{"us-east-1", "us-east-2", "us-west-1", "us-west-2", "af-south-1", "ap-east-1", "ap-south-1", "ap-northeast-3", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ca-central-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-south-1", "eu-west-3", "eu-north-1", "me-south-1", "sa-east-1"}

View Source

var CURL_COMMAND string = "curl -X %s %s"

View Source

var (
	TxtLogger = internal.TxtLogger()
)

Functions ¶

func CapeTUI ¶ added in v1.14.0

func CapeTUI(outputFiles []string)

func EnvVarsContains ¶ added in v1.9.0

func EnvVarsContains(element EnvironmentVariable, array []EnvironmentVariable) bool

func GetIamSimResult ¶ added in v1.9.0

func GetIamSimResult(SkipAdminCheck bool, roleArnPtr *string, iamSimulatorMod IamSimulatorModule, localAdminMap map[string]bool) (string, string)

func GetPmapperResults ¶ added in v1.9.0

func GetPmapperResults(SkipAdminCheck bool, pmapperMod PmapperModule, roleArn *string) (string, string)

func GetResourceNameFromArn ¶ added in v1.11.0

func GetResourceNameFromArn(arn string) string

take an arn and return the resource name

func InitGlueClient ¶ added in v1.12.3

func InitGlueClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) *glue.Client

func InitIAMClient ¶ added in v1.14.0

func InitIAMClient(AWSConfig aws.Config) *iam.Client

func InitOrgClient ¶ added in v1.11.0

func InitOrgClient(AWSConfig aws.Config) *organizations.Client

func InitSecretsManagerClient ¶ added in v1.12.3

func InitSecretsManagerClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) *secretsmanager.Client

Types ¶

type AWSSQSClient ¶ added in v1.10.0

type AWSSQSClient interface {
	ListQueues(ctx context.Context, params *sqs.ListQueuesInput, optFns ...func(*sqs.Options)) (*sqs.ListQueuesOutput, error)
	GetQueueAttributes(ctx context.Context, params *sqs.GetQueueAttributesInput, optFns ...func(*sqs.Options)) (*sqs.GetQueueAttributesOutput, error)
}

type AccessKeysModule ¶

type AccessKeysModule struct {
	// General configuration data
	IAMClient      sdk.AWSIAMClientInterface
	Caller         sts.GetCallerIdentityOutput
	AWSProfile     string
	Goroutines     int
	WrapTable      bool
	AWSOutputType  string
	AWSTableCols   string
	CommandCounter internal.CommandCounter

	// Main module data
	AnalyzedUsers []UserKeys
	// contains filtered or unexported fields
}

func (*AccessKeysModule) PrintAccessKeys ¶

func (m *AccessKeysModule) PrintAccessKeys(filter string, outputDirectory string, verbosity int)

type Account ¶ added in v1.11.0

type Account struct {
	ProfileName string

	Name   string
	Id     string
	Email  string
	Arn    string
	Status string
	OrgId  string
	// contains filtered or unexported fields
}

type AllAccountData ¶ added in v1.14.0

type AllAccountData struct {
	Files map[string]*PerAccountData // Map of file paths to their records
}

type AnalyzedRole ¶

type AnalyzedRole struct {

	// trustType  string // UNUSED FIELD, PLEASE REVIEW
	Admin      string
	CanPrivEsc string
	// contains filtered or unexported fields
}

type ApiGateway ¶ added in v1.13.0

type ApiGateway struct {
	AWSService string
	Region     string
	Name       string
	Endpoint   string
	ApiKey     string
	Public     string
	Method     string
}

type ApiGwModule ¶ added in v1.13.0

type ApiGwModule struct {
	// General configuration data
	APIGatewayClient   sdk.APIGatewayClientInterface
	APIGatewayv2Client sdk.APIGatewayv2ClientInterface

	Caller     sts.GetCallerIdentityOutput
	AWSRegions []string
	Goroutines int
	AWSProfile string
	WrapTable  bool

	// Main module data
	Gateways       []ApiGateway
	CommandCounter internal.CommandCounter
	Errors         []string
	// contains filtered or unexported fields
}

func (*ApiGwModule) ApiGatewayApiKeyRequired ¶ added in v1.13.0

func (m *ApiGwModule) ApiGatewayApiKeyRequired(r string, ApiId *string, ResourceId *string, method string) bool

func (*ApiGwModule) GetApiGatewayApiKey ¶ added in v1.13.0

func (m *ApiGwModule) GetApiGatewayApiKey(r string, ApiId string, Stage string) (string, error)

func (*ApiGwModule) PrintApiGws ¶ added in v1.13.0

func (m *ApiGwModule) PrintApiGws(outputDirectory string, verbosity int)

func (*ApiGwModule) Receiver ¶ added in v1.13.0

func (m *ApiGwModule) Receiver(receiver chan ApiGateway, receiverDone chan bool)

type AttachedPolicies ¶ added in v1.9.0

type AttachedPolicies struct {
	Arn  string `json:"arn"`
	Name string `json:"name"`
}

type BucketRow ¶ added in v1.12.3

type BucketRow struct {
	Arn                   string
	AWSService            string
	Region                string
	Name                  string
	Policy                policy.Policy
	PolicyJSON            string
	Access                string
	IsPublic              string
	IsConditionallyPublic string
	Statement             string
	Actions               string
	ConditionText         string
	ResourcePolicySummary string
}

type BucketsModule ¶

type BucketsModule struct {
	// General configuration data
	//BucketsS3Client CloudFoxS3Client
	CheckBucketPolicies bool
	S3Client            sdk.AWSS3ClientInterface
	AWSRegions          []string
	AWSProfile          string
	Caller              sts.GetCallerIdentityOutput
	AWSTableCols        string
	AWSOutputType       string

	Goroutines int
	WrapTable  bool

	// Main module data
	Buckets        []BucketRow
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func (*BucketsModule) PrintBuckets ¶

func (m *BucketsModule) PrintBuckets(outputDirectory string, verbosity int)

func (*BucketsModule) Receiver ¶

func (m *BucketsModule) Receiver(receiver chan BucketRow, receiverDone chan bool)

type CFStack ¶ added in v1.8.0

type CFStack struct {
	AWSService string
	Region     string
	Name       string
	Role       string
	Outputs    []types.Output
	Parameters []types.Parameter
	Template   string
}

type CapeCommand ¶ added in v1.14.0

type CapeCommand struct {

	// General configuration data
	Cmd                 cobra.Command
	Caller              sts.GetCallerIdentityOutput
	AWSRegions          []string
	Goroutines          int
	AWSProfile          string
	WrapTable           bool
	AWSOutputType       string
	AWSTableCols        string
	Verbosity           int
	AWSOutputDirectory  string
	AWSConfig           aws.Config
	Version             string
	SkipAdminCheck      bool
	GlobalGraph         graph.Graph[string, string]
	PmapperDataBasePath string
	AnalyzedAccounts    map[string]CapeJobInfo
	CapeAdminOnly       bool
	AccountsNotAnalyzed []string
	// contains filtered or unexported fields
}

func (*CapeCommand) RunCapeCommand ¶ added in v1.14.0

func (m *CapeCommand) RunCapeCommand()

type CapeJSON ¶ added in v1.14.0

type CapeJSON struct {
	Account       string `json:"account"`
	Source        string `json:"source"`
	Summary       string `json:"summary"`
	Target        string `json:"target"`
	IsTargetAdmin string `json:"isTargetAdmin"`
}

type CapeJobInfo ¶ added in v1.14.0

type CapeJobInfo struct {
	AccountID            string
	Profile              string
	AnalyzedSuccessfully bool
	AdminOnlyAnalysis    bool
	Source               string
}

type CloudTrailEvent ¶

type CloudTrailEvent struct {
	EventVersion string `json:"eventVersion"`
	UserIdentity struct {
		Type           string `json:"type"`
		PrincipalID    string `json:"principalId"`
		Arn            string `json:"arn"`
		AccountID      string `json:"accountId"`
		AccessKeyID    string `json:"accessKeyId"`
		SessionContext struct {
			SessionIssuer struct {
				Type        string `json:"type"`
				PrincipalID string `json:"principalId"`
				Arn         string `json:"arn"`
				AccountID   string `json:"accountId"`
				UserName    string `json:"userName"`
			} `json:"sessionIssuer"`
			WebIDFederationData struct {
			} `json:"webIdFederationData"`
			Attributes struct {
				CreationDate     time.Time `json:"creationDate"`
				MfaAuthenticated string    `json:"mfaAuthenticated"`
			} `json:"attributes"`
		} `json:"sessionContext"`
	} `json:"userIdentity"`
	EventTime         time.Time `json:"eventTime"`
	EventSource       string    `json:"eventSource"`
	EventName         string    `json:"eventName"`
	AwsRegion         string    `json:"awsRegion"`
	SourceIPAddress   string    `json:"sourceIPAddress"`
	UserAgent         string    `json:"userAgent"`
	RequestParameters struct {
		RoleArn         string `json:"roleArn"`
		RoleSessionName string `json:"roleSessionName"`
	} `json:"requestParameters"`
	ResponseElements struct {
		Credentials struct {
			AccessKeyID  string `json:"accessKeyId"`
			SessionToken string `json:"sessionToken"`
			Expiration   string `json:"expiration"`
		} `json:"credentials"`
		AssumedRoleUser struct {
			AssumedRoleID string `json:"assumedRoleId"`
			Arn           string `json:"arn"`
		} `json:"assumedRoleUser"`
	} `json:"responseElements"`
	RequestID string `json:"requestID"`
	EventID   string `json:"eventID"`
	ReadOnly  bool   `json:"readOnly"`
	Resources []struct {
		AccountID string `json:"accountId"`
		Type      string `json:"type"`
		Arn       string `json:"ARN"`
	} `json:"resources"`
	EventType          string `json:"eventType"`
	ManagementEvent    bool   `json:"managementEvent"`
	RecipientAccountID string `json:"recipientAccountId"`
	EventCategory      string `json:"eventCategory"`
	TLSDetails         struct {
		TLSVersion               string `json:"tlsVersion"`
		CipherSuite              string `json:"cipherSuite"`
		ClientProvidedHostHeader string `json:"clientProvidedHostHeader"`
	} `json:"tlsDetails"`
}

type CloudformationModule ¶ added in v1.8.0

type CloudformationModule struct {
	// General configuration data
	CloudFormationClient sdk.CloudFormationClientInterface

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	Goroutines    int
	AWSProfile    string
	WrapTable     bool
	AWSOutputType string
	AWSTableCols  string

	// Main module data
	CFStacks       []CFStack
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func (*CloudformationModule) PrintCloudformationStacks ¶ added in v1.8.0

func (m *CloudformationModule) PrintCloudformationStacks(outputDirectory string, verbosity int)

func (*CloudformationModule) Receiver ¶ added in v1.8.0

func (m *CloudformationModule) Receiver(receiver chan CFStack, receiverDone chan bool)

type Cluster ¶ added in v1.9.0

type Cluster struct {
	AWSService string
	Region     string
	Name       string
	Endpoint   string
	Public     string
	OIDC       string
	NodeGroup  string
	Role       string
	Admin      string
	CanPrivEsc string
}

type CodeBuildModule ¶ added in v1.11.0

type CodeBuildModule struct {
	// General configuration data
	CodeBuildClient sdk.CodeBuildClientInterface
	IAMClient       sdk.AWSIAMClientInterface

	Caller              sts.GetCallerIdentityOutput
	AWSRegions          []string
	AWSOutputType       string
	AWSTableCols        string
	PmapperDataBasePath string

	Goroutines     int
	AWSProfile     string
	SkipAdminCheck bool
	WrapTable      bool

	// Main module data
	Projects       []Project
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func InitCodeBuildClient ¶ added in v1.11.0

func InitCodeBuildClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) CodeBuildModule

func (*CodeBuildModule) PrintCodeBuildProjects ¶ added in v1.11.0

func (m *CodeBuildModule) PrintCodeBuildProjects(outputDirectory string, verbosity int)

func (*CodeBuildModule) Receiver ¶ added in v1.11.0

func (m *CodeBuildModule) Receiver(receiver chan Project, receiverDone chan bool)

type Database ¶ added in v1.11.0

type Database struct {
	AWSService string
	Region     string
	Engine     string
	Name       string
	Arn        string
	UserName   string
	Endpoint   string
	Port       int32
	Protocol   string
	Public     string
	Size       string
	Roles      string
}

type DatabasesModule ¶ added in v1.11.0

type DatabasesModule struct {
	RDSClient      sdk.RDSClientInterface
	RedshiftClient sdk.AWSRedShiftClientInterface
	DynamoDBClient sdk.DynamoDBClientInterface

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines int
	AWSProfile string
	WrapTable  bool

	Databases      []Database
	CommandCounter internal.CommandCounter
	Errors         []string
	// contains filtered or unexported fields
}

func (*DatabasesModule) PrintDatabases ¶ added in v1.11.0

func (m *DatabasesModule) PrintDatabases(outputDirectory string, verbosity int)

func (*DatabasesModule) Receiver ¶ added in v1.11.0

func (m *DatabasesModule) Receiver(receiver chan Database, receiverDone chan bool)

type Directory ¶ added in v1.14.0

type Directory struct {
	DirectoryId string
	DNS         string
	NetBios     string
	AccessURL   string
	Alias       string
	OsVersion   string
	Region      string
	TrustInfo   string
}

type DirectoryModule ¶ added in v1.14.0

type DirectoryModule struct {
	// General configuration data
	DSClient           sdk.AWSDSClientInterface
	Caller             sts.GetCallerIdentityOutput
	AWSRegions         []string
	AWSProfile         string
	Goroutines         int
	WrapTable          bool
	AWSOutputType      string
	AWSTableCols       string
	AWSMFAToken        string
	AWSConfig          aws.Config
	AWSProfileProvided string
	AWSProfileStub     string
	CloudFoxVersion    string

	Directories    []Directory
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func (*DirectoryModule) PrintDirectories ¶ added in v1.14.0

func (m *DirectoryModule) PrintDirectories(outputDirectory string, verbosity int)

func (*DirectoryModule) Receiver ¶ added in v1.14.0

func (m *DirectoryModule) Receiver(receiver chan Directory, receiverDone chan bool)

type ECRModule ¶

type ECRModule struct {
	// General configuration data
	ECRClient     sdk.AWSECRClientInterface
	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines int
	AWSProfile string
	WrapTable  bool

	// Main module data
	Repositories   []Repository
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func InitECRClient ¶ added in v1.11.0

func InitECRClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) ECRModule

func (*ECRModule) PrintECR ¶

func (m *ECRModule) PrintECR(outputDirectory string, verbosity int)

func (*ECRModule) Receiver ¶

func (m *ECRModule) Receiver(receiver chan Repository, receiverDone chan bool)

type ECSTasksModule ¶ added in v1.9.0

type ECSTasksModule struct {
	ECSClient sdk.AWSECSClientInterface
	EC2Client sdk.AWSEC2ClientInterface
	IAMClient sdk.AWSIAMClientInterface

	Caller              sts.GetCallerIdentityOutput
	AWSRegions          []string
	AWSOutputType       string
	AWSTableCols        string
	PmapperDataBasePath string

	AWSProfile     string
	Goroutines     int
	SkipAdminCheck bool
	WrapTable      bool

	MappedECSTasks []MappedECSTask
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func (*ECSTasksModule) ECSTasks ¶ added in v1.9.0

func (m *ECSTasksModule) ECSTasks(outputDirectory string, verbosity int)

func (*ECSTasksModule) Receiver ¶ added in v1.9.0

func (m *ECSTasksModule) Receiver(receiver chan MappedECSTask, receiverDone chan bool)

type EKSModule ¶ added in v1.9.0

type EKSModule struct {
	// General configuration data
	// These interfaces are used for unit testing
	EKSClient sdk.EKSClientInterface
	IAMClient sdk.AWSIAMClientInterface

	Caller              sts.GetCallerIdentityOutput
	AWSRegions          []string
	AWSOutputType       string
	AWSTableCols        string
	PmapperDataBasePath string

	Goroutines     int
	AWSProfile     string
	SkipAdminCheck bool
	WrapTable      bool

	// Main module data
	Clusters       []Cluster
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func (*EKSModule) EKS ¶ added in v1.9.0

func (m *EKSModule) EKS(outputDirectory string, verbosity int)

func (*EKSModule) Receiver ¶ added in v1.9.0

func (m *EKSModule) Receiver(receiver chan Cluster, receiverDone chan bool)

type Edge ¶ added in v1.9.0

type Edge struct {
	Source      string `json:"source"`
	Destination string `json:"destination"`
	Reason      string `json:"reason"`
	ShortReason string `json:"short_reason"`
}

type ElasticNetworkInterfacesModule ¶ added in v1.9.0

type ElasticNetworkInterfacesModule struct {
	EC2Client sdk.AWSEC2ClientInterface

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	AWSProfile string
	WrapTable  bool

	MappedENIs     []MappedENI
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func (*ElasticNetworkInterfacesModule) ElasticNetworkInterfaces ¶ added in v1.9.0

func (m *ElasticNetworkInterfacesModule) ElasticNetworkInterfaces(outputDirectory string, verbosity int)

func (*ElasticNetworkInterfacesModule) Receiver ¶ added in v1.9.0

func (m *ElasticNetworkInterfacesModule) Receiver(receiver chan MappedENI, receiverDone chan bool)

type Endpoint ¶

type Endpoint struct {
	AWSService string
	Region     string
	Name       string
	Endpoint   string
	Port       int32
	Protocol   string
	Public     string
}

type EndpointsModule ¶

type EndpointsModule struct {
	// General configuration data
	LambdaClient       sdk.LambdaClientInterface
	EKSClient          sdk.EKSClientInterface
	MQClient           *mq.Client
	OpenSearchClient   *opensearch.Client
	GrafanaClient      *grafana.Client
	ELBv2Client        *elasticloadbalancingv2.Client
	ELBClient          *elasticloadbalancing.Client
	APIGatewayClient   *apigateway.Client
	APIGatewayv2Client *apigatewayv2.Client
	RDSClient          *rds.Client
	RedshiftClient     *redshift.Client
	S3Client           *s3.Client
	CloudfrontClient   *cloudfront.Client
	AppRunnerClient    *apprunner.Client
	LightsailClient    *lightsail.Client

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines int
	AWSProfile string
	WrapTable  bool

	// Main module data
	Endpoints      []Endpoint
	CommandCounter internal.CommandCounter
	Errors         []string
	// contains filtered or unexported fields
}

func (*EndpointsModule) PrintEndpoints ¶

func (m *EndpointsModule) PrintEndpoints(outputDirectory string, verbosity int)

func (*EndpointsModule) Receiver ¶

func (m *EndpointsModule) Receiver(receiver chan Endpoint, receiverDone chan bool)

type EnvironmentVariable ¶

type EnvironmentVariable struct {
	// contains filtered or unexported fields
}

type EnvsModule ¶

type EnvsModule struct {
	// General configuration data
	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSProfile    string
	AWSOutputType string
	AWSTableCols  string

	Goroutines int
	WrapTable  bool

	// Service Clients
	ECSClient       *ecs.Client
	LambdaClient    *lambda.Client
	AppRunnerClient *apprunner.Client
	LightsailClient *lightsail.Client
	SagemakerClient *sagemaker.Client

	// Main module data
	EnvironmentVariables []EnvironmentVariable
	CommandCounter       internal.CommandCounter
	// contains filtered or unexported fields
}

func (*EnvsModule) PrintEnvs ¶

func (m *EnvsModule) PrintEnvs(outputDirectory string, verbosity int)

func (*EnvsModule) Receiver ¶

func (m *EnvsModule) Receiver(receiver chan EnvironmentVariable, receiverDone chan bool)

type FilesystemObject ¶

type FilesystemObject struct {
	AWSService  string
	Region      string
	Name        string
	DnsName     string
	IP          string
	Policy      string
	MountTarget string
	Permissions string
}

type FilesystemsModule ¶

type FilesystemsModule struct {
	EFSClient *efs.Client
	FSxClient *fsx.Client

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines int
	AWSProfile string
	WrapTable  bool

	// Main module data
	Filesystems []FilesystemObject

	Regions        [30]FilesystemObject
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func InitFileSystemsClient ¶ added in v1.11.0

func InitFileSystemsClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) FilesystemsModule

func (*FilesystemsModule) PrintFilesystems ¶

func (m *FilesystemsModule) PrintFilesystems(outputDirectory string, verbosity int)

func (*FilesystemsModule) Receiver ¶

func (m *FilesystemsModule) Receiver(receiver chan FilesystemObject, receiverDone chan bool)

type GAADGroup ¶

type GAADGroup struct {
	Arn              string
	Name             string
	AttachedPolicies []types.AttachedPolicy
	InlinePolicies   []types.PolicyDetail
}

type GAADPolicy ¶

type GAADPolicy struct {
	Name              string
	Arn               string
	PolicyVersionList []types.PolicyVersion
}

type GAADRole ¶

type GAADRole struct {
	Arn              string
	Name             string
	AttachedPolicies []types.AttachedPolicy
	InlinePolicies   []types.PolicyDetail
}

type GAADUser ¶

type GAADUser struct {
	Name             string
	Arn              string
	AttachedPolicies []types.AttachedPolicy
	InlinePolicies   []types.PolicyDetail
	GroupList        []string
}

type GlobalResourceCount2 ¶

type GlobalResourceCount2 struct {
	// contains filtered or unexported fields
}

type GraphCommand ¶ added in v1.14.0

type GraphCommand struct {

	// General configuration data
	Caller              sts.GetCallerIdentityOutput
	AWSRegions          []string
	Goroutines          int
	AWSProfile          string
	WrapTable           bool
	AWSOutputType       string
	AWSTableCols        string
	Verbosity           int
	AWSOutputDirectory  string
	AWSConfig           aws.Config
	Version             string
	SkipAdminCheck      bool
	PmapperDataBasePath string
	// contains filtered or unexported fields
}

func (*GraphCommand) RunGraphCommand ¶ added in v1.14.0

func (m *GraphCommand) RunGraphCommand()

type Group ¶

type Group struct {
	AWSService       string
	Type             string
	Arn              string
	Name             string
	AttachedPolicies []string
	InlinePolicies   []string
	AttachedUsers    []string
}

type IamPermissionsModule ¶

type IamPermissionsModule struct {
	// General configuration data
	IAMClient sdk.AWSIAMClientInterface

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines int
	AWSProfile string
	WrapTable  bool

	Policies       []GAADPolicy
	Users          []GAADUser
	Roles          []GAADRole
	Groups         []GAADGroup
	Rows           []common.PermissionsRow
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func InitPermissionsClient ¶ added in v1.14.0

func InitPermissionsClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) IamPermissionsModule

func (*IamPermissionsModule) GetGAAD ¶ added in v1.14.0

func (m *IamPermissionsModule) GetGAAD()

func (*IamPermissionsModule) ParsePermissions ¶ added in v1.14.0

func (m *IamPermissionsModule) ParsePermissions(principal string)

func (*IamPermissionsModule) PrintIamPermissions ¶

func (m *IamPermissionsModule) PrintIamPermissions(outputDirectory string, verbosity int, principal string)

type IamPrincipalsModule ¶

type IamPrincipalsModule struct {
	// General configuration data
	IAMClient sdk.AWSIAMClientInterface

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines int
	AWSProfile string
	WrapTable  bool

	// Main module data
	Users          []User
	Roles          []Role
	Groups         []Group
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func (*IamPrincipalsModule) PrintIamPrincipals ¶

func (m *IamPrincipalsModule) PrintIamPrincipals(outputDirectory string, verbosity int)

type IamSimulatorModule ¶

type IamSimulatorModule struct {
	// General configuration data
	IAMClient     sdk.AWSIAMClientInterface
	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines         int
	AWSProfileProvided string
	AWSProfileStub     string
	WrapTable          bool

	// Main module data
	SimulatorResults []SimulatorResult
	CommandCounter   internal.CommandCounter
	// contains filtered or unexported fields
}

func InitIamCommandClient ¶ added in v1.14.0

func InitIamCommandClient(iamSimPPClient sdk.AWSIAMClientInterface, caller sts.GetCallerIdentityOutput, AWSProfile string, Goroutines int) IamSimulatorModule

func (*IamSimulatorModule) PrintIamSimulator ¶

func (m *IamSimulatorModule) PrintIamSimulator(principal string, action string, resource string, outputDirectory string, verbosity int)

func (*IamSimulatorModule) Receiver ¶

func (m *IamSimulatorModule) Receiver(receiver chan SimulatorResult, receiverDone chan bool)

type InstancesModule ¶

type InstancesModule struct {
	// General configuration data
	EC2Client           sdk.AWSEC2ClientInterface
	IAMClient           sdk.AWSIAMClientInterface
	Caller              sts.GetCallerIdentityOutput
	AWSRegions          []string
	AWSOutputType       string
	AWSTableCols        string
	PmapperDataBasePath string

	Goroutines                int
	UserDataAttributesOnly    bool
	AWSProfile                string
	WrapTable                 bool
	InstanceProfileToRolesMap map[string][]iamTypes.Role
	SkipAdminCheck            bool

	// Module's Results
	MappedInstances []MappedInstance
	CommandCounter  internal.CommandCounter
	// contains filtered or unexported fields
}

func (*InstancesModule) Instances ¶

func (m *InstancesModule) Instances(filter string, outputDirectory string, verbosity int)

func (*InstancesModule) Receiver ¶

func (m *InstancesModule) Receiver(receiver chan MappedInstance, receiverDone chan bool)

type Inventory2Module ¶

type Inventory2Module struct {
	// General configuration data
	APIGatewayClient       *apigateway.Client
	APIGatewayv2Client     *apigatewayv2.Client
	AppRunnerClient        *apprunner.Client
	AthenaClient           *athena.Client
	Cloud9Client           *cloud9.Client
	CloudFormationClient   *cloudformation.Client
	CloudfrontClient       *cloudfront.Client
	CodeArtifactClient     sdk.AWSCodeArtifactClientInterface
	CodeBuildClient        sdk.CodeBuildClientInterface
	CodeCommitClient       sdk.AWSCodeCommitClientInterface
	CodeDeployClient       sdk.AWSCodeDeployClientInterface
	DataPipelineClient     sdk.AWSDataPipelineClientInterface
	DynamoDBClient         *dynamodb.Client
	EC2Client              *ec2.Client
	ECRClient              sdk.AWSECRClientInterface
	ECSClient              *ecs.Client
	EKSClient              sdk.EKSClientInterface
	ELBClient              *elasticloadbalancing.Client
	ELBv2Client            *elasticloadbalancingv2.Client
	ElasticacheClient      sdk.AWSElastiCacheClientInterface
	ElasticBeanstalkClient sdk.AWSElasticBeanstalkClientInterface
	EMRClient              sdk.AWSEMRClientInterface
	GrafanaClient          *grafana.Client
	GlueClient             sdk.AWSGlueClientInterface
	KinesisClient          sdk.AWSKinesisClientInterface
	IAMClient              *iam.Client
	LambdaClient           *lambda.Client
	LightsailClient        *lightsail.Client
	MQClient               *mq.Client
	OpenSearchClient       *opensearch.Client
	RDSClient              *rds.Client
	RedshiftClient         sdk.AWSRedShiftClientInterface
	Route53Client          sdk.AWSRoute53ClientInterface
	S3Client               *s3.Client
	SQSClient              *sqs.Client
	SSMClient              *ssm.Client
	SNSClient              *sns.Client
	SecretsManagerClient   *secretsmanager.Client
	StepFunctionClient     sdk.StepFunctionsClientInterface

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines int
	AWSProfile string
	WrapTable  bool

	// Main module data
	RegionResourceCount  int
	CommandCounter       internal.CommandCounter
	GlobalResourceCounts []GlobalResourceCount2
	// contains filtered or unexported fields
}

func (*Inventory2Module) GetEMRInstancesPerRegion ¶ added in v1.12.0

func (m *Inventory2Module) GetEMRInstancesPerRegion(r string, wg *sync.WaitGroup, semaphore chan struct{})

func (*Inventory2Module) PrintInventoryPerRegion ¶

func (m *Inventory2Module) PrintInventoryPerRegion(outputDirectory string, verbosity int)

func (*Inventory2Module) PrintTotalResources ¶

func (m *Inventory2Module) PrintTotalResources(AWSOutputType string)

func (*Inventory2Module) Receiver ¶

func (m *Inventory2Module) Receiver(receiver chan GlobalResourceCount2, receiverDone chan bool)

type Lambda ¶ added in v1.8.0

type Lambda struct {
	AWSService string
	Region     string
	Type       string
	Name       string
	Arn        string
	Role       string
	Admin      string
	CanPrivEsc string
	Public     string
}

type LambdasModule ¶ added in v1.8.0

type LambdasModule struct {
	// General configuration data
	LambdaClient *lambda.Client
	IAMClient    sdk.AWSIAMClientInterface

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines     int
	AWSProfile     string
	SkipAdminCheck bool
	WrapTable      bool

	PmapperDataBasePath string

	// Main module data
	Lambdas        []Lambda
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func InitLambdaClient ¶ added in v1.11.0

func InitLambdaClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) LambdasModule

func (*LambdasModule) PrintLambdas ¶ added in v1.8.0

func (m *LambdasModule) PrintLambdas(outputDirectory string, verbosity int)

func (*LambdasModule) Receiver ¶ added in v1.8.0

func (m *LambdasModule) Receiver(receiver chan Lambda, receiverDone chan bool)

type MappedECSTask ¶ added in v1.9.0

type MappedECSTask struct {
	Cluster               string
	TaskDefinitionName    string
	TaskDefinitionContent string
	LaunchType            string
	ID                    string
	ExternalIP            string
	PrivateIP             string
	Role                  string
	Admin                 string
	CanPrivEsc            string
}

type MappedENI ¶ added in v1.9.0

type MappedENI struct {
	ID               string
	Type             string
	ExternalIP       string
	PrivateIP        string
	VPCID            string
	AttachedInstance string
	Description      string
}

type MappedInstance ¶

type MappedInstance struct {
	ID               string
	Name             string
	Arn              string
	AvailabilityZone string
	State            string
	ExternalIP       string
	PrivateIP        string
	Profile          string
	Admin            string
	Role             string
	Region           string
	CanPrivEsc       string
}

type NaclRule ¶ added in v1.10.0

type NaclRule struct {
	RuleNumber int32
	Protocol   string
	Cidr       string
	PortRange  []int32
	Action     bool
}

type NetworkAcl ¶ added in v1.10.0

type NetworkAcl struct {
	ID      string
	VpcId   string
	Subnets []string
	// contains filtered or unexported fields
}

func (*NetworkAcl) Insert ¶ added in v1.10.0

func (l *NetworkAcl) Insert(rule NaclRule)

type NetworkPortsModule ¶ added in v1.10.0

type NetworkPortsModule struct {
	// General configuration data
	EC2Client         *ec2.Client
	ECSClient         *ecs.Client
	EFSClient         *efs.Client
	ElastiCacheClient *elasticache.Client
	ELBv2Client       *elasticloadbalancingv2.Client
	LightsailClient   *lightsail.Client
	RDSClient         *rds.Client

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines int
	AWSProfile string
	WrapTable  bool
	Verbosity  int

	// Main module data
	IPv4_Private []NetworkService
	IPv4_Public  []NetworkService
	IPv6         []NetworkService

	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func (*NetworkPortsModule) Evaluate ¶ added in v1.10.0

func (m *NetworkPortsModule) Evaluate(l *NetworkAcl, port int32, proto string) (bool, *NaclRule)

func (*NetworkPortsModule) PrintNetworkPorts ¶ added in v1.10.0

func (m *NetworkPortsModule) PrintNetworkPorts(outputDirectory string)

func (*NetworkPortsModule) Receiver ¶ added in v1.10.0

func (m *NetworkPortsModule) Receiver(receiver chan NetworkServices, receiverDone chan bool)

type NetworkService ¶ added in v1.10.0

type NetworkService struct {
	AWSService string
	Region     string
	Hosts      []string
	Ports      []string
	Protocol   string
}

type NetworkServices ¶ added in v1.10.0

type NetworkServices struct {
	IPv4_Private []NetworkService
	IPv4_Public  []NetworkService
	IPv6         []NetworkService
}

type Node ¶ added in v1.9.0

type Node struct {
	Arn                       string `json:"arn"`
	Type                      string
	AccountID                 string
	Name                      string
	IDValue                   string             `json:"id_value"`
	AttachedPolicies          []AttachedPolicies `json:"attached_policies"`
	GroupMemberships          []interface{}      `json:"group_memberships"`
	TrustPolicy               interface{}        `json:"trust_policy"`
	TrustsDoc                 policy.TrustPolicyDocument
	TrustedPrincipals         []TrustedPrincipal
	TrustedServices           []TrustedService
	TrustedFederatedProviders []TrustedFederatedProvider
	InstanceProfile           interface{} `json:"instance_profile"`
	ActivePassword            bool        `json:"active_password"`
	AccessKeys                int         `json:"access_keys"`
	IsAdmin                   bool        `json:"is_admin"`
	PathToAdmin               bool
	PermissionsBoundary       interface{} `json:"permissions_boundary"`
	HasMfa                    bool        `json:"has_mfa"`
	Tags                      Tags        `json:"tags"`
	CanPrivEscToAdminString   string
	IsAdminString             string
	VendorName                string
}

func ConvertIAMRoleToNode ¶ added in v1.14.0

func ConvertIAMRoleToNode(role types.Role, vendors *knownawsaccountslookup.Vendors, analyzedAccounts map[string]CapeJobInfo) Node

func ConvertIAMUserToNode ¶ added in v1.14.0

func ConvertIAMUserToNode(user types.User) Node

func FindVerticesInRoleTrust ¶ added in v1.14.0

func FindVerticesInRoleTrust(a Node, vendors *knownawsaccountslookup.Vendors) []Node

func MergeNodes ¶ added in v1.14.0

func MergeNodes(nodes []Node) []Node

func (*Node) MakeRoleEdges ¶ added in v1.14.0

func (a *Node) MakeRoleEdges(GlobalGraph graph.Graph[string, string])

type Org ¶ added in v1.11.0

type Org struct {
	OrgId         string
	MgmtAccount   string
	ChildAccounts []Account
}

type OrgModule ¶ added in v1.11.0

type OrgModule struct {
	OrganizationsClient sdk.OrganizationsClientInterface
	Caller              sts.GetCallerIdentityOutput
	AWSRegions          []string
	AWSOutputType       string
	AWSTableCols        string

	Goroutines        int
	AWSProfile        string
	SkipAdminCheck    bool
	WrapTable         bool
	DescribeOrgOutput *types.Organization

	// Main module data
	Accounts       []Account
	Orgs           map[string]Org
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func InitOrgsClient ¶ added in v1.14.0

func InitOrgsClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) OrgModule

func (*OrgModule) FindMgmtAccounts ¶ added in v1.11.0

func (m *OrgModule) FindMgmtAccounts(profile string, version string, wg *sync.WaitGroup, semaphore chan struct{}, dataReceiver chan Account)

func (*OrgModule) IsCallerAccountPartOfAnOrg ¶ added in v1.11.0

func (m *OrgModule) IsCallerAccountPartOfAnOrg() bool

func (*OrgModule) IsManagementAccount ¶ added in v1.11.0

func (m *OrgModule) IsManagementAccount(Organization *types.Organization, account string) bool

func (*OrgModule) PrintOrgAccounts ¶ added in v1.11.0

func (m *OrgModule) PrintOrgAccounts(outputDirectory string, verbosity int)

func (*OrgModule) ProcessMultipleAccounts ¶ added in v1.11.0

func (m *OrgModule) ProcessMultipleAccounts(AWSProfiles []string, version string)

func (*OrgModule) Receiver ¶ added in v1.11.0

func (m *OrgModule) Receiver(receiver chan Account, receiverDone chan bool)

type OutboundAssumeRoleEntry ¶

type OutboundAssumeRoleEntry struct {
	AWSService           string
	Region               string
	Type                 string
	SourceAccount        string
	SourcePrincipal      string
	DestinationAccount   string
	DestinationPrincipal string
	Action               string
	LogTimestamp         string
}

type OutboundAssumedRolesModule ¶

type OutboundAssumedRolesModule struct {
	// General configuration data
	CloudTrailClient *cloudtrail.Client

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines int
	AWSProfile string
	WrapTable  bool

	// Main module data
	OutboundAssumeRoleEntries []OutboundAssumeRoleEntry
	Days                      int
	CommandCounter            internal.CommandCounter
	// contains filtered or unexported fields
}

func (*OutboundAssumedRolesModule) PrintOutboundRoleTrusts ¶

func (m *OutboundAssumedRolesModule) PrintOutboundRoleTrusts(days int, outputDirectory string, verbosity int)

func (*OutboundAssumedRolesModule) Receiver ¶

func (m *OutboundAssumedRolesModule) Receiver(receiver chan OutboundAssumeRoleEntry, receiverDone chan bool)

type PerAccountData ¶ added in v1.14.0

type PerAccountData struct {
	FilePath     string     // Path to the JSON file
	PrivescPaths []CapeJSON // All records contained in the file
}

type PmapperModule ¶ added in v1.9.0

type PmapperModule struct {
	// General configuration data
	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines int
	AWSProfile string
	WrapTable  bool

	// Main module data
	PmapperDataBasePath string

	Nodes          []Node
	Edges          []Edge
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func InitPmapperGraph ¶ added in v1.14.0

func InitPmapperGraph(Caller sts.GetCallerIdentityOutput, AWSProfile string, Goroutines int, PmapperDataBasePath string) (PmapperModule, error)

func (*PmapperModule) DoesPrincipalHaveAdmin ¶ added in v1.9.0

func (m *PmapperModule) DoesPrincipalHaveAdmin(principal string) bool

func (*PmapperModule) DoesPrincipalHavePathToAdmin ¶ added in v1.9.0

func (m *PmapperModule) DoesPrincipalHavePathToAdmin(principal string) bool

func (*PmapperModule) GenerateCypherStatements ¶ added in v1.14.0

func (m *PmapperModule) GenerateCypherStatements(goCtx context.Context, driver neo4j.DriverWithContext) error

func (*PmapperModule) PrintPmapperData ¶ added in v1.9.0

func (m *PmapperModule) PrintPmapperData(outputDirectory string, verbosity int)

type PmapperOutputRow ¶ added in v1.14.0

type PmapperOutputRow struct {
	Start string
	End   string
	Paths []string
}

type Project ¶ added in v1.11.0

type Project struct {
	Region     string
	Name       string
	Arn        string
	Role       string
	Admin      string
	CanPrivEsc string
}

type Queue ¶ added in v1.10.0

type Queue struct {
	URL                   string
	Name                  string
	Arn                   string
	Region                string
	Policy                policy.Policy
	PolicyJSON            string
	Access                string
	IsPublic              string
	IsConditionallyPublic string
	Statement             string
	Actions               string
	ConditionText         string
	ResourcePolicySummary string
}

type RAMModule ¶

type RAMModule struct {
	// General configuration data
	RAMClient *ram.Client

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines int
	AWSProfile string
	WrapTable  bool

	// Main module data
	Resources      []Resource
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func (*RAMModule) PrintRAM ¶

func (m *RAMModule) PrintRAM(outputDirectory string, verbosity int)

func (*RAMModule) Receiver ¶

func (m *RAMModule) Receiver(receiver chan Resource, receiverDone chan bool)

type Record ¶

type Record struct {
	AWSService  string
	Name        string
	Type        string
	Value       string
	PrivateZone string
}

type Repository ¶

type Repository struct {
	AWSService string
	Region     string
	Name       string
	URI        string
	PushedAt   string
	ImageTags  string
	ImageSize  int64
	Policy     policy.Policy
	PolicyJSON string
}

type Resource ¶

type Resource struct {
	AWSService string
	Region     string
	Name       string
	Owner      string
	Type       string
	ShareType  string
}

type Resource2 ¶ added in v1.11.0

type Resource2 struct {
	AccountID             string
	Name                  string
	ARN                   string
	Region                string
	Policy                policy.Policy
	PolicyJSON            string
	ResourcePolicySummary string
	Public                string
	Interesting           string
	TrustedPrincipals     string
	TrustsCrossAccount    string
	TrustsAllAccounts     string
	HasConditions         string
}

type ResourceTrustsModule ¶ added in v1.11.0

type ResourceTrustsModule struct {
	// General configuration data
	Caller             sts.GetCallerIdentityOutput
	AWSRegions         []string
	Goroutines         int
	WrapTable          bool
	AWSOutputType      string
	AWSTableCols       string
	AWSMFAToken        string
	AWSConfig          aws.Config
	AWSProfileProvided string
	AWSProfileStub     string
	CloudFoxVersion    string

	Resources2     []Resource2
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func (*ResourceTrustsModule) PrintResources ¶ added in v1.11.0

func (m *ResourceTrustsModule) PrintResources(outputDirectory string, verbosity int)

func (*ResourceTrustsModule) Receiver ¶ added in v1.11.0

func (m *ResourceTrustsModule) Receiver(receiver chan Resource2, receiverDone chan bool)

type Role ¶

type Role struct {
	AWSService       string
	Type             string
	Arn              string
	Name             string
	AttachedPolicies []string
	InlinePolicies   []string
}

type RoleTrustRow ¶ added in v1.12.3

type RoleTrustRow struct {
	RoleARN                  string
	RoleName                 string
	TrustedPrincipal         string
	TrustedService           string
	TrustedFederatedProvider string
	TrustedFederatedSubject  string
	ExternalID               string
	IsAdmin                  string
	CanPrivEsc               string
}

type RoleTrustsModule ¶

type RoleTrustsModule struct {
	// General configuration data
	IAMClient                        sdk.AWSIAMClientInterface
	IAMSimulatePrincipalPolicyClient iam.SimulatePrincipalPolicyAPIClient

	Caller         sts.GetCallerIdentityOutput
	AWSProfile     string
	Goroutines     int
	CommandCounter internal.CommandCounter
	SkipAdminCheck bool
	WrapTable      bool
	AWSOutputType  string
	AWSTableCols   string

	PmapperDataBasePath string

	// Main module data
	AnalyzedRoles  []AnalyzedRole
	RoleTrustTable []RoleTrustRow
	// contains filtered or unexported fields
}

func (*RoleTrustsModule) PrintRoleTrusts ¶

func (m *RoleTrustsModule) PrintRoleTrusts(outputDirectory string, verbosity int)

type Route53Module ¶

type Route53Module struct {
	// General configuration data
	Route53Client sdk.AWSRoute53ClientInterface

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines     int
	AWSProfile     string
	WrapTable      bool
	CommandCounter internal.CommandCounter

	// Main module data
	Records []Record
	// contains filtered or unexported fields
}

func (*Route53Module) PrintRoute53 ¶

func (m *Route53Module) PrintRoute53(outputDirectory string, verbosity int)

type SNSClientInterface ¶ added in v1.11.0

type SNSClientInterface interface {
	ListTopics(ctx context.Context, params *sns.ListTopicsInput, optFns ...func(*sns.Options)) (*sns.ListTopicsOutput, error)
	GetTopicAttributes(ctx context.Context, params *sns.GetTopicAttributesInput, optFns ...func(*sns.Options)) (*sns.GetTopicAttributesOutput, error)
}

type SNSModule ¶ added in v1.10.0

type SNSModule struct {
	// General configuration data
	SNSClient     SNSClientInterface
	AWSRegions    []string
	AWSProfile    string
	Caller        sts.GetCallerIdentityOutput
	StorePolicies bool
	AWSOutputType string
	AWSTableCols  string

	Goroutines int
	WrapTable  bool

	// Main module data
	Topics         []SNSTopic
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func InitCloudFoxSNSClient ¶ added in v1.11.0

func InitCloudFoxSNSClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSWrapTable bool, AWSMFAToken string) SNSModule

func (*SNSModule) PrintSNS ¶ added in v1.10.0

func (m *SNSModule) PrintSNS(outputDirectory string, verbosity int)

func (*SNSModule) Receiver ¶ added in v1.10.0

func (m *SNSModule) Receiver(receiver chan SNSTopic, receiverDone chan bool)

type SNSTopic ¶ added in v1.10.0

type SNSTopic struct {
	ARN                   string
	Name                  string
	Region                string
	Policy                policy.Policy
	PolicyJSON            string
	Access                string
	IsPublic              string
	IsConditionallyPublic string
	Statement             string
	Actions               string
	ConditionText         string
	ResourcePolicySummary string
}

type SQSModule ¶ added in v1.10.0

type SQSModule struct {
	// General configuration data
	SQSClient AWSSQSClient

	StorePolicies bool

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines int
	AWSProfile string
	WrapTable  bool

	// Main module data
	Queues         []Queue
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func InitSQSClient ¶ added in v1.11.0

func InitSQSClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) SQSModule

func (*SQSModule) PrintSQS ¶ added in v1.10.0

func (m *SQSModule) PrintSQS(outputDirectory string, verbosity int)

func (*SQSModule) Receiver ¶ added in v1.10.0

func (m *SQSModule) Receiver(receiver chan Queue, receiverDone chan bool)

type Secret ¶

type Secret struct {
	AWSService  string
	Region      string
	Name        string
	Description string
}

type SecretsModule ¶

type SecretsModule struct {
	// General configuration data
	SecretsManagerClient *secretsmanager.Client
	SSMClient            *ssm.Client

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSProfile    string
	Goroutines    int
	WrapTable     bool
	AWSOutputType string
	AWSTableCols  string

	// Main module data
	Secrets []Secret

	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func (*SecretsModule) PrintSecrets ¶

func (m *SecretsModule) PrintSecrets(outputDirectory string, verbosity int)

func (*SecretsModule) Receiver ¶

func (m *SecretsModule) Receiver(receiver chan Secret, receiverDone chan bool)

type SecurityGroup ¶ added in v1.10.0

type SecurityGroup struct {
	ID    string
	VpcId string
	Rules []SecurityGroupRule
}

type SecurityGroupRule ¶ added in v1.10.0

type SecurityGroupRule struct {
	Protocol string
	Cidr     []string
	Ports    []int32
}

type SimulatorResult ¶

type SimulatorResult struct {
	AWSService string
	Query      string
	Principal  string
	Decision   string
}

type Tag ¶ added in v1.8.0

type Tag struct {
	AWSService string
	Region     string
	Arn        string
	Name       string
	Type       string
	Key        string
	Value      string
}

type Tags ¶ added in v1.9.0

type Tags struct {
}

type TagsGetResourcesAPI ¶ added in v1.10.0

type TagsGetResourcesAPI interface {
	GetResources(ctx context.Context, params *resourcegroupstaggingapi.GetResourcesInput, optFns ...func(*resourcegroupstaggingapi.Options)) (*resourcegroupstaggingapi.GetResourcesOutput, error)
}

type TagsModule ¶ added in v1.8.0

type TagsModule struct {
	// General configuration data
	ResourceGroupsTaggingApiInterface TagsGetResourcesAPI

	Caller        sts.GetCallerIdentityOutput
	AWSRegions    []string
	AWSOutputType string
	AWSTableCols  string

	Goroutines            int
	AWSProfile            string
	WrapTable             bool
	MaxResourcesPerRegion int

	// Main module data
	Tags               []Tag
	CommandCounter     internal.CommandCounter
	ResourceTypeCounts map[string]int
	// contains filtered or unexported fields
}

func (*TagsModule) PrintTags ¶ added in v1.8.0

func (m *TagsModule) PrintTags(outputDirectory string, verbosity int)

func (*TagsModule) Receiver ¶ added in v1.8.0

func (m *TagsModule) Receiver(receiver chan Tag, receiverDone chan bool)

type TrustedFederatedProvider ¶ added in v1.14.0

type TrustedFederatedProvider struct {
	TrustedFederatedProvider string
	ProviderAccountId        string
	ProviderShortName        string
	TrustedSubjects          []string
}

type TrustedPrincipal ¶ added in v1.14.0

type TrustedPrincipal struct {
	TrustedPrincipal               string
	ExternalID                     string
	VendorName                     string
	AccountIsInAnalyzedAccountList bool
}

type TrustedService ¶ added in v1.14.0

type TrustedService struct {
	TrustedService string
	AccountID      string
}

type User ¶

type User struct {
	AWSService       string
	Type             string
	Arn              string
	Name             string
	AttachedPolicies []string
	InlinePolicies   []string
}

type UserKeys ¶

type UserKeys struct {
	Username string
	Key      string
}

type Workload ¶ added in v1.13.0

type Workload struct {
	AWSService string
	Region     string
	Type       string
	Name       string
	Arn        string
	Role       string
	Admin      string
	CanPrivEsc string
	Public     string
}

type WorkloadsModule ¶ added in v1.13.0

type WorkloadsModule struct {
	// General configuration data
	Caller         sts.GetCallerIdentityOutput
	AWSRegions     []string
	AWSProfile     string
	AWSOutputType  string
	AWSTableCols   string
	Goroutines     int
	WrapTable      bool
	SkipAdminCheck bool

	// Service Clients
	EC2Client       sdk.AWSEC2ClientInterface
	ECSClient       sdk.AWSECSClientInterface
	LambdaClient    sdk.LambdaClientInterface
	AppRunnerClient sdk.AppRunnerClientInterface
	IAMClient       sdk.AWSIAMClientInterface

	PmapperDataBasePath string

	InstanceProfileToRolesMap map[string][]iamTypes.Role

	// Main module data
	Workloads      []Workload
	CommandCounter internal.CommandCounter
	// contains filtered or unexported fields
}

func (*WorkloadsModule) PrintWorkloads ¶ added in v1.13.0

func (m *WorkloadsModule) PrintWorkloads(outputDirectory string, verbosity int)

func (*WorkloadsModule) Receiver ¶ added in v1.13.0

func (m *WorkloadsModule) Receiver(receiver chan Workload, receiverDone chan bool)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
graph
collectors
ingester
ingester/schema
ingester/schema/models
sdk

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL