Documentation ¶
Index ¶
- Variables
- func EnvVarsContains(element EnvironmentVariable, array []EnvironmentVariable) bool
- func GetIamSimResult(SkipAdminCheck bool, roleArnPtr *string, iamSimulatorMod IamSimulatorModule, ...) (string, string)
- func GetPmapperResults(SkipAdminCheck bool, pmapperMod PmapperModule, roleArn *string) (string, string)
- type AWSS3Client
- type AWSSNSClient
- type AWSSQSClient
- type AccessKeysModule
- type AnalyzedRole
- type AttachedPolicies
- type Bucket
- type BucketsModule
- type CFStack
- type CloudFormationGetTemplateAPIClient
- type CloudTrailEvent
- type CloudformationModule
- type Cluster
- type DescribeTasksDefinitionAPIClient
- type ECRModule
- type ECSTasksModule
- type EKSModule
- type Edge
- type ElasticNetworkInterfacesModule
- type Endpoint
- type EndpointsModule
- type EnvironmentVariable
- type EnvsModule
- type FilesystemObject
- type FilesystemsModule
- type GAADGroup
- type GAADPolicy
- type GAADRole
- type GAADUser
- type GlobalResourceCount2
- type Group
- type IamPermissionsModule
- type IamPrincipalsModule
- type IamSimulatorModule
- type InstancesModule
- type Inventory2Module
- func (m *Inventory2Module) PrintGlobalResources(outputFormat string, outputDirectory string, verbosity int, ...)
- func (m *Inventory2Module) PrintInventoryPerRegion(outputFormat string, outputDirectory string, verbosity int)
- func (m *Inventory2Module) PrintTotalResources(outputFormat string)
- func (m *Inventory2Module) Receiver(receiver chan GlobalResourceCount2, receiverDone chan bool)
- type Lambda
- type LambdasModule
- type ListOfItems
- type ListOfPrincipals
- type MappedECSTask
- type MappedENI
- type MappedInstance
- type NaclRule
- type NetworkAcl
- type NetworkPortsModule
- type NetworkService
- type NetworkServices
- type Node
- type OutboundAssumeRoleEntry
- type OutboundAssumedRolesModule
- type PermissionsRow
- type PmapperModule
- type Queue
- type RAMModule
- type Record
- type Repository
- type Resource
- type Role
- type RoleTrustStatementEntry
- type RoleTrustsModule
- type Route53Module
- type SNSModule
- type SNSTopic
- type SQSModule
- type Secret
- type SecretsModule
- type SecurityGroup
- type SecurityGroupRule
- type SimulatorResult
- type StatementEntry
- type Tag
- type Tags
- type TagsGetResourcesAPI
- type TagsModule
- type User
- type UserKeys
Constants ¶
This section is empty.
Variables ¶
View Source
var ( TCP_4_SCAN string = "sudo nmap -Pn -sV" UDP_4_SCAN string = "sudo nmap -Pn -sU -sV" TCP_6_SCAN string = "sudo nmap -6 -Pn -sV" UDP_6_SCAN string = "sudo nmap -6 -Pn -sU -sV" IPv4_BANNER string = `` /* 247-byte string literal not displayed */ IPv6_BANNER string = `` /* 318-byte string literal not displayed */ )
View Source
var (
TxtLogger = internal.TxtLogger()
)
Functions ¶
func EnvVarsContains ¶ added in v1.9.0
func EnvVarsContains(element EnvironmentVariable, array []EnvironmentVariable) bool
func GetIamSimResult ¶ added in v1.9.0
func GetPmapperResults ¶ added in v1.9.0
func GetPmapperResults(SkipAdminCheck bool, pmapperMod PmapperModule, roleArn *string) (string, string)
Types ¶
type AWSS3Client ¶ added in v1.10.0
type AWSS3Client interface { ListBuckets(ctx context.Context, params *s3.ListBucketsInput, optFns ...func(*s3.Options)) (*s3.ListBucketsOutput, error) GetBucketPolicy(ctx context.Context, params *s3.GetBucketPolicyInput, optFns ...func(*s3.Options)) (*s3.GetBucketPolicyOutput, error) GetBucketLocation(ctx context.Context, params *s3.GetBucketLocationInput, optFns ...func(*s3.Options)) (*s3.GetBucketLocationOutput, error) GetPublicAccessBlock(ctx context.Context, params *s3.GetPublicAccessBlockInput, optFns ...func(*s3.Options)) (*s3.GetPublicAccessBlockOutput, error) }
type AWSSNSClient ¶ added in v1.10.0
type AWSSNSClient interface { ListTopics(ctx context.Context, params *sns.ListTopicsInput, optFns ...func(*sns.Options)) (*sns.ListTopicsOutput, error) GetTopicAttributes(ctx context.Context, params *sns.GetTopicAttributesInput, optFns ...func(*sns.Options)) (*sns.GetTopicAttributesOutput, error) }
type AWSSQSClient ¶ added in v1.10.0
type AWSSQSClient interface { ListQueues(ctx context.Context, params *sqs.ListQueuesInput, optFns ...func(*sqs.Options)) (*sqs.ListQueuesOutput, error) GetQueueAttributes(ctx context.Context, params *sqs.GetQueueAttributesInput, optFns ...func(*sqs.Options)) (*sqs.GetQueueAttributesOutput, error) }
type AccessKeysModule ¶
type AccessKeysModule struct { // General configuration data IAMClient *iam.Client Caller sts.GetCallerIdentityOutput AWSProfile string OutputFormat string Goroutines int WrapTable bool CommandCounter internal.CommandCounter // Main module data AnalyzedUsers []UserKeys // contains filtered or unexported fields }
func (*AccessKeysModule) PrintAccessKeys ¶
func (m *AccessKeysModule) PrintAccessKeys(filter string, outputFormat string, outputDirectory string, verbosity int)
type AnalyzedRole ¶
type AttachedPolicies ¶ added in v1.9.0
type BucketsModule ¶
type BucketsModule struct { // General configuration data S3Client AWSS3Client Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool // Main module data Buckets []Bucket CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*BucketsModule) PrintBuckets ¶
func (m *BucketsModule) PrintBuckets(outputFormat string, outputDirectory string, verbosity int)
func (*BucketsModule) Receiver ¶
func (m *BucketsModule) Receiver(receiver chan Bucket, receiverDone chan bool)
type CloudFormationGetTemplateAPIClient ¶ added in v1.9.0
type CloudFormationGetTemplateAPIClient interface {
GetTemplate(context.Context, *cloudformation.GetTemplateInput, ...func(*cloudformation.Options)) (*cloudformation.GetTemplateOutput, error)
}
type CloudTrailEvent ¶
type CloudTrailEvent struct { EventVersion string `json:"eventVersion"` UserIdentity struct { Type string `json:"type"` PrincipalID string `json:"principalId"` Arn string `json:"arn"` AccountID string `json:"accountId"` AccessKeyID string `json:"accessKeyId"` SessionContext struct { SessionIssuer struct { Type string `json:"type"` PrincipalID string `json:"principalId"` Arn string `json:"arn"` AccountID string `json:"accountId"` UserName string `json:"userName"` } `json:"sessionIssuer"` WebIDFederationData struct { } `json:"webIdFederationData"` Attributes struct { CreationDate time.Time `json:"creationDate"` MfaAuthenticated string `json:"mfaAuthenticated"` } `json:"attributes"` } `json:"sessionContext"` } `json:"userIdentity"` EventTime time.Time `json:"eventTime"` EventSource string `json:"eventSource"` EventName string `json:"eventName"` AwsRegion string `json:"awsRegion"` SourceIPAddress string `json:"sourceIPAddress"` UserAgent string `json:"userAgent"` RequestParameters struct { RoleArn string `json:"roleArn"` RoleSessionName string `json:"roleSessionName"` } `json:"requestParameters"` ResponseElements struct { Credentials struct { AccessKeyID string `json:"accessKeyId"` SessionToken string `json:"sessionToken"` Expiration string `json:"expiration"` } `json:"credentials"` AssumedRoleUser struct { AssumedRoleID string `json:"assumedRoleId"` Arn string `json:"arn"` } `json:"assumedRoleUser"` } `json:"responseElements"` RequestID string `json:"requestID"` EventID string `json:"eventID"` ReadOnly bool `json:"readOnly"` Resources []struct { AccountID string `json:"accountId"` Type string `json:"type"` Arn string `json:"ARN"` } `json:"resources"` EventType string `json:"eventType"` ManagementEvent bool `json:"managementEvent"` RecipientAccountID string `json:"recipientAccountId"` EventCategory string `json:"eventCategory"` TLSDetails struct { TLSVersion string `json:"tlsVersion"` CipherSuite string `json:"cipherSuite"` ClientProvidedHostHeader string `json:"clientProvidedHostHeader"` } `json:"tlsDetails"` }
type CloudformationModule ¶ added in v1.8.0
type CloudformationModule struct { // General configuration data CloudFormationDescribeStacksInterface cloudformation.DescribeStacksAPIClient CloudFormationGetTemplateInterface CloudFormationGetTemplateAPIClient Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool // Main module data CFStacks []CFStack CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*CloudformationModule) PrintCloudformationStacks ¶ added in v1.8.0
func (m *CloudformationModule) PrintCloudformationStacks(outputFormat string, outputDirectory string, verbosity int)
func (*CloudformationModule) Receiver ¶ added in v1.8.0
func (m *CloudformationModule) Receiver(receiver chan CFStack, receiverDone chan bool)
type DescribeTasksDefinitionAPIClient ¶ added in v1.9.0
type DescribeTasksDefinitionAPIClient interface {
DescribeTaskDefinition(context.Context, *ecs.DescribeTaskDefinitionInput, ...func(*ecs.Options)) (*ecs.DescribeTaskDefinitionOutput, error)
}
type ECRModule ¶
type ECRModule struct { // General configuration data ECRClient *ecr.Client // These interfaces are used for unit testing ECRClientDescribeReposInterface ecr.DescribeRepositoriesAPIClient ECRClientDescribeImagesInterface ecr.DescribeImagesAPIClient Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool // Main module data Repositories []Repository CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*ECRModule) Receiver ¶
func (m *ECRModule) Receiver(receiver chan Repository, receiverDone chan bool)
type ECSTasksModule ¶ added in v1.9.0
type ECSTasksModule struct { DescribeTaskDefinitionClient DescribeTasksDefinitionAPIClient DescribeTasksClient ecs.DescribeTasksAPIClient ListTasksClient ecs.ListTasksAPIClient ListClustersClient ecs.ListClustersAPIClient DescribeNetworkInterfacesClient ec2.DescribeNetworkInterfacesAPIClient IAMSimulatePrincipalPolicyClient iam.SimulatePrincipalPolicyAPIClient Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string AWSProfile string Goroutines int SkipAdminCheck bool WrapTable bool MappedECSTasks []MappedECSTask CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*ECSTasksModule) ECSTasks ¶ added in v1.9.0
func (m *ECSTasksModule) ECSTasks(outputFormat string, outputDirectory string, verbosity int)
func (*ECSTasksModule) Receiver ¶ added in v1.9.0
func (m *ECSTasksModule) Receiver(receiver chan MappedECSTask, receiverDone chan bool)
type EKSModule ¶ added in v1.9.0
type EKSModule struct { // General configuration data // These interfaces are used for unit testing EKSClientListClustersInterface eks.ListClustersAPIClient EKSClientDescribeClusterInterface eks.DescribeClusterAPIClient EKSClientListNodeGroupsInterface eks.ListNodegroupsAPIClient EKSClientDescribeNodeGroupInterface eks.DescribeNodegroupAPIClient IAMSimulatePrincipalPolicyClient iam.SimulatePrincipalPolicyAPIClient Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string SkipAdminCheck bool WrapTable bool // Main module data Clusters []Cluster CommandCounter internal.CommandCounter // contains filtered or unexported fields }
type ElasticNetworkInterfacesModule ¶ added in v1.9.0
type ElasticNetworkInterfacesModule struct { //EC2Client *ec2.Client DescribeNetworkInterfacesClient ec2.DescribeNetworkInterfacesAPIClient Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string AWSProfile string WrapTable bool MappedENIs []MappedENI CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*ElasticNetworkInterfacesModule) ElasticNetworkInterfaces ¶ added in v1.9.0
func (m *ElasticNetworkInterfacesModule) ElasticNetworkInterfaces(outputFormat string, outputDirectory string, verbosity int)
func (*ElasticNetworkInterfacesModule) Receiver ¶ added in v1.9.0
func (m *ElasticNetworkInterfacesModule) Receiver(receiver chan MappedENI, receiverDone chan bool)
type EndpointsModule ¶
type EndpointsModule struct { // General configuration data LambdaClient *lambda.Client EKSClient *eks.Client MQClient *mq.Client OpenSearchClient *opensearch.Client GrafanaClient *grafana.Client ELBv2Client *elasticloadbalancingv2.Client ELBClient *elasticloadbalancing.Client APIGatewayClient *apigateway.Client APIGatewayv2Client *apigatewayv2.Client RDSClient *rds.Client RedshiftClient *redshift.Client S3Client *s3.Client CloudfrontClient *cloudfront.Client AppRunnerClient *apprunner.Client LightsailClient *lightsail.Client Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool // Main module data Endpoints []Endpoint CommandCounter internal.CommandCounter Errors []string // contains filtered or unexported fields }
func (*EndpointsModule) PrintEndpoints ¶
func (m *EndpointsModule) PrintEndpoints(outputFormat string, outputDirectory string, verbosity int)
func (*EndpointsModule) Receiver ¶
func (m *EndpointsModule) Receiver(receiver chan Endpoint, receiverDone chan bool)
type EnvironmentVariable ¶
type EnvironmentVariable struct {
// contains filtered or unexported fields
}
type EnvsModule ¶
type EnvsModule struct { // General configuration data Caller sts.GetCallerIdentityOutput AWSRegions []string AWSProfile string OutputFormat string Goroutines int WrapTable bool // Service Clients ECSClient *ecs.Client LambdaClient *lambda.Client AppRunnerClient *apprunner.Client LightsailClient *lightsail.Client SagemakerClient *sagemaker.Client // Main module data EnvironmentVariables []EnvironmentVariable CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*EnvsModule) PrintEnvs ¶
func (m *EnvsModule) PrintEnvs(outputFormat string, outputDirectory string, verbosity int)
func (*EnvsModule) Receiver ¶
func (m *EnvsModule) Receiver(receiver chan EnvironmentVariable, receiverDone chan bool)
type FilesystemObject ¶
type FilesystemsModule ¶
type FilesystemsModule struct { EFSClient *efs.Client FSxClient *fsx.Client Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool // Main module data Filesystems []FilesystemObject Regions [30]FilesystemObject CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*FilesystemsModule) PrintFilesystems ¶
func (m *FilesystemsModule) PrintFilesystems(outputFormat string, outputDirectory string, verbosity int)
func (*FilesystemsModule) Receiver ¶
func (m *FilesystemsModule) Receiver(receiver chan FilesystemObject, receiverDone chan bool)
type GAADGroup ¶
type GAADGroup struct { Arn string Name string AttachedPolicies []types.AttachedPolicy InlinePolicies []types.PolicyDetail }
type GAADPolicy ¶
type GAADPolicy struct { Name string Arn string PolicyVersionList []types.PolicyVersion }
type GAADRole ¶
type GAADRole struct { Arn string Name string AttachedPolicies []types.AttachedPolicy InlinePolicies []types.PolicyDetail }
type GAADUser ¶
type GAADUser struct { Name string Arn string AttachedPolicies []types.AttachedPolicy InlinePolicies []types.PolicyDetail GroupList []string }
type GlobalResourceCount2 ¶
type GlobalResourceCount2 struct {
// contains filtered or unexported fields
}
type IamPermissionsModule ¶
type IamPermissionsModule struct { // General configuration data IAMClient *iam.Client Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool Policies []GAADPolicy Users []GAADUser Roles []GAADRole Groups []GAADGroup Rows []PermissionsRow CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*IamPermissionsModule) PrintIamPermissions ¶
func (m *IamPermissionsModule) PrintIamPermissions(outputFormat string, outputDirectory string, verbosity int, principal string)
type IamPrincipalsModule ¶
type IamPrincipalsModule struct { // General configuration data IAMClient *iam.Client Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool // Main module data Users []User Roles []Role Groups []Group CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*IamPrincipalsModule) PrintIamPrincipals ¶
func (m *IamPrincipalsModule) PrintIamPrincipals(outputFormat string, outputDirectory string, verbosity int)
type IamSimulatorModule ¶
type IamSimulatorModule struct { // General configuration data IAMSimulatePrincipalPolicyClient iam.SimulatePrincipalPolicyAPIClient IAMListUsersClient iam.ListUsersAPIClient IAMListRolesClient iam.ListRolesAPIClient Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool // Main module data SimulatorResults []SimulatorResult CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*IamSimulatorModule) PrintIamSimulator ¶
func (*IamSimulatorModule) Receiver ¶
func (m *IamSimulatorModule) Receiver(receiver chan SimulatorResult, receiverDone chan bool)
type InstancesModule ¶
type InstancesModule struct { // General configuration data EC2Client *ec2.Client IAMSimulatePrincipalPolicyClient iam.SimulatePrincipalPolicyAPIClient IAMListInstanceProfilesClient iam.ListInstanceProfilesAPIClient Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int UserDataAttributesOnly bool AWSProfile string WrapTable bool InstanceProfileToRolesMap map[string][]iamTypes.Role SkipAdminCheck bool // Module's Results MappedInstances []MappedInstance CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*InstancesModule) Instances ¶
func (m *InstancesModule) Instances(filter string, outputFormat string, outputDirectory string, verbosity int)
func (*InstancesModule) Receiver ¶
func (m *InstancesModule) Receiver(receiver chan MappedInstance, receiverDone chan bool)
type Inventory2Module ¶
type Inventory2Module struct { // General configuration data LambdaClient *lambda.Client EC2Client *ec2.Client ECSClient *ecs.Client EKSClient *eks.Client S3Client *s3.Client CloudFormationClient *cloudformation.Client SecretsManagerClient *secretsmanager.Client SSMClient *ssm.Client RDSClient *rds.Client APIGatewayv2Client *apigatewayv2.Client ELBv2Client *elasticloadbalancingv2.Client ELBClient *elasticloadbalancing.Client IAMClient *iam.Client MQClient *mq.Client OpenSearchClient *opensearch.Client GrafanaClient *grafana.Client APIGatewayClient *apigateway.Client RedshiftClient *redshift.Client CloudfrontClient *cloudfront.Client AppRunnerClient *apprunner.Client LightsailClient *lightsail.Client GlueClient *glue.Client SNSClient *sns.Client SQSClient *sqs.Client DynamoDBClient *dynamodb.Client Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool // Main module data RegionResourceCount int CommandCounter internal.CommandCounter GlobalResourceCounts []GlobalResourceCount2 // contains filtered or unexported fields }
func (*Inventory2Module) PrintGlobalResources ¶
func (m *Inventory2Module) PrintGlobalResources(outputFormat string, outputDirectory string, verbosity int, dataReceiver chan GlobalResourceCount2)
func (*Inventory2Module) PrintInventoryPerRegion ¶
func (m *Inventory2Module) PrintInventoryPerRegion(outputFormat string, outputDirectory string, verbosity int)
func (*Inventory2Module) PrintTotalResources ¶
func (m *Inventory2Module) PrintTotalResources(outputFormat string)
func (*Inventory2Module) Receiver ¶
func (m *Inventory2Module) Receiver(receiver chan GlobalResourceCount2, receiverDone chan bool)
type LambdasModule ¶ added in v1.8.0
type LambdasModule struct { // General configuration data LambdaClient *lambda.Client IAMSimulatePrincipalPolicyClient iam.SimulatePrincipalPolicyAPIClient Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string SkipAdminCheck bool WrapTable bool // Main module data Lambdas []Lambda CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*LambdasModule) PrintLambdas ¶ added in v1.8.0
func (m *LambdasModule) PrintLambdas(outputFormat string, outputDirectory string, verbosity int)
func (*LambdasModule) Receiver ¶ added in v1.8.0
func (m *LambdasModule) Receiver(receiver chan Lambda, receiverDone chan bool)
type ListOfItems ¶
type ListOfItems []string
A custom unmarshaller is necessary because the list of principals can be an array of strings or a string. https://stackoverflow.com/questions/65854778/parsing-arn-from-iam-policy-using-regex
func (*ListOfItems) UnmarshalJSON ¶
func (r *ListOfItems) UnmarshalJSON(b []byte) error
type ListOfPrincipals ¶
type ListOfPrincipals []string
A custom unmarshaller is necessary because the list of principals can be an array of strings or a string. https://stackoverflow.com/questions/65854778/parsing-arn-from-iam-policy-using-regex
func (*ListOfPrincipals) UnmarshalJSON ¶
func (r *ListOfPrincipals) UnmarshalJSON(b []byte) error
type MappedECSTask ¶ added in v1.9.0
type MappedInstance ¶
type NetworkAcl ¶ added in v1.10.0
type NetworkAcl struct { ID string VpcId string Subnets []string // contains filtered or unexported fields }
func (*NetworkAcl) Insert ¶ added in v1.10.0
func (l *NetworkAcl) Insert(rule NaclRule)
type NetworkPortsModule ¶ added in v1.10.0
type NetworkPortsModule struct { // General configuration data EC2Client *ec2.Client ECSClient *ecs.Client EFSClient *efs.Client ElastiCacheClient *elasticache.Client ELBv2Client *elasticloadbalancingv2.Client LightsailClient *lightsail.Client RDSClient *rds.Client Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool Verbosity int // Main module data IPv4_Private []NetworkService IPv4_Public []NetworkService IPv6 []NetworkService CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*NetworkPortsModule) Evaluate ¶ added in v1.10.0
func (m *NetworkPortsModule) Evaluate(l *NetworkAcl, port int32, proto string) (bool, *NaclRule)
func (*NetworkPortsModule) PrintNetworkPorts ¶ added in v1.10.0
func (m *NetworkPortsModule) PrintNetworkPorts(outputFormat string, outputDirectory string)
func (*NetworkPortsModule) Receiver ¶ added in v1.10.0
func (m *NetworkPortsModule) Receiver(receiver chan NetworkServices, receiverDone chan bool)
type NetworkService ¶ added in v1.10.0
type NetworkServices ¶ added in v1.10.0
type NetworkServices struct { IPv4_Private []NetworkService IPv4_Public []NetworkService IPv6 []NetworkService }
type Node ¶ added in v1.9.0
type Node struct { Arn string `json:"arn"` IDValue string `json:"id_value"` AttachedPolicies []AttachedPolicies `json:"attached_policies"` GroupMemberships []interface{} `json:"group_memberships"` TrustPolicy interface{} `json:"trust_policy"` InstanceProfile interface{} `json:"instance_profile"` ActivePassword bool `json:"active_password"` AccessKeys int `json:"access_keys"` IsAdmin bool `json:"is_admin"` PermissionsBoundary interface{} `json:"permissions_boundary"` HasMfa bool `json:"has_mfa"` Tags Tags `json:"tags"` PathToAdmin bool }
type OutboundAssumeRoleEntry ¶
type OutboundAssumedRolesModule ¶
type OutboundAssumedRolesModule struct { // General configuration data CloudTrailClient *cloudtrail.Client Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool // Main module data OutboundAssumeRoleEntries []OutboundAssumeRoleEntry Days int CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*OutboundAssumedRolesModule) PrintOutboundRoleTrusts ¶
func (m *OutboundAssumedRolesModule) PrintOutboundRoleTrusts(days int, outputFormat string, outputDirectory string, verbosity int)
func (*OutboundAssumedRolesModule) Receiver ¶
func (m *OutboundAssumedRolesModule) Receiver(receiver chan OutboundAssumeRoleEntry, receiverDone chan bool)
type PermissionsRow ¶
type PmapperModule ¶ added in v1.9.0
type PmapperModule struct { // General configuration data Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool Nodes []Node Edges []Edge CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*PmapperModule) DoesPrincipalHaveAdmin ¶ added in v1.9.0
func (m *PmapperModule) DoesPrincipalHaveAdmin(principal string) bool
func (*PmapperModule) DoesPrincipalHavePathToAdmin ¶ added in v1.9.0
func (m *PmapperModule) DoesPrincipalHavePathToAdmin(principal string) bool
func (*PmapperModule) PrintPmapperData ¶ added in v1.9.0
func (m *PmapperModule) PrintPmapperData(outputFormat string, outputDirectory string, verbosity int)
type RAMModule ¶
type RAMModule struct { // General configuration data RAMClient *ram.Client Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool // Main module data Resources []Resource CommandCounter internal.CommandCounter // contains filtered or unexported fields }
type Repository ¶
type RoleTrustStatementEntry ¶ added in v1.9.0
type RoleTrustStatementEntry struct { Sid string `json:"Sid"` Effect string `json:"Effect"` Principal struct { AWS ListOfPrincipals `json:"AWS"` Service ListOfPrincipals `json:"Service"` Federated ListOfPrincipals `json:"Federated"` } `json:"Principal"` Action string `json:"Action"` Condition struct { StringEquals struct { StsExternalID string `json:"sts:ExternalId"` SAMLAud string `json:"SAML:aud"` OidcEksSub string `json:"OidcEksSub"` OidcEksAud string `json:"OidcEksAud"` CognitoAud string `json:"cognito-identity.amazonaws.com:aud"` } `json:"StringEquals"` StringLike struct { TokenActionsGithubusercontentComSub ListOfPrincipals `json:"token.actions.githubusercontent.com:sub"` TokenActionsGithubusercontentComAud string `json:"token.actions.githubusercontent.com:aud"` OidcEksSub string `json:"OidcEksSub"` OidcEksAud string `json:"OidcEksAud"` } `json:"StringLike"` ForAnyValueStringLike struct { CognitoAMR string `json:"cognito-identity.amazonaws.com:amr"` } `json:"ForAnyValue:StringLike"` } `json:"Condition"` }
type RoleTrustsModule ¶
type RoleTrustsModule struct { // General configuration data IAMClientListRoles iam.ListRolesAPIClient IAMClient *iam.Client IAMSimulatePrincipalPolicyClient iam.SimulatePrincipalPolicyAPIClient Caller sts.GetCallerIdentityOutput AWSProfile string Goroutines int CommandCounter internal.CommandCounter SkipAdminCheck bool WrapTable bool // Main module data AnalyzedRoles []AnalyzedRole // contains filtered or unexported fields }
func (*RoleTrustsModule) PrintRoleTrusts ¶
func (m *RoleTrustsModule) PrintRoleTrusts(outputFormat string, outputDirectory string, verbosity int)
type Route53Module ¶
type Route53Module struct { // General configuration data Route53Client *route53.Client Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool CommandCounter internal.CommandCounter // Main module data Records []Record // contains filtered or unexported fields }
func (*Route53Module) PrintRoute53 ¶
func (m *Route53Module) PrintRoute53(outputFormat string, outputDirectory string, verbosity int)
type SNSModule ¶ added in v1.10.0
type SNSModule struct { // General configuration data SNSClient AWSSNSClient StorePolicies bool Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool // Main module data Topics []SNSTopic CommandCounter internal.CommandCounter // contains filtered or unexported fields }
type SQSModule ¶ added in v1.10.0
type SQSModule struct { // General configuration data SQSClient AWSSQSClient StorePolicies bool Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool // Main module data Queues []Queue CommandCounter internal.CommandCounter // contains filtered or unexported fields }
type SecretsModule ¶
type SecretsModule struct { // General configuration data SecretsManagerClient *secretsmanager.Client SSMClient *ssm.Client Caller sts.GetCallerIdentityOutput AWSRegions []string AWSProfile string Goroutines int WrapTable bool // Main module data Secrets []Secret CommandCounter internal.CommandCounter // contains filtered or unexported fields }
func (*SecretsModule) PrintSecrets ¶
func (m *SecretsModule) PrintSecrets(outputFormat string, outputDirectory string, verbosity int)
func (*SecretsModule) Receiver ¶
func (m *SecretsModule) Receiver(receiver chan Secret, receiverDone chan bool)
type SecurityGroup ¶ added in v1.10.0
type SecurityGroup struct { ID string VpcId string Rules []SecurityGroupRule }
type SecurityGroupRule ¶ added in v1.10.0
type SimulatorResult ¶
type StatementEntry ¶
type StatementEntry struct { Effect string `json:"Effect"` Action ListOfItems `json:"Action,omitempty"` NotAction ListOfItems `json:"NotAction,omitempty"` Resource ListOfItems `json:"Resource"` Condition ListOfItems `json:"Condition"` }
type TagsGetResourcesAPI ¶ added in v1.10.0
type TagsGetResourcesAPI interface {
GetResources(ctx context.Context, params *resourcegroupstaggingapi.GetResourcesInput, optFns ...func(*resourcegroupstaggingapi.Options)) (*resourcegroupstaggingapi.GetResourcesOutput, error)
}
type TagsModule ¶ added in v1.8.0
type TagsModule struct { // General configuration data ResourceGroupsTaggingApiInterface TagsGetResourcesAPI Caller sts.GetCallerIdentityOutput AWSRegions []string OutputFormat string Goroutines int AWSProfile string WrapTable bool MaxResourcesPerRegion int // Main module data Tags []Tag CommandCounter internal.CommandCounter ResourceTypeCounts map[string]int // contains filtered or unexported fields }
func (*TagsModule) PrintTags ¶ added in v1.8.0
func (m *TagsModule) PrintTags(outputFormat string, outputDirectory string, verbosity int)
func (*TagsModule) Receiver ¶ added in v1.8.0
func (m *TagsModule) Receiver(receiver chan Tag, receiverDone chan bool)
Source Files ¶
- access-keys.go
- buckets.go
- cloudformation.go
- ecr.go
- ecs-tasks.go
- eks.go
- elastic-network-interfaces.go
- endpoints.go
- env-vars.go
- filesystems.go
- iam-simulator.go
- instances.go
- inventory.go
- lambda.go
- network-ports.go
- outbound-assumed-roles.go
- permissions.go
- pmapper.go
- principals.go
- ram.go
- role-trusts.go
- route53.go
- secrets.go
- shared.go
- sns.go
- sqs.go
- tags.go
Click to show internal directories.
Click to hide internal directories.