Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( AWSProfile string AWSProfilesList string AWSAllProfiles bool AWSProfiles []string AWSConfirm bool AWSOutputType string AWSTableCols string PmapperDataBasePath string AWSOutputDirectory string AWSSkipAdminCheck bool AWSWrapTable bool AWSUseCache bool AWSMFAToken string Goroutines int Verbosity int AWSCommands = &cobra.Command{ Use: "aws", Short: "See \"Available Commands\" for AWS Modules", Run: func(cmd *cobra.Command, args []string) { cmd.Help() }, } AccessKeysFilter string AccessKeysCommand = &cobra.Command{ Use: "access-keys", Aliases: []string{"accesskeys", "keys"}, Short: "Enumerate active access keys for all users", Long: "\nUse case examples:\n" + "Map active access keys:\n" + os.Args[0] + " aws access-keys --profile test_account" + os.Args[0] + " aws access-keys --filter access_key_id --profile readonly_profile", PreRun: awsPreRun, Run: runAccessKeysCommand, PostRun: awsPostRun, } ApiGwCommand = &cobra.Command{ Use: "api-gw", Aliases: []string{"gw", "gateways", "api-gws"}, Short: "Enumerate API gateways. Get a loot file with formatted cURL requests.", Long: "\nUse case examples:\n" + os.Args[0] + " aws api-gw --profile readonly_profile", PreRun: awsPreRun, Run: runApiGwCommand, PostRun: awsPostRun, } CheckBucketPolicies bool BucketsCommand = &cobra.Command{ Use: "buckets", Aliases: []string{"bucket", "s3"}, Short: "Enumerate all of the buckets. Get loot file with s3 commands to list/download bucket contents", Long: "\nUse case examples:\n" + "List all buckets create a file with pre-populated aws s3 commands:\n" + os.Args[0] + " aws buckets --profile test_account", PreRun: awsPreRun, Run: runBucketsCommand, PostRun: awsPostRun, } CapeAdminOnly bool CapeJobName string CapeCommand = &cobra.Command{ Use: "cape", Aliases: []string{"CAPE"}, Short: "Cross-Account Privilege Escalation Route finder. Needs to be run with multiple profiles using -l or -a flag. Needs pmapper data to be present", Long: "\nUse case examples:\n" + os.Args[0] + " aws cape -l file_with_profile_names.txt --admin-only" + os.Args[0] + " aws cape -l file_with_profile_names.txt # This default mode shows all inbound paths but is very slow when there are many accounts)", PreRun: awsPreRun, Run: runCapeCommand, PostRun: awsPostRun, } CloudformationCommand = &cobra.Command{ Use: "cloudformation", Aliases: []string{"cf", "cfstacks", "stacks"}, Short: "Enumerate Cloudformation stacks. Get a loot file with stack details. Look for secrets.", Long: "\nUse case examples:\n" + os.Args[0] + " aws ecr --profile readonly_profile", PreRun: awsPreRun, Run: runCloudformationCommand, PostRun: awsPostRun, } CodeBuildCommand = &cobra.Command{ Use: "codebuild", Short: "Enumerate CodeBuild projects.", Long: "\nUse case examples:\n" + os.Args[0] + " aws codebuild --profile readonly_profile", PreRun: awsPreRun, Run: runCodeBuildCommand, PostRun: awsPostRun, } DatabasesCommand = &cobra.Command{ Use: "databases", Aliases: []string{"db", "rds", "redshift", "dbs"}, Short: "Enumerate databases. Get a loot file with connection strings.", Long: "\nUse case examples:\n" + os.Args[0] + " aws databases --profile readonly_profile", PreRun: awsPreRun, Run: runDatabasesCommand, PostRun: awsPostRun, } ECRCommand = &cobra.Command{ Use: "ecr", Aliases: []string{"repos", "repo", "repositories"}, Short: "Enumerate the most recently pushed image URI from all repositories. Get a loot file with commands to pull images", Long: "\nUse case examples:\n" + os.Args[0] + " aws ecr --profile readonly_profile", PreRun: awsPreRun, Run: runECRCommand, PostRun: awsPostRun, } StoreSQSAccessPolicies bool SQSCommand = &cobra.Command{ Use: "sqs", Aliases: []string{}, Short: "Enumerate SQS Queues.", Long: "\nUse case examples:\n" + os.Args[0] + " aws sqs --profile readonly_profile", PreRun: awsPreRun, Run: runSQSCommand, PostRun: awsPostRun, } StoreSNSAccessPolicies bool SNSCommand = &cobra.Command{ Use: "sns", Aliases: []string{}, Short: "Enumerate SNS Queues.", Long: "\nUse case examples:\n" + os.Args[0] + " aws sns --profile readonly_profile", PreRun: awsPreRun, Run: runSNSCommand, PostRun: awsPostRun, } EKSCommand = &cobra.Command{ Use: "eks", Aliases: []string{"EKS", "clusters"}, Short: "Enumerate EKS clusters. Get a loot file with commands to authenticate with each cluster", Long: "\nUse case examples:\n" + os.Args[0] + " aws --profile readonly_profile eks", PreRun: awsPreRun, Run: runEKSCommand, PostRun: awsPostRun, } EndpointsCommand = &cobra.Command{ Use: "endpoints", Aliases: []string{"endpoint"}, Short: "Enumerates endpoints from various services. Get a loot file with http endpoints to scan.", Long: "\nUse case examples:\n" + os.Args[0] + " aws endpoints --profile readonly_profile", PreRun: awsPreRun, Run: runEndpointsCommand, PostRun: awsPostRun, } EnvsCommand = &cobra.Command{ Use: "env-vars", Aliases: []string{"envs", "envvars", "env"}, Short: "Enumerate the environment variables from multiple services that have them", Long: "\nUse case examples:\n" + os.Args[0] + " aws env-vars --profile readonly_profile", PreRun: awsPreRun, Run: runEnvsCommand, PostRun: awsPostRun, } FilesystemsCommand = &cobra.Command{ Use: "filesystems", Aliases: []string{"filesystem"}, Short: "Enumerate the EFS and FSx filesystems. Get a loot file with mount commands", Long: "\nUse case examples:\n" + os.Args[0] + " aws filesystems --profile readonly_profile", PreRun: awsPreRun, Run: runFilesystemsCommand, PostRun: awsPostRun, } SimulatorResource string SimulatorAction string SimulatorPrincipal string IamSimulatorCommand = &cobra.Command{ Use: "iam-simulator", Aliases: []string{"iamsimulator", "simulator"}, Short: "Wrapper around the AWS IAM Simulate Principal Policy command", Long: "\nUse case examples:\n" + os.Args[0] + " aws iam-simulator --profile readonly_profile", PreRun: awsPreRun, Run: runIamSimulatorCommand, PostRun: awsPostRun, } // This filter could be an instance ID or a TXT file with instance IDs separated by a new line. InstancesFilter string InstanceMapUserDataAttributesOnly bool InstancesCommand = &cobra.Command{ Use: "instances", Aliases: []string{"instance"}, Short: "Enumerate all instances along with assigned IPs, profiles, and user-data", Long: "\nUse case examples:\n" + os.Args[0] + " aws instances --profile readonly_profile", PreRun: awsPreRun, Run: runInstancesCommand, PostRun: awsPostRun, } ECSTasksCommand = &cobra.Command{ Use: "ecs-tasks", Aliases: []string{"ecs"}, Short: "Enumerate all ECS tasks along with assigned IPs and profiles", Long: "\nUse case examples:\n" + os.Args[0] + " aws ecs-tasks --profile readonly_profile", PreRun: awsPreRun, Run: runECSTasksCommand, PostRun: awsPostRun, } ElasticNetworkInterfacesCommand = &cobra.Command{ Use: "elastic-network-interfaces", Aliases: []string{"eni"}, Short: "Enumerate all elastic network interafces along with their private and public IPs and the VPC", Long: "\nUse case examples:\n" + os.Args[0] + " aws elastic-network-interfaces --profile readonly_profile", PreRun: awsPreRun, Run: runENICommand, PostRun: awsPostRun, } InventoryCommand = &cobra.Command{ Use: "inventory", Short: "Gain a rough understanding of size of the account and preferred regions", Long: "\nUse case examples:\n" + os.Args[0] + " aws inventory --profile readonly_profile", PreRun: awsPreRun, Run: runInventoryCommand, PostRun: awsPostRun, } LambdasCommand = &cobra.Command{ Use: "lambda", Aliases: []string{"lambdas", "functions"}, Short: "Enumerate lambdas.", Long: "\nUse case examples:\n" + os.Args[0] + " aws lambda --profile readonly_profile", PreRun: awsPreRun, Run: runLambdasCommand, PostRun: awsPostRun, } NetworkPortsCommand = &cobra.Command{ Use: "network-ports", Aliases: []string{"ports", "networkports"}, Short: "Enumerate potentially accessible network ports.", Long: "\nUse case examples:\n" + os.Args[0] + " aws network-ports --profile readonly_profile", PreRun: awsPreRun, Run: runNetworkPortsCommand, PostRun: awsPostRun, } OutboundAssumedRolesDays int OutboundAssumedRolesCommand = &cobra.Command{ Use: "outbound-assumed-roles", Aliases: []string{"assumedroles", "assumeroles", "outboundassumedroles"}, Short: "Find the roles that have been assumed by principals in this account", Long: "\nUse case examples:\n" + os.Args[0] + " aws outbound-assumed-roles --profile readonly_profile", PreRun: awsPreRun, Run: runOutboundAssumedRolesCommand, PostRun: awsPostRun, } OrgsCommand = &cobra.Command{ Use: "orgs", Aliases: []string{"org", "organizations", "accounts", "account"}, Short: "Enumerate accounts in an organization", Long: "\nUse case examples:\n" + os.Args[0] + " aws orgs --profile readonly_profile", PreRun: awsPreRun, Run: runOrgsCommand, PostRun: awsPostRun, } PermissionsPrincipal string PermissionsCommand = &cobra.Command{ Use: "permissions", Aliases: []string{"perms", "permission"}, Short: "Enumerate IAM permissions per principal", Long: "\nUse case examples:\n" + os.Args[0] + " aws permissions --profile profile\n" + os.Args[0] + " aws permissions --profile profile --principal arn:aws:iam::111111111111:role/test123" + "\n\nAvailable Column Names:\n" + "Type, Name, Arn, Policy, Policy Name, Policy Arn, Effect, Action, Resource, Condition\n", PreRun: awsPreRun, Run: runPermissionsCommand, PostRun: awsPostRun, } PrincipalsCommand = &cobra.Command{ Use: "principals", Aliases: []string{"principal"}, Short: "Enumerate IAM users and Roles so you have the data at your fingertips", Long: "\nUse case examples:\n" + os.Args[0] + " aws principals --profile readonly_profile", PreRun: awsPreRun, Run: runPrincipalsCommand, PostRun: awsPostRun, } RAMCommand = &cobra.Command{ Use: "ram", Short: "Enumerate cross-account shared resources", Long: "\nUse case examples:\n" + os.Args[0] + " aws ram --profile readonly_profile", PreRun: awsPreRun, Run: runRAMCommand, PostRun: awsPostRun, } ResourceTrustsCommand = &cobra.Command{ Use: "resource-trusts", Aliases: []string{"resourcetrusts", "resourcetrust"}, Short: "Enumerate all resource trusts", Long: "\nUse case examples:\n" + os.Args[0] + " aws resource-trusts --profile readonly_profile", PreRun: awsPreRun, Run: runResourceTrustsCommand, PostRun: awsPostRun, } // The filter is set to "all" when the flag "--filter" is not used RoleTrustFilter string RoleTrustCommand = &cobra.Command{ Use: "role-trusts", Aliases: []string{"roletrusts", "role-trust"}, Short: "Enumerate all role trusts", Long: "\nUse case examples:\n" + "Map all role trusts for caller's account:\n" + os.Args[0] + " aws role-trusts\n", PreRun: awsPreRun, Run: runRoleTrustCommand, PostRun: awsPostRun, } Route53Command = &cobra.Command{ Use: "route53", Aliases: []string{"dns", "route", "routes"}, Short: "Enumerate all records from all zones managed by route53. Get a loot file with A records you can scan", Long: "\nUse case examples:\n" + os.Args[0] + " aws route53 --profile readonly_profile", PreRun: awsPreRun, Run: runRoute53Command, PostRun: awsPostRun, } SecretsCommand = &cobra.Command{ Use: "secrets", Aliases: []string{"secret"}, Short: "Enumerate secrets from secrets manager and SSM", Long: "\nUse case examples:\n" + os.Args[0] + " aws secrets --profile readonly_profile", PreRun: awsPreRun, Run: runSecretsCommand, PostRun: awsPostRun, } MaxResourcesPerRegion int TagsCommand = &cobra.Command{ Use: "tags", Aliases: []string{"tag"}, Short: "Enumerate resources with tags.", Long: "\nUse case examples:\n" + os.Args[0] + " aws tags --profile readonly_profile", PreRun: awsPreRun, Run: runTagsCommand, PostRun: awsPostRun, } PmapperCommand = &cobra.Command{ Use: "pmapper", Aliases: []string{"Pmapper", "pmapperParse"}, Short: "Looks for pmapper data for the account and builds a PrivEsc graph in golang if it exists.", Long: "\nUse case examples:\n" + os.Args[0] + " aws ", PreRun: awsPreRun, Run: runPmapperCommand, PostRun: awsPostRun, } GraphCommand = &cobra.Command{ Use: "graph", Short: "INACTIVE (Use cape command instead) Graph the relationships between resources and insert into local Neo4j db", Long: "\nUse case examples:\n" + os.Args[0] + " aws graph -l /path/to/profiles", PreRun: awsPreRun, Run: runGraphCommand, PostRun: awsPostRun, } WorkloadsCommand = &cobra.Command{ Use: "workloads", Short: "Finds workloads with admin permissions or a path to admin permissions", Long: "\nUse case examples:\n" + os.Args[0] + " aws workloads --profile readonly_profile", PreRun: awsPreRun, Run: runWorkloadsCommand, PostRun: awsPostRun, } DirectoryServicesCommand = &cobra.Command{ Use: "ds", Short: "Enumerate AWS-managed Active Directory instances and trusts", Long: "\nUse case examples:\n" + os.Args[0] + " aws clouddirectory --profile readonly_profile", PreRun: awsPreRun, Run: runDirectoryServicesCommand, PostRun: awsPostRun, } AllChecksCommand = &cobra.Command{ Use: "all-checks", Aliases: []string{"allchecks", "all"}, Short: "Run all of the other checks (excluding outbound-assumed-roles)", Long: "\nUse case examples:\n" + os.Args[0] + " aws all-checks --profile readonly_profile", PreRun: awsPreRun, Run: runAllChecksCommand, PostRun: awsPostRun, } )
View Source
var ( AzTenantID string AzSubscription string AzRGName string AzOutputFormat string AzOutputDirectory string AzVerbosity int AzWrapTable bool AzMergedTable bool AzCommands = &cobra.Command{ Use: "azure", Aliases: []string{"az"}, Long: `See "Available Commands" for Azure Modules below`, Short: "See \"Available Commands\" for Azure Modules below", Run: func(cmd *cobra.Command, args []string) { cmd.Help() }, } AzWhoamiListRGsAlso bool AzWhoamiCommand = &cobra.Command{ Use: "whoami", Aliases: []string{}, Short: "Display available Azure CLI sessions", Long: ` Display Available Azure CLI Sessions: ./cloudfox az whoami`, Run: func(cmd *cobra.Command, args []string) { err := azure.AzWhoamiCommand(AzOutputDirectory, cmd.Root().Version, AzWrapTable, AzVerbosity, AzWhoamiListRGsAlso) if err != nil { log.Fatal(err) } }, } AzInventoryCommand = &cobra.Command{ Use: "inventory", Aliases: []string{"inv"}, Short: "Display an inventory table of all resources per location", Long: ` Enumerate inventory for a specific tenant: ./cloudfox az inventory --tenant TENANT_ID Enumerate inventory for a specific subscription: ./cloudfox az inventory --subscription SUBSCRIPTION_ID `, Run: func(cmd *cobra.Command, args []string) { err := azure.AzInventoryCommand(AzTenantID, AzSubscription, AzOutputDirectory, cmd.Root().Version, AzVerbosity, AzWrapTable, AzMergedTable) if err != nil { log.Fatal(err) } }, } AzRBACCommand = &cobra.Command{ Use: "rbac", Aliases: []string{}, Short: "Display role assignemts for Azure principals", Long: ` Enumerate role assignments for a specific tenant: ./cloudfox az rbac --tenant TENANT_ID Enumerate role assignments for a specific subscription: ./cloudfox az rbac --subscription SUBSCRIPTION_ID `, Run: func(cmd *cobra.Command, args []string) { err := azure.AzRBACCommand(AzTenantID, AzSubscription, AzOutputFormat, AzOutputDirectory, cmd.Root().Version, AzVerbosity, AzWrapTable, AzMergedTable) if err != nil { log.Fatal(err) } }, } AzVMsCommand = &cobra.Command{ Use: "vms", Aliases: []string{"vms", "virtualmachines"}, Short: "Enumerates Azure Compute virtual machines", Long: ` Enumerate VMs for a specific tenant: ./cloudfox az vms --tenant TENANT_ID Enumerate VMs for a specific subscription: ./cloudfox az vms --subscription SUBSCRIPTION_ID`, Run: func(cmd *cobra.Command, args []string) { err := azure.AzVMsCommand(AzTenantID, AzSubscription, AzOutputFormat, AzOutputDirectory, cmd.Root().Version, AzVerbosity, AzWrapTable, AzMergedTable) if err != nil { log.Fatal(err) } }, } AzStorageCommand = &cobra.Command{ Use: "storage", Aliases: []string{}, Short: "Enumerates azure storage accounts", Long: ` Enumerate storage accounts for a specific tenant: ./cloudfox az storage --tenant TENANT_ID Enumerate storage accounts for a specific subscription: ./cloudfox az storage --subscription SUBSCRIPTION_ID `, Run: func(cmd *cobra.Command, args []string) { err := azure.AzStorageCommand(AzTenantID, AzSubscription, AzOutputFormat, AzOutputDirectory, cmd.Root().Version, AzVerbosity, AzWrapTable, AzMergedTable) if err != nil { log.Fatal(err) } }, } )
View Source
var ( // GCP resources filtering options GCPOrganization string GCPProjectID string GCPProjectIDsFilePath string GCPProjectIDs []string // Output formatting options GCPOutputFormat string GCPOutputDirectory string GCPVerbosity int GCPWrapTable bool // logger GCPLogger = internal.NewLogger() // GCP root command GCPCommands = &cobra.Command{ Use: "gcp", Aliases: []string{"gcloud"}, Long: `See "Available Commands" for GCP Modules below`, Short: "See \"Available Commands\" for GCP Modules below", PersistentPreRun: func(cmd *cobra.Command, args []string) { if GCPProjectID != "" { GCPProjectIDs = append(GCPProjectIDs, GCPProjectID) } else if GCPProjectIDsFilePath != "" { GCPProjectIDs = internal.LoadFileLinesIntoArray(GCPProjectIDsFilePath) } else { GCPLogger.InfoM("project or project-list flags not given, commands requiring a project ID will fail", "gcp") } ctx := context.WithValue(context.Background(), "projectIDs", GCPProjectIDs) os := oauthservice.NewOAuthService() principal, err := os.WhoAmI() if err != nil { GCPLogger.FatalM(fmt.Sprintf("could not determine default user credential with error %s. \n\nPlease use default application default credentials: https://cloud.google.com/docs/authentication/application-default-credentials", err.Error()), "gcp") } ctx = context.WithValue(ctx, "account", principal.Email) cmd.SetContext(ctx) }, } )
View Source
var CapeTuiCmd = &cobra.Command{ Use: "tui", Aliases: []string{"TUI", "view", "report"}, Short: "View Cape's output in a TUI", Long: "\nUse case examples:\n" + os.Args[0] + " aws cape tui -l /path/to/profiles-used-for-cape.txt", Run: runCapeTUICommand, }
View Source
var GCPAllChecksCommand = &cobra.Command{ Use: "all-checks", Short: "Runs all available GCP commands", Long: `Executes all available GCP commands to collect and display information from all supported GCP services.`, Run: func(cmd *cobra.Command, args []string) { for _, childCmd := range GCPCommands.Commands() { if childCmd == cmd { continue } GCPLogger.InfoM(fmt.Sprintf("Running command: %s", childCmd.Use), "all-checks") childCmd.Run(cmd, args) } }, }
New RunAllGCPCommands function to execute all child commands
Functions ¶
func FindOrgMgmtAccountAndReorderAccounts ¶ added in v1.11.0
Types ¶
type OrgAccounts ¶ added in v1.11.0
type OrgAccounts struct {
Organization *types.Organization
Accounts []types.Account
}
Source Files
Click to show internal directories.
Click to hide internal directories.