Documentation
¶
Index ¶
- Variables
- func EnvVarsContains(element EnvironmentVariable, array []EnvironmentVariable) bool
- func GetIamSimResult(SkipAdminCheck bool, roleArnPtr *string, iamSimulatorMod IamSimulatorModule, ...) (string, string)
- func GetPmapperResults(SkipAdminCheck bool, pmapperMod PmapperModule, roleArn *string) (string, string)
- type AWSS3Client
- type AWSSNSClient
- type AWSSQSClient
- type AccessKeysModule
- type AnalyzedRole
- type AttachedPolicies
- type Bucket
- type BucketsModule
- type CFStack
- type CloudFormationGetTemplateAPIClient
- type CloudTrailEvent
- type CloudformationModule
- type Cluster
- type DescribeTasksDefinitionAPIClient
- type ECRModule
- type ECSTasksModule
- type EKSModule
- type Edge
- type ElasticNetworkInterfacesModule
- type Endpoint
- type EndpointsModule
- type EnvironmentVariable
- type EnvsModule
- type FilesystemObject
- type FilesystemsModule
- type GAADGroup
- type GAADPolicy
- type GAADRole
- type GAADUser
- type GlobalResourceCount2
- type Group
- type IamPermissionsModule
- type IamPrincipalsModule
- type IamSimulatorModule
- type InstancesModule
- type Inventory2Module
- func (m *Inventory2Module) PrintGlobalResources(outputFormat string, outputDirectory string, verbosity int, ...)
- func (m *Inventory2Module) PrintInventoryPerRegion(outputFormat string, outputDirectory string, verbosity int)
- func (m *Inventory2Module) PrintTotalResources(outputFormat string)
- func (m *Inventory2Module) Receiver(receiver chan GlobalResourceCount2, receiverDone chan bool)
- type Lambda
- type LambdasModule
- type ListOfItems
- type ListOfPrincipals
- type MappedECSTask
- type MappedENI
- type MappedInstance
- type NaclRule
- type NetworkAcl
- type NetworkPortsModule
- type NetworkService
- type NetworkServices
- type Node
- type OutboundAssumeRoleEntry
- type OutboundAssumedRolesModule
- type PermissionsRow
- type PmapperModule
- type Queue
- type RAMModule
- type Record
- type Repository
- type Resource
- type Role
- type RoleTrustStatementEntry
- type RoleTrustsModule
- type Route53Module
- type SNSModule
- type SNSTopic
- type SQSModule
- type Secret
- type SecretsModule
- type SecurityGroup
- type SecurityGroupRule
- type SimulatorResult
- type StatementEntry
- type Tag
- type Tags
- type TagsGetResourcesAPI
- type TagsModule
- type User
- type UserKeys
Constants ¶
This section is empty.
Variables ¶
View Source
var ( TCP_4_SCAN string = "sudo nmap -Pn -sV" UDP_4_SCAN string = "sudo nmap -Pn -sU -sV" TCP_6_SCAN string = "sudo nmap -6 -Pn -sV" UDP_6_SCAN string = "sudo nmap -6 -Pn -sU -sV" IPv4_BANNER string = `` /* 247-byte string literal not displayed */ IPv6_BANNER string = `` /* 318-byte string literal not displayed */ )
View Source
var (
TxtLogger = internal.TxtLogger()
)
Functions ¶
func EnvVarsContains ¶ added in v1.9.0
func EnvVarsContains(element EnvironmentVariable, array []EnvironmentVariable) bool
func GetIamSimResult ¶ added in v1.9.0
func GetPmapperResults ¶ added in v1.9.0
func GetPmapperResults(SkipAdminCheck bool, pmapperMod PmapperModule, roleArn *string) (string, string)
Types ¶
type AWSS3Client ¶ added in v1.10.0
type AWSS3Client interface {
ListBuckets(ctx context.Context, params *s3.ListBucketsInput, optFns ...func(*s3.Options)) (*s3.ListBucketsOutput, error)
GetBucketPolicy(ctx context.Context, params *s3.GetBucketPolicyInput, optFns ...func(*s3.Options)) (*s3.GetBucketPolicyOutput, error)
GetBucketLocation(ctx context.Context, params *s3.GetBucketLocationInput, optFns ...func(*s3.Options)) (*s3.GetBucketLocationOutput, error)
GetPublicAccessBlock(ctx context.Context, params *s3.GetPublicAccessBlockInput, optFns ...func(*s3.Options)) (*s3.GetPublicAccessBlockOutput, error)
}
type AWSSNSClient ¶ added in v1.10.0
type AWSSNSClient interface {
ListTopics(ctx context.Context, params *sns.ListTopicsInput, optFns ...func(*sns.Options)) (*sns.ListTopicsOutput, error)
GetTopicAttributes(ctx context.Context, params *sns.GetTopicAttributesInput, optFns ...func(*sns.Options)) (*sns.GetTopicAttributesOutput, error)
}
type AWSSQSClient ¶ added in v1.10.0
type AWSSQSClient interface {
ListQueues(ctx context.Context, params *sqs.ListQueuesInput, optFns ...func(*sqs.Options)) (*sqs.ListQueuesOutput, error)
GetQueueAttributes(ctx context.Context, params *sqs.GetQueueAttributesInput, optFns ...func(*sqs.Options)) (*sqs.GetQueueAttributesOutput, error)
}
type AccessKeysModule ¶
type AccessKeysModule struct {
// General configuration data
IAMClient *iam.Client
Caller sts.GetCallerIdentityOutput
AWSProfile string
OutputFormat string
Goroutines int
WrapTable bool
CommandCounter internal.CommandCounter
// Main module data
AnalyzedUsers []UserKeys
// contains filtered or unexported fields
}
func (*AccessKeysModule) PrintAccessKeys ¶
func (m *AccessKeysModule) PrintAccessKeys(filter string, outputFormat string, outputDirectory string, verbosity int)
type AnalyzedRole ¶
type AttachedPolicies ¶ added in v1.9.0
type BucketsModule ¶
type BucketsModule struct {
// General configuration data
S3Client AWSS3Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
// Main module data
Buckets []Bucket
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*BucketsModule) PrintBuckets ¶
func (m *BucketsModule) PrintBuckets(outputFormat string, outputDirectory string, verbosity int)
func (*BucketsModule) Receiver ¶
func (m *BucketsModule) Receiver(receiver chan Bucket, receiverDone chan bool)
type CloudFormationGetTemplateAPIClient ¶ added in v1.9.0
type CloudFormationGetTemplateAPIClient interface {
GetTemplate(context.Context, *cloudformation.GetTemplateInput, ...func(*cloudformation.Options)) (*cloudformation.GetTemplateOutput, error)
}
type CloudTrailEvent ¶
type CloudTrailEvent struct {
EventVersion string `json:"eventVersion"`
UserIdentity struct {
Type string `json:"type"`
PrincipalID string `json:"principalId"`
Arn string `json:"arn"`
AccountID string `json:"accountId"`
AccessKeyID string `json:"accessKeyId"`
SessionContext struct {
SessionIssuer struct {
Type string `json:"type"`
PrincipalID string `json:"principalId"`
Arn string `json:"arn"`
AccountID string `json:"accountId"`
UserName string `json:"userName"`
} `json:"sessionIssuer"`
WebIDFederationData struct {
} `json:"webIdFederationData"`
Attributes struct {
CreationDate time.Time `json:"creationDate"`
MfaAuthenticated string `json:"mfaAuthenticated"`
} `json:"attributes"`
} `json:"sessionContext"`
} `json:"userIdentity"`
EventTime time.Time `json:"eventTime"`
EventSource string `json:"eventSource"`
EventName string `json:"eventName"`
AwsRegion string `json:"awsRegion"`
SourceIPAddress string `json:"sourceIPAddress"`
UserAgent string `json:"userAgent"`
RequestParameters struct {
RoleArn string `json:"roleArn"`
RoleSessionName string `json:"roleSessionName"`
} `json:"requestParameters"`
ResponseElements struct {
Credentials struct {
AccessKeyID string `json:"accessKeyId"`
SessionToken string `json:"sessionToken"`
Expiration string `json:"expiration"`
} `json:"credentials"`
AssumedRoleUser struct {
AssumedRoleID string `json:"assumedRoleId"`
Arn string `json:"arn"`
} `json:"assumedRoleUser"`
} `json:"responseElements"`
RequestID string `json:"requestID"`
EventID string `json:"eventID"`
ReadOnly bool `json:"readOnly"`
Resources []struct {
AccountID string `json:"accountId"`
Type string `json:"type"`
Arn string `json:"ARN"`
} `json:"resources"`
EventType string `json:"eventType"`
ManagementEvent bool `json:"managementEvent"`
RecipientAccountID string `json:"recipientAccountId"`
EventCategory string `json:"eventCategory"`
TLSDetails struct {
TLSVersion string `json:"tlsVersion"`
CipherSuite string `json:"cipherSuite"`
ClientProvidedHostHeader string `json:"clientProvidedHostHeader"`
} `json:"tlsDetails"`
}
type CloudformationModule ¶ added in v1.8.0
type CloudformationModule struct {
// General configuration data
CloudFormationDescribeStacksInterface cloudformation.DescribeStacksAPIClient
CloudFormationGetTemplateInterface CloudFormationGetTemplateAPIClient
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
// Main module data
CFStacks []CFStack
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*CloudformationModule) PrintCloudformationStacks ¶ added in v1.8.0
func (m *CloudformationModule) PrintCloudformationStacks(outputFormat string, outputDirectory string, verbosity int)
func (*CloudformationModule) Receiver ¶ added in v1.8.0
func (m *CloudformationModule) Receiver(receiver chan CFStack, receiverDone chan bool)
type DescribeTasksDefinitionAPIClient ¶ added in v1.9.0
type DescribeTasksDefinitionAPIClient interface {
DescribeTaskDefinition(context.Context, *ecs.DescribeTaskDefinitionInput, ...func(*ecs.Options)) (*ecs.DescribeTaskDefinitionOutput, error)
}
type ECRModule ¶
type ECRModule struct {
// General configuration data
ECRClient *ecr.Client
// These interfaces are used for unit testing
ECRClientDescribeReposInterface ecr.DescribeRepositoriesAPIClient
ECRClientDescribeImagesInterface ecr.DescribeImagesAPIClient
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
// Main module data
Repositories []Repository
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*ECRModule) Receiver ¶
func (m *ECRModule) Receiver(receiver chan Repository, receiverDone chan bool)
type ECSTasksModule ¶ added in v1.9.0
type ECSTasksModule struct {
DescribeTaskDefinitionClient DescribeTasksDefinitionAPIClient
DescribeTasksClient ecs.DescribeTasksAPIClient
ListTasksClient ecs.ListTasksAPIClient
ListClustersClient ecs.ListClustersAPIClient
DescribeNetworkInterfacesClient ec2.DescribeNetworkInterfacesAPIClient
IAMSimulatePrincipalPolicyClient iam.SimulatePrincipalPolicyAPIClient
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
AWSProfile string
Goroutines int
SkipAdminCheck bool
WrapTable bool
MappedECSTasks []MappedECSTask
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*ECSTasksModule) ECSTasks ¶ added in v1.9.0
func (m *ECSTasksModule) ECSTasks(outputFormat string, outputDirectory string, verbosity int)
func (*ECSTasksModule) Receiver ¶ added in v1.9.0
func (m *ECSTasksModule) Receiver(receiver chan MappedECSTask, receiverDone chan bool)
type EKSModule ¶ added in v1.9.0
type EKSModule struct {
// General configuration data
// These interfaces are used for unit testing
EKSClientListClustersInterface eks.ListClustersAPIClient
EKSClientDescribeClusterInterface eks.DescribeClusterAPIClient
EKSClientListNodeGroupsInterface eks.ListNodegroupsAPIClient
EKSClientDescribeNodeGroupInterface eks.DescribeNodegroupAPIClient
IAMSimulatePrincipalPolicyClient iam.SimulatePrincipalPolicyAPIClient
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
SkipAdminCheck bool
WrapTable bool
// Main module data
Clusters []Cluster
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
type ElasticNetworkInterfacesModule ¶ added in v1.9.0
type ElasticNetworkInterfacesModule struct {
//EC2Client *ec2.Client
DescribeNetworkInterfacesClient ec2.DescribeNetworkInterfacesAPIClient
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
AWSProfile string
WrapTable bool
MappedENIs []MappedENI
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*ElasticNetworkInterfacesModule) ElasticNetworkInterfaces ¶ added in v1.9.0
func (m *ElasticNetworkInterfacesModule) ElasticNetworkInterfaces(outputFormat string, outputDirectory string, verbosity int)
func (*ElasticNetworkInterfacesModule) Receiver ¶ added in v1.9.0
func (m *ElasticNetworkInterfacesModule) Receiver(receiver chan MappedENI, receiverDone chan bool)
type EndpointsModule ¶
type EndpointsModule struct {
// General configuration data
LambdaClient *lambda.Client
EKSClient *eks.Client
MQClient *mq.Client
OpenSearchClient *opensearch.Client
GrafanaClient *grafana.Client
ELBv2Client *elasticloadbalancingv2.Client
ELBClient *elasticloadbalancing.Client
APIGatewayClient *apigateway.Client
APIGatewayv2Client *apigatewayv2.Client
RDSClient *rds.Client
RedshiftClient *redshift.Client
S3Client *s3.Client
CloudfrontClient *cloudfront.Client
AppRunnerClient *apprunner.Client
LightsailClient *lightsail.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
// Main module data
Endpoints []Endpoint
CommandCounter internal.CommandCounter
Errors []string
// contains filtered or unexported fields
}
func (*EndpointsModule) PrintEndpoints ¶
func (m *EndpointsModule) PrintEndpoints(outputFormat string, outputDirectory string, verbosity int)
func (*EndpointsModule) Receiver ¶
func (m *EndpointsModule) Receiver(receiver chan Endpoint, receiverDone chan bool)
type EnvironmentVariable ¶
type EnvironmentVariable struct {
// contains filtered or unexported fields
}
type EnvsModule ¶
type EnvsModule struct {
// General configuration data
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSProfile string
OutputFormat string
Goroutines int
WrapTable bool
// Service Clients
ECSClient *ecs.Client
LambdaClient *lambda.Client
AppRunnerClient *apprunner.Client
LightsailClient *lightsail.Client
SagemakerClient *sagemaker.Client
// Main module data
EnvironmentVariables []EnvironmentVariable
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*EnvsModule) PrintEnvs ¶
func (m *EnvsModule) PrintEnvs(outputFormat string, outputDirectory string, verbosity int)
func (*EnvsModule) Receiver ¶
func (m *EnvsModule) Receiver(receiver chan EnvironmentVariable, receiverDone chan bool)
type FilesystemObject ¶
type FilesystemsModule ¶
type FilesystemsModule struct {
EFSClient *efs.Client
FSxClient *fsx.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
// Main module data
Filesystems []FilesystemObject
Regions [30]FilesystemObject
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*FilesystemsModule) PrintFilesystems ¶
func (m *FilesystemsModule) PrintFilesystems(outputFormat string, outputDirectory string, verbosity int)
func (*FilesystemsModule) Receiver ¶
func (m *FilesystemsModule) Receiver(receiver chan FilesystemObject, receiverDone chan bool)
type GAADGroup ¶
type GAADGroup struct {
Arn string
Name string
AttachedPolicies []types.AttachedPolicy
InlinePolicies []types.PolicyDetail
}
type GAADPolicy ¶
type GAADPolicy struct {
Name string
Arn string
PolicyVersionList []types.PolicyVersion
}
type GAADRole ¶
type GAADRole struct {
Arn string
Name string
AttachedPolicies []types.AttachedPolicy
InlinePolicies []types.PolicyDetail
}
type GAADUser ¶
type GAADUser struct {
Name string
Arn string
AttachedPolicies []types.AttachedPolicy
InlinePolicies []types.PolicyDetail
GroupList []string
}
type GlobalResourceCount2 ¶
type GlobalResourceCount2 struct {
// contains filtered or unexported fields
}
type IamPermissionsModule ¶
type IamPermissionsModule struct {
// General configuration data
IAMClient *iam.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
Policies []GAADPolicy
Users []GAADUser
Roles []GAADRole
Groups []GAADGroup
Rows []PermissionsRow
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*IamPermissionsModule) PrintIamPermissions ¶
func (m *IamPermissionsModule) PrintIamPermissions(outputFormat string, outputDirectory string, verbosity int, principal string)
type IamPrincipalsModule ¶
type IamPrincipalsModule struct {
// General configuration data
IAMClient *iam.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
// Main module data
Users []User
Roles []Role
Groups []Group
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*IamPrincipalsModule) PrintIamPrincipals ¶
func (m *IamPrincipalsModule) PrintIamPrincipals(outputFormat string, outputDirectory string, verbosity int)
type IamSimulatorModule ¶
type IamSimulatorModule struct {
// General configuration data
IAMSimulatePrincipalPolicyClient iam.SimulatePrincipalPolicyAPIClient
IAMListUsersClient iam.ListUsersAPIClient
IAMListRolesClient iam.ListRolesAPIClient
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
// Main module data
SimulatorResults []SimulatorResult
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*IamSimulatorModule) PrintIamSimulator ¶
func (*IamSimulatorModule) Receiver ¶
func (m *IamSimulatorModule) Receiver(receiver chan SimulatorResult, receiverDone chan bool)
type InstancesModule ¶
type InstancesModule struct {
// General configuration data
EC2Client *ec2.Client
IAMSimulatePrincipalPolicyClient iam.SimulatePrincipalPolicyAPIClient
IAMListInstanceProfilesClient iam.ListInstanceProfilesAPIClient
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
UserDataAttributesOnly bool
AWSProfile string
WrapTable bool
InstanceProfileToRolesMap map[string][]iamTypes.Role
SkipAdminCheck bool
// Module's Results
MappedInstances []MappedInstance
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*InstancesModule) Instances ¶
func (m *InstancesModule) Instances(filter string, outputFormat string, outputDirectory string, verbosity int)
func (*InstancesModule) Receiver ¶
func (m *InstancesModule) Receiver(receiver chan MappedInstance, receiverDone chan bool)
type Inventory2Module ¶
type Inventory2Module struct {
// General configuration data
LambdaClient *lambda.Client
EC2Client *ec2.Client
ECSClient *ecs.Client
EKSClient *eks.Client
S3Client *s3.Client
CloudFormationClient *cloudformation.Client
SecretsManagerClient *secretsmanager.Client
SSMClient *ssm.Client
RDSClient *rds.Client
APIGatewayv2Client *apigatewayv2.Client
ELBv2Client *elasticloadbalancingv2.Client
ELBClient *elasticloadbalancing.Client
IAMClient *iam.Client
MQClient *mq.Client
OpenSearchClient *opensearch.Client
GrafanaClient *grafana.Client
APIGatewayClient *apigateway.Client
RedshiftClient *redshift.Client
CloudfrontClient *cloudfront.Client
AppRunnerClient *apprunner.Client
LightsailClient *lightsail.Client
GlueClient *glue.Client
SNSClient *sns.Client
SQSClient *sqs.Client
DynamoDBClient *dynamodb.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
// Main module data
RegionResourceCount int
CommandCounter internal.CommandCounter
GlobalResourceCounts []GlobalResourceCount2
// contains filtered or unexported fields
}
func (*Inventory2Module) PrintGlobalResources ¶
func (m *Inventory2Module) PrintGlobalResources(outputFormat string, outputDirectory string, verbosity int, dataReceiver chan GlobalResourceCount2)
func (*Inventory2Module) PrintInventoryPerRegion ¶
func (m *Inventory2Module) PrintInventoryPerRegion(outputFormat string, outputDirectory string, verbosity int)
func (*Inventory2Module) PrintTotalResources ¶
func (m *Inventory2Module) PrintTotalResources(outputFormat string)
func (*Inventory2Module) Receiver ¶
func (m *Inventory2Module) Receiver(receiver chan GlobalResourceCount2, receiverDone chan bool)
type LambdasModule ¶ added in v1.8.0
type LambdasModule struct {
// General configuration data
LambdaClient *lambda.Client
IAMSimulatePrincipalPolicyClient iam.SimulatePrincipalPolicyAPIClient
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
SkipAdminCheck bool
WrapTable bool
// Main module data
Lambdas []Lambda
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*LambdasModule) PrintLambdas ¶ added in v1.8.0
func (m *LambdasModule) PrintLambdas(outputFormat string, outputDirectory string, verbosity int)
func (*LambdasModule) Receiver ¶ added in v1.8.0
func (m *LambdasModule) Receiver(receiver chan Lambda, receiverDone chan bool)
type ListOfItems ¶
type ListOfItems []string
A custom unmarshaller is necessary because the list of principals can be an array of strings or a string. https://stackoverflow.com/questions/65854778/parsing-arn-from-iam-policy-using-regex
func (*ListOfItems) UnmarshalJSON ¶
func (r *ListOfItems) UnmarshalJSON(b []byte) error
type ListOfPrincipals ¶
type ListOfPrincipals []string
A custom unmarshaller is necessary because the list of principals can be an array of strings or a string. https://stackoverflow.com/questions/65854778/parsing-arn-from-iam-policy-using-regex
func (*ListOfPrincipals) UnmarshalJSON ¶
func (r *ListOfPrincipals) UnmarshalJSON(b []byte) error
type MappedECSTask ¶ added in v1.9.0
type MappedInstance ¶
type NetworkAcl ¶ added in v1.10.0
type NetworkAcl struct {
ID string
VpcId string
Subnets []string
// contains filtered or unexported fields
}
func (*NetworkAcl) Insert ¶ added in v1.10.0
func (l *NetworkAcl) Insert(rule NaclRule)
type NetworkPortsModule ¶ added in v1.10.0
type NetworkPortsModule struct {
// General configuration data
EC2Client *ec2.Client
ECSClient *ecs.Client
EFSClient *efs.Client
ElastiCacheClient *elasticache.Client
ELBv2Client *elasticloadbalancingv2.Client
LightsailClient *lightsail.Client
RDSClient *rds.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
Verbosity int
// Main module data
IPv4_Private []NetworkService
IPv4_Public []NetworkService
IPv6 []NetworkService
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*NetworkPortsModule) Evaluate ¶ added in v1.10.0
func (m *NetworkPortsModule) Evaluate(l *NetworkAcl, port int32, proto string) (bool, *NaclRule)
func (*NetworkPortsModule) PrintNetworkPorts ¶ added in v1.10.0
func (m *NetworkPortsModule) PrintNetworkPorts(outputFormat string, outputDirectory string)
func (*NetworkPortsModule) Receiver ¶ added in v1.10.0
func (m *NetworkPortsModule) Receiver(receiver chan NetworkServices, receiverDone chan bool)
type NetworkService ¶ added in v1.10.0
type NetworkServices ¶ added in v1.10.0
type NetworkServices struct {
IPv4_Private []NetworkService
IPv4_Public []NetworkService
IPv6 []NetworkService
}
type Node ¶ added in v1.9.0
type Node struct {
Arn string `json:"arn"`
IDValue string `json:"id_value"`
AttachedPolicies []AttachedPolicies `json:"attached_policies"`
GroupMemberships []interface{} `json:"group_memberships"`
TrustPolicy interface{} `json:"trust_policy"`
InstanceProfile interface{} `json:"instance_profile"`
ActivePassword bool `json:"active_password"`
AccessKeys int `json:"access_keys"`
IsAdmin bool `json:"is_admin"`
PermissionsBoundary interface{} `json:"permissions_boundary"`
HasMfa bool `json:"has_mfa"`
Tags Tags `json:"tags"`
PathToAdmin bool
}
type OutboundAssumeRoleEntry ¶
type OutboundAssumedRolesModule ¶
type OutboundAssumedRolesModule struct {
// General configuration data
CloudTrailClient *cloudtrail.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
// Main module data
OutboundAssumeRoleEntries []OutboundAssumeRoleEntry
Days int
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*OutboundAssumedRolesModule) PrintOutboundRoleTrusts ¶
func (m *OutboundAssumedRolesModule) PrintOutboundRoleTrusts(days int, outputFormat string, outputDirectory string, verbosity int)
func (*OutboundAssumedRolesModule) Receiver ¶
func (m *OutboundAssumedRolesModule) Receiver(receiver chan OutboundAssumeRoleEntry, receiverDone chan bool)
type PermissionsRow ¶
type PmapperModule ¶ added in v1.9.0
type PmapperModule struct {
// General configuration data
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
Nodes []Node
Edges []Edge
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*PmapperModule) DoesPrincipalHaveAdmin ¶ added in v1.9.0
func (m *PmapperModule) DoesPrincipalHaveAdmin(principal string) bool
func (*PmapperModule) DoesPrincipalHavePathToAdmin ¶ added in v1.9.0
func (m *PmapperModule) DoesPrincipalHavePathToAdmin(principal string) bool
func (*PmapperModule) PrintPmapperData ¶ added in v1.9.0
func (m *PmapperModule) PrintPmapperData(outputFormat string, outputDirectory string, verbosity int)
type RAMModule ¶
type RAMModule struct {
// General configuration data
RAMClient *ram.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
// Main module data
Resources []Resource
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
type Repository ¶
type RoleTrustStatementEntry ¶ added in v1.9.0
type RoleTrustStatementEntry struct {
Sid string `json:"Sid"`
Effect string `json:"Effect"`
Principal struct {
AWS ListOfPrincipals `json:"AWS"`
Service ListOfPrincipals `json:"Service"`
Federated ListOfPrincipals `json:"Federated"`
} `json:"Principal"`
Action string `json:"Action"`
Condition struct {
StringEquals struct {
StsExternalID string `json:"sts:ExternalId"`
SAMLAud string `json:"SAML:aud"`
OidcEksSub string `json:"OidcEksSub"`
OidcEksAud string `json:"OidcEksAud"`
CognitoAud string `json:"cognito-identity.amazonaws.com:aud"`
} `json:"StringEquals"`
StringLike struct {
TokenActionsGithubusercontentComSub ListOfPrincipals `json:"token.actions.githubusercontent.com:sub"`
TokenActionsGithubusercontentComAud string `json:"token.actions.githubusercontent.com:aud"`
OidcEksSub string `json:"OidcEksSub"`
OidcEksAud string `json:"OidcEksAud"`
} `json:"StringLike"`
ForAnyValueStringLike struct {
CognitoAMR string `json:"cognito-identity.amazonaws.com:amr"`
} `json:"ForAnyValue:StringLike"`
} `json:"Condition"`
}
type RoleTrustsModule ¶
type RoleTrustsModule struct {
// General configuration data
IAMClientListRoles iam.ListRolesAPIClient
IAMClient *iam.Client
IAMSimulatePrincipalPolicyClient iam.SimulatePrincipalPolicyAPIClient
Caller sts.GetCallerIdentityOutput
AWSProfile string
Goroutines int
CommandCounter internal.CommandCounter
SkipAdminCheck bool
WrapTable bool
// Main module data
AnalyzedRoles []AnalyzedRole
// contains filtered or unexported fields
}
func (*RoleTrustsModule) PrintRoleTrusts ¶
func (m *RoleTrustsModule) PrintRoleTrusts(outputFormat string, outputDirectory string, verbosity int)
type Route53Module ¶
type Route53Module struct {
// General configuration data
Route53Client *route53.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
CommandCounter internal.CommandCounter
// Main module data
Records []Record
// contains filtered or unexported fields
}
func (*Route53Module) PrintRoute53 ¶
func (m *Route53Module) PrintRoute53(outputFormat string, outputDirectory string, verbosity int)
type SNSModule ¶ added in v1.10.0
type SNSModule struct {
// General configuration data
SNSClient AWSSNSClient
StorePolicies bool
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
// Main module data
Topics []SNSTopic
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
type SQSModule ¶ added in v1.10.0
type SQSModule struct {
// General configuration data
SQSClient AWSSQSClient
StorePolicies bool
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
// Main module data
Queues []Queue
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
type SecretsModule ¶
type SecretsModule struct {
// General configuration data
SecretsManagerClient *secretsmanager.Client
SSMClient *ssm.Client
Caller sts.GetCallerIdentityOutput
AWSRegions []string
AWSProfile string
Goroutines int
WrapTable bool
// Main module data
Secrets []Secret
CommandCounter internal.CommandCounter
// contains filtered or unexported fields
}
func (*SecretsModule) PrintSecrets ¶
func (m *SecretsModule) PrintSecrets(outputFormat string, outputDirectory string, verbosity int)
func (*SecretsModule) Receiver ¶
func (m *SecretsModule) Receiver(receiver chan Secret, receiverDone chan bool)
type SecurityGroup ¶ added in v1.10.0
type SecurityGroup struct {
ID string
VpcId string
Rules []SecurityGroupRule
}
type SecurityGroupRule ¶ added in v1.10.0
type SimulatorResult ¶
type StatementEntry ¶
type StatementEntry struct {
Effect string `json:"Effect"`
Action ListOfItems `json:"Action,omitempty"`
NotAction ListOfItems `json:"NotAction,omitempty"`
Resource ListOfItems `json:"Resource"`
Condition ListOfItems `json:"Condition"`
}
type TagsGetResourcesAPI ¶ added in v1.10.0
type TagsGetResourcesAPI interface {
GetResources(ctx context.Context, params *resourcegroupstaggingapi.GetResourcesInput, optFns ...func(*resourcegroupstaggingapi.Options)) (*resourcegroupstaggingapi.GetResourcesOutput, error)
}
type TagsModule ¶ added in v1.8.0
type TagsModule struct {
// General configuration data
ResourceGroupsTaggingApiInterface TagsGetResourcesAPI
Caller sts.GetCallerIdentityOutput
AWSRegions []string
OutputFormat string
Goroutines int
AWSProfile string
WrapTable bool
MaxResourcesPerRegion int
// Main module data
Tags []Tag
CommandCounter internal.CommandCounter
ResourceTypeCounts map[string]int
// contains filtered or unexported fields
}
func (*TagsModule) PrintTags ¶ added in v1.8.0
func (m *TagsModule) PrintTags(outputFormat string, outputDirectory string, verbosity int)
func (*TagsModule) Receiver ¶ added in v1.8.0
func (m *TagsModule) Receiver(receiver chan Tag, receiverDone chan bool)
Source Files
¶
- access-keys.go
- buckets.go
- cloudformation.go
- ecr.go
- ecs-tasks.go
- eks.go
- elastic-network-interfaces.go
- endpoints.go
- env-vars.go
- filesystems.go
- iam-simulator.go
- instances.go
- inventory.go
- lambda.go
- network-ports.go
- outbound-assumed-roles.go
- permissions.go
- pmapper.go
- principals.go
- ram.go
- role-trusts.go
- route53.go
- secrets.go
- shared.go
- sns.go
- sqs.go
- tags.go
Click to show internal directories.
Click to hide internal directories.