Showing preview only (4,493K chars total). Download the full file or copy to clipboard to get everything.
Repository: nccgroup/ScoutSuite
Branch: master
Commit: 7909f2fc6186
Files: 1474
Total size: 4.0 MB
Directory structure:
gitextract_u53o_x4_/
├── .coveragerc
├── .flake8
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug_report.md
│ │ └── feature_request.md
│ ├── PULL_REQUEST_TEMPLATE.md
│ └── workflows/
│ ├── frontend-build.yml
│ └── testing.yml
├── .gitignore
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE
├── MANIFEST.in
├── README.md
├── ScoutSuite/
│ ├── __init__.py
│ ├── __main__.py
│ ├── core/
│ │ ├── __init__.py
│ │ ├── cli_parser.py
│ │ ├── conditions.py
│ │ ├── console.py
│ │ ├── exceptions.py
│ │ ├── fs.py
│ │ ├── processingengine.py
│ │ ├── rule.py
│ │ ├── rule_definition.py
│ │ ├── ruleset.py
│ │ ├── server.py
│ │ └── utils.py
│ ├── data/
│ │ ├── aws/
│ │ │ └── ip-ranges/
│ │ │ ├── aws-in-ec2.json
│ │ │ ├── aws-in-us.json
│ │ │ └── aws.json
│ │ ├── icmp_message_types.json
│ │ └── protocols.json
│ ├── output/
│ │ ├── __init__.py
│ │ ├── data/
│ │ │ ├── html/
│ │ │ │ ├── conditionals/
│ │ │ │ │ ├── json_format.html
│ │ │ │ │ └── sqlite_format.html
│ │ │ │ ├── partials/
│ │ │ │ │ ├── about_scoutsuite.html
│ │ │ │ │ ├── accordion.html
│ │ │ │ │ ├── accordion_policy.html
│ │ │ │ │ ├── aliyun/
│ │ │ │ │ │ ├── left_menu_for_aliyun_region.html
│ │ │ │ │ │ ├── services.actiontrail.trails.html
│ │ │ │ │ │ ├── services.ecs.regions.id.instances.html
│ │ │ │ │ │ ├── services.kms.regions.id.keys.html
│ │ │ │ │ │ ├── services.oss.buckets.html
│ │ │ │ │ │ ├── services.ram.groups.html
│ │ │ │ │ │ ├── services.ram.policies.html
│ │ │ │ │ │ ├── services.ram.roles.html
│ │ │ │ │ │ ├── services.ram.users.html
│ │ │ │ │ │ ├── services.rds.regions.id.instances.html
│ │ │ │ │ │ └── services.vpc.regions.id.vpcs.html
│ │ │ │ │ ├── aws/
│ │ │ │ │ │ ├── left_menu_for_region.html
│ │ │ │ │ │ ├── left_menu_for_vpc.html
│ │ │ │ │ │ ├── services.acm.regions.id.certificates.html
│ │ │ │ │ │ ├── services.awslambda.regions.id.functions.html
│ │ │ │ │ │ ├── services.cloudformation.regions.id.stacks.html
│ │ │ │ │ │ ├── services.cloudfront.distributions.html
│ │ │ │ │ │ ├── services.cloudtrail.regions.html
│ │ │ │ │ │ ├── services.cloudtrail.regions.id.trails.html
│ │ │ │ │ │ ├── services.cloudwatch.regions.id.alarms.html
│ │ │ │ │ │ ├── services.cloudwatch.regions.id.metric_filters.html
│ │ │ │ │ │ ├── services.config.regions.html
│ │ │ │ │ │ ├── services.config.regions.id.recorders.html
│ │ │ │ │ │ ├── services.config.regions.id.rules.html
│ │ │ │ │ │ ├── services.dynamodb.regions.id.tables.html
│ │ │ │ │ │ ├── services.ec2.regions.id.regional_settings.html
│ │ │ │ │ │ ├── services.ec2.regions.id.snapshots.html
│ │ │ │ │ │ ├── services.ec2.regions.id.volumes.html
│ │ │ │ │ │ ├── services.ec2.regions.id.vpcs.id.images.html
│ │ │ │ │ │ ├── services.ec2.regions.id.vpcs.id.instances.html
│ │ │ │ │ │ ├── services.ec2.regions.id.vpcs.id.security_groups.html
│ │ │ │ │ │ ├── services.ec2.regions.vpcs.security_groups.resource_list.html
│ │ │ │ │ │ ├── services.ec2.regions.vpcs.security_groups.rule_list.html
│ │ │ │ │ │ ├── services.elasticache.regions.id.parameter_groups.html
│ │ │ │ │ │ ├── services.elasticache.regions.id.security_groups.html
│ │ │ │ │ │ ├── services.elasticache.regions.id.subnet_groups.html
│ │ │ │ │ │ ├── services.elasticache.regions.id.vpcs.id.clusters.html
│ │ │ │ │ │ ├── services.elb.regions.id.elb_policies.html
│ │ │ │ │ │ ├── services.elb.regions.id.vpcs.id.elbs.html
│ │ │ │ │ │ ├── services.elb.regions.id.vpcs.id.elbs.linked_resources.html
│ │ │ │ │ │ ├── services.elb.regions.id.vpcs.id.elbs.listener.html
│ │ │ │ │ │ ├── services.elb.regions.id.vpcsid.elbs.linked_policy.html
│ │ │ │ │ │ ├── services.elbv2.regions.id.vpcs.id.elbs.html
│ │ │ │ │ │ ├── services.emr.regions.id.vpcs.id.clusters.html
│ │ │ │ │ │ ├── services.iam.credential_reports.html
│ │ │ │ │ │ ├── services.iam.groups.html
│ │ │ │ │ │ ├── services.iam.inline_policies.html
│ │ │ │ │ │ ├── services.iam.managed_policies.html
│ │ │ │ │ │ ├── services.iam.managed_policies_list.html
│ │ │ │ │ │ ├── services.iam.roles.html
│ │ │ │ │ │ ├── services.iam.users.html
│ │ │ │ │ │ ├── services.kms.regions.id.keys.html
│ │ │ │ │ │ ├── services.rds.regions.id.parameter_groups.html
│ │ │ │ │ │ ├── services.rds.regions.id.security_groups.html
│ │ │ │ │ │ ├── services.rds.regions.id.vpcs.id.instances.html
│ │ │ │ │ │ ├── services.rds.regions.id.vpcs.id.snapshots.html
│ │ │ │ │ │ ├── services.rds.regions.id.vpcs.id.subnet_groups.html
│ │ │ │ │ │ ├── services.redshift.regions.id.parameter_groups.html
│ │ │ │ │ │ ├── services.redshift.regions.id.vpcs.id.clusters.html
│ │ │ │ │ │ ├── services.redshift.regions.id.vpcs.id.security_groups.html
│ │ │ │ │ │ ├── services.redshift.regions.vpcs.cluster_nodes.html
│ │ │ │ │ │ ├── services.route53.regions.id.domains.html
│ │ │ │ │ │ ├── services.route53.regions.id.hosted_zones.html
│ │ │ │ │ │ ├── services.s3.acls.html
│ │ │ │ │ │ ├── services.s3.bucket_iam_policies.html
│ │ │ │ │ │ ├── services.s3.buckets.html
│ │ │ │ │ │ ├── services.s3.buckets.objects.html
│ │ │ │ │ │ ├── services.s3.public_access_block_configuration.html
│ │ │ │ │ │ ├── services.secretsmanager.regions.id.secrets.html
│ │ │ │ │ │ ├── services.ses.regions.id.identities.html
│ │ │ │ │ │ ├── services.sns.regions.id.topics.html
│ │ │ │ │ │ ├── services.sqs.regions.id.queues.html
│ │ │ │ │ │ ├── services.stackdriverlogging.sinks.html
│ │ │ │ │ │ ├── services.vpc.regions.id.flow_logs.html
│ │ │ │ │ │ ├── services.vpc.regions.id.peering_connections.html
│ │ │ │ │ │ ├── services.vpc.regions.id.vpcs.html
│ │ │ │ │ │ ├── services.vpc.regions.id.vpcs.id.network_acls.html
│ │ │ │ │ │ ├── services.vpc.regions.id.vpcs.id.peering_connections.html
│ │ │ │ │ │ └── services.vpc.regions.id.vpcs.id.subnets.html
│ │ │ │ │ ├── azure/
│ │ │ │ │ │ ├── details_for_subscription.html
│ │ │ │ │ │ ├── left_menu_for_subscription.html
│ │ │ │ │ │ ├── services.aad.applications.html
│ │ │ │ │ │ ├── services.aad.groups.html
│ │ │ │ │ │ ├── services.aad.policies.html
│ │ │ │ │ │ ├── services.aad.service_principals.html
│ │ │ │ │ │ ├── services.aad.users.html
│ │ │ │ │ │ ├── services.appservice.subscriptions.id.web_apps.html
│ │ │ │ │ │ ├── services.keyvault.subscriptions.id.vaults.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.diagnostic_settings.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.log_alerts.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.log_profiles.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.resources_logging.html
│ │ │ │ │ │ ├── services.mysqldatabase.subscriptions.id.servers.html
│ │ │ │ │ │ ├── services.network.subscriptions.id.application_security_groups.html
│ │ │ │ │ │ ├── services.network.subscriptions.id.network_interfaces.html
│ │ │ │ │ │ ├── services.network.subscriptions.id.security_groups.html
│ │ │ │ │ │ ├── services.network.subscriptions.id.virtual_networks.html
│ │ │ │ │ │ ├── services.network.subscriptions.id.virtual_networks.id.subnets.html
│ │ │ │ │ │ ├── services.network.subscriptions.id.watchers.html
│ │ │ │ │ │ ├── services.postgresqldatabase.subscriptions.id.servers.html
│ │ │ │ │ │ ├── services.rbac.subscriptions.id.custom_roles_report.html
│ │ │ │ │ │ ├── services.rbac.subscriptions.id.roles.html
│ │ │ │ │ │ ├── services.securitycenter.subscriptions.id.auto_provisioning_settings.html
│ │ │ │ │ │ ├── services.securitycenter.subscriptions.id.compliance_results.html
│ │ │ │ │ │ ├── services.securitycenter.subscriptions.id.pricings.html
│ │ │ │ │ │ ├── services.securitycenter.subscriptions.id.regulatory_compliance_results.html
│ │ │ │ │ │ ├── services.securitycenter.subscriptions.id.security_contacts.html
│ │ │ │ │ │ ├── services.securitycenter.subscriptions.id.settings.html
│ │ │ │ │ │ ├── services.sqldatabase.subscriptions.id.servers.html
│ │ │ │ │ │ ├── services.storageaccounts.subscriptions.id.storage_accounts.html
│ │ │ │ │ │ ├── services.virtualmachines.subscriptions.id.disks.html
│ │ │ │ │ │ ├── services.virtualmachines.subscriptions.id.images.html
│ │ │ │ │ │ ├── services.virtualmachines.subscriptions.id.instances.html
│ │ │ │ │ │ └── services.virtualmachines.subscriptions.id.snapshots.html
│ │ │ │ │ ├── count_badge.html
│ │ │ │ │ ├── dashboard.html
│ │ │ │ │ ├── details.html
│ │ │ │ │ ├── details_for_region.html
│ │ │ │ │ ├── details_for_vpc.html
│ │ │ │ │ ├── do/
│ │ │ │ │ │ ├── services.database.databases.html
│ │ │ │ │ │ ├── services.droplet.droplets.html
│ │ │ │ │ │ ├── services.kubernetes.cluster.html
│ │ │ │ │ │ ├── services.networking.domains.html
│ │ │ │ │ │ ├── services.networking.firewalls.html
│ │ │ │ │ │ ├── services.networking.load_balancers.html
│ │ │ │ │ │ └── services.spaces.buckets.html
│ │ │ │ │ ├── ec2_grants.html
│ │ │ │ │ ├── filters.html
│ │ │ │ │ ├── gcp/
│ │ │ │ │ │ ├── details_for_gcp_region.html
│ │ │ │ │ │ ├── details_for_gcp_zone.html
│ │ │ │ │ │ ├── details_for_project.html
│ │ │ │ │ │ ├── left_menu_for_gcp_region.html
│ │ │ │ │ │ ├── left_menu_for_gcp_zone.html
│ │ │ │ │ │ ├── left_menu_for_project.html
│ │ │ │ │ │ ├── services.bigquery.projects.id.datasets.html
│ │ │ │ │ │ ├── services.cloudmemorystore.projects.id.redis_instances.html
│ │ │ │ │ │ ├── services.cloudsql.projects.id.instances.html
│ │ │ │ │ │ ├── services.cloudstorage.projects.id.buckets.html
│ │ │ │ │ │ ├── services.computeengine.projects.id.firewalls.html
│ │ │ │ │ │ ├── services.computeengine.projects.id.global_forwarding_rules.html
│ │ │ │ │ │ ├── services.computeengine.projects.id.networks.html
│ │ │ │ │ │ ├── services.computeengine.projects.id.regions.id.forwarding_rules.html
│ │ │ │ │ │ ├── services.computeengine.projects.id.regions.id.subnetworks.html
│ │ │ │ │ │ ├── services.computeengine.projects.id.snapshots.html
│ │ │ │ │ │ ├── services.computeengine.projects.id.zones.id.instances.html
│ │ │ │ │ │ ├── services.dns.projects.id.managed_zones.html
│ │ │ │ │ │ ├── services.functions.projects.id.functions_v1.html
│ │ │ │ │ │ ├── services.functions.projects.id.functions_v2.html
│ │ │ │ │ │ ├── services.iam.projects.id.bindings.html
│ │ │ │ │ │ ├── services.iam.projects.id.bindings_separation_duties.html
│ │ │ │ │ │ ├── services.iam.projects.id.domains.html
│ │ │ │ │ │ ├── services.iam.projects.id.groups.html
│ │ │ │ │ │ ├── services.iam.projects.id.service_accounts.html
│ │ │ │ │ │ ├── services.iam.projects.id.users.html
│ │ │ │ │ │ ├── services.kms.projects.id.keyrings.html
│ │ │ │ │ │ ├── services.kubernetesengine.clusters.html
│ │ │ │ │ │ ├── services.stackdriverlogging.projects.id.logging_metrics.html
│ │ │ │ │ │ ├── services.stackdriverlogging.projects.id.metrics.html
│ │ │ │ │ │ ├── services.stackdriverlogging.projects.id.sinks.html
│ │ │ │ │ │ ├── services.stackdrivermonitoring.projects.id.alert_policies.html
│ │ │ │ │ │ ├── services.stackdrivermonitoring.projects.id.monitoring_alert_policies.html
│ │ │ │ │ │ └── services.stackdrivermonitoring.projects.id.uptime_checks.html
│ │ │ │ │ ├── generic_object.html
│ │ │ │ │ ├── ip_grants.html
│ │ │ │ │ ├── kubernetes/
│ │ │ │ │ │ ├── details_for_kubernetes_resource.html
│ │ │ │ │ │ ├── details_for_project.html
│ │ │ │ │ │ ├── details_for_subscription.html
│ │ │ │ │ │ ├── kubernetes_code.html
│ │ │ │ │ │ ├── kubernetes_container_security_context.html
│ │ │ │ │ │ ├── kubernetes_data.html
│ │ │ │ │ │ ├── kubernetes_object.html
│ │ │ │ │ │ ├── kubernetes_pod_security_context.html
│ │ │ │ │ │ ├── kubernetes_resource_containers.html
│ │ │ │ │ │ ├── kubernetes_resource_host.html
│ │ │ │ │ │ ├── kubernetes_resource_limits.html
│ │ │ │ │ │ ├── left_menu_for_kubernetes_resource.html
│ │ │ │ │ │ ├── left_menu_for_project.html
│ │ │ │ │ │ ├── left_menu_for_subscription.html
│ │ │ │ │ │ ├── services.eks.encryption.html
│ │ │ │ │ │ ├── services.eks.logging.html
│ │ │ │ │ │ ├── services.kubernetesengine.clusters.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.diagnostic_settings.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.log_alerts.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.log_profiles.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.resources_logging.html
│ │ │ │ │ │ ├── services.version.details.html
│ │ │ │ │ │ └── utils.html
│ │ │ │ │ ├── last_run_details.html
│ │ │ │ │ ├── left_menu.html
│ │ │ │ │ ├── metadata.html
│ │ │ │ │ ├── modal.html
│ │ │ │ │ ├── network_interface.html
│ │ │ │ │ ├── oci/
│ │ │ │ │ │ ├── services.identity.groups.html
│ │ │ │ │ │ ├── services.identity.policies.html
│ │ │ │ │ │ ├── services.identity.users.html
│ │ │ │ │ │ ├── services.kms.keyvaults.html
│ │ │ │ │ │ └── services.objectstorage.buckets.html
│ │ │ │ │ ├── policy.html
│ │ │ │ │ ├── report_footer.html
│ │ │ │ │ ├── resource_link.html
│ │ │ │ │ ├── resources_details.html
│ │ │ │ │ └── singles.html
│ │ │ │ ├── report.html
│ │ │ │ └── summaries/
│ │ │ │ ├── aliyun/
│ │ │ │ │ ├── services.ram.password_policy.html
│ │ │ │ │ └── services.ram.security_policy.html
│ │ │ │ ├── attack_surface.html
│ │ │ │ ├── aws/
│ │ │ │ │ ├── services.ec2.external_attack_surface.html
│ │ │ │ │ ├── services.elb.external_attack_surface.html
│ │ │ │ │ ├── services.elbv2.external_attack_surface.html
│ │ │ │ │ ├── services.iam.password_policy.html
│ │ │ │ │ ├── services.iam.permissions.html
│ │ │ │ │ ├── services.rds.external_attack_surface.html
│ │ │ │ │ └── services.redshift.external_attack_surface.html
│ │ │ │ ├── azure/
│ │ │ │ │ └── .keep
│ │ │ │ ├── do/
│ │ │ │ │ └── .gitkeep
│ │ │ │ ├── gcp/
│ │ │ │ │ └── .keep
│ │ │ │ ├── kubernetes/
│ │ │ │ │ ├── services.kubernetes_workload.images.html
│ │ │ │ │ ├── services.rbac.dangerous_grants.html
│ │ │ │ │ ├── services.rbac.dodgy_subjects.html
│ │ │ │ │ └── services.rbac.permissive_bindings.html
│ │ │ │ ├── oci/
│ │ │ │ │ └── services.identity.password_policy.html
│ │ │ │ ├── service_groups.compute.summaries.external_attack_surface.html
│ │ │ │ └── service_groups.database.summaries.external_attack_surface.html
│ │ │ ├── inc-scoutsuite/
│ │ │ │ ├── css/
│ │ │ │ │ ├── modal.css
│ │ │ │ │ ├── scoutsuite-dark.css
│ │ │ │ │ ├── scoutsuite-light.css
│ │ │ │ │ └── scoutsuite.css
│ │ │ │ ├── helpers.js
│ │ │ │ ├── pagination.js
│ │ │ │ ├── provider.js
│ │ │ │ ├── scoutsuite.js
│ │ │ │ ├── sqlite.js
│ │ │ │ └── theme.js
│ │ │ └── listall-configs/
│ │ │ └── ec2.regions.id.vpcs.id.security_groups.id.json
│ │ ├── html.py
│ │ ├── result_encoder.py
│ │ └── utils.py
│ ├── providers/
│ │ ├── __init__.py
│ │ ├── aliyun/
│ │ │ ├── __init__.py
│ │ │ ├── authentication_strategy.py
│ │ │ ├── facade/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── actiontrail.py
│ │ │ │ ├── base.py
│ │ │ │ ├── ecs.py
│ │ │ │ ├── kms.py
│ │ │ │ ├── oss.py
│ │ │ │ ├── ram.py
│ │ │ │ ├── rds.py
│ │ │ │ ├── utils.py
│ │ │ │ └── vpc.py
│ │ │ ├── metadata.json
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── actiontrail/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── trails.py
│ │ │ │ ├── base.py
│ │ │ │ ├── ecs/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── instances.py
│ │ │ │ ├── kms/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── keys.py
│ │ │ │ ├── oss/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── buckets.py
│ │ │ │ ├── ram/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── api_keys.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── groups.py
│ │ │ │ │ ├── password_policy.py
│ │ │ │ │ ├── policies.py
│ │ │ │ │ ├── roles.py
│ │ │ │ │ ├── security_policy.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── rds/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── instances.py
│ │ │ │ ├── regions.py
│ │ │ │ └── vpc/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ └── vpcs.py
│ │ │ ├── rules/
│ │ │ │ ├── findings/
│ │ │ │ │ ├── actiontrail-not-configured.json
│ │ │ │ │ ├── actiontrail-not-enabled.json
│ │ │ │ │ ├── ecs-instance-with-deletion-protection-disabled.json
│ │ │ │ │ ├── ecs-instance-with-public-ip.json
│ │ │ │ │ ├── kms-no-key-rotation.json
│ │ │ │ │ ├── ram-password-policy-expiration-threshold.json
│ │ │ │ │ ├── ram-password-policy-minimum-length.json
│ │ │ │ │ ├── ram-password-policy-no-expiration.json
│ │ │ │ │ ├── ram-password-policy-no-lowercase-required.json
│ │ │ │ │ ├── ram-password-policy-no-number-required.json
│ │ │ │ │ ├── ram-password-policy-no-symbol-required.json
│ │ │ │ │ ├── ram-password-policy-no-uppercase-required.json
│ │ │ │ │ ├── ram-password-policy-reuse-enabled.json
│ │ │ │ │ ├── ram-user-lacking-mfa.json
│ │ │ │ │ ├── ram-user-unused-api-key.json
│ │ │ │ │ ├── ram-user-unused-console-password.json
│ │ │ │ │ ├── ram-user-with-multiple-api-keys.json
│ │ │ │ │ └── ram-user-with-old-api-key.json
│ │ │ │ └── rulesets/
│ │ │ │ ├── default.json
│ │ │ │ └── filters.json
│ │ │ ├── services.py
│ │ │ └── utils.py
│ │ ├── aws/
│ │ │ ├── __init__.py
│ │ │ ├── authentication_strategy.py
│ │ │ ├── facade/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── acm.py
│ │ │ │ ├── awslambda.py
│ │ │ │ ├── base.py
│ │ │ │ ├── basefacade.py
│ │ │ │ ├── cloudformation.py
│ │ │ │ ├── cloudfront.py
│ │ │ │ ├── cloudtrail.py
│ │ │ │ ├── cloudwatch.py
│ │ │ │ ├── codebuild.py
│ │ │ │ ├── config.py
│ │ │ │ ├── directconnect.py
│ │ │ │ ├── dynamodb.py
│ │ │ │ ├── ec2.py
│ │ │ │ ├── efs.py
│ │ │ │ ├── elasticache.py
│ │ │ │ ├── elb.py
│ │ │ │ ├── elbv2.py
│ │ │ │ ├── emr.py
│ │ │ │ ├── iam.py
│ │ │ │ ├── kms.py
│ │ │ │ ├── rds.py
│ │ │ │ ├── redshift.py
│ │ │ │ ├── route53.py
│ │ │ │ ├── s3.py
│ │ │ │ ├── secretsmanager.py
│ │ │ │ ├── ses.py
│ │ │ │ ├── sns.py
│ │ │ │ ├── sqs.py
│ │ │ │ └── utils.py
│ │ │ ├── metadata.json
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── acm/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── certificates.py
│ │ │ │ ├── awslambda/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── functions.py
│ │ │ │ ├── base.py
│ │ │ │ ├── cloudformation/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── stacks.py
│ │ │ │ ├── cloudfront/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── distributions.py
│ │ │ │ ├── cloudtrail/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── trails.py
│ │ │ │ ├── cloudwatch/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── alarms.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── metric_filters.py
│ │ │ │ ├── codebuild/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── build_projects.py
│ │ │ │ ├── config/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── recorders.py
│ │ │ │ │ └── rules.py
│ │ │ │ ├── directconnect/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── connections.py
│ │ │ │ ├── dynamodb/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── tables.py
│ │ │ │ ├── ec2/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── ami.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── instances.py
│ │ │ │ │ ├── networkinterfaces.py
│ │ │ │ │ ├── regional_settings.py
│ │ │ │ │ ├── securitygroups.py
│ │ │ │ │ ├── snapshots.py
│ │ │ │ │ ├── volumes.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ ├── efs/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── filesystems.py
│ │ │ │ ├── elasticache/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── cluster.py
│ │ │ │ │ ├── parametergroups.py
│ │ │ │ │ ├── securitygroups.py
│ │ │ │ │ ├── subnetgroups.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ ├── elb/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── load_balancers.py
│ │ │ │ │ ├── policies.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ ├── elbv2/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── listeners.py
│ │ │ │ │ ├── load_balancers.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ ├── emr/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── clusters.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ ├── iam/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── credentialreports.py
│ │ │ │ │ ├── groups.py
│ │ │ │ │ ├── passwordpolicy.py
│ │ │ │ │ ├── policies.py
│ │ │ │ │ ├── roles.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── kms/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── grants.py
│ │ │ │ │ └── keys.py
│ │ │ │ ├── rds/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── instances.py
│ │ │ │ │ ├── parametergroups.py
│ │ │ │ │ ├── securitygroups.py
│ │ │ │ │ ├── snapshots.py
│ │ │ │ │ ├── subnetgroups.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ ├── redshift/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── cluster_parameter_groups.py
│ │ │ │ │ ├── cluster_parameters.py
│ │ │ │ │ ├── cluster_security_groups.py
│ │ │ │ │ ├── clusters.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ ├── regions.py
│ │ │ │ ├── route53/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── domains.py
│ │ │ │ │ └── hosted_zones.py
│ │ │ │ ├── s3/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── buckets.py
│ │ │ │ ├── secretsmanager/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── secrets.py
│ │ │ │ ├── ses/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── identities.py
│ │ │ │ │ └── identity_policies.py
│ │ │ │ ├── sns/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── subscriptions.py
│ │ │ │ │ └── topics.py
│ │ │ │ ├── sqs/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── queues.py
│ │ │ │ ├── vpc/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── flow_logs.py
│ │ │ │ │ ├── network_acls.py
│ │ │ │ │ ├── peering_connections.py
│ │ │ │ │ ├── subnets.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ └── vpcs.py
│ │ │ ├── rules/
│ │ │ │ ├── conditions/
│ │ │ │ │ ├── cidr-is-all.json
│ │ │ │ │ ├── ec2-security-group-in-use.json
│ │ │ │ │ ├── ec2-security-group-not-used.json
│ │ │ │ │ ├── instance-with-open-nacls.json
│ │ │ │ │ ├── instance-with-public-ip.json
│ │ │ │ │ ├── ip-not-in-private-space.json
│ │ │ │ │ ├── policy-statement-any-principal.json
│ │ │ │ │ ├── policy-statement-any-resource.json
│ │ │ │ │ ├── policy-statement-poor-condition.json
│ │ │ │ │ └── security-group-opens-all-ports.json
│ │ │ │ ├── filters/
│ │ │ │ │ ├── ec2-instance-with-open-nacls.json
│ │ │ │ │ ├── ec2-security-group-with-public-cidr-grant.json
│ │ │ │ │ ├── iam-role-for-aws-account.json
│ │ │ │ │ ├── iam-role-for-service.json
│ │ │ │ │ └── s3-bucket-website-enabled.json
│ │ │ │ ├── findings/
│ │ │ │ │ ├── acm-certificate-with-close-expiration-date.json
│ │ │ │ │ ├── acm-certificate-with-transparency-logging-disabled.json
│ │ │ │ │ ├── cloudformation-stack-with-role.json
│ │ │ │ │ ├── cloudfront-distribution-cleartext-origin.json
│ │ │ │ │ ├── cloudfront-distribution-insecure-origin.json
│ │ │ │ │ ├── cloudfront-distribution-insufficient-viewer-security.json
│ │ │ │ │ ├── cloudtrail-duplicated-global-services-logging.json
│ │ │ │ │ ├── cloudtrail-no-cloudwatch-integration.json
│ │ │ │ │ ├── cloudtrail-no-data-logging.json
│ │ │ │ │ ├── cloudtrail-no-encryption-with-kms.json
│ │ │ │ │ ├── cloudtrail-no-global-services-logging.json
│ │ │ │ │ ├── cloudtrail-no-log-file-validation.json
│ │ │ │ │ ├── cloudtrail-no-logging.json
│ │ │ │ │ ├── cloudtrail-not-configured.json
│ │ │ │ │ ├── cloudtrail-partial-data-logging.json
│ │ │ │ │ ├── cloudwatch-alarm-without-actions.json
│ │ │ │ │ ├── config-recorder-not-configured.json
│ │ │ │ │ ├── ec2-ami-public.json
│ │ │ │ │ ├── ec2-default-security-group-in-use.json
│ │ │ │ │ ├── ec2-default-security-group-with-rules.json
│ │ │ │ │ ├── ec2-ebs-default-encryption-disabled.json
│ │ │ │ │ ├── ec2-ebs-snapshot-not-encrypted.json
│ │ │ │ │ ├── ec2-ebs-snapshot-public.json
│ │ │ │ │ ├── ec2-ebs-volume-not-encrypted.json
│ │ │ │ │ ├── ec2-instance-in-security-group.json
│ │ │ │ │ ├── ec2-instance-type.json
│ │ │ │ │ ├── ec2-instance-types.json
│ │ │ │ │ ├── ec2-instance-with-public-ip.json
│ │ │ │ │ ├── ec2-instance-with-user-data-secrets.json
│ │ │ │ │ ├── ec2-security-group-opens-all-ports-to-all.json
│ │ │ │ │ ├── ec2-security-group-opens-all-ports-to-self.json
│ │ │ │ │ ├── ec2-security-group-opens-all-ports.json
│ │ │ │ │ ├── ec2-security-group-opens-icmp-to-all.json
│ │ │ │ │ ├── ec2-security-group-opens-known-port-to-all.json
│ │ │ │ │ ├── ec2-security-group-opens-plaintext-port.json
│ │ │ │ │ ├── ec2-security-group-opens-port-range.json
│ │ │ │ │ ├── ec2-security-group-opens-port-to-all.json
│ │ │ │ │ ├── ec2-security-group-whitelists-aws-ip-from-banned-region.json
│ │ │ │ │ ├── ec2-security-group-whitelists-aws.json
│ │ │ │ │ ├── ec2-security-group-whitelists-non-elastic-ips.json
│ │ │ │ │ ├── ec2-security-group-whitelists-unknown-aws.json
│ │ │ │ │ ├── ec2-security-group-whitelists-unknown-cidrs.json
│ │ │ │ │ ├── ec2-unused-security-group.json
│ │ │ │ │ ├── elb-listener-allowing-cleartext.json
│ │ │ │ │ ├── elb-no-access-logs.json
│ │ │ │ │ ├── elb-older-ssl-policy.json
│ │ │ │ │ ├── elbv2-http-request-smuggling.json
│ │ │ │ │ ├── elbv2-listener-allowing-cleartext.json
│ │ │ │ │ ├── elbv2-no-access-logs.json
│ │ │ │ │ ├── elbv2-no-deletion-protection.json
│ │ │ │ │ ├── elbv2-older-ssl-policy.json
│ │ │ │ │ ├── iam-assume-role-lacks-external-id-and-mfa.json
│ │ │ │ │ ├── iam-assume-role-no-mfa.json
│ │ │ │ │ ├── iam-assume-role-policy-allows-all.json
│ │ │ │ │ ├── iam-ec2-role-without-instances.json
│ │ │ │ │ ├── iam-group-with-inline-policies.json
│ │ │ │ │ ├── iam-group-with-no-users.json
│ │ │ │ │ ├── iam-human-user-with-policies.json
│ │ │ │ │ ├── iam-inline-policy-allows-NotActions.json
│ │ │ │ │ ├── iam-inline-policy-allows-non-sts-action.json
│ │ │ │ │ ├── iam-inline-policy-for-role.json
│ │ │ │ │ ├── iam-lightspin-user-action-denied-for-group.json
│ │ │ │ │ ├── iam-managed-policy-allows-NotActions.json
│ │ │ │ │ ├── iam-managed-policy-allows-full-privileges.json
│ │ │ │ │ ├── iam-managed-policy-allows-non-sts-action.json
│ │ │ │ │ ├── iam-managed-policy-for-role.json
│ │ │ │ │ ├── iam-managed-policy-no-attachments.json
│ │ │ │ │ ├── iam-no-support-role.json
│ │ │ │ │ ├── iam-password-policy-expiration-threshold.json
│ │ │ │ │ ├── iam-password-policy-minimum-length.json
│ │ │ │ │ ├── iam-password-policy-no-expiration.json
│ │ │ │ │ ├── iam-password-policy-no-lowercase-required.json
│ │ │ │ │ ├── iam-password-policy-no-number-required.json
│ │ │ │ │ ├── iam-password-policy-no-symbol-required.json
│ │ │ │ │ ├── iam-password-policy-no-uppercase-required.json
│ │ │ │ │ ├── iam-password-policy-reuse-enabled.json
│ │ │ │ │ ├── iam-role-with-inline-policies.json
│ │ │ │ │ ├── iam-root-account-no-hardware-mfa.json
│ │ │ │ │ ├── iam-root-account-no-mfa.json
│ │ │ │ │ ├── iam-root-account-used-recently.json
│ │ │ │ │ ├── iam-root-account-with-active-certs.json
│ │ │ │ │ ├── iam-root-account-with-active-keys.json
│ │ │ │ │ ├── iam-service-user-with-password.json
│ │ │ │ │ ├── iam-unused-credentials-not-disabled.json
│ │ │ │ │ ├── iam-user-no-key-rotation.json
│ │ │ │ │ ├── iam-user-not-in-category-group.json
│ │ │ │ │ ├── iam-user-not-in-common-group.json
│ │ │ │ │ ├── iam-user-unused-access-key-initial-setup.json
│ │ │ │ │ ├── iam-user-with-multiple-access-keys.json
│ │ │ │ │ ├── iam-user-with-password-and-key.json
│ │ │ │ │ ├── iam-user-with-policies.json
│ │ │ │ │ ├── iam-user-without-mfa.json
│ │ │ │ │ ├── kms-cmk-rotation-disabled.json
│ │ │ │ │ ├── logs-no-alarm-aws-configuration-changes.json
│ │ │ │ │ ├── logs-no-alarm-cloudtrail-configuration-changes.json
│ │ │ │ │ ├── logs-no-alarm-cmk-deletion.json
│ │ │ │ │ ├── logs-no-alarm-console-authentication-failures.json
│ │ │ │ │ ├── logs-no-alarm-iam-policy-changes.json
│ │ │ │ │ ├── logs-no-alarm-nacl-changes.json
│ │ │ │ │ ├── logs-no-alarm-network-gateways-changes.json
│ │ │ │ │ ├── logs-no-alarm-root-usage.json
│ │ │ │ │ ├── logs-no-alarm-route-table-changes.json
│ │ │ │ │ ├── logs-no-alarm-s3-policy-changes.json
│ │ │ │ │ ├── logs-no-alarm-security-group-changes.json
│ │ │ │ │ ├── logs-no-alarm-signin-without-mfa.json
│ │ │ │ │ ├── logs-no-alarm-unauthorized-api-calls.json
│ │ │ │ │ ├── logs-no-alarm-vpc-changes.json
│ │ │ │ │ ├── rds-instance-backup-disabled.json
│ │ │ │ │ ├── rds-instance-ca-certificate-deprecated.json
│ │ │ │ │ ├── rds-instance-no-minor-upgrade.json
│ │ │ │ │ ├── rds-instance-publicly-accessible.json
│ │ │ │ │ ├── rds-instance-short-backup-retention-period.json
│ │ │ │ │ ├── rds-instance-single-az.json
│ │ │ │ │ ├── rds-instance-storage-not-encrypted.json
│ │ │ │ │ ├── rds-postgres-instance-with-invalid-certificate.json
│ │ │ │ │ ├── rds-security-group-allows-all.json
│ │ │ │ │ ├── rds-snapshot-public.json
│ │ │ │ │ ├── redshift-cluster-database-not-encrypted.json
│ │ │ │ │ ├── redshift-cluster-no-version-upgrade.json
│ │ │ │ │ ├── redshift-cluster-publicly-accessible.json
│ │ │ │ │ ├── redshift-parameter-group-logging-disabled.json
│ │ │ │ │ ├── redshift-parameter-group-ssl-not-required.json
│ │ │ │ │ ├── redshift-security-group-whitelists-all.json
│ │ │ │ │ ├── route53-domain-no-autorenew.json
│ │ │ │ │ ├── route53-domain-no-transferlock.json
│ │ │ │ │ ├── route53-domain-transferlock-not-authorized.json
│ │ │ │ │ ├── s3-bucket-allowing-cleartext.json
│ │ │ │ │ ├── s3-bucket-no-default-encryption.json
│ │ │ │ │ ├── s3-bucket-no-logging.json
│ │ │ │ │ ├── s3-bucket-no-mfa-delete.json
│ │ │ │ │ ├── s3-bucket-no-versioning.json
│ │ │ │ │ ├── s3-bucket-world-acl.json
│ │ │ │ │ ├── s3-bucket-world-policy-arg.json
│ │ │ │ │ ├── s3-bucket-world-policy-star.json
│ │ │ │ │ ├── ses-identity-dkim-not-enabled.json
│ │ │ │ │ ├── ses-identity-dkim-not-verified.json
│ │ │ │ │ ├── ses-identity-world-policy.json
│ │ │ │ │ ├── sns-topic-world-policy.json
│ │ │ │ │ ├── sqs-queue-server-side-encryption-disabled.json
│ │ │ │ │ ├── sqs-queue-world-policy.json
│ │ │ │ │ ├── vpc-custom-network-acls-allow-all.json
│ │ │ │ │ ├── vpc-default-network-acls-allow-all.json
│ │ │ │ │ ├── vpc-network-acl-not-used.json
│ │ │ │ │ ├── vpc-routing-tables-with-peering.json
│ │ │ │ │ ├── vpc-subnet-with-bad-acls.json
│ │ │ │ │ ├── vpc-subnet-with-default-acls.json
│ │ │ │ │ └── vpc-subnet-without-flow-log.json
│ │ │ │ └── rulesets/
│ │ │ │ ├── cis-1.2.0.json
│ │ │ │ ├── default.json
│ │ │ │ ├── detailed.json
│ │ │ │ └── filters.json
│ │ │ ├── services.py
│ │ │ └── utils.py
│ │ ├── azure/
│ │ │ ├── __init__.py
│ │ │ ├── authentication_strategy.py
│ │ │ ├── facade/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── aad.py
│ │ │ │ ├── appservice.py
│ │ │ │ ├── base.py
│ │ │ │ ├── keyvault.py
│ │ │ │ ├── loggingmonitoring.py
│ │ │ │ ├── mysqldatabase.py
│ │ │ │ ├── network.py
│ │ │ │ ├── postgresqldatabse.py
│ │ │ │ ├── rbac.py
│ │ │ │ ├── resourcemanagement.py
│ │ │ │ ├── securitycenter.py
│ │ │ │ ├── sqldatabase.py
│ │ │ │ ├── storageaccounts.py
│ │ │ │ └── virtualmachines.py
│ │ │ ├── metadata.json
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── aad/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── applications.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── groups.py
│ │ │ │ │ ├── policies.py
│ │ │ │ │ ├── serviceprincipals.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── appservice/
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── web_apps.py
│ │ │ │ ├── base.py
│ │ │ │ ├── keyvault/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── vaults.py
│ │ │ │ ├── loggingmonitoring/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── activity_log_alerts.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── diagnostic_resource_key_vault.py
│ │ │ │ │ ├── diagnostic_settings.py
│ │ │ │ │ ├── log_profiles.py
│ │ │ │ │ └── resources.py
│ │ │ │ ├── mysqldatabase/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── mysql_servers.py
│ │ │ │ ├── network/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── application_security_groups.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── network_interfaces.py
│ │ │ │ │ ├── security_groups.py
│ │ │ │ │ ├── virtual_networks.py
│ │ │ │ │ └── watchers.py
│ │ │ │ ├── postgresqldatabase/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── configuration_connection_throttling.py
│ │ │ │ │ ├── configuration_log_checkpoints.py
│ │ │ │ │ ├── configuration_log_connections.py
│ │ │ │ │ ├── configuration_log_disconnections.py
│ │ │ │ │ ├── configuration_log_duration.py
│ │ │ │ │ ├── configuration_log_retention_days.py
│ │ │ │ │ ├── posgresql_firewall_rules.py
│ │ │ │ │ └── postgresql_servers.py
│ │ │ │ ├── rbac/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── custom_roles_report.py
│ │ │ │ │ ├── role_assignments.py
│ │ │ │ │ └── roles.py
│ │ │ │ ├── securitycenter/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── alerts.py
│ │ │ │ │ ├── auto_provisioning_settings.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── compliance_results.py
│ │ │ │ │ ├── information_protection_policies.py
│ │ │ │ │ ├── pricings.py
│ │ │ │ │ ├── regulatory_compliance_results.py
│ │ │ │ │ ├── security_contacts.py
│ │ │ │ │ └── settings.py
│ │ │ │ ├── sqldatabase/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── database_blob_auditing_policies.py
│ │ │ │ │ ├── database_threat_detection_policies.py
│ │ │ │ │ ├── databases.py
│ │ │ │ │ ├── firewall_rules.py
│ │ │ │ │ ├── replication_links.py
│ │ │ │ │ ├── server_azure_ad_administrators.py
│ │ │ │ │ ├── server_blob_auditing_policies.py
│ │ │ │ │ ├── server_encryption_protectors.py
│ │ │ │ │ ├── server_security_alert_policies.py
│ │ │ │ │ ├── server_vulnerability_assessments.py
│ │ │ │ │ ├── servers.py
│ │ │ │ │ └── transparent_data_encryptions.py
│ │ │ │ ├── storageaccounts/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── blob_containers.py
│ │ │ │ │ ├── blob_services.py
│ │ │ │ │ ├── queues.py
│ │ │ │ │ └── storage_accounts.py
│ │ │ │ ├── subscriptions.py
│ │ │ │ └── virtualmachines/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── disks.py
│ │ │ │ ├── images.py
│ │ │ │ ├── instances.py
│ │ │ │ └── snapshots.py
│ │ │ ├── rules/
│ │ │ │ ├── conditions/
│ │ │ │ │ ├── allow-tcp.json
│ │ │ │ │ ├── allow-udp.json
│ │ │ │ │ └── exposed-to-the-internet.json
│ │ │ │ ├── findings/
│ │ │ │ │ ├── aad-guest-users.json
│ │ │ │ │ ├── aad-users-create-security-groups-disabled.json
│ │ │ │ │ ├── appservice-authentication-disabled.json
│ │ │ │ │ ├── appservice-client-certificates-disabled.json
│ │ │ │ │ ├── appservice-ftp-deployment-enabled.json
│ │ │ │ │ ├── appservice-http-2-disabled.json
│ │ │ │ │ ├── appservice-http-allowed.json
│ │ │ │ │ ├── appservice-managed-service-identities-disabled.json
│ │ │ │ │ ├── appservice-outdated-version-dotnet.json
│ │ │ │ │ ├── appservice-outdated-version-java.json
│ │ │ │ │ ├── appservice-outdated-version-php.json
│ │ │ │ │ ├── appservice-outdated-version-python.json
│ │ │ │ │ ├── appservice-tls-v1-supported.json
│ │ │ │ │ ├── appservice-webapp-using-outdated-progamming-language-version.json
│ │ │ │ │ ├── keyvault-not-recoverable.json
│ │ │ │ │ ├── keyvault-public-traffic-allowed.json
│ │ │ │ │ ├── keyvault-rbac-authorization-disabled.json
│ │ │ │ │ ├── logging-monitoring-diagnostic-setting-does-not-exist.json
│ │ │ │ │ ├── logging-monitoring-log-alert-not-exist-create-policy-assignment.json
│ │ │ │ │ ├── logging-monitoring-log-alert-not-exist-nsg.json
│ │ │ │ │ ├── logging-monitoring-log-alert-not-exist-security-solution.json
│ │ │ │ │ ├── logging-monitoring-logging-key-vault-disabled.json
│ │ │ │ │ ├── logging-monitoring-profile-does-not-capture-all-activities.json
│ │ │ │ │ ├── mysql-database-servers-ssl-enforcement-disabled.json
│ │ │ │ │ ├── network-security-groups-rule-inbound-internet-all.json
│ │ │ │ │ ├── network-security-groups-rule-inbound-service-mssql.json
│ │ │ │ │ ├── network-security-groups-rule-inbound-service-udp.json
│ │ │ │ │ ├── network-security-groups-rule-inbound-service.json
│ │ │ │ │ ├── network-watcher-not-enabled.json
│ │ │ │ │ ├── network-watcher-not-provisioned.json
│ │ │ │ │ ├── postgresql-database-servers-allow-any-ip.json
│ │ │ │ │ ├── postgresql-database-servers-connection-throttling-not-on.json
│ │ │ │ │ ├── postgresql-database-servers-log-checkpoints-not-on.json
│ │ │ │ │ ├── postgresql-database-servers-log-connections-not-on.json
│ │ │ │ │ ├── postgresql-database-servers-log-disconnections-not-on.json
│ │ │ │ │ ├── postgresql-database-servers-log-duration-not-on.json
│ │ │ │ │ ├── postgresql-database-servers-log-retention-days-less-than-4.json
│ │ │ │ │ ├── postgresql-database-servers-ssl-enforcement-disabled.json
│ │ │ │ │ ├── rbac-administering-resource-locks-assigned.json
│ │ │ │ │ ├── rbac-custom-subscription-owner-role-not-allowed.json
│ │ │ │ │ ├── securitycenter-auto-provisioning-off.json
│ │ │ │ │ ├── securitycenter-security-contacts-email-not-set.json
│ │ │ │ │ ├── securitycenter-security-contacts-no-admin-email-notifications.json
│ │ │ │ │ ├── securitycenter-security-contacts-no-email-notifications.json
│ │ │ │ │ ├── securitycenter-security-contacts-not-set.json
│ │ │ │ │ ├── securitycenter-security-contacts-phone-not-set.json
│ │ │ │ │ ├── securitycenter-settings-MCAS-integration-disabled.json
│ │ │ │ │ ├── securitycenter-settings-WDATP-integration-disabled.json
│ │ │ │ │ ├── securitycenter-standard-tier-not-enabled.json
│ │ │ │ │ ├── sqldatabase-allow-any-ip.json
│ │ │ │ │ ├── sqldatabase-databases-auditing-low-retention.json
│ │ │ │ │ ├── sqldatabase-databases-no-auditing.json
│ │ │ │ │ ├── sqldatabase-databases-no-threat-detection.json
│ │ │ │ │ ├── sqldatabase-databases-no-transparent-data-encryption.json
│ │ │ │ │ ├── sqldatabase-databases-threat-detection-disabled-alerts.json
│ │ │ │ │ ├── sqldatabase-databases-threat-detection-low-retention.json
│ │ │ │ │ ├── sqldatabase-databases-threat-detection-send-alerts-disabled.json
│ │ │ │ │ ├── sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json
│ │ │ │ │ ├── sqldatabase-servers-auditing-low-retention.json
│ │ │ │ │ ├── sqldatabase-servers-no-ad-admin-configured.json
│ │ │ │ │ ├── sqldatabase-servers-no-auditing.json
│ │ │ │ │ ├── sqldatabase-servers-no-threat-detection.json
│ │ │ │ │ ├── sqldatabase-servers-threat-detection-disabled-alerts.json
│ │ │ │ │ ├── sqldatabase-servers-threat-detection-low-retention.json
│ │ │ │ │ ├── sqldatabase-servers-threat-detection-send-alerts-disabled.json
│ │ │ │ │ ├── sqldatabase-servers-vulnerability-assessments-disabled.json
│ │ │ │ │ ├── sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json
│ │ │ │ │ ├── sqldatabase-servers-vulnerability-recurring-scans-disabled.json
│ │ │ │ │ ├── sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json
│ │ │ │ │ ├── storageaccount-access-keys-not-rotated.json
│ │ │ │ │ ├── storageaccount-account-allowing-clear-text.json
│ │ │ │ │ ├── storageaccount-encrypted-not-customer-managed.json
│ │ │ │ │ ├── storageaccount-public-blob-container.json
│ │ │ │ │ ├── storageaccount-public-traffic-allowed.json
│ │ │ │ │ ├── storageaccount-soft-delete-enabled.json
│ │ │ │ │ ├── storageaccount-trusted-microsoft-services.json
│ │ │ │ │ ├── virtual-machines-disk-encryption.json
│ │ │ │ │ ├── virtual-machines-extensions-installed.json
│ │ │ │ │ ├── virtual-machines-managed-disks.json
│ │ │ │ │ ├── virtual-machines-os-data-encrypted-cmk.json
│ │ │ │ │ └── virtual-machines-unattached-disks-encrypted-cmk.json
│ │ │ │ └── rulesets/
│ │ │ │ ├── cis-1.0.0.json
│ │ │ │ ├── cis-1.1.0.json
│ │ │ │ ├── cis-1.2.0.json
│ │ │ │ ├── default.json
│ │ │ │ └── filters.json
│ │ │ ├── services.py
│ │ │ └── utils.py
│ │ ├── base/
│ │ │ ├── __init__.py
│ │ │ ├── authentication_strategy.py
│ │ │ ├── authentication_strategy_factory.py
│ │ │ ├── configs/
│ │ │ │ ├── __init__.py
│ │ │ │ └── browser.py
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ └── base.py
│ │ │ └── services.py
│ │ ├── do/
│ │ │ ├── authentication_strategy.py
│ │ │ ├── facade/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── database.py
│ │ │ │ ├── droplet.py
│ │ │ │ ├── kubernetes.py
│ │ │ │ ├── networking.py
│ │ │ │ ├── spaces.py
│ │ │ │ └── utils.py
│ │ │ ├── metadata.json
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── database/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── databases.py
│ │ │ │ ├── droplet/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── droplets.py
│ │ │ │ ├── kubernetes/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── kubernetes.py
│ │ │ │ ├── networking/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── domains.py
│ │ │ │ │ ├── firewalls.py
│ │ │ │ │ └── load_balancers.py
│ │ │ │ └── spaces/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ └── buckets.py
│ │ │ ├── rules/
│ │ │ │ ├── filters/
│ │ │ │ │ └── .gitkeep
│ │ │ │ ├── findings/
│ │ │ │ │ ├── database-databases-mysql-publically-exposed.json
│ │ │ │ │ ├── database-databases-mysql-user-legacy-encryption.json
│ │ │ │ │ ├── database-databases-postgres-connection-pools.json
│ │ │ │ │ ├── database-databases-postgres-trusted-sources.json
│ │ │ │ │ ├── database-databases-redis-evicition-policy.json
│ │ │ │ │ ├── droplet-droplets-all-ports-exposed.json
│ │ │ │ │ ├── droplet-droplets-backup-not-enabled.json
│ │ │ │ │ ├── droplet-droplets-backup-not-present.json
│ │ │ │ │ ├── droplet-droplets-custom-image.json
│ │ │ │ │ ├── droplet-droplets-features-monitoring.json
│ │ │ │ │ ├── droplet-droplets-firewall-not-attached.json
│ │ │ │ │ ├── droplet-droplets-port-22-exposed.json
│ │ │ │ │ ├── droplet-droplets-snapshot-not-present.json
│ │ │ │ │ ├── kubernetes-kubernetes-autoupgrade-minor.json
│ │ │ │ │ ├── kubernetes-kubernetes-ha-enabled.json
│ │ │ │ │ ├── kubernetes-kubernetes-surge-upgrade.json
│ │ │ │ │ ├── networking-domains-high-ttl.json
│ │ │ │ │ ├── networking-domains-missing-dkim.json
│ │ │ │ │ ├── networking-domains-missing-dmarc.json
│ │ │ │ │ ├── networking-domains-missing-spf.json
│ │ │ │ │ ├── networking-domains-spf-overly-permissive.json
│ │ │ │ │ ├── networking-firewalls-public-ports.json
│ │ │ │ │ ├── networking-firewalls-quad-zero.json
│ │ │ │ │ ├── networking-load-balancer-backend-keepalive-disabled.json
│ │ │ │ │ ├── networking-load-balancer-ssl-redirect-disabled.json
│ │ │ │ │ ├── networking-load-balancer-without-droplet.json
│ │ │ │ │ ├── spaces-buckets-cors.json
│ │ │ │ │ ├── spaces-buckets-public-read.json
│ │ │ │ │ └── spaces-buckets-public-write.json
│ │ │ │ └── rulesets/
│ │ │ │ ├── default.json
│ │ │ │ └── filters.json
│ │ │ ├── services.py
│ │ │ └── utils.py
│ │ ├── gcp/
│ │ │ ├── __init__.py
│ │ │ ├── authentication_strategy.py
│ │ │ ├── facade/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── basefacade.py
│ │ │ │ ├── bigquery.py
│ │ │ │ ├── cloudresourcemanager.py
│ │ │ │ ├── cloudsql.py
│ │ │ │ ├── cloudstorage.py
│ │ │ │ ├── dns.py
│ │ │ │ ├── functions.py
│ │ │ │ ├── gce.py
│ │ │ │ ├── gke.py
│ │ │ │ ├── iam.py
│ │ │ │ ├── kms.py
│ │ │ │ ├── memorystoreredis.py
│ │ │ │ ├── stackdriverlogging.py
│ │ │ │ ├── stackdrivermonitoring.py
│ │ │ │ └── utils.py
│ │ │ ├── metadata.json
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── bigquery/
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── datasets.py
│ │ │ │ ├── cloudsql/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── backups.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── database_instances.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── cloudstorage/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── buckets.py
│ │ │ │ ├── dns/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── managed_zones.py
│ │ │ │ ├── functions/
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── functions_v1.py
│ │ │ │ │ ├── functions_v2.py
│ │ │ │ │ └── utils.py
│ │ │ │ ├── gce/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── disks.py
│ │ │ │ │ ├── firewalls.py
│ │ │ │ │ ├── forwarding_rules.py
│ │ │ │ │ ├── global_forwarding_rules.py
│ │ │ │ │ ├── instance_disks.py
│ │ │ │ │ ├── instances.py
│ │ │ │ │ ├── networks.py
│ │ │ │ │ ├── regions.py
│ │ │ │ │ ├── snapshots.py
│ │ │ │ │ ├── subnetworks.py
│ │ │ │ │ └── zones.py
│ │ │ │ ├── gke/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── clusters.py
│ │ │ │ │ └── node_pools.py
│ │ │ │ ├── iam/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── bindings_separation_duties.py
│ │ │ │ │ ├── domains.py
│ │ │ │ │ ├── groups.py
│ │ │ │ │ ├── keys.py
│ │ │ │ │ ├── member_bindings.py
│ │ │ │ │ ├── service_account_bindings.py
│ │ │ │ │ ├── service_accounts.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── kms/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── keyrings.py
│ │ │ │ │ ├── keys.py
│ │ │ │ │ └── kms_policy.py
│ │ │ │ ├── memorystore/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── redis_instances.py
│ │ │ │ ├── projects.py
│ │ │ │ ├── regions.py
│ │ │ │ ├── stackdriverlogging/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── logging_metrics.py
│ │ │ │ │ ├── metrics.py
│ │ │ │ │ └── sinks.py
│ │ │ │ ├── stackdrivermonitoring/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── alert_policies.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── monitoring_alert_policies.py
│ │ │ │ │ └── uptime_checks.py
│ │ │ │ └── zones.py
│ │ │ ├── rules/
│ │ │ │ ├── findings/
│ │ │ │ │ ├── bigquery-dataset-member.json
│ │ │ │ │ ├── bigquery-encryption-no-cmk.json
│ │ │ │ │ ├── cloudsql-allows-root-login-from-any-host.json
│ │ │ │ │ ├── cloudsql-instance-backups-disabled.json
│ │ │ │ │ ├── cloudsql-instance-is-open-to-public-range.json
│ │ │ │ │ ├── cloudsql-instance-is-open-to-the-world.json
│ │ │ │ │ ├── cloudsql-instance-no-binary-logging.json
│ │ │ │ │ ├── cloudsql-instance-ssl-not-required.json
│ │ │ │ │ ├── cloudsql-instance-with-no-backups.json
│ │ │ │ │ ├── cloudsql-instances-public-ips.json
│ │ │ │ │ ├── cloudsql-mysql-instances-local-infile-on.json
│ │ │ │ │ ├── cloudsql-postgresql-instances-log-checkpoints-off.json
│ │ │ │ │ ├── cloudsql-postgresql-instances-log-connections-off.json
│ │ │ │ │ ├── cloudsql-postgresql-instances-log-disconnections-off.json
│ │ │ │ │ ├── cloudsql-postgresql-instances-log-lock-waits-off.json
│ │ │ │ │ ├── cloudsql-postgresql-instances-log-min-duration-not-set-1.json
│ │ │ │ │ ├── cloudsql-postgresql-instances-log-min-messages-not-set.json
│ │ │ │ │ ├── cloudsql-postgresql-instances-log-temp-files-not-set-0.json
│ │ │ │ │ ├── cloudsql-sqlservers-instances-contained-database-authentication-on.json
│ │ │ │ │ ├── cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json
│ │ │ │ │ ├── cloudstorage-bucket-member.json
│ │ │ │ │ ├── cloudstorage-bucket-no-logging.json
│ │ │ │ │ ├── cloudstorage-bucket-no-public-access-prevention.json
│ │ │ │ │ ├── cloudstorage-bucket-no-versioning.json
│ │ │ │ │ ├── cloudstorage-uniform-bucket-level-access-disabled.json
│ │ │ │ │ ├── computeengine-firewall-default-rule-in-use.json
│ │ │ │ │ ├── computeengine-firewall-rule-allows-all-ports.json
│ │ │ │ │ ├── computeengine-firewall-rule-allows-internal-traffic.json
│ │ │ │ │ ├── computeengine-firewall-rule-allows-port-range.json
│ │ │ │ │ ├── computeengine-firewall-rule-allows-public-access.json
│ │ │ │ │ ├── computeengine-firewall-rule-opens-all-ports-to-all.json
│ │ │ │ │ ├── computeengine-firewall-rule-opens-sensitive-port-to-all.json
│ │ │ │ │ ├── computeengine-instance-block-project-ssh-keys-disabled.json
│ │ │ │ │ ├── computeengine-instance-connecting-serial-ports-enabled.json
│ │ │ │ │ ├── computeengine-instance-default-service-account.json
│ │ │ │ │ ├── computeengine-instance-disk-not-csek-encrypted.json
│ │ │ │ │ ├── computeengine-instance-disk-with-no-snapshot.json
│ │ │ │ │ ├── computeengine-instance-full-api-access.json
│ │ │ │ │ ├── computeengine-instance-ip-forwarding-enabled.json
│ │ │ │ │ ├── computeengine-instance-os-login-disabled.json
│ │ │ │ │ ├── computeengine-instance-public-ip-adresses.json
│ │ │ │ │ ├── computeengine-instance-shielded-vm-disabled.json
│ │ │ │ │ ├── computeengine-instance-with-deletion-protection-disabled.json
│ │ │ │ │ ├── computeengine-loadbalancer-forwarding-rule-forwards-sensitive-port.json
│ │ │ │ │ ├── computeengine-loadbalancer-global-forwarding-rule-forwards-sensitive-port.json
│ │ │ │ │ ├── computeengine-network-default-in-use.json
│ │ │ │ │ ├── computeengine-network-legacy-in-use.json
│ │ │ │ │ ├── computeengine-network-with-no-instances.json
│ │ │ │ │ ├── computeengine-old-disk-snapshot.json
│ │ │ │ │ ├── computeengine-vpc-flow-logs-disabled.json
│ │ │ │ │ ├── dns-zones-dnssec-not-enabled.json
│ │ │ │ │ ├── dns-zones-key-signing-key-using-rsasha1.json
│ │ │ │ │ ├── dns-zones-zone-signing-key-using-rsasha1.json
│ │ │ │ │ ├── functions-v1-allowing-http.json
│ │ │ │ │ ├── functions-v1-environment-variables-secrets.json
│ │ │ │ │ ├── functions-v1-member.json
│ │ │ │ │ ├── functions-v1-public-endpoint.json
│ │ │ │ │ ├── functions-v2-environment-variables-secrets.json
│ │ │ │ │ ├── functions-v2-public-endpoint.json
│ │ │ │ │ ├── iam-gmail-accounts-used.json
│ │ │ │ │ ├── iam-lack-of-service-account-key-rotation.json
│ │ │ │ │ ├── iam-primitive-role-in-use.json
│ │ │ │ │ ├── iam-role-account-separation-duties-is-false.json
│ │ │ │ │ ├── iam-role-assigned-to-domain.json
│ │ │ │ │ ├── iam-role-assigned-to-user.json
│ │ │ │ │ ├── iam-role-kms-separation-duties-is-false.json
│ │ │ │ │ ├── iam-sa-has-admin-privileges.json
│ │ │ │ │ ├── iam-service-account-user-member.json
│ │ │ │ │ ├── iam-service-account-with-user-managed-keys.json
│ │ │ │ │ ├── iam-user-has-sa-user-role.json
│ │ │ │ │ ├── kms-cryptokeys-anonymously-publicly-accessible.json
│ │ │ │ │ ├── kms-encryption-keys-not-rotated.json
│ │ │ │ │ ├── kubernetesengine-basic-authentication-enabled.json
│ │ │ │ │ ├── kubernetesengine-certificate-authentication-enabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-alias-ip-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-application-layer-encryption-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-binary-authorization-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-has-no-labels.json
│ │ │ │ │ ├── kubernetesengine-cluster-logging-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-master-authorized-networks-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-metadata-server-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-monitoring-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-network-policy-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-pod-security-policy-config-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-private-endpoint-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-private-google-access-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-release-channel.json
│ │ │ │ │ ├── kubernetesengine-cluster-shielded-nodes-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-workload-identity-disabled.json
│ │ │ │ │ ├── kubernetesengine-dashboard-enabled.json
│ │ │ │ │ ├── kubernetesengine-default-service-account-used.json
│ │ │ │ │ ├── kubernetesengine-legacy-abac-enabled.json
│ │ │ │ │ ├── kubernetesengine-legacy-metadata-endpoints-enabled.json
│ │ │ │ │ ├── kubernetesengine-node-auto-repair-disabled.json
│ │ │ │ │ ├── kubernetesengine-node-auto-upgrade-disabled.json
│ │ │ │ │ ├── kubernetesengine-node-container-optimized-os-not-used.json
│ │ │ │ │ ├── kubernetesengine-node-integrity-monitoring-disabled.json
│ │ │ │ │ ├── kubernetesengine-node-secure-boot-disabled.json
│ │ │ │ │ ├── kubernetesengine-private-nodes-disabled.json
│ │ │ │ │ ├── kubernetesengine-scopes-not-limited.json
│ │ │ │ │ ├── memorystore-redis-instance-auth-not-enabled.json
│ │ │ │ │ ├── memorystore-redis-instance-ssl-not-required.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json
│ │ │ │ │ ├── stackdriverlogging-no-export-sinks.json
│ │ │ │ │ ├── stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json
│ │ │ │ │ ├── stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json
│ │ │ │ │ ├── stackdrivermonitoring-alerts-does-not-exist-custom-role-changes.json
│ │ │ │ │ ├── stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json
│ │ │ │ │ ├── stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json
│ │ │ │ │ ├── stackdrivermonitoring-alerts-does-not-exist-vpc-network-changes.json
│ │ │ │ │ ├── stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json
│ │ │ │ │ └── stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json
│ │ │ │ └── rulesets/
│ │ │ │ ├── cis-1.0.0.json
│ │ │ │ ├── cis-1.1.0.json
│ │ │ │ ├── default.json
│ │ │ │ └── filters.json
│ │ │ ├── services.py
│ │ │ └── utils.py
│ │ ├── kubernetes/
│ │ │ ├── __init__.py
│ │ │ ├── authentication_strategy.py
│ │ │ ├── facade/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── core.py
│ │ │ │ ├── eks.py
│ │ │ │ ├── extra.py
│ │ │ │ └── version.py
│ │ │ ├── metadata.json
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── aks.py
│ │ │ │ ├── base.py
│ │ │ │ ├── eks.py
│ │ │ │ ├── fake_network_policy.py
│ │ │ │ ├── gke.py
│ │ │ │ ├── rbac.py
│ │ │ │ ├── version.py
│ │ │ │ └── workload.py
│ │ │ ├── rules/
│ │ │ │ ├── findings/
│ │ │ │ │ ├── configmap-unnecessary-secrets.json
│ │ │ │ │ ├── cron-job-apparmor-annotation-missing.json
│ │ │ │ │ ├── cron-job-automounted-service-account-token.json
│ │ │ │ │ ├── cron-job-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── cron-job-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── cron-job-container-running-as-root-group.json
│ │ │ │ │ ├── cron-job-container-running-as-root-user.json
│ │ │ │ │ ├── cron-job-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── cron-job-container-with-possible-root-privileges.json
│ │ │ │ │ ├── cron-job-host-ipc-true.json
│ │ │ │ │ ├── cron-job-host-network-true.json
│ │ │ │ │ ├── cron-job-host-pid-true.json
│ │ │ │ │ ├── cron-job-kubernetes-container-manifest-hardening.json
│ │ │ │ │ ├── cron-job-privileged-container-running.json
│ │ │ │ │ ├── cron-job-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── cron-job-resources-without-defined-limits.json
│ │ │ │ │ ├── cron-job-resources-without-defined-memory-limit.json
│ │ │ │ │ ├── daemonset-apparmor-annotation-missing.json
│ │ │ │ │ ├── daemonset-automounted-service-account-token.json
│ │ │ │ │ ├── daemonset-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── daemonset-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── daemonset-container-running-as-root-group.json
│ │ │ │ │ ├── daemonset-container-running-as-root-user.json
│ │ │ │ │ ├── daemonset-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── daemonset-container-with-possible-root-privileges.json
│ │ │ │ │ ├── daemonset-host-ipc-true.json
│ │ │ │ │ ├── daemonset-host-network-true.json
│ │ │ │ │ ├── daemonset-host-pid-true.json
│ │ │ │ │ ├── daemonset-kubernetes-container-manifest-hardening.json
│ │ │ │ │ ├── daemonset-privileged-container-running.json
│ │ │ │ │ ├── daemonset-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── daemonset-resources-without-defined-limits.json
│ │ │ │ │ ├── daemonset-resources-without-defined-memory-limit.json
│ │ │ │ │ ├── deployment-apparmor-annotation-missing.json
│ │ │ │ │ ├── deployment-automounted-service-account-token.json
│ │ │ │ │ ├── deployment-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── deployment-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── deployment-container-running-as-root-group.json
│ │ │ │ │ ├── deployment-container-running-as-root-user.json
│ │ │ │ │ ├── deployment-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── deployment-container-with-possible-root-privileges.json
│ │ │ │ │ ├── deployment-host-ipc-true.json
│ │ │ │ │ ├── deployment-host-network-true.json
│ │ │ │ │ ├── deployment-host-pid-true.json
│ │ │ │ │ ├── deployment-kubernetes-container-manifest-hardening.json
│ │ │ │ │ ├── deployment-privileged-container-running.json
│ │ │ │ │ ├── deployment-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── deployment-resources-without-defined-limits.json
│ │ │ │ │ ├── deployment-resources-without-defined-memory-limit.json
│ │ │ │ │ ├── eks-insufficient-control-plane-logging.json
│ │ │ │ │ ├── eks-kms-encryption-disabled.json
│ │ │ │ │ ├── eks-publically-accessible-apiserver.json
│ │ │ │ │ ├── job-apparmor-annotation-missing.json
│ │ │ │ │ ├── job-automounted-service-account-token.json
│ │ │ │ │ ├── job-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── job-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── job-container-running-as-root-group.json
│ │ │ │ │ ├── job-container-running-as-root-user.json
│ │ │ │ │ ├── job-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── job-container-with-possible-root-privileges.json
│ │ │ │ │ ├── job-host-ipc-true.json
│ │ │ │ │ ├── job-host-network-true.json
│ │ │ │ │ ├── job-host-pid-true.json
│ │ │ │ │ ├── job-kubernetes-container-manifest-hardening.json
│ │ │ │ │ ├── job-privileged-container-running.json
│ │ │ │ │ ├── job-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── job-resources-without-defined-limits.json
│ │ │ │ │ ├── job-resources-without-defined-memory-limit.json
│ │ │ │ │ ├── kubernetesengine-basic-authentication-enabled.json
│ │ │ │ │ ├── kubernetesengine-certificate-authentication-enabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-alias-ip-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-application-layer-encryption-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-binary-authorization-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-has-no-labels.json
│ │ │ │ │ ├── kubernetesengine-cluster-logging-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-master-authorized-networks-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-metadata-server-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-monitoring-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-network-policy-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-pod-security-policy-config-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-private-endpoint-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-private-google-access-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-release-channel.json
│ │ │ │ │ ├── kubernetesengine-cluster-shielded-nodes-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-workload-identity-disabled.json
│ │ │ │ │ ├── kubernetesengine-dashboard-enabled.json
│ │ │ │ │ ├── kubernetesengine-default-service-account-used.json
│ │ │ │ │ ├── kubernetesengine-legacy-abac-enabled.json
│ │ │ │ │ ├── kubernetesengine-legacy-metadata-endpoints-enabled.json
│ │ │ │ │ ├── kubernetesengine-node-auto-repair-disabled.json
│ │ │ │ │ ├── kubernetesengine-node-auto-upgrade-disabled.json
│ │ │ │ │ ├── kubernetesengine-node-container-optimized-os-not-used.json
│ │ │ │ │ ├── kubernetesengine-node-integrity-monitoring-disabled.json
│ │ │ │ │ ├── kubernetesengine-node-secure-boot-disabled.json
│ │ │ │ │ ├── kubernetesengine-private-nodes-disabled.json
│ │ │ │ │ ├── kubernetesengine-scopes-not-limited.json
│ │ │ │ │ ├── logging-monitoring-diagnostic-setting-does-not-exist.json
│ │ │ │ │ ├── logging-monitoring-log-alert-not-exist-create-policy-assignment.json
│ │ │ │ │ ├── logging-monitoring-log-alert-not-exist-nsg.json
│ │ │ │ │ ├── logging-monitoring-log-alert-not-exist-security-solution.json
│ │ │ │ │ ├── logging-monitoring-logging-key-vault-disabled.json
│ │ │ │ │ ├── logging-monitoring-profile-does-not-capture-all-activities.json
│ │ │ │ │ ├── networkpolicy-unrestricted-cluster-network-access.json
│ │ │ │ │ ├── networkpolicy-unrestricted-cluster-network-egress.json
│ │ │ │ │ ├── networkpolicy-unrestricted-cluster-network-ingress.json
│ │ │ │ │ ├── pod-apparmor-annotation-missing.json
│ │ │ │ │ ├── pod-automounted-service-account-token.json
│ │ │ │ │ ├── pod-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── pod-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── pod-container-running-as-root-group.json
│ │ │ │ │ ├── pod-container-running-as-root-user.json
│ │ │ │ │ ├── pod-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── pod-container-with-possible-root-privileges.json
│ │ │ │ │ ├── pod-helm-tiller-in-use.json
│ │ │ │ │ ├── pod-host-ipc-true.json
│ │ │ │ │ ├── pod-host-network-true.json
│ │ │ │ │ ├── pod-host-pid-true.json
│ │ │ │ │ ├── pod-kubernetes-container-manifest-hardening.json
│ │ │ │ │ ├── pod-privileged-container-running.json
│ │ │ │ │ ├── pod-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── pod-resources-without-defined-limits.json
│ │ │ │ │ ├── pod-resources-without-defined-memory-limit.json
│ │ │ │ │ ├── podtemplate-apparmor-annotation-missing.json
│ │ │ │ │ ├── podtemplate-automounted-service-account-token.json
│ │ │ │ │ ├── podtemplate-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── podtemplate-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── podtemplate-container-running-as-root-group.json
│ │ │ │ │ ├── podtemplate-container-running-as-root-user.json
│ │ │ │ │ ├── podtemplate-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── podtemplate-container-with-possible-root-privileges.json
│ │ │ │ │ ├── podtemplate-host-ipc-true.json
│ │ │ │ │ ├── podtemplate-host-network-true.json
│ │ │ │ │ ├── podtemplate-host-pid-true.json
│ │ │ │ │ ├── podtemplate-privileged-container-running.json
│ │ │ │ │ ├── podtemplate-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── podtemplate-resources-without-defined-limits.json
│ │ │ │ │ ├── podtemplate-resources-without-defined-memory-limit.json
│ │ │ │ │ ├── rbac-dangerous-grants.json
│ │ │ │ │ ├── rbac-dodgy-subjects.json
│ │ │ │ │ ├── rbac-permissive-bindings.json
│ │ │ │ │ ├── replicaset-apparmor-annotation-missing.json
│ │ │ │ │ ├── replicaset-automounted-service-account-token.json
│ │ │ │ │ ├── replicaset-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── replicaset-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── replicaset-container-running-as-root-group.json
│ │ │ │ │ ├── replicaset-container-running-as-root-user.json
│ │ │ │ │ ├── replicaset-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── replicaset-container-with-possible-root-privileges.json
│ │ │ │ │ ├── replicaset-host-ipc-true.json
│ │ │ │ │ ├── replicaset-host-network-true.json
│ │ │ │ │ ├── replicaset-host-pid-true.json
│ │ │ │ │ ├── replicaset-kubernetes-container-manifest-hardening.json
│ │ │ │ │ ├── replicaset-privileged-container-running.json
│ │ │ │ │ ├── replicaset-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── replicaset-resources-without-defined-limits.json
│ │ │ │ │ ├── replicaset-resources-without-defined-memory-limit.json
│ │ │ │ │ ├── service-helm-tiller-in-use.json
│ │ │ │ │ ├── serviceaccount-automounted-service-account-token.json
│ │ │ │ │ ├── statefulset-apparmor-annotation-missing.json
│ │ │ │ │ ├── statefulset-automounted-service-account-token.json
│ │ │ │ │ ├── statefulset-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── statefulset-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── statefulset-container-running-as-root-group.json
│ │ │ │ │ ├── statefulset-container-running-as-root-user.json
│ │ │ │ │ ├── statefulset-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── statefulset-container-with-possible-root-privileges.json
│ │ │ │ │ ├── statefulset-host-ipc-true.json
│ │ │ │ │ ├── statefulset-host-network-true.json
│ │ │ │ │ ├── statefulset-host-pid-true.json
│ │ │ │ │ ├── statefulset-kubernetes-container-manifest-hardening.json
│ │ │ │ │ ├── statefulset-privileged-container-running.json
│ │ │ │ │ ├── statefulset-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── statefulset-resources-without-defined-limits.json
│ │ │ │ │ └── statefulset-resources-without-defined-memory-limit.json
│ │ │ │ └── rulesets/
│ │ │ │ ├── aks.json
│ │ │ │ ├── default.json
│ │ │ │ ├── eks.json
│ │ │ │ ├── filters.json
│ │ │ │ └── gke.json
│ │ │ ├── services.py
│ │ │ └── utils.py
│ │ ├── oci/
│ │ │ ├── __init__.py
│ │ │ ├── authentication_strategy.py
│ │ │ ├── facade/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── identity.py
│ │ │ │ ├── kms.py
│ │ │ │ └── objectstorage.py
│ │ │ ├── metadata.json
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── identity/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── api_keys.py
│ │ │ │ │ ├── authentication_policy.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── groups.py
│ │ │ │ │ ├── policies.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── kms/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── keys.py
│ │ │ │ │ └── keyvaults.py
│ │ │ │ └── objectstorage/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ └── buckets.py
│ │ │ ├── rules/
│ │ │ │ ├── filters/
│ │ │ │ │ └── .keep
│ │ │ │ ├── findings/
│ │ │ │ │ ├── identity-password-policy-minimum-length.json
│ │ │ │ │ ├── identity-password-policy-no-lowercase-required.json
│ │ │ │ │ ├── identity-password-policy-no-number-required.json
│ │ │ │ │ ├── identity-password-policy-no-symbol-required.json
│ │ │ │ │ ├── identity-password-policy-no-uppercase-required.json
│ │ │ │ │ ├── identity-policy-affects-user.json
│ │ │ │ │ ├── identity-user-with-multiple-api-keys.json
│ │ │ │ │ ├── kms-no-key-rotation.json
│ │ │ │ │ ├── objectstorage-bucket-lacking-kms-encryption.json
│ │ │ │ │ └── objectstorage-public-bucket.json
│ │ │ │ └── rulesets/
│ │ │ │ ├── default.json
│ │ │ │ └── filters.json
│ │ │ ├── services.py
│ │ │ └── utils.py
│ │ └── utils.py
│ └── utils.py
├── dev-requirements.txt
├── docker/
│ ├── .dockerignore
│ ├── Dockerfile-aws
│ ├── Dockerfile-azure
│ ├── Dockerfile-base
│ ├── Dockerfile-gcp
│ ├── README.md
│ ├── bin/
│ │ ├── container-install-aws2.sh
│ │ ├── container-install-azure.sh
│ │ ├── container-install-gcp.sh
│ │ ├── container-install-prereqs.sh
│ │ ├── container-install-scoutsuite.sh
│ │ └── container-set-init.sh
│ ├── build.sh
│ ├── config/
│ │ ├── aws.env
│ │ ├── azure.env
│ │ ├── base.env
│ │ ├── combined.env
│ │ ├── gcp.env
│ │ └── ibm.env
│ └── tag.sh
├── pytest.ini
├── requirements.txt
├── scout.py
├── setup.py
├── tests/
│ ├── data/
│ │ ├── invalid-file.json
│ │ ├── ip-ranges-1.json
│ │ ├── ip-ranges-3.json
│ │ ├── policy1.json
│ │ ├── protocols.json
│ │ ├── resources/
│ │ │ └── dummy_resources.json
│ │ ├── rule-configs/
│ │ │ ├── ec2.json
│ │ │ ├── iam-password-policy.json
│ │ │ └── iam-root.json
│ │ ├── rule-results/
│ │ │ ├── ec2-default-security-group-in-use.json
│ │ │ ├── ec2-default-security-group-with-rules.json
│ │ │ ├── ec2-ebs-default-encryption-disabled.json
│ │ │ ├── ec2-security-group-opens-all-ports-to-all.json
│ │ │ ├── ec2-security-group-opens-all-ports-to-self.json
│ │ │ ├── ec2-security-group-opens-all-ports.json
│ │ │ ├── ec2-security-group-opens-known-port-to-all.json
│ │ │ ├── ec2-security-group-opens-port-range.json
│ │ │ ├── ec2-security-group-opens-port-to-all.json
│ │ │ ├── ec2-security-group-whitelists-aws-ip-from-banned-region.json
│ │ │ ├── ec2-security-group-whitelists-aws.json
│ │ │ ├── iam-password-policy-expiration-threshold.json
│ │ │ ├── iam-password-policy-lowercase-required.json
│ │ │ ├── iam-password-policy-minimum-length.json
│ │ │ ├── iam-password-policy-no-expiration.json
│ │ │ ├── iam-password-policy-no-lowercase-required.json
│ │ │ ├── iam-password-policy-no-number-required.json
│ │ │ ├── iam-password-policy-no-symbol-required.json
│ │ │ ├── iam-password-policy-no-uppercase-required.json
│ │ │ └── iam-password-policy-reuse-enabled.json
│ │ ├── ruleset-test.json
│ │ ├── statement1.json
│ │ └── test-ruleset.json
│ ├── results/
│ │ └── read_ip_ranges/
│ │ ├── ip-ranges-1a.json
│ │ ├── ip-ranges-1b.json
│ │ ├── ip-ranges-1c.json
│ │ ├── ip-ranges-3.json
│ │ └── ip-ranges-a.json
│ ├── test_aws_provider.py
│ ├── test_azure_provider.py
│ ├── test_core.py
│ ├── test_main.py
│ ├── test_output.py
│ ├── test_resources.py
│ ├── test_rules_processingengine.py
│ ├── test_rules_ruleset.py
│ ├── test_scoutsuite.py
│ ├── test_utils.py
│ ├── test_utils_conditions.py
│ ├── test_utils_console.py
│ └── test_utils_fs.py
└── tools/
├── README.md
├── __init__.py
├── aws_security_hub_export.py
├── format_findings.py
├── gen-tests.py
├── process_raw_response.py
├── sort-ruleset.py
├── update-aws-ips.sh
└── utils.py
================================================
FILE CONTENTS
================================================
================================================
FILE: .coveragerc
================================================
[report]
include = ScoutSuite/*.py
ScoutSuite/core/*.py
ScoutSuite/output/*.py
ScoutSuite/providers/aws/*.py
ScoutSuite/providers/aws/facade/*.py
ScoutSuite/providers/aws/resources/*.py
ScoutSuite/providers/azure/*.py
ScoutSuite/providers/azure/facade/*.py
ScoutSuite/providers/azure/resources/*.py
ScoutSuite/providers/gcp/*.py
ScoutSuite/providers/gcp/facade/*.py
ScoutSuite/providers/gcp/resources/*.py
================================================
FILE: .flake8
================================================
[flake8]
select =
E901,
E999,
F821,
F822,
F823
statistics = True
show-source = True
max-line-length = 127
max-complexity = 10
exclude =
.git,
__pycache__,
docs/source/conf.py,
old,
build,
dist,
venv
[pycodestyle]
max_line_length = 127
ignore = E501
================================================
FILE: .github/ISSUE_TEMPLATE/bug_report.md
================================================
---
name: Bug report
about: Create a report to help us improve Scout Suite!
title: ''
labels: bug, potential
assignees: ''
---
**Describe the bug**
Please provide:
- A clear and concise description of what the bug is.
- Console output using the `--debug` argument.
- If possible, the errors JSON file generated at the end of execution (the CLI output will provide the path to this file). The file can be sent to <scoutsuite@nccgroup.com> to avoid including sensitive content in the GitHub issue.
**To Reproduce**
Please provide:
- The **exact** CLI parameters used to run Scout Suite.
- Any specific configuration within the cloud account which might have lead to the issue.
**Additional context**
Add any other context about the problem here.
================================================
FILE: .github/ISSUE_TEMPLATE/feature_request.md
================================================
---
name: Feature request
about: Suggest an idea to improve Scout Suite!
title: ''
labels: enhancement
assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.
================================================
FILE: .github/PULL_REQUEST_TEMPLATE.md
================================================
# Description
**Make sure the PR is against the `develop` branch (see [Contributing](https://github.com/nccgroup/ScoutSuite/blob/master/CONTRIBUTING.md)).**
**Make sure to set the corresponding milestone in the PR.**
Please include a summary of the change(s) and which issue(s) it addresses. Please also include relevant motivation and context.
Fixes # (issue)
## Type of change
Select the relevant option(s):
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [ ] This change requires a documentation update
## Checklist:
- [ ] My code follows the style guidelines of this project
- [ ] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my feature works (optional)
- [ ] New and existing unit tests pass locally with my changes
================================================
FILE: .github/workflows/frontend-build.yml
================================================
name: Fronted Build CI (dummy version)
on:
# Triggers the workflow on push or pull request events but only for the master branch
push:
branches: [ v6-master ]
jobs:
test:
runs-on: ubuntu-18.04
steps:
- name: Show environment v1
run: env | grep ^GITHUB
- name: Show ref v1
run: echo "===============> Version from $GITHUB_REF"
================================================
FILE: .github/workflows/testing.yml
================================================
name: CI Workflow
on:
push:
branches:
- develop
- master
pull_request:
jobs:
build:
runs-on: ubuntu-20.04
strategy:
matrix:
python-version: ['3.9', '3.10', '3.11']
steps:
- uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Cache pip
uses: actions/cache@v2
with:
# This path is specific to Ubuntu
path: ~/.cache/pip
# Look to see if there is a cache hit for the corresponding requirements file
key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
${{ runner.os }}-
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -U setuptools
pip install -r dev-requirements.txt
- name: Lint with flake8
run: |
# stop the build if there are Python syntax errors or undefined names
flake8 .
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Autopep 8
run: |
autopep8 --diff --recursive --max-line-length=127 .
- name: Test with pytest and generate coverage report
run: |
python -m pytest --cov=./ --cov-report=xml
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v1
with:
file: ./coverage.xml
================================================
FILE: .gitignore
================================================
# virtualenv
env/
venv/
# Compiled files
*.py[cod]
# C extensions
*.so
# Packages
*.egg
*.egg-info
.eggs
.cache/
dist
build
eggs
parts
bin
var
sdist
develop-eggs
.installed.cfg
lib
lib64
__pycache__
# Installer logs
pip-log.txt
# Unit test / coverage reports
.coverage
.tox
nosetests.xml
# Translations
*.mo
# Mr Developer
.mr.developer.cfg
.project
.pydevproject
# In case people do a `git add .` ...
*.csv
# Data folder and files
scoutsuite-report*
inc-scoutsuite-run*
report-*
*.db
# IntelliJ files
.idea/
*.iml
# Vs Code
.vscode/
# Mac cruft
.DS_Store
# Emacs backups
*~
# Private files
*private.*
# Private folders
/private*/
/**/private*/
#Profiling output
*.prof
!docker/bin
================================================
FILE: CODE_OF_CONDUCT.md
================================================
# Code of conduct
## Our Pledge
In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
## Our Standards
Examples of behavior that contributes to creating a positive environment include:
* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery and unwelcome sexual attention or advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others’ private information, such as a physical or electronic address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a professional setting
## Our Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
## Scope
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at <scout@nccgroup.com>. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project’s leadership.
## Attribution
This Code of Conduct is adapted from the Contributor Covenant, version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
For answers to common questions about this code of conduct, see https://www.contributor-covenant.org/faq
================================================
FILE: CONTRIBUTING.md
================================================
# Contributing
## Table of Contents
* [Introduction](#introduction)
* [Getting started](#getting-started)
* [How to report a bug](#How-to-report-a-bug)
* [How to suggest a new feature](#How-to-suggest-a-new-feature)
* [Code review process](#Code-review-process)
## Introduction
First off, thank you for considering contributing to Scout Suite, you're awesome! 🎉
Following these guidelines helps to communicate that you respect the time of the developers managing and developing this open source project. In return, they should reciprocate that respect in addressing your issue, assessing changes, and helping you finalize your pull requests.
## Getting started
So you want to contribute some code, that's great! This project follows the [GitHub Workflow](https://guides.github.com/introduction/flow/).
1. If it's a complex issue, please describe how you plan on going about addressing it on the issue thread.
2. Assign yourself to the issue
3. Create a branch using the following naming convention:
* If it's a feature: `feature/issuenumber-descriptive-name`
* If it's a bug fix: `bugfix/issuenumber-descriptive-name`
* If it's a hot fix: `hotfix/issuenumber-descriptive-name`
4. Implement your solution and the associated tests
5. Make sure your code follows the [PEP8 guidelines](https://www.python.org/dev/peps/pep-0008/)
6. [Create a pull request](https://help.github.com/articles/creating-a-pull-request/) against `develop`
7. Wait for people to review it
8. Address the comments people left on your pull request
9. Go back to 7. and repeat until your PR is 💯
10. Wait for someone from the team to merge your PR
## How to report a bug
When filing an issue, make sure to answer these five questions:
1. What version of Python are you using?
2. What operating system and processor architecture are you using?
3. What did you do?
4. What did you expect to see?
5. What did you see instead?
## How to suggest a new feature
If you find yourself wishing for a feature that doesn't exist in Scout Suite, you are probably not alone. There are bound to be others out there with similar needs. Many of the features that Scout Suite has today have been added because our users saw the need. Open an issue on our issues list on GitHub which describes the feature you would like to see, why you need it, and how it should work.
## Code review process
Pull requests are regularly reviewed by the core team. We require a minimum of two reviewers before allowing to merge.
================================================
FILE: LICENSE
================================================
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
================================================
FILE: MANIFEST.in
================================================
include LICENSE
include README.md
include requirements.txt
recursive-include ScoutSuite/data *
recursive-include ScoutSuite/output/data *
recursive-include ScoutSuite/providers/aws *
recursive-include ScoutSuite/providers/aws/rules *
recursive-include ScoutSuite/providers/azure *
recursive-include ScoutSuite/providers/azure/rules *
recursive-include ScoutSuite/providers/gcp *
recursive-include ScoutSuite/providers/gcp/rules *
recursive-include ScoutSuite/providers/aliyun *
recursive-include ScoutSuite/providers/aliyun/rules *
recursive-include ScoutSuite/providers/oci *
recursive-include ScoutSuite/providers/oci/rules *
recursive-include ScoutSuite/providers/kubernetes *
recursive-include ScoutSuite/providers/kubernetes/rules *
================================================
FILE: README.md
================================================
<p align="center">
<img src="https://user-images.githubusercontent.com/4206926/49877604-10457580-fe26-11e8-92d7-cd876c4f6454.png" width=350/>
</p>
#
[](https://github.com/nccgroup/ScoutSuite/actions)
[](https://codecov.io/gh/nccgroup/ScoutSuite)
[](https://badge.fury.io/py/ScoutSuite)
[](https://img.shields.io/pypi/dm/scoutsuite)
[](https://hub.docker.com/r/rossja/ncc-scoutsuite/)
[](https://hub.docker.com/r/rossja/ncc-scoutsuite/)
## Description
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.
Scout Suite was designed by security consultants/auditors. It is meant to provide a point-in-time security-oriented view of the cloud account it was run in. Once the data has been gathered, all usage may be performed offline.
The project team can be contacted at <scoutsuite@nccgroup.com>.
### Cloud Provider Support
The following cloud providers are currently supported:
- Amazon Web Services
- Microsoft Azure
- Google Cloud Platform
- Alibaba Cloud (alpha)
- Oracle Cloud Infrastructure (alpha)
- Kubernetes clusters on a cloud provider (alpha)
- DigitalOcean Cloud (alpha)
## Installation
Refer to the [wiki](https://github.com/nccgroup/ScoutSuite/wiki/Setup).
## Usage
Scout Suite is run through the CLI:
Once this has completed, it will generate an HTML report including findings and Cloud account configuration:
The above report was generated by running Scout Suite against https://github.com/nccgroup/sadcloud.
Additional information can be found in the [wiki](https://github.com/nccgroup/ScoutSuite/wiki).
There are also a number of handy [tools](https://github.com/nccgroup/ScoutSuite/tree/master/tools) for automation of common tasks.
================================================
FILE: ScoutSuite/__init__.py
================================================
__author__ = 'NCC Group'
__version__ = '5.14.0'
ERRORS_LIST = []
DEFAULT_REPORT_DIRECTORY = 'scoutsuite-report'
DEFAULT_REPORT_RESULTS_DIRECTORY = 'scoutsuite-results'
DEFAULT_INCLUDES_DIRECTORY = 'inc-scoutsuite'
================================================
FILE: ScoutSuite/__main__.py
================================================
import asyncio
import os
import webbrowser
from asyncio_throttle import Throttler
from ScoutSuite import ERRORS_LIST
from concurrent.futures import ThreadPoolExecutor
from ScoutSuite.core.cli_parser import ScoutSuiteArgumentParser
from ScoutSuite.core.console import set_logger_configuration, print_info, print_exception
from ScoutSuite.core.exceptions import RuleExceptions
from ScoutSuite.core.processingengine import ProcessingEngine
from ScoutSuite.core.ruleset import Ruleset
from ScoutSuite.core.server import Server
from ScoutSuite.output.html import ScoutReport
from ScoutSuite.output.utils import get_filename
from ScoutSuite.providers import get_provider
from ScoutSuite.providers.base.authentication_strategy_factory import get_authentication_strategy
# Dirty workaround for compatibility with Python >= 3.10
import collections
collections.Callable = collections.abc.Callable
def run_from_cli():
parser = ScoutSuiteArgumentParser()
args = parser.parse_args()
# Get the dictionary to get None instead of a crash
args = args.__dict__
# TODO provider-specific arguments should be prepended with the provider's code
# (e.g. aws_profile, azure_user_account)
try:
return run(provider=args.get('provider'),
# AWS
profile=args.get('profile'),
aws_access_key_id=args.get('aws_access_key_id'),
aws_secret_access_key=args.get('aws_secret_access_key'),
aws_session_token=args.get('aws_session_token'),
# Azure
cli=args.get('cli'),
user_account=args.get('user_account'),
user_account_browser=args.get('user_account_browser'),
service_account=args.get('service_account'),
msi=args.get('msi'),
service_principal=args.get('service_principal'), file_auth=args.get('file_auth'),
client_id=args.get('client_id'), client_secret=args.get('client_secret'),
username=args.get('username'), password=args.get('password'),
tenant_id=args.get('tenant_id'),
subscription_ids=args.get('subscription_ids'), all_subscriptions=args.get('all_subscriptions'),
# GCP
project_id=args.get('project_id'), folder_id=args.get('folder_id'),
organization_id=args.get('organization_id'), all_projects=args.get('all_projects'),
# Aliyun
access_key_id=args.get('access_key_id'), access_key_secret=args.get('access_key_secret'),
# Kubernetes
kubernetes_cluster_provider=args.get('kubernetes_cluster_provider'),
kubernetes_config_file=args.get('kubernetes_config_file'),
kubernetes_context=args.get('kubernetes_context'),
kubernetes_persist_config=args.get('kubernetes_persist_config'),
kubernetes_azure_subscription_id=args.get('kubernetes_azure_subscription_id'),
#DigitalOcean
token=args.get('token'),
access_key=args.get('access_key'),
access_secret=args.get('access_secret'),
# General
report_name=args.get('report_name'), report_dir=args.get('report_dir'),
timestamp=args.get('timestamp'),
services=args.get('services'), skipped_services=args.get('skipped_services'),
list_services=args.get('list_services'),
result_format=args.get('result_format'),
database_name=args.get('database_name'),
host_ip=args.get('host_ip'),
host_port=args.get('host_port'),
max_workers=args.get('max_workers'),
regions=args.get('regions'),
excluded_regions=args.get('excluded_regions'),
fetch_local=args.get('fetch_local'), update=args.get('update'),
max_rate=args.get('max_rate'),
ip_ranges=args.get('ip_ranges'), ip_ranges_name_key=args.get('ip_ranges_name_key'),
ruleset=args.get('ruleset'), exceptions=args.get('exceptions'),
force_write=args.get('force_write'),
debug=args.get('debug'),
quiet=args.get('quiet'),
log_file=args.get('log_file'),
no_browser=args.get('no_browser'),
programmatic_execution=False)
except (KeyboardInterrupt, SystemExit):
print_info('Exiting')
return 130
def run(provider,
# AWS
profile=None,
aws_access_key_id=None,
aws_secret_access_key=None,
aws_session_token=None,
# Azure
user_account=False,
user_account_browser=False,
cli=False, msi=False, service_principal=False, file_auth=None,
client_id=None, client_secret=None,
username=None, password=None,
tenant_id=None,
subscription_ids=None, all_subscriptions=None,
# GCP
service_account=None,
project_id=None, folder_id=None, organization_id=None, all_projects=False,
# Aliyun
access_key_id=None, access_key_secret=None,
# Kubernetes
kubernetes_cluster_provider=None,
kubernetes_config_file=None,
kubernetes_context=None,
kubernetes_persist_config=True,
kubernetes_azure_subscription_id=None,
#DigitalOcean
token=None,
access_key=None,
access_secret=None,
# General
report_name=None, report_dir=None,
timestamp=False,
services=[], skipped_services=[], list_services=None,
result_format='json',
database_name=None, host_ip='127.0.0.1', host_port=8000,
max_workers=10,
regions=[],
excluded_regions=[],
fetch_local=False, update=False,
max_rate=None,
ip_ranges=[], ip_ranges_name_key='name',
ruleset='default.json', exceptions=None,
force_write=False,
debug=False,
quiet=False,
log_file=None,
no_browser=False,
programmatic_execution=True):
"""
Run a scout job in an async event loop.
"""
loop = asyncio.get_event_loop()
if loop.is_closed():
loop = asyncio.new_event_loop()
# Set the throttler within the loop so it's accessible later on
loop.throttler = Throttler(rate_limit=max_rate if max_rate else 999999, period=1)
loop.set_default_executor(ThreadPoolExecutor(max_workers=max_workers))
result = loop.run_until_complete(_run(**locals())) # pass through all the parameters
loop.close()
return result
async def _run(provider,
# AWS
profile,
aws_access_key_id,
aws_secret_access_key,
aws_session_token,
# Azure
cli, user_account, user_account_browser,
msi, service_principal, file_auth,
tenant_id,
subscription_ids, all_subscriptions,
client_id, client_secret,
username, password,
# GCP
service_account,
project_id, folder_id, organization_id, all_projects,
# Aliyun
access_key_id, access_key_secret,
# Kubernetes
kubernetes_cluster_provider,
kubernetes_config_file,
kubernetes_context,
kubernetes_persist_config,
kubernetes_azure_subscription_id,
#DigitalOcean
token,
access_key,
access_secret,
# General
report_name, report_dir,
timestamp,
services, skipped_services, list_services,
result_format,
database_name, host_ip, host_port,
regions,
excluded_regions,
fetch_local, update,
ip_ranges, ip_ranges_name_key,
ruleset, exceptions,
force_write,
debug,
quiet,
log_file,
no_browser,
programmatic_execution,
**kwargs):
"""
Run a scout job.
"""
# Configure the debug level
set_logger_configuration(debug, quiet, log_file)
print_info('Launching Scout')
print_info('Authenticating to cloud provider')
auth_strategy = get_authentication_strategy(provider)
try:
credentials = auth_strategy.authenticate(profile=profile,
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
user_account=user_account,
user_account_browser=user_account_browser,
service_account=service_account,
cli=cli,
msi=msi,
service_principal=service_principal,
file_auth=file_auth,
tenant_id=tenant_id,
client_id=client_id,
client_secret=client_secret,
username=username,
password=password,
access_key_id=access_key_id,
access_key_secret=access_key_secret,
#DigitalOcean
token=token,
access_key=access_key,
access_secret=access_secret,
# Kubernetes
kubernetes_cluster_provider=kubernetes_cluster_provider,
kubernetes_config_file=kubernetes_config_file,
kubernetes_context=kubernetes_context,
kubernetes_persist_config=kubernetes_persist_config,
kubernetes_azure_subscription_id=kubernetes_azure_subscription_id,
kubernetes_fetch_local=fetch_local)
if not credentials:
return 101
except Exception as e:
print_exception(f'Authentication failure: {e}')
return 101
# Create a cloud provider object
try:
cloud_provider = get_provider(provider=provider,
# AWS
profile=profile,
# Azure
subscription_ids=subscription_ids,
all_subscriptions=all_subscriptions,
# GCP
project_id=project_id,
folder_id=folder_id,
organization_id=organization_id,
all_projects=all_projects,
# Kubernetes
kubernetes_config_file=kubernetes_config_file,
kubernetes_context=kubernetes_context,
kubernetes_cluster_provider=kubernetes_cluster_provider,
# Other
report_dir=report_dir,
timestamp=timestamp,
services=services,
skipped_services=skipped_services,
programmatic_execution=programmatic_execution,
credentials=credentials)
except Exception as e:
print_exception(f'Initialization failure: {e}')
return 102
# Create a new report
try:
report_name = report_name if report_name else cloud_provider.get_report_name()
report = ScoutReport(cloud_provider.provider_code,
report_name,
report_dir,
timestamp,
result_format=result_format)
if database_name:
database_file, _ = get_filename('RESULTS', report_name, report_dir, file_extension="db")
Server.init(database_file, host_ip, host_port)
return
except Exception as e:
print_exception('Report initialization failure: {}'.format(e))
return 103
# If this command, run and exit
if list_services:
available_services = [x for x in dir(cloud_provider.services) if
not (x.startswith('_') or x in ['credentials', 'fetch'])]
print_info('The available services are: "{}"'.format('", "'.join(available_services)))
return 0
# Complete run, including pulling data from provider
if not fetch_local:
# Fetch data from provider APIs
try:
print_info('Gathering data from APIs')
await cloud_provider.fetch(regions=regions, excluded_regions=excluded_regions)
except KeyboardInterrupt:
print_info('\nCancelled by user')
return 130
except Exception as e:
print_exception('Unhandled exception thrown while gathering data: {}'.format(e))
return 104
# Update means we reload the whole config and overwrite part of it
if update:
try:
print_info('Updating existing data')
#Load previous results
last_run_dict = report.encoder.load_from_file('RESULTS')
#Get list of previous services which were not updated during this run
previous_services = [prev_service for prev_service in last_run_dict['service_list'] if prev_service not in cloud_provider.service_list]
#Add previous services
for service in previous_services:
cloud_provider.service_list.append(service)
cloud_provider.services[service] = last_run_dict['services'][service]
except Exception as e:
print_exception('Failure while updating report: {}'.format(e))
# Partial run, using pre-pulled data
else:
try:
print_info('Using local data')
# Reload to flatten everything into a python dictionary
last_run_dict = report.encoder.load_from_file('RESULTS')
for key in last_run_dict:
setattr(cloud_provider, key, last_run_dict[key])
except Exception as e:
print_exception('Failure while updating report: {}'.format(e))
# Pre processing
try:
print_info('Running pre-processing engine')
cloud_provider.preprocessing(ip_ranges, ip_ranges_name_key)
except Exception as e:
print_exception('Failure while running pre-processing engine: {}'.format(e))
return 105
# Analyze config
try:
print_info('Running rule engine')
finding_rules = Ruleset(cloud_provider=cloud_provider.provider_code,
environment_name=cloud_provider.environment,
filename=ruleset,
ip_ranges=ip_ranges,
account_id=cloud_provider.account_id)
processing_engine = ProcessingEngine(finding_rules)
processing_engine.run(cloud_provider)
except Exception as e:
print_exception('Failure while running rule engine: {}'.format(e))
return 106
# Create display filters
try:
print_info('Applying display filters')
filter_rules = Ruleset(cloud_provider=cloud_provider.provider_code,
environment_name=cloud_provider.environment,
filename='filters.json',
rule_type='filters',
account_id=cloud_provider.account_id)
processing_engine = ProcessingEngine(filter_rules)
processing_engine.run(cloud_provider)
except Exception as e:
print_exception('Failure while applying display filters: {}'.format(e))
return 107
# Handle exceptions
if exceptions:
print_info('Applying exceptions')
try:
exceptions = RuleExceptions(exceptions)
exceptions.process(cloud_provider)
exceptions = exceptions.exceptions
except Exception as e:
print_exception(f'Failed to load exceptions: {e}')
exceptions = {}
else:
exceptions = {}
# Finalize
try:
print_info('Running post-processing engine')
run_parameters = {
'services': services,
'skipped_services': skipped_services,
'regions': regions,
'excluded_regions': excluded_regions,
}
cloud_provider.postprocessing(report.current_time, finding_rules, run_parameters)
except Exception as e:
print_exception('Failure while running post-processing engine: {}'.format(e))
return 108
# Save config and create HTML report
try:
html_report_path = report.save(cloud_provider, exceptions, force_write, debug)
except Exception as e:
print_exception('Failure while generating HTML report: {}'.format(e))
return 109
# Open the report by default
if not no_browser:
print_info('Opening the HTML report')
url = 'file://%s' % os.path.abspath(html_report_path)
webbrowser.open(url, new=2)
if ERRORS_LIST: # errors were handled during execution
return 200
else:
return 0
================================================
FILE: ScoutSuite/core/__init__.py
================================================
================================================
FILE: ScoutSuite/core/cli_parser.py
================================================
import argparse
from ScoutSuite import __version__
class ScoutSuiteArgumentParser:
def __init__(self):
self.parser = argparse.ArgumentParser(epilog='To get addtional help on a specific provider run: scout.py {provider} -h')
# People will still be able to use the old --provider syntax
self.parser.add_argument("--provider",
action='store_true',
dest='sinkhole',
help=argparse.SUPPRESS)
self.parser.add_argument('-v', '--version',
action='version',
version=f'Scout Suite {__version__}')
self.common_providers_args_parser = argparse.ArgumentParser(add_help=False)
self.subparsers = self.parser.add_subparsers(title="The provider you want to run scout against",
dest="provider")
self._init_common_args_parser()
self._init_aws_parser()
self._init_gcp_parser()
self._init_azure_parser()
self._init_aliyun_parser()
self._init_oci_parser()
self._init_kubernetes_parser()
self._init_do_parser()
def _init_aws_parser(self):
parser = self.subparsers.add_parser("aws",
parents=[self.common_providers_args_parser],
help="Run Scout against an Amazon Web Services account")
aws_parser = parser.add_argument_group('Authentication modes')
aws_auth_params = parser.add_argument_group('Authentication parameters')
aws_auth_modes = aws_parser.add_mutually_exclusive_group(required=False)
aws_auth_modes.add_argument('-p',
'--profile',
dest='profile',
default=None,
help='Run with a named profile')
aws_auth_modes.add_argument('--access-keys',
action='store_true',
dest='aws_access_keys',
help='Run with access keys')
aws_auth_params.add_argument('--access-key-id',
action='store',
default=None,
dest='aws_access_key_id',
help='AWS Access Key ID')
aws_auth_params.add_argument('--secret-access-key',
action='store',
default=None,
dest='aws_secret_access_key',
help='AWS Secret Access Key')
aws_auth_params.add_argument('--session-token',
action='store',
default=None,
dest='aws_session_token',
help='AWS Session Token')
aws_additional_parser = parser.add_argument_group('Additional arguments')
aws_additional_parser.add_argument('-r',
'--regions',
dest='regions',
default=[],
nargs='+',
help='Name of regions to run the tool in, defaults to all')
aws_additional_parser.add_argument('-xr',
'--exclude-regions',
dest='excluded_regions',
default=[],
nargs='+',
help='Name of regions to excluded from execution')
aws_additional_parser.add_argument('--ip-ranges',
dest='ip_ranges',
default=[],
nargs='+',
help='Config file(s) that contain your known IP ranges')
aws_additional_parser.add_argument('--ip-ranges-name-key',
dest='ip_ranges_name_key',
default='name',
help='Name of the key containing the display name of a known CIDR')
def _init_gcp_parser(self):
parser = self.subparsers.add_parser("gcp",
parents=[self.common_providers_args_parser],
help="Run Scout against a Google Cloud Platform account")
gcp_parser = parser.add_argument_group('Authentication modes')
gcp_auth_modes = gcp_parser.add_mutually_exclusive_group(required=True)
gcp_auth_modes.add_argument('-u',
'--user-account',
action='store_true',
help='Run Scout with a Google Account')
gcp_auth_modes.add_argument('-s',
'--service-account',
action='store',
metavar="KEY_FILE",
help='Run Scout with a Google Service Account with the specified '
'Google Service Account Application Credentials file')
gcp_scope = parser.add_argument_group('Additional arguments')
gcp_scope.add_argument('--project-id',
action='store',
help='ID of the GCP Project to scan')
gcp_scope.add_argument('--folder-id',
action='store',
help='ID of the GCP Folder to scan')
gcp_scope.add_argument('--organization-id',
action='store',
help='ID of the GCP Organization to scan')
gcp_scope.add_argument('--all-projects',
action='store_true',
help='Scan all of the accessible projects')
def _init_azure_parser(self):
parser = self.subparsers.add_parser("azure",
parents=[self.common_providers_args_parser],
help="Run Scout against a Microsoft Azure account")
azure_parser = parser.add_argument_group('Authentication modes')
azure_auth_params = parser.add_argument_group('Authentication parameters')
azure_auth_modes = azure_parser.add_mutually_exclusive_group(required=True)
# az-cli authentication
azure_auth_modes.add_argument('-c',
'--cli',
action='store_true',
help='Run Scout using configured azure-cli credentials')
# username/password authentication
azure_auth_modes.add_argument('--user-account',
action='store_true',
help='Run Scout with user credentials')
azure_auth_params.add_argument('-u',
'--username',
action='store',
default=None,
dest='username',
help='Username of the Azure account')
azure_auth_params.add_argument('-p',
'--password',
action='store',
default=None,
dest='password',
help='Password of the Azure account')
# username/password authentication via browser
azure_auth_modes.add_argument('--user-account-browser',
action='store_true',
help='Run Scout with user credentials, authenticating through a browser (useful when MFA is enforced)')
# Service Principal authentication
azure_auth_modes.add_argument('-s',
'--service-principal',
action='store_true',
help='Run Scout with an Azure Service Principal')
azure_auth_params.add_argument('--client-id',
action='store',
dest='client_id',
help='Client ID of the service principal')
azure_auth_params.add_argument('--client-secret',
action='store',
dest='client_secret',
help='Client of the service principal')
# Service Principal credentials in an auth file
azure_auth_modes.add_argument('--file-auth',
action='store',
type=argparse.FileType('rb'),
dest='file_auth',
metavar="FILE",
help='Run Scout with the specified credential file')
# Managed Service Identity (MSI) authentication
azure_auth_modes.add_argument('-m',
'--msi',
action='store_true',
help='Run Scout with Managed Service Identity')
# Additional arguments
azure_scope = parser.add_argument_group('Additional arguments')
azure_scope.add_argument('--tenant',
action='store',
dest='tenant_id',
help='ID of the Tenant (Directory) to scan')
azure_scope.add_argument('--subscriptions',
action='store',
default=[],
nargs='+',
dest='subscription_ids',
help='IDs (separated by spaces) of the Azure subscription(s) to scan. '
'By default, only the default subscription will be scanned.')
azure_scope.add_argument('--all-subscriptions',
action='store_true',
dest='all_subscriptions',
help='Scan all of the accessible subscriptions')
def _init_aliyun_parser(self):
parser = self.subparsers.add_parser("aliyun",
parents=[self.common_providers_args_parser],
help="Run Scout against an Alibaba Cloud account")
aliyun_parser = parser.add_argument_group('Authentication modes')
aliyun_auth_params = parser.add_argument_group('Authentication parameters')
aliyun_auth_modes = aliyun_parser.add_mutually_exclusive_group(required=True)
aliyun_auth_modes.add_argument('--access-keys',
action='store_true',
help='Run Scout with user credentials')
aliyun_auth_params.add_argument('-k',
'--access-key-id',
action='store',
default=None,
dest='access_key_id',
help='Access Key Id')
aliyun_auth_params.add_argument('-s',
'--access-key-secret',
action='store',
default=None,
dest='access_key_secret',
help='Access Key Secret')
def _init_oci_parser(self):
oci_parser = self.subparsers.add_parser("oci",
parents=[self.common_providers_args_parser],
help="Run Scout against an Oracle Cloud Infrastructure account")
parser = oci_parser.add_argument_group('Authentication parameters')
parser.add_argument('-p',
'--profile',
dest='profile',
default=None,
help='Name of the profile')
def _init_do_parser(self):
do_parser = self.subparsers.add_parser("do",
parents=[self.common_providers_args_parser],
help="Run Scout against an DigitalOcean account")
parser = do_parser.add_argument_group('Authentication parameters')
parser.add_argument('-t',
'--token',
action='store',
default=None,
dest='token',
help='DO Token')
parser.add_argument('--access_key',
action='store',
default=None,
dest='access_key',
help='Spaces Access Key ID')
parser.add_argument('--access_secret',
action='store',
default=None,
dest='access_secret',
help='Spaces Secret Access Key')
def _init_kubernetes_parser(self):
kubernetes_parser = self.subparsers.add_parser("kubernetes",
parents=[self.common_providers_args_parser],
help="Run Scout against a Kubernetes cluster")
kubernetes_scope = kubernetes_parser.add_argument_group('Additional arguments')
kubernetes_scope.add_argument('-c',
'--cluster-provider',
dest='kubernetes_cluster_provider',
default=None,
choices=['aks', 'eks', 'gke'],
help='Cluster contexts to scan. If no cloud provider is specified, ScoutSuite will use the default Kubernetes configuration.')
kubernetes_scope.add_argument('--config-file',
dest='kubernetes_config_file',
default=None,
help='Name of the kube-config file. By default, it will use Kubernetes\' default directory.')
kubernetes_scope.add_argument('--context',
dest='kubernetes_context',
default=None,
help='Cluster context to scan. By default, current_context from config file will be used.')
kubernetes_scope.add_argument('--do-not-persist-config',
dest='kubernetes_persist_config',
action='store_false',
default=True,
help='If specified, config file will NOT be updated when changed (e.g GCP token refresh).')
kubernetes_scope.add_argument('--subscription-id',
dest='kubernetes_azure_subscription_id',
action='store',
default=None,
help='If unspecified, the default subscription will be used.')
def _init_common_args_parser(self):
parser = self.common_providers_args_parser.add_argument_group('Scout Arguments')
parser.add_argument('-f',
'--force',
dest='force_write',
default=False,
action='store_true',
help='Overwrite existing files')
parser.add_argument('-l', '--local',
dest='fetch_local',
default=False,
action='store_true',
help='Use local data previously fetched and re-run the analysis.')
parser.add_argument('--max-rate',
dest='max_rate',
type=int,
default=None,
help='Maximum number of API requests per second')
parser.add_argument('--debug',
dest='debug',
default=False,
action='store_true',
help='Print the stack trace when exception occurs')
parser.add_argument('--quiet',
dest='quiet',
default=False,
action='store_true',
help='Disables CLI output')
parser.add_argument('--logfile',
dest='log_file',
default=None,
action='store',
nargs='?',
help='Additional output to the specified file')
# parser.add_argument('--resume',
# dest='resume',
# default=False,
# action='store_true',
# help='Complete a partial (throttled) run')
parser.add_argument('--update',
dest='update',
default=False,
action='store_true',
help='Reload all the existing data and only overwrite data in scope for this run')
parser.add_argument('--ruleset',
dest='ruleset',
default='default.json',
nargs='?',
help='Set of rules to be used during the analysis.')
parser.add_argument('--no-browser',
dest='no_browser',
default=False,
action='store_true',
help='Do not automatically open the report in the browser.')
parser.add_argument('--max-workers',
dest='max_workers',
type=int,
default=10,
help='Maximum number of threads (workers) used by Scout Suite (default is 10)')
parser.add_argument('--report-dir',
dest='report_dir',
default=None,
help='Path of the Scout report.')
parser.add_argument('--report-name',
dest='report_name',
default=None,
help='Name of the Scout report.')
parser.add_argument('--timestamp',
dest='timestamp',
default=False,
nargs='?',
help='Timestamp added to the name of the report (default is current time in UTC).')
parser.add_argument('--services',
dest='services',
default=[],
nargs='+',
help='Name of in-scope services, defaults to all.')
parser.add_argument('--list-services',
dest='list_services',
default=False,
action='store_true',
help='List available services.')
parser.add_argument('--skip',
dest='skipped_services',
default=[],
nargs='+',
help='Name of out-of-scope services.')
parser.add_argument('--exceptions',
dest='exceptions',
default=None,
nargs='?',
help='Exception file to use during analysis.')
parser.add_argument('--result-format',
dest='result_format',
default='json',
type=str,
choices=['json', 'sqlite'],
help="[EXPERIMENTAL FEATURE] The database file format to use. JSON doesn't require a server to view the report, "
"but cannot be viewed if the result file is over 400mb.")
parser.add_argument('--serve',
dest="database_name",
default=None,
const=True,
nargs="?",
help="[EXPERIMENTAL FEATURE] Serve the specified result database on the server to show the report. "
"This must be used when the results are exported as an sqlite database.")
parser.add_argument('--host',
dest="host_ip",
default="127.0.0.1",
help="[EXPERIMENTAL FEATURE] Address on which you want the server to listen. Defaults to localhost.")
parser.add_argument('--port',
dest="host_port",
type=int,
default=8000,
help="[EXPERIMENTAL FEATURE] Port on which you want the server to listen. Defaults to 8000.")
def parse_args(self, args=None):
args = self.parser.parse_args(args)
# Cannot simply use required for backward compatibility
if not args.provider:
self.parser.error('You need to input a provider')
# If local analysis, overwrite results
if args.__dict__.get('fetch_local'):
args.force_write = True
# Test conditions
v = vars(args)
# AWS
if v.get('provider') == 'aws':
if v.get('aws_access_keys') and not (v.get('aws_access_key_id') or v.get('aws_secret_access_key')):
self.parser.error('When running with --access-keys, you must provide an Access Key ID '
'and Secret Access Key.')
# Azure
elif v.get('provider') == 'azure':
if v.get('tenant_id') and not (v.get('service_principal') or v.get('user_account_browser') or v.get('user_account')):
self.parser.error('--tenant can only be set when using --user-account-browser or --user-account or '
'--service-principal authentication')
if v.get('service_principal') and not v.get('tenant_id'):
self.parser.error('You must provide --tenant when using --service-principal authentication')
if v.get('user_account_browser') and not v.get('tenant_id'):
self.parser.error('You must provide --tenant when using --user-account-browser authentication')
if v.get('user_account') and not v.get('tenant_id'):
self.parser.error('You must provide --tenant when using --user-account authentication')
if v.get('subscription_ids') and v.get('all_subscriptions'):
self.parser.error('--subscription-ids and --all-subscriptions are mutually exclusive options')
# DigitalOcean
if v.get('provider') == 'do':
if (v.get('access_key') or v.get('access_secret')) and not (v.get('access_key') and v.get('access_secret')):
self.parser.error('For DO Spaces service please provide both --access_key and --access_secret')
# Kubernetes
elif v.get('provider') == 'kubernetes':
cluster_provider = v.get('kubernetes_cluster_provider')
# change ruleset based on cluster provider
if cluster_provider:
args.ruleset = f'{cluster_provider}.json'
# only use subscription_id if kubernetes_cluster_provider is 'aks'
if cluster_provider != 'aks' and v.get('kubernetes_azure_subscription_id'):
self.parser.error('--subscription-id is only used when analyzing AKS clusters')
return args
================================================
FILE: ScoutSuite/core/conditions.py
================================================
import datetime
import dateutil.parser
import json
import netaddr
import re
import ipaddress
from policyuniverse.expander_minimizer import get_actions_from_statement, _expand_wildcard_action
from ScoutSuite.core.console import print_error, print_exception
re_get_value_at = re.compile(r'_GET_VALUE_AT_\((.*?)\)')
re_nested_get_value_at = re.compile(r'_GET_VALUE_AT_\(.*')
def pass_conditions(all_info, current_path, conditions, unknown_as_pass_condition=False):
"""
Check that all conditions are passed for the current path.
:param all_info: All of the services' data
:param current_path: The value of the `path` variable defined in the finding file
:param conditions: The conditions to check as defined in the finding file
:param unknown_as_pass_condition: Consider an undetermined condition as passed
:return:
"""
# Fixes circular dependency
from ScoutSuite.providers.base.configs.browser import get_value_at
if len(conditions) == 0:
return True
condition_operator = conditions.pop(0)
for condition in conditions:
if condition[0] in ['and', 'or']:
res = pass_conditions(all_info, current_path, condition, unknown_as_pass_condition)
else:
# Conditions are formed as "path to value", "type of test", "value(s) for test"
path_to_value, test_name, test_values = condition
path_to_value = fix_path_string(all_info, current_path, path_to_value)
target_obj = get_value_at(all_info, current_path, path_to_value)
if type(test_values) != list and type(test_values) != dict:
dynamic_value = re_get_value_at.match(test_values)
if dynamic_value:
test_values = get_value_at(all_info, current_path, dynamic_value.groups()[0], True)
try:
res = pass_condition(target_obj, test_name, test_values)
except Exception as e:
res = True if unknown_as_pass_condition else False
print_exception('Unable to process testcase \'%s\' on value \'%s\', interpreted as %s: %s' %
(test_name, str(target_obj), res, e))
# Quick exit and + false
if condition_operator == 'and' and not res:
return False
# Quick exit or + true
if condition_operator == 'or' and res:
return True
return not condition_operator == 'or'
def pass_condition(b, test, a):
"""
Generic test function used by Scout
.
:param b: Value to be tested against
:param test: Name of the test case to run
:param a: Value to be tested
:return: True of condition is met, False otherwise
"""
# Return false by default
result = False
# Equality tests
if test == 'equal':
a = str(a)
b = str(b)
result = (a == b)
elif test == 'notEqual':
result = (not pass_condition(b, 'equal', a))
# More/Less tests
elif test == 'lessThan':
result = (int(b) < int(a))
elif test == 'lessOrEqual':
result = (int(b) <= int(a))
elif test == 'moreThan':
result = (int(b) > int(a))
elif test == 'moreOrEqual':
result = (int(b) >= int(a))
# Empty tests
elif test == 'empty':
result = ((type(b) == dict and b == {}) or (type(b) == list and b == []) or (type(b) == list and b == [None]))
elif test == 'notEmpty':
result = (not pass_condition(b, 'empty', 'a'))
elif test == 'null':
result = ((b is None) or (type(b) == str and b == 'None'))
elif test == 'notNull':
result = (not pass_condition(b, 'null', a))
# Boolean tests
elif test == 'true':
result = (str(b).lower() == 'true')
elif test == 'notTrue' or test == 'false':
result = (str(b).lower() == 'false')
# Object length tests
elif test == 'lengthLessThan':
result = (len(b) < int(a))
elif test == 'lengthMoreThan':
result = (len(b) > int(a))
elif test == 'lengthEqual':
result = (len(b) == int(a))
# Dictionary keys tests
elif test == 'withKey':
result = a in b
elif test == 'withoutKey':
result = a not in b
elif test == 'withKeyCaseInsensitive':
result = a.lower() in map(str.lower, b)
elif test == 'withoutKeyCaseInsensitive':
result = a.lower() not in map(str.lower, b)
# String test
elif test == 'containString':
if not type(b) == str:
b = str(b)
if not type(a) == str:
a = str(a)
result = a in b
elif test == 'notContainString':
if not type(b) == str:
b = str(b)
if not type(a) == str:
a = str(a)
result = a not in b
# List tests
elif test == 'containAtLeastOneOf':
result = False
if not type(b) == list:
b = [b]
if not type(a) == list:
a = [a]
for c in b:
if type(c) != dict:
c = str(c)
if c in a:
result = True
break
elif test == 'containAtLeastOneDifferentFrom':
result = False
if not type(b) == list:
b = [b]
if not type(a) == list:
a = [a]
for c in b:
if c and c != '' and c not in a:
result = True
break
elif test == 'containNoneOf':
result = True
if not type(b) == list:
b = [b]
if not type(a) == list:
a = [a]
for c in b:
if c in a:
result = False
break
elif test == 'containAtLeastOneMatching':
result = False
for item in b:
if re.match(a, item):
result = True
break
# Regex tests
elif test == 'match':
if type(a) != list:
a = [a]
b = str(b)
for c in a:
if re.match(c, b):
result = True
break
elif test == 'matchInList':
if type(a) != list:
a = [a]
if type(b) !=list:
b = [b]
for c in a:
for d in b:
if re.match(c, d):
result = True
break
if result:
break
elif test == 'notMatch':
result = (not pass_condition(b, 'match', a))
# Date tests
elif test == 'priorToDate':
b = dateutil.parser.parse(str(b)).replace(tzinfo=None)
a = dateutil.parser.parse(str(a)).replace(tzinfo=None)
result = (b < a)
elif test == 'olderThan':
age, threshold = __prepare_age_test(a, b)
result = (age > threshold)
elif test == 'newerThan':
age, threshold = __prepare_age_test(a, b)
result = (age < threshold)
# CIDR tests
elif test == 'inSubnets':
result = False
grant = netaddr.IPNetwork(b)
if type(a) != list:
a = [a]
for c in a:
known_subnet = netaddr.IPNetwork(c)
if grant in known_subnet:
result = True
break
elif test == 'notInSubnets':
result = (not pass_condition(b, 'inSubnets', a))
elif test == 'isSubnetRange':
result = not ipaddress.ip_network(b, strict=False).exploded.endswith("/32")
elif test == 'isPrivateSubnet':
result = ipaddress.ip_network(b, strict=False).is_private
elif test == 'isPublicSubnet':
result = not ipaddress.ip_network(b, strict=False).is_private
# Port/port ranges tests
elif test == 'portsInPortList':
result = False
if not type(b) == list:
b = [b]
if not type(a) == list:
a = [a]
for port_range in b:
if '-' in port_range:
bottom_limit_port = int(port_range.split('-')[0])
upper_limit_port = int(port_range.split('-')[1])
for port in a:
if type(port) != int:
port = int(port)
if bottom_limit_port <= port <= upper_limit_port:
result = True
break
else: #A single port
for port in a:
if port == port_range:
result = True
break
# Policy statement tests
elif test == 'containAction':
result = False
if type(b) != dict:
b = json.loads(b)
statement_actions = get_actions_from_statement(b)
rule_actions = _expand_wildcard_action(a)
for action in rule_actions:
if action.lower() in statement_actions:
result = True
break
elif test == 'notContainAction':
result = (not pass_condition(b, 'containAction', a))
elif test == 'containAtLeastOneAction':
result = False
if type(b) != dict:
b = json.loads(b)
if type(a) != list:
a = [a]
actions = get_actions_from_statement(b)
for c in a:
if c.lower() in actions:
result = True
break
# Policy principal tests
elif test == 'isCrossAccount':
result = False
if type(b) != list:
b = [b]
for c in b:
if type(c) == dict and 'AWS' in c:
c = c['AWS']
if c != a and not re.match(r'arn:aws:iam:.*?:%s:.*' % a, c):
result = True
break
elif test == 'isSameAccount':
result = False
if type(b) != list:
b = [b]
for c in b:
if c == a or re.match(r'arn:aws:iam:.*?:%s:.*' % a, c):
result = True
break
elif test == 'isAccountRoot':
result = False
if type(b) != list:
b = [b]
for c in b:
if type(c) == dict and 'AWS' in c:
c = c['AWS']
if type(c) != list:
c = [c]
for i in c:
if i == a or re.match(r'arn:aws:iam:.*?:%s:root' % a, i):
result = True
break
# Unknown test case
else:
print_error('Error: unknown test case %s' % test)
raise Exception
return result
def fix_path_string(all_info, current_path, path_to_value):
# Fixes circular dependency
from ScoutSuite.providers.base.configs.browser import get_value_at
# handle nested _GET_VALUE_AT_...
while True:
dynamic_path = re_get_value_at.findall(path_to_value)
if len(dynamic_path) == 0:
break
for dp in dynamic_path:
tmp = dp
while True:
nested = re_nested_get_value_at.findall(tmp)
if len(nested) == 0:
break
tmp = nested[0].replace('_GET_VALUE_AT_(', '', 1)
dv = get_value_at(all_info, current_path, tmp)
path_to_value = path_to_value.replace('_GET_VALUE_AT_(%s)' % tmp, dv)
return path_to_value
def __prepare_age_test(a, b):
if type(a) != list:
print_error('Error: olderThan requires a list such as [ N , \'days\' ] or [ M, \'hours\'].')
raise Exception
number = int(a[0])
unit = a[1]
if unit not in ['days', 'hours', 'minutes', 'seconds']:
print_error('Error: only days, hours, minutes, and seconds are supported.')
raise Exception
if unit == 'hours':
number *= 3600
unit = 'seconds'
elif unit == 'minutes':
number *= 60
unit = 'seconds'
age = getattr((datetime.datetime.today() - dateutil.parser.parse(str(b)).replace(tzinfo=None)), unit)
return age, number
================================================
FILE: ScoutSuite/core/console.py
================================================
import logging
import platform
import os
import sys
import traceback
import coloredlogs
from ScoutSuite import ERRORS_LIST
########################################
# Output configuration
########################################
verbose_exceptions = False
logger = logging.getLogger('scout')
def set_logger_configuration(is_debug=False, quiet=False, output_file_path=None):
"""
Configure whether full stacktraces should be dumped in the console output
"""
# set debug level
global verbose_exceptions
verbose_exceptions = is_debug
# if "quiet" is set, don't output anything
if quiet:
coloredlogs.install(level='ERROR', logger=logger)
else:
coloredlogs.install(level='DEBUG' if is_debug else 'INFO', logger=logger)
if output_file_path:
# For some reason, hostname information is not passed to the FileHandler
# Add it using a filter
class HostnameFilter(logging.Filter):
hostname = platform.node()
def filter(self, record):
record.hostname = HostnameFilter.hostname
return True
# create file handler which logs messages
fh = logging.FileHandler(output_file_path, 'w+')
# Add filter to add hostname information
fh.addFilter(HostnameFilter())
# create formatter and add it to the handlers
formatter = logging.Formatter(fmt='%(asctime)s %(hostname)s %(name)s[%(process)d] %(levelname)s %(message)s',
datefmt='%Y-%m-%d %H:%M:%S')
fh.setFormatter(formatter)
# add the handlers to the logger
logger.addHandler(fh)
########################################
# Output functions
########################################
def print_generic(msg):
logger.info(msg)
def print_info(msg):
print_generic(msg)
def print_debug(msg):
logger.debug(msg)
def print_error(msg):
logger.error(msg)
def print_warning(msg):
logger.warning(msg)
def print_exception(exception, additional_details=None):
try:
exc = True
exc_type, exc_obj, exc_tb = sys.exc_info()
if exc_tb and traceback:
file_name = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
line_number = exc_tb.tb_lineno
traceback_exc = traceback.format_exc()
str = f'{file_name} L{line_number}: {exception}'
else:
file_name = None
line_number = None
traceback_exc = None
str = f'{exception}'
exc = False # if there isn't an actual exception then it's pointless
except Exception as e:
file_name = None
line_number = None
traceback_exc = None
str = f'{exception}'
if verbose_exceptions and exc:
logger.exception(str)
else:
logger.error(str)
ERRORS_LIST.append({'file': file_name,
'line': line_number,
'exception': f'{exception}',
'traceback': f'{traceback_exc}',
'additional_details': additional_details})
########################################
# Prompt functions
########################################
def prompt(test_input=None):
"""
Prompt function that works for Python2 and Python3
:param test_input: Value to be returned when testing
:return: Value typed by user (or passed in argument when testing)
"""
if test_input is not None:
if type(test_input) == list and len(test_input):
choice = test_input.pop(0)
elif type(test_input) == list:
choice = ''
else:
choice = test_input
else:
choice = input()
return choice
def prompt_overwrite(filename, force_write, test_input=None):
"""
Prompt whether the file should be overwritten
:param filename: Name of the file about to be written
:param force_write: Skip confirmation prompt if this flag is set
:param test_input: Used for unit testing
:return: Boolean whether file write operation is allowed
"""
if not os.path.exists(filename) or force_write:
return True
return prompt_yes_no(f'File \'{filename}\' already exists. Do you want to overwrite it',
test_input=test_input)
def prompt_value(question, choices=None, default=None, display_choices=True, display_indices=False,
authorize_list=False, is_question=False, no_confirm=False, required=True,
regex=None,
regex_format='', max_laps=5, test_input=None, return_index=False):
"""
Prompt for a value
. .
:param return_index:
:param question: Question to be asked
:param choices: List of authorized answers
:param default: Value suggested by default
:param display_choices: Display accepted choices
:param display_indices: Display the indice in the list next to the choice
:param authorize_list: Set to true if a list of answers may be accepted
:param is_question: Set to true to append a question mark
:param no_confirm: Set to true to not prompt for a confirmation of the value
:param required: Set to false if an empty answer is authorized
:param regex: TODO
:param regex_format TODO
:param max_laps: Exit after N laps
:param test_input: Used for unit testing
:param return_index TODO
:return:
"""
int_choice = 0
if choices and display_choices and not display_indices:
question = question + ' (' + '/'.join(choices) + ')'
lap_n = 0
while True:
if lap_n >= max_laps:
print_error('Automatically aborting prompt loop after 5 failures')
return None
lap_n += 1
can_return = False
# Display the question, choices, and prompt for the answer
if is_question:
question = question + '? '
print_error(question)
if choices and display_indices:
for c in choices:
print_error('%3d. %s' % (choices.index(c), c))
print_error('Enter the number corresponding to your choice: ')
choice = prompt(test_input)
# Set the default value if empty choice
if not choice or choice == '':
if default:
if no_confirm or prompt_yes_no('Use the default value (' + default + ')'):
# return default
choice = default
can_return = True
elif not required:
can_return = True
else:
print_error('Error: you cannot leave this parameter empty.')
# Validate the value against a whitelist of choices
elif choices:
user_choices = [item.strip() for item in choice.split(',')]
if not authorize_list and len(user_choices) > 1:
print_error(
'Error: multiple values are not supported; please enter a single value.')
else:
choice_valid = True
if display_indices and int(choice) < len(choices):
int_choice = choice
choice = choices[int(choice)]
else:
for c in user_choices:
if c not in choices:
print_error('Invalid value (%s).' % c)
choice_valid = False
break
if choice_valid:
can_return = True
# Validate against a regex
elif regex:
if regex.match(choice):
# return choice
can_return = True
else:
print_error('Error: expected format is: %s' % regex_format)
else:
# No automated validation, can attempt to return
can_return = True
if can_return:
# Manually confirm that the entered value is correct if needed
if no_confirm or prompt_yes_no('You entered "' + choice + '". Is that correct',
test_input=test_input):
return int(int_choice) if return_index else choice
def prompt_yes_no(question, test_input=None):
"""
Prompt for a yes/no or y/n answer
.
:param question: Question to be asked
:param test_input: Used for unit testing
:return: True for yes/y, False for no/n
"""
count = 0
while True:
print_error(question + ' (y/n)? ')
choice = prompt(test_input).lower()
if choice == 'yes' or choice == 'y':
return True
elif choice == 'no' or choice == 'n':
return False
else:
count += 1
print_error('\'%s\' is not a valid answer. Enter \'yes\'(y) or \'no\'(n).' % choice)
if count > 3:
return None
================================================
FILE: ScoutSuite/core/exceptions.py
================================================
from ScoutSuite.core.console import print_debug
from ScoutSuite.output.result_encoder import JavaScriptEncoder
class RuleExceptions:
"""
Exceptions handling
"""
def __init__(self, file_path=None):
self.jsrw = JavaScriptEncoder()
self.exceptions = self.jsrw.load_from_file(file_type='EXCEPTIONS',
file_path=file_path,
first_line=True)
def process(self, cloud_provider):
for service in self.exceptions:
for rule in self.exceptions[service]:
filtered_items = []
if rule not in cloud_provider.services[service]['findings']:
print_debug('Warning:: key error should not be happening')
continue
for item in cloud_provider.services[service]['findings'][rule]['items']:
if item not in self.exceptions[service][rule]:
filtered_items.append(item)
cloud_provider.services[service]['findings'][rule]['items'] = filtered_items
cloud_provider.services[service]['findings'][rule]['flagged_items'] = \
len(cloud_provider.services[service]['findings'][rule]['items'])
================================================
FILE: ScoutSuite/core/fs.py
================================================
import datetime
import json
import os
from ScoutSuite.core.console import print_exception, prompt_overwrite, print_info
from ScoutSuite.core.conditions import pass_condition
class CustomJSONEncoder(json.JSONEncoder):
"""
JSON encoder class
"""
def default(self, o):
if type(o) == datetime.datetime:
return str(o)
else:
return o.__dict__
def load_data(data_file, key_name=None, local_file=False):
"""
Load a JSON data file
:param data_file:
:param key_name:
:param local_file:
:return:
"""
if local_file:
if data_file.startswith('/'):
src_file = data_file
else:
src_dir = os.getcwd()
src_file = os.path.join(src_dir, data_file)
else:
src_dir = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../data')
src_file = os.path.join(src_dir, data_file)
with open(src_file) as f:
data = json.load(f)
if key_name:
data = data[key_name]
return data
def read_ip_ranges(filename, local_file=True, ip_only=False, conditions=None):
"""
Returns the list of IP prefixes from an ip-ranges file
:param filename:
:param local_file:
:param conditions:
:param ip_only:
:return:
"""
if not conditions:
conditions = []
targets = []
data = load_data(filename, local_file=local_file)
if 'source' in data:
# Filtered IP ranges
conditions = data['conditions']
local_file = data['local_file'] if 'local_file' in data else False
data = load_data(data['source'], local_file=local_file, key_name='prefixes')
else:
# Plain IP ranges
data = data['prefixes']
for d in data:
condition_passed = True
for condition in conditions:
if type(condition) != list or len(condition) < 3:
continue
condition_passed = pass_condition(d[condition[0]], condition[1], condition[2])
if not condition_passed:
break
if condition_passed:
targets.append(d)
if ip_only:
ips = []
for t in targets:
ips.append(t['ip_prefix'])
return ips
else:
return targets
def save_blob_as_json(filename, blob, force_write):
"""
Creates/Modifies file and saves python object as JSON
:param filename:
:param blob:
:param force_write:
:return:
"""
try:
if prompt_overwrite(filename, force_write):
with open(filename, 'wt') as f:
print_info('%s' % json.dumps(blob, indent=4, separators=(',', ': '), sort_keys=True,
cls=CustomJSONEncoder))
except Exception as e:
print_exception(e)
================================================
FILE: ScoutSuite/core/processingengine.py
================================================
from ScoutSuite.core.console import print_debug, print_exception
from ScoutSuite.utils import manage_dictionary
from ScoutSuite.core.utils import recurse
class ProcessingEngine:
"""
"""
def __init__(self, ruleset):
# Organize rules by path
self.ruleset = ruleset
self.rules = {}
for filename in self.ruleset.rules:
for rule in self.ruleset.rules[filename]:
if not rule.enabled:
continue
try:
manage_dictionary(self.rules, rule.path, [])
self.rules[rule.path].append(rule)
except Exception as e:
print_exception(f'Failed to create rule {rule.filename}: {e}')
def run(self, cloud_provider, skip_dashboard=False):
# Clean up existing findings
for service in cloud_provider.services:
cloud_provider.services[service][self.ruleset.rule_type] = {}
# Process each rule
for finding_path in self._filter_rules(self.rules, cloud_provider.service_list):
for rule in self.rules[finding_path]:
if not rule.enabled: # or rule.service not in []: # TODO: handle this...
continue
print_debug(f'Processing {rule.service} rule "{rule.description}" ({rule.filename})')
finding_path = rule.path
path = finding_path.split('.')
service = path[0]
manage_dictionary(cloud_provider.services[service], self.ruleset.rule_type, {})
cloud_provider.services[service][self.ruleset.rule_type][rule.key] = {}
cloud_provider.services[service][self.ruleset.rule_type][rule.key]['description'] = rule.description
cloud_provider.services[service][self.ruleset.rule_type][rule.key]['path'] = rule.path
for attr in ['level', 'id_suffix', 'class_suffix', 'display_path']:
if hasattr(rule, attr):
cloud_provider.services[service][self.ruleset.rule_type][rule.key][attr] = getattr(rule, attr)
try:
setattr(rule, 'checked_items', 0)
cloud_provider.services[service][self.ruleset.rule_type][rule.key]['items'] = recurse(
cloud_provider.services, cloud_provider.services, path, [], rule, True)
if skip_dashboard:
continue
cloud_provider.services[service][self.ruleset.rule_type][rule.key]['dashboard_name'] = \
rule.dashboard_name
cloud_provider.services[service][self.ruleset.rule_type][rule.key]['checked_items'] = \
rule.checked_items
cloud_provider.services[service][self.ruleset.rule_type][rule.key]['flagged_items'] = \
len(cloud_provider.services[service][self.ruleset.rule_type][rule.key]['items'])
cloud_provider.services[service][self.ruleset.rule_type][rule.key]['service'] = rule.service
cloud_provider.services[service][self.ruleset.rule_type][rule.key]['rationale'] = \
rule.rationale if hasattr(rule, 'rationale') else None
cloud_provider.services[service][self.ruleset.rule_type][rule.key]['remediation'] = \
rule.remediation if hasattr(rule, 'remediation') else None
cloud_provider.services[service][self.ruleset.rule_type][rule.key]['compliance'] = \
rule.compliance if hasattr(rule, 'compliance') else None
cloud_provider.services[service][self.ruleset.rule_type][rule.key]['references'] = \
rule.references if hasattr(rule, 'references') else None
except Exception as e:
print_exception(f'Failed to process rule defined in {rule.filename}: {e}')
# Fallback if process rule failed to ensure report creation and data dump still happen
cloud_provider.services[service][self.ruleset.rule_type][rule.key]['checked_items'] = 0
cloud_provider.services[service][self.ruleset.rule_type][rule.key]['flagged_items'] = 0
@staticmethod
def _filter_rules(rules, services):
return {rule_name: rule for rule_name, rule in rules.items() if rule_name.split('.')[0] in services}
================================================
FILE: ScoutSuite/core/rule.py
================================================
import json
import re
from ScoutSuite.core.fs import read_ip_ranges
from ScoutSuite.core.console import print_exception
from ScoutSuite.utils import format_service_name
ip_ranges_from_args = 'ip-ranges-from-args'
re_account_id = re.compile(r'_ACCOUNT_ID_')
re_ip_ranges_from_file = re.compile(r'_IP_RANGES_FROM_FILE_\((.*?)(,.*?)\)')
re_ip_ranges_from_local_file = re.compile(r'_IP_RANGES_FROM_LOCAL_FILE_\((.*?)(,.*?)\)')
re_strip_dots = re.compile(r'(_STRIPDOTS_\((.*?)\))')
testcases = [
{
'name': 'account_id',
'regex': re_account_id
},
{
'name': 'ip_ranges_from_file',
'regex': re_ip_ranges_from_file
},
{
'name': 'ip_ranges_from_local_file',
'regex': re_ip_ranges_from_local_file
}
]
class Rule:
def to_string(self):
return str(vars(self))
def __init__(self, data_path, filename, rule_type, rule):
self.data_path = data_path
self.filename = filename
self.rule_type = rule_type
self.enabled = bool(self.get_attribute('enabled', rule, False))
self.level = self.get_attribute('level', rule, '')
self.args = self.get_attribute('args', rule, [])
self.conditions = self.get_attribute('conditions', rule, [])
self.key_suffix = self.get_attribute('key_suffix', rule, None)
@staticmethod
def get_attribute(name, rule, default_value):
return rule[name] if name in list(rule.keys()) else default_value
def set_definition(self, rule_definitions, attributes=None, ip_ranges=None, params=None):
"""
Update every attribute of the rule by setting the argument values as necessary
:param rule_definitions: TODO
:param attributes: TODO
:param ip_ranges: TODO
:param params: TODO
:return:
"""
attributes = [] if attributes is None else attributes
ip_ranges = [] if ip_ranges is None else ip_ranges
params = {} if params is None else params
try:
string_definition = rule_definitions[self.filename].string_definition
# Load condition dependencies
definition = json.loads(string_definition)
definition['conditions'] += self.conditions
loaded_conditions = []
for condition in definition['conditions']:
if condition[0].startswith('_INCLUDE_('):
include = re.findall(r'_INCLUDE_\((.*?)\)', condition[0])[0]
# new_conditions = load_data(include, key_name = 'conditions')
rules_path = f'{self.data_path}/{include}'
with open(rules_path) as f:
new_conditions = f.read()
for (i, value) in enumerate(condition[1]):
new_conditions = re.sub(condition[1][i], condition[2][i], new_conditions)
new_conditions = json.loads(new_conditions)['conditions']
loaded_conditions.append(new_conditions)
else:
loaded_conditions.append(condition)
definition['conditions'] = loaded_conditions
string_definition = json.dumps(definition)
# Set parameters
parameters = re.findall(r'(_ARG_([a-zA-Z0-9]+)_)', string_definition)
for param in parameters:
index = int(param[1])
if len(self.args) <= index:
string_definition = string_definition.replace(param[0], '')
elif type(self.args[index]) == list:
value = '[ %s ]' % ', '.join('"%s"' % v for v in self.args[index])
string_definition = string_definition.replace('"%s"' % param[0], value)
else:
string_definition = string_definition.replace(param[0], self.args[index])
# Strip dots if necessary
stripdots = re_strip_dots.findall(string_definition)
for value in stripdots:
string_definition = string_definition.replace(value[0], value[1].replace('.', ''))
definition = json.loads(string_definition)
# Set special values (IP ranges, AWS account ID, ...)
for condition in definition['conditions']:
if type(condition) != list \
or len(condition) == 1 \
or type(condition[2]) == list \
or type(condition[2]) == dict:
continue
for testcase in testcases:
result = testcase['regex'].match(condition[2])
if result and (testcase['name'] == 'ip_ranges_from_file'
or testcase['name'] == 'ip_ranges_from_local_file'):
filename = result.groups()[0]
conditions = result.groups()[1] if len(result.groups()) > 1 else []
# TODO :: handle comma here...
if filename == ip_ranges_from_args:
prefixes = []
for filename in ip_ranges:
prefixes += read_ip_ranges(filename, local_file=True, ip_only=True,
conditions=conditions)
condition[2] = prefixes
break
else:
local_file = True if testcase['name'] == 'ip_ranges_from_local_file' else False
condition[2] = read_ip_ranges(filename, local_file=local_file, ip_only=True,
conditions=conditions)
break
elif result:
condition[2] = params[testcase['name']]
break
if len(attributes) == 0:
attributes = [attr for attr in definition]
for attr in attributes:
if attr in definition:
setattr(self, attr, definition[attr])
if hasattr(self, 'path'):
self.service = format_service_name(self.path.split('.')[0])
if not hasattr(self, 'key'):
setattr(self, 'key', self.filename)
setattr(self, 'key', self.key.replace('.json', ''))
if self.key_suffix:
setattr(self, 'key', f'{self.key}-{self.key_suffix}')
except Exception as e:
print_exception(f'Failed to set definition {self.filename}: {e}')
================================================
FILE: ScoutSuite/core/rule_definition.py
================================================
import json
import os
from ScoutSuite.core.console import print_error, print_exception
class RuleDefinition:
def __init__(self, data_path, file_name=None, rule_dirs=None, string_definition=None):
rule_dirs = [] if rule_dirs is None else rule_dirs
self.rules_data_path = data_path
self.file_name = file_name
self.rule_dirs = rule_dirs
self.rule_types = ['findings', 'filters']
if self.file_name:
self.load()
elif string_definition:
self.string_definition = string_definition
self.load_from_string_definition()
else:
print_error('Error')
def __str__(self):
desription = getattr(self, 'description')
dlen = len(desription)
padding = (80 - dlen) // 2 if dlen < 80 else 0
value = '-' * 80 + '\n' + ' ' * padding + ' %s' % getattr(self, 'description') + '\n' + '-' * 80 + '\n'
quiet_list = ['descriptions', 'rule_dirs', 'rule_types', 'rules_data_path', 'string_definition']
value += '\n'.join(
'{}: {}'.format(attr, str(getattr(self, attr))) for attr in vars(self) if attr not in quiet_list)
value += '\n'
return value
def load(self):
"""
Load the definition of the rule, searching in the specified rule dirs first, then in the built-in definitions
:return: None
"""
file_name_valid = False
rule_type_valid = False
file_path = None
# Look for a locally-defined rule
for rule_dir in self.rule_dirs:
try:
file_path = os.path.join(rule_dir, self.file_name) if rule_dir else self.file_name
except Exception as e:
print_exception('Failed to load file {}: {}'.format(self.file_name, str(e)))
if os.path.isfile(file_path):
self.file_path = file_path
file_name_valid = True
break
# Look for a built-in rule
if not file_name_valid:
for rule_type in self.rule_types:
if self.file_name.startswith(rule_type):
self.file_path = os.path.join(self.rules_data_path, self.file_name)
rule_type_valid = True
file_name_valid = True
break
if not rule_type_valid:
for rule_type in self.rule_types:
self.file_path = os.path.join(self.rules_data_path, rule_type, self.file_name)
if os.path.isfile(self.file_path):
file_name_valid = True
break
else:
if os.path.isfile(self.file_path):
file_name_valid = True
if not file_name_valid:
print_error('Error: could not find %s' % self.file_name)
else:
try:
with open(self.file_path) as f:
self.string_definition = f.read()
self.load_from_string_definition()
except Exception as e:
print_exception('Failed to load rule defined in {}: {}'.format(self.file_name, str(e)))
def load_from_string_definition(self):
try:
definition = json.loads(self.string_definition)
for attr in definition:
setattr(self, attr, definition[attr])
except Exception as e:
print_exception('Failed to load string definition {}: {}'.format(self.string_definition, str(e)))
================================================
FILE: ScoutSuite/core/ruleset.py
================================================
import json
import os
import tempfile
from ScoutSuite.core.console import print_debug, print_error, prompt_yes_no, print_exception
from ScoutSuite.core.rule import Rule
from ScoutSuite.core.rule_definition import RuleDefinition
aws_ip_ranges_filename = 'ip-ranges.json'
ip_ranges_from_args = 'ip-ranges-from-args'
class Ruleset:
"""
TODO
:ivar rules: List of rules defined in the ruleset
:ivar rule_definitions: Definition of all rules found
:ivar ??
"""
def __init__(self,
cloud_provider,
environment_name='default',
filename=None,
name=None,
rules_dir=None,
rule_type='findings',
ip_ranges=None,
account_id=None,
ruleset_generator=False):
rules_dir = [] if rules_dir is None else rules_dir
ip_ranges = [] if ip_ranges is None else ip_ranges
self.rules_data_path = os.path.dirname(
os.path.dirname(os.path.abspath(__file__))) + '/providers/%s/rules' % cloud_provider
self.environment_name = environment_name
self.rule_type = rule_type
# Ruleset filename
self.filename = self.find_file(filename)
if not self.filename:
self.search_ruleset(environment_name)
print_debug('Loading ruleset %s' % self.filename)
self.name = os.path.basename(self.filename).replace('.json', '') if not name else name
self.load(self.rule_type)
self.shared_init(ruleset_generator, rules_dir, account_id, ip_ranges)
def to_string(self):
return str(vars(self))
def shared_init(self, ruleset_generator, rule_dirs, account_id, ip_ranges):
# Load rule definitions
if not hasattr(self, 'rule_definitions'):
self.load_rule_definitions(ruleset_generator, rule_dirs)
# Prepare the rules
params = {'account_id': account_id}
if ruleset_generator:
self.prepare_rules(attributes=['description', 'key', 'rationale'], params=params)
else:
self.prepare_rules(ip_ranges=ip_ranges, params=params)
def load(self, rule_type, quiet=False):
"""
Open a JSON file defining a ruleset and load it into a Ruleset object
:param rule_type: TODO
:param quiet: TODO
:return:
"""
if self.filename and os.path.exists(self.filename):
try:
with open(self.filename) as f:
ruleset = json.load(f)
self.about = ruleset['about'] if 'about' in ruleset else ''
self.rules = {}
for filename in ruleset['rules']:
self.rules[filename] = []
for rule in ruleset['rules'][filename]:
self.handle_rule_versions(filename, rule_type, rule)
except Exception as e:
print_exception(f'Ruleset file {self.filename} contains malformed JSON: {e}')
self.rules = []
self.about = ''
else:
self.rules = []
if not quiet:
print_error('Error: the file %s does not exist.' % self.filename)
def load_rules(self, file, rule_type):
file.seek(0)
ruleset = json.load(file)
self.about = ruleset['about']
self.rules = {}
for filename in ruleset['rules']:
self.rules[filename] = []
for rule in ruleset['rules'][filename]:
self.handle_rule_versions(filename, rule_type, rule)
def handle_rule_versions(self, filename, rule_type, rule):
"""
For each version of a rule found in the ruleset, append a new Rule object
"""
if 'versions' in rule:
versions = rule.pop('versions')
for version_key_suffix in versions:
version = versions[version_key_suffix]
version['key_suffix'] = version_key_suffix
tmp_rule = dict(rule, **version)
self.rules[filename].append(Rule(self.rules_data_path, filename, rule_type, tmp_rule))
else:
self.rules[filename].append(Rule(self.rules_data_path, filename, rule_type, rule))
def prepare_rules(self, attributes=None, ip_ranges=None, params=None):
"""
Update the ruleset's rules by duplicating fields as required by the HTML ruleset generator
:return:
"""
attributes = [] if attributes is None else attributes
ip_ranges = [] if ip_ranges is None else ip_ranges
params = {} if params is None else params
for filename in self.rule_definitions:
if filename in self.rules:
for rule in self.rules[filename]:
rule.set_definition(self.rule_definitions, attributes, ip_ranges, params)
else:
self.rules[filename] = []
new_rule = Rule(self.rules_data_path, filename, self.rule_type, {'enabled': False, 'level': 'danger'})
new_rule.set_definition(self.rule_definitions, attributes, ip_ranges, params)
self.rules[filename].append(new_rule)
def load_rule_definitions(self, ruleset_generator=False, rule_dirs=None):
"""
Load definition of rules declared in the ruleset
:param ruleset_generator:
:param rule_dirs:
:return:
"""
rule_dirs = [] if rule_dirs is None else rule_dirs
# Load rules from JSON files
self.rule_definitions = {}
for rule_filename in self.rules:
for rule in self.rules[rule_filename]:
if not rule.enabled and not ruleset_generator:
continue
self.rule_definitions[os.path.basename(rule_filename)] = RuleDefinition(self.rules_data_path,
rule_filename,
rule_dirs=rule_dirs)
# In case of the ruleset generator, list all available built-in rules
if ruleset_generator:
rule_dirs.append(self.rules_data_path + '/findings')
rule_filenames = []
for rule_dir in rule_dirs:
rule_filenames += [f for f in os.listdir(rule_dir) if os.path.isfile(os.path.join(rule_dir, f))]
for rule_filename in rule_filenames:
if rule_filename not in self.rule_definitions:
self.rule_definitions[os.path.basename(rule_filename)] = RuleDefinition(self.rules_data_path,
rule_filename)
def search_ruleset(self, environment_name, no_prompt=False):
"""
:param environment_name:
:param no_prompt:
:return:
"""
ruleset_found = False
if environment_name != 'default':
ruleset_file_name = 'ruleset-%s.json' % environment_name
ruleset_file_path = os.path.join(self.rules_data_path, 'rulesets/%s' % ruleset_file_name)
if os.path.exists(ruleset_file_path):
if no_prompt or prompt_yes_no(
"A ruleset whose name matches your environment name was found in %s. "
"Would you like to use it instead of the default one" % ruleset_file_name):
ruleset_found = True
self.filename = ruleset_file_path
if not ruleset_found:
self.filename = os.path.join(self.rules_data_path, 'rulesets/default.json')
def find_file(self, filename, filetype='rulesets'):
"""
:param filename:
:param filetype:
:return:
"""
if filename and not os.path.isfile(filename):
# Not a valid relative / absolute path, check Scout's data under findings/ or filters/
if not filename.startswith('findings/') and not filename.startswith('filters/'):
filename = f'{filetype}/{filename}'
if not os.path.isfile(filename):
filename = os.path.join(self.rules_data_path, filename)
if not os.path.isfile(filename) and not filename.endswith('.json'):
filename = self.find_file('%s.json' % filename, filetype)
return filename
class TmpRuleset(Ruleset):
def __init__(self, cloud_provider, rule_dirs=None, rule_filename=None, rule_args=None, rule_level='danger'):
super().__init__(cloud_provider)
rule_dirs = [] if rule_dirs is None else rule_dirs
rule_args = [] if rule_args is None else rule_args
self.rule_type = 'findings'
tmp_ruleset = {'rules': {}, 'about': 'Temporary, single-rule ruleset.'}
tmp_ruleset['rules'][rule_filename] = []
rule = {'enabled': True, 'level': rule_level}
if len(rule_args):
rule['args'] = rule_args
tmp_ruleset['rules'][rule_filename].append(rule)
tmp_ruleset_file = tempfile.TemporaryFile('w+t')
tmp_ruleset_file.write(json.dumps(tmp_ruleset))
self.rules_data_path = os.path.dirname(
os.path.dirname(os.path.abspath(__file__))) + '/providers/%s/rules' % cloud_provider
self.load_rules(file=tmp_ruleset_file, rule_type='findings')
self.shared_init(False, rule_dirs, '', [])
================================================
FILE: ScoutSuite/core/server.py
================================================
from sqlitedict import SqliteDict
import cherrypy
import cherrypy_cors
import re
count_re = re.compile(r".*_count$")
class Server:
"""
Boots a server that serves the result of the report for the user. This is still a proof of concept,
but will eventually be used to serve data when it exceeds 400mb.
"""
def __init__(self, filename):
"""
Constructor of the server object. Should not be called directly outside the class.
:param filename: Name of the file to write data to.
:return: The server object.
"""
self.results = SqliteDict(filename)
@cherrypy.expose()
@cherrypy.tools.json_out()
def summary(self):
"""
Returns the stripped down data of the results that doesn't scale up when using a lot of resources,
used to render the summary.
Should be the first call from the server.
Can be found at GET /api/summary
:return: The summary data of the report.
"""
data = dict(self.results)
services = data.get('services')
stripped_services = {}
for k1, v1 in services.items():
service = {}
for k2, v2 in v1.items():
if k2 == 'findings' or k2 == 'filters' or count_re.match(k2):
service[k2] = v2
stripped_services[k1] = service
data['services'] = stripped_services
return {'data': data}
@cherrypy.expose()
@cherrypy.tools.json_out()
def data(self, key=None):
"""
Return the data at the requested key. Doesn't returns nested dictionaries and lists.
If one of the value is a dictionary, it will return {'type': 'dict', 'keys': <Array of all the keys>}
If one of the value is a list, it will return {'type': 'list', 'count': <number of elements in the list>}
Can be found at GET /api/data?key=<KEY>
:param key: Key of the requested information, separated by the character '¤'.
:return: The data at the requested location stripped of its nested data.
"""
result = self.get_item(self.results, key)
# Returns only indexes or length if it's a complex type
if isinstance(result, dict) or isinstance(result, SqliteDict):
result = {'type': 'dict', 'keys': list(result.keys())}
elif isinstance(result, list):
result = {'type': 'list', 'length': len(result)}
return {'data': result}
@cherrypy.expose()
@cherrypy.tools.json_out()
def full(self, key=None):
"""
Return the data at the requested key. Returns all the nested data.
Be sure not to use it on a key that may contains a lot of data, as the request won't be answered
if it's too large(generally 3mb).
Can be found at GET /api/full?key=<KEY>
:param key: Key of the requested information, separated by the character '¤'.
:return: The data at the requested location.
"""
result = self.get_item(self.results, key)
if isinstance(result, str) or isinstance(result, int):
return {'data': result}
return {'data': dict(result)}
@cherrypy.expose()
@cherrypy.tools.json_out()
def page(self, key=None, page=None, pagesize=None):
"""
Return a page of the data at the requested key. Doesn't returns nested dictionaries and lists.
For example, if you set pagesize=10 and page=2, it should return element 10-19
If one of the value is a dictionary, it will return {'type': 'dict', 'keys': <Array of all the keys>}
If one of the value is a list, it will return {'type': 'list', 'count': <number of elements in the list>}
Can be found at GET /api/page?key=<KEY>&page=<PAGE>&pagesize=<PAGESIZE>
:param key: Key of the requested information, separated by the character '¤'.
:param page: The number of the page you request.
:param pagesize: The size of the page you request.
:return: A subset of the data at the requested location.
"""
result = self.get_item(self.results, key)
page = int(page)
pagesize = int(pagesize)
start = page * pagesize
end = min((page + 1) * pagesize, len(result))
if isinstance(result, dict) or isinstance(result, SqliteDict):
page = {k: result.get(k) for k in sorted(list(result))[start:end]}
if isinstance(result, list):
page = result[start:end]
return {'data': self.strip_nested_data(page)}
@staticmethod
def init(database_filename, host, port):
"""
Configure and starts the server.
:param database_filename: Location of the database file.
:param host: Address on which to listen.
:param port: Port on which to listen.
"""
cherrypy_cors.install()
config = {
'/': {
'cors.expose.on': True,
'tools.sessions.on': True,
'tools.response_headers.on': True,
'tools.response_headers.headers': [('Content-Type', 'text/plain')],
},
}
cherrypy.config.update({
'server.socket_host': host,
'server.socket_port': port,
})
cherrypy.quickstart(Server(database_filename), "/api", config=config)
@staticmethod
def get_item(data, key):
"""
Get a specific information from its key.
:param data: The dictionary in which the information is stored.
:param host: The key where the information is located.
:return: The nested data at the requested location.
"""
if not key:
return data
keyparts = key.split('¤')
for k in keyparts:
if isinstance(data, dict) or isinstance(data, SqliteDict):
data = data.get(k)
elif isinstance(data, list):
data = data[int(k)]
return data
@staticmethod
def strip_nested_data(data):
"""
Strip nested lists and dictionaries from the provided object to reduce its size.
:param data: The object to strip.
:return: The input data stripped of its nested lists and dictionaries.
"""
if not isinstance(data, dict):
return data
result = {}
for k, v in data.items():
if isinstance(v, dict):
result[k] = {'type': 'dict', 'keys': list(v.keys())}
elif isinstance(v, list):
result[k] = {'type': 'list', 'length': len(v)}
return result
================================================
FILE: ScoutSuite/core/utils.py
================================================
"""
Single-service rule processing functions
"""
import copy
from ScoutSuite.core.console import print_exception
from ScoutSuite.core.conditions import pass_conditions, fix_path_string
def recurse(all_info, current_info, target_path, current_path, config, add_suffix=False):
"""
Recursively test conditions for a path.
In order to do this, needs to evaluate all the `id` possibilities.
When the value in the path is `id`, this represents either a key for a dict or an index for a list.
When the is `id`:
- For a dict return value at key
- For a list, return the list
When the value ends in `id.`:
- For a dict, return a list of keys
- For a list, return value at the index indicated by id
`
:param all_info: All of the services' data
:param current_info: ?
:param target_path: The path that is being tested
:param current_path:
:param config: The Rule object that is being tested
:param add_suffix: ?
:return:
"""
results = []
if len(target_path) == 0:
# Dashboard: count the number of processed resources here
setattr(config, 'checked_items', getattr(config, 'checked_items') + 1)
# Test for conditions...
if pass_conditions(all_info, current_path, copy.deepcopy(config.conditions)):
# id_suffix
if add_suffix and hasattr(config, 'id_suffix'):
suffix = fix_path_string(all_info, current_path, config.id_suffix)
current_path.append(suffix)
# class_suffix
if add_suffix and hasattr(config, 'class_suffix'):
suffix = fix_path_string(all_info, current_path, config.class_suffix)
current_path.append(suffix)
results.append('.'.join(current_path))
# Return the flagged items...
return results
target_path = copy.deepcopy(target_path)
dbg_target_path = copy.deepcopy(target_path)
current_path = copy.deepcopy(current_path)
attribute = target_path.pop(0)
if type(current_info) == dict:
if attribute in current_info:
split_path = copy.deepcopy(current_path)
split_path.append(attribute)
results = results + recurse(all_info, current_info[attribute], target_path, split_path, config, add_suffix)
elif attribute == 'id':
for key in current_info:
split_target_path = copy.deepcopy(target_path)
split_current_path = copy.deepcopy(current_path)
split_current_path.append(key)
split_current_info = current_info[key]
results = results + recurse(all_info, split_current_info, split_target_path, split_current_path,
config, add_suffix)
# To handle lists properly, I would have to make sure the list is properly ordered and I can use the index to
# consistently access an object... Investigate (or do not use lists)
elif type(current_info) == list:
for index, split_current_info in enumerate(current_info):
split_current_path = copy.deepcopy(current_path)
split_current_path.append(str(index))
results = results + recurse(all_info, split_current_info, copy.deepcopy(target_path), split_current_path,
config, add_suffix)
# Python 2-3 compatible way to check for string type
elif isinstance(current_info, str):
split_current_path = copy.deepcopy(current_path)
results = results + recurse(all_info, current_info, [], split_current_path,
config, add_suffix)
else:
print_exception('Unable to recursively test condition for path {}: '
'unhandled case for \"{}\" type'.format(current_path,
type(current_info)),
additional_details={'current_path': current_path,
'current_info': current_info,
'dbg_target_path': dbg_target_path})
return results
================================================
FILE: ScoutSuite/data/aws/ip-ranges/aws-in-ec2.json
================================================
{
"source": "aws/ip-ranges/aws.json",
"conditions": [ "and",
[ "service", "equal", "EC2" ]
]
}
================================================
FILE: ScoutSuite/data/aws/ip-ranges/aws-in-us.json
================================================
{
"source": "aws/ip-ranges/aws.json",
"conditions": [ "and",
[ "region", "match", [ "us-.*" ] ]
]
}
================================================
FILE: ScoutSuite/data/aws/ip-ranges/aws.json
================================================
{
"syncToken": "1662013390",
"createDate": "2022-09-01-06-23-10",
"prefixes": [
{
"ip_prefix": "3.2.34.0/26",
"region": "af-south-1",
"service": "AMAZON",
"network_border_group": "af-south-1"
},
{
"ip_prefix": "3.5.140.0/22",
"region": "ap-northeast-2",
"service": "AMAZON",
"network_border_group": "ap-northeast-2"
},
{
"ip_prefix": "13.34.37.64/27",
"region": "ap-southeast-4",
"service": "AMAZON",
"network_border_group": "ap-southeast-4"
},
{
"ip_prefix": "13.34.65.64/27",
"region": "il-central-1",
"service": "AMAZON",
"network_border_group": "il-central-1"
},
{
"ip_prefix": "13.34.66.0/27",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "13.34.78.160/27",
"region": "me-south-1",
"service": "AMAZON",
"network_border_group": "me-south-1"
},
{
"ip_prefix": "15.230.221.0/24",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "35.180.0.0/16",
"region": "eu-west-3",
"service": "AMAZON",
"network_border_group": "eu-west-3"
},
{
"ip_prefix": "43.224.79.154/31",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "43.224.79.174/31",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "52.93.153.170/32",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "52.93.178.234/32",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "52.94.76.0/22",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "52.95.36.0/22",
"region": "ap-southeast-2",
"service": "AMAZON",
"network_border_group": "ap-southeast-2"
},
{
"ip_prefix": "52.219.170.0/23",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "99.87.32.0/22",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "120.52.22.96/27",
"region": "GLOBAL",
"service": "AMAZON",
"network_border_group": "GLOBAL"
},
{
"ip_prefix": "150.222.11.86/31",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "150.222.81.0/24",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "150.222.234.54/31",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "3.2.35.64/26",
"region": "sa-east-1",
"service": "AMAZON",
"network_border_group": "sa-east-1"
},
{
"ip_prefix": "13.34.11.32/27",
"region": "ap-east-1",
"service": "AMAZON",
"network_border_group": "ap-east-1"
},
{
"ip_prefix": "13.34.24.160/27",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "13.34.50.32/27",
"region": "GLOBAL",
"service": "AMAZON",
"network_border_group": "GLOBAL"
},
{
"ip_prefix": "13.34.52.96/27",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "13.34.69.64/27",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1"
},
{
"ip_prefix": "15.230.39.60/31",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "43.224.79.48/31",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "43.224.79.212/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.46.188.68/30",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "52.46.189.248/30",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "52.94.152.9/32",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.219.168.0/24",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "150.222.78.0/24",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "3.108.0.0/14",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1"
},
{
"ip_prefix": "13.34.43.192/27",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "13.34.52.0/27",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "13.34.64.32/27",
"region": "eu-west-3",
"service": "AMAZON",
"network_border_group": "eu-west-3"
},
{
"ip_prefix": "15.181.232.0/21",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1-iah-1"
},
{
"ip_prefix": "15.230.39.208/31",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "52.93.17.0/24",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "52.93.127.163/32",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.240.164/31",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "52.95.150.0/24",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "52.219.60.0/23",
"region": "ap-northeast-2",
"service": "AMAZON",
"network_border_group": "ap-northeast-2"
},
{
"ip_prefix": "142.4.160.136/29",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1-msp-1"
},
{
"ip_prefix": "150.222.230.102/31",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "3.2.0.0/24",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1-iah-1"
},
{
"ip_prefix": "13.34.43.96/27",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "13.34.48.0/27",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1"
},
{
"ip_prefix": "13.34.62.160/27",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1"
},
{
"ip_prefix": "13.34.64.96/27",
"region": "eu-west-3",
"service": "AMAZON",
"network_border_group": "eu-west-3"
},
{
"ip_prefix": "13.248.56.0/22",
"region": "ap-east-1",
"service": "AMAZON",
"network_border_group": "ap-east-1"
},
{
"ip_prefix": "13.248.117.0/24",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1"
},
{
"ip_prefix": "15.221.34.0/24",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1"
},
{
"ip_prefix": "15.230.137.0/24",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.126.135/32",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "52.93.178.219/32",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "52.93.240.186/31",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "52.94.24.0/23",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "150.222.3.187/32",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "150.222.199.0/25",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "150.222.252.248/31",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "161.188.154.0/23",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1-chi-1"
},
{
"ip_prefix": "13.34.71.0/27",
"region": "ap-northeast-2",
"service": "AMAZON",
"network_border_group": "ap-northeast-2"
},
{
"ip_prefix": "15.230.39.44/31",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "43.249.45.0/24",
"region": "ap-northeast-2",
"service": "AMAZON",
"network_border_group": "ap-northeast-2"
},
{
"ip_prefix": "52.4.0.0/14",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.46.191.174/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.92.68/31",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "52.93.127.27/32",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "52.144.227.192/26",
"region": "ap-northeast-2",
"service": "AMAZON",
"network_border_group": "ap-northeast-2"
},
{
"ip_prefix": "52.144.229.64/26",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1"
},
{
"ip_prefix": "54.222.88.0/24",
"region": "cn-north-1",
"service": "AMAZON",
"network_border_group": "cn-north-1"
},
{
"ip_prefix": "64.252.81.0/24",
"region": "sa-east-1",
"service": "AMAZON",
"network_border_group": "sa-east-1"
},
{
"ip_prefix": "142.4.160.80/29",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1-chi-1"
},
{
"ip_prefix": "13.34.70.224/27",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "13.248.70.0/24",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1"
},
{
"ip_prefix": "15.230.73.192/26",
"region": "ap-east-1",
"service": "AMAZON",
"network_border_group": "ap-east-1"
},
{
"ip_prefix": "43.224.76.28/30",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "50.16.0.0/15",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.46.189.108/30",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "52.93.116.148/32",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1"
},
{
"ip_prefix": "52.93.127.133/32",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1"
},
{
"ip_prefix": "52.93.198.0/25",
"region": "eu-west-3",
"service": "AMAZON",
"network_border_group": "eu-west-3"
},
{
"ip_prefix": "52.95.208.0/22",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.95.224.0/24",
"region": "eu-south-1",
"service": "AMAZON",
"network_border_group": "eu-south-1"
},
{
"ip_prefix": "104.255.59.104/32",
"region": "ap-southeast-3",
"service": "AMAZON",
"network_border_group": "ap-southeast-3"
},
{
"ip_prefix": "104.255.59.114/32",
"region": "ap-northeast-3",
"service": "AMAZON",
"network_border_group": "ap-northeast-3"
},
{
"ip_prefix": "150.222.84.0/24",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1"
},
{
"ip_prefix": "150.222.129.244/31",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "150.222.208.82/31",
"region": "af-south-1",
"service": "AMAZON",
"network_border_group": "af-south-1"
},
{
"ip_prefix": "150.222.234.50/31",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "205.251.249.0/24",
"region": "GLOBAL",
"service": "AMAZON",
"network_border_group": "GLOBAL"
},
{
"ip_prefix": "13.34.32.128/27",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "13.34.49.0/27",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "13.34.73.96/27",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "15.193.3.0/24",
"region": "ap-southeast-2",
"service": "AMAZON",
"network_border_group": "ap-southeast-2"
},
{
"ip_prefix": "15.220.196.0/22",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1-mia-1"
},
{
"ip_prefix": "15.220.216.0/22",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1-del-2"
},
{
"ip_prefix": "35.71.115.0/24",
"region": "us-gov-east-1",
"service": "AMAZON",
"network_border_group": "us-gov-east-1"
},
{
"ip_prefix": "43.224.76.152/30",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.127.169/32",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.153.148/32",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "52.94.244.0/22",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.119.208.0/23",
"region": "us-gov-west-1",
"service": "AMAZON",
"network_border_group": "us-gov-west-1"
},
{
"ip_prefix": "54.117.0.0/16",
"region": "ap-northeast-2",
"service": "AMAZON",
"network_border_group": "ap-northeast-2"
},
{
"ip_prefix": "54.240.236.26/32",
"region": "eu-south-1",
"service": "AMAZON",
"network_border_group": "eu-south-1"
},
{
"ip_prefix": "150.222.3.190/32",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "150.222.228.0/24",
"region": "sa-east-1",
"service": "AMAZON",
"network_border_group": "sa-east-1"
},
{
"ip_prefix": "13.34.34.192/27",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "15.197.34.0/23",
"region": "GLOBAL",
"service": "AMAZON",
"network_border_group": "GLOBAL"
},
{
"ip_prefix": "15.205.0.0/16",
"region": "us-gov-west-1",
"service": "AMAZON",
"network_border_group": "us-gov-west-1"
},
{
"ip_prefix": "15.230.39.10/31",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "16.12.6.0/23",
"region": "ap-east-1",
"service": "AMAZON",
"network_border_group": "ap-east-1"
},
{
"ip_prefix": "52.46.190.68/30",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "52.82.169.16/28",
"region": "cn-northwest-1",
"service": "AMAZON",
"network_border_group": "cn-northwest-1"
},
{
"ip_prefix": "52.93.34.56/32",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "52.94.198.16/28",
"region": "sa-east-1",
"service": "AMAZON",
"network_border_group": "sa-east-1"
},
{
"ip_prefix": "52.144.225.128/26",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1"
},
{
"ip_prefix": "64.252.69.0/24",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "71.131.192.0/18",
"region": "cn-north-1",
"service": "AMAZON",
"network_border_group": "cn-north-1"
},
{
"ip_prefix": "150.222.122.104/31",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "13.34.17.64/27",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "13.236.0.0/14",
"region": "ap-southeast-2",
"service": "AMAZON",
"network_border_group": "ap-southeast-2"
},
{
"ip_prefix": "15.197.36.0/22",
"region": "GLOBAL",
"service": "AMAZON",
"network_border_group": "GLOBAL"
},
{
"ip_prefix": "15.230.158.0/23",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "16.57.0.0/16",
"region": "eu-north-1",
"service": "AMAZON",
"network_border_group": "eu-north-1"
},
{
"ip_prefix": "43.206.0.0/15",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1"
},
{
"ip_prefix": "43.224.77.192/30",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.46.220.0/22",
"region": "eu-north-1",
"service": "AMAZON",
"network_border_group": "eu-north-1"
},
{
"ip_prefix": "52.93.50.128/32",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.50.140/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.56.0/24",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "52.93.178.152/32",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "52.95.41.0/24",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.95.100.0/22",
"region": "us-gov-west-1",
"service": "AMAZON",
"network_border_group": "us-gov-west-1"
},
{
"ip_prefix": "52.95.226.0/24",
"region": "ap-east-1",
"service": "AMAZON",
"network_border_group": "ap-east-1"
},
{
"ip_prefix": "52.219.204.0/22",
"region": "ap-northeast-2",
"service": "AMAZON",
"network_border_group": "ap-northeast-2"
},
{
"ip_prefix": "99.78.152.0/22",
"region": "af-south-1",
"service": "AMAZON",
"network_border_group": "af-south-1"
},
{
"ip_prefix": "142.4.160.56/29",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2-las-1"
},
{
"ip_prefix": "150.222.135.0/24",
"region": "ap-east-1",
"service": "AMAZON",
"network_border_group": "ap-east-1"
},
{
"ip_prefix": "150.222.202.0/24",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "176.32.125.244/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "3.4.0.0/24",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1-pilot-6"
},
{
"ip_prefix": "13.34.53.192/27",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1"
},
{
"ip_prefix": "13.34.60.128/27",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "15.177.83.0/24",
"region": "ap-southeast-2",
"service": "AMAZON",
"network_border_group": "ap-southeast-2"
},
{
"ip_prefix": "15.185.0.0/16",
"region": "me-south-1",
"service": "AMAZON",
"network_border_group": "me-south-1"
},
{
"ip_prefix": "15.220.252.0/22",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2-las-1"
},
{
"ip_prefix": "15.221.35.0/24",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "15.230.39.28/31",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "15.248.28.0/22",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "16.30.0.0/16",
"region": "eu-west-3",
"service": "AMAZON",
"network_border_group": "eu-west-3"
},
{
"ip_prefix": "16.49.0.0/16",
"region": "il-central-1",
"service": "AMAZON",
"network_border_group": "il-central-1"
},
{
"ip_prefix": "40.167.0.0/16",
"region": "ap-southeast-6",
"service": "AMAZON",
"network_border_group": "ap-southeast-6"
},
{
"ip_prefix": "52.46.190.0/30",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.35.212/32",
"region": "ap-east-1",
"service": "AMAZON",
"network_border_group": "ap-east-1"
},
{
"ip_prefix": "52.93.127.118/32",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "52.93.178.205/32",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "52.94.26.0/23",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "52.94.152.44/32",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.95.182.0/23",
"region": "ap-northeast-3",
"service": "AMAZON",
"network_border_group": "ap-northeast-3"
},
{
"ip_prefix": "54.240.236.54/32",
"region": "eu-south-1",
"service": "AMAZON",
"network_border_group": "eu-south-1"
},
{
"ip_prefix": "54.247.0.0/16",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "54.248.0.0/15",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1"
},
{
"ip_prefix": "3.2.40.0/25",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "13.34.41.192/27",
"region": "ap-southeast-2",
"service": "AMAZON",
"network_border_group": "ap-southeast-2"
},
{
"ip_prefix": "13.248.72.0/24",
"region": "il-central-1",
"service": "AMAZON",
"network_border_group": "il-central-1"
},
{
"ip_prefix": "15.230.39.196/31",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "15.251.0.9/32",
"region": "ap-southeast-2",
"service": "AMAZON",
"network_border_group": "ap-southeast-2"
},
{
"ip_prefix": "16.155.0.0/16",
"region": "af-south-1",
"service": "AMAZON",
"network_border_group": "af-south-1"
},
{
"ip_prefix": "18.34.248.0/22",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "35.71.99.0/24",
"region": "me-south-1",
"service": "AMAZON",
"network_border_group": "me-south-1"
},
{
"ip_prefix": "43.224.76.76/30",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "43.224.79.70/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "43.224.79.200/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.46.188.192/30",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "52.119.252.0/22",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "54.148.0.0/15",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "69.107.7.16/29",
"region": "ap-east-1",
"service": "AMAZON",
"network_border_group": "ap-east-1"
},
{
"ip_prefix": "99.77.130.0/24",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "150.222.3.185/32",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "150.222.11.78/31",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "150.222.27.12/32",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "150.222.234.52/31",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "150.222.234.68/31",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "180.163.57.128/26",
"region": "GLOBAL",
"service": "AMAZON",
"network_border_group": "GLOBAL"
},
{
"ip_prefix": "13.34.50.224/27",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "15.230.68.192/26",
"region": "eu-north-1",
"service": "AMAZON",
"network_border_group": "eu-north-1"
},
{
"ip_prefix": "18.200.0.0/16",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "43.224.76.144/30",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "52.93.91.102/32",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.141.212/32",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "54.21.0.0/16",
"region": "sa-east-1",
"service": "AMAZON",
"network_border_group": "sa-east-1"
},
{
"ip_prefix": "54.206.0.0/16",
"region": "ap-southeast-2",
"service": "AMAZON",
"network_border_group": "ap-southeast-2"
},
{
"ip_prefix": "54.240.236.69/32",
"region": "eu-south-1",
"service": "AMAZON",
"network_border_group": "eu-south-1"
},
{
"ip_prefix": "99.150.56.0/21",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "108.175.56.0/22",
"region": "us-gov-west-1",
"service": "AMAZON",
"network_border_group": "us-gov-west-1"
},
{
"ip_prefix": "150.222.96.0/24",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "13.34.15.32/27",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1"
},
{
"ip_prefix": "13.34.29.224/27",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "13.34.68.160/27",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "13.34.69.224/27",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1"
},
{
"ip_prefix": "13.34.70.64/27",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "13.248.124.0/24",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "15.193.2.0/24",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "15.220.222.0/23",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1-mci-1"
},
{
"ip_prefix": "15.230.67.64/26",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "15.230.212.0/23",
"region": "ap-southeast-2",
"service": "AMAZON",
"network_border_group": "ap-southeast-2"
},
{
"ip_prefix": "16.22.0.0/16",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1"
},
{
"ip_prefix": "16.24.0.0/15",
"region": "me-south-1",
"service": "AMAZON",
"network_border_group": "me-south-1"
},
{
"ip_prefix": "43.224.76.32/30",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "43.224.79.94/31",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "43.224.79.222/31",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "52.93.178.136/32",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "52.219.192.0/23",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "99.77.132.0/24",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "104.255.59.82/32",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1"
},
{
"ip_prefix": "150.222.120.242/31",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "161.188.146.0/23",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1-atl-1"
},
{
"ip_prefix": "13.204.0.0/14",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1"
},
{
"ip_prefix": "15.181.247.0/24",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1-atl-1"
},
{
"ip_prefix": "15.230.200.0/24",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "18.232.0.0/14",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "43.224.77.0/29",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "52.82.169.0/28",
"region": "cn-northwest-1",
"service": "AMAZON",
"network_border_group": "cn-northwest-1"
},
{
"ip_prefix": "52.93.112.0/24",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "52.93.178.138/32",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "54.239.0.224/28",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "54.239.48.0/22",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "64.252.118.0/24",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "142.4.160.144/29",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1-tpe-1"
},
{
"ip_prefix": "13.34.54.224/27",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "13.34.79.192/27",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1"
},
{
"ip_prefix": "13.248.119.0/24",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "15.220.120.0/21",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1-bue-1"
},
{
"ip_prefix": "15.230.39.254/31",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "15.230.179.16/29",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "52.93.81.0/24",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "52.93.240.170/31",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "54.74.0.0/15",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "150.222.15.124/32",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "150.222.114.0/24",
"region": "ap-east-1",
"service": "AMAZON",
"network_border_group": "ap-east-1"
},
{
"ip_prefix": "150.222.242.214/31",
"region": "eu-west-3",
"service": "AMAZON",
"network_border_group": "eu-west-3"
},
{
"ip_prefix": "13.34.27.32/27",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "13.34.39.32/27",
"region": "eu-central-2",
"service": "AMAZON",
"network_border_group": "eu-central-2"
},
{
"ip_prefix": "15.220.207.0/24",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2-sea-1"
},
{
"ip_prefix": "15.230.39.206/31",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "15.230.39.244/31",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "18.102.0.0/16",
"region": "eu-south-1",
"service": "AMAZON",
"network_border_group": "eu-south-1"
},
{
"ip_prefix": "52.46.190.144/30",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "52.46.191.98/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.83.0.0/16",
"region": "cn-northwest-1",
"service": "AMAZON",
"network_border_group": "cn-northwest-1"
},
{
"ip_prefix": "52.93.14.18/32",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "52.94.6.0/24",
"region": "ap-northeast-2",
"service": "AMAZON",
"network_border_group": "ap-northeast-2"
},
{
"ip_prefix": "52.144.197.192/26",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "64.252.122.0/24",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "69.107.7.56/29",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "150.222.2.0/24",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "150.222.3.234/31",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "150.222.27.18/31",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "150.222.164.220/31",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "13.34.23.0/27",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "13.248.67.0/24",
"region": "ap-southeast-4",
"service": "AMAZON",
"network_border_group": "ap-southeast-4"
},
{
"ip_prefix": "15.230.138.0/24",
"region": "af-south-1",
"service": "AMAZON",
"network_border_group": "af-south-1"
},
{
"ip_prefix": "15.230.169.6/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "43.224.79.254/31",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "52.46.190.32/30",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.47.0.0/16",
"region": "eu-west-3",
"service": "AMAZON",
"network_border_group": "eu-west-3"
},
{
"ip_prefix": "52.93.16.0/24",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "52.94.249.144/28",
"region": "ap-east-1",
"service": "AMAZON",
"network_border_group": "ap-east-1"
},
{
"ip_prefix": "52.95.136.0/23",
"region": "eu-south-2",
"service": "AMAZON",
"network_border_group": "eu-south-2"
},
{
"ip_prefix": "52.95.255.64/28",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "52.144.199.128/26",
"region": "ca-central-1",
"service": "AMAZON",
"network_border_group": "ca-central-1"
},
{
"ip_prefix": "52.144.225.64/26",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1"
},
{
"ip_prefix": "52.219.143.0/24",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "54.240.236.22/32",
"region": "eu-south-1",
"service": "AMAZON",
"network_border_group": "eu-south-1"
},
{
"ip_prefix": "204.246.168.0/22",
"region": "GLOBAL",
"service": "AMAZON",
"network_border_group": "GLOBAL"
},
{
"ip_prefix": "13.34.25.248/29",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1"
},
{
"ip_prefix": "13.34.38.64/27",
"region": "eu-south-2",
"service": "AMAZON",
"network_border_group": "eu-south-2"
},
{
"ip_prefix": "13.34.72.160/27",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "13.208.0.0/16",
"region": "ap-northeast-3",
"service": "AMAZON",
"network_border_group": "ap-northeast-3"
},
{
"ip_prefix": "15.193.7.0/24",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "15.230.39.108/31",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "15.230.70.0/26",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1"
},
{
"ip_prefix": "15.230.74.128/26",
"region": "ap-northeast-2",
"service": "AMAZON",
"network_border_group": "ap-northeast-2"
},
{
"ip_prefix": "15.230.76.0/26",
"region": "eu-south-1",
"service": "AMAZON",
"network_border_group": "eu-south-1"
},
{
"ip_prefix": "15.230.253.0/24",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1"
},
{
"ip_prefix": "43.224.79.96/31",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "52.46.191.64/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.50.136/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.50.166/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.96.0/24",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "52.93.122.203/32",
"region": "sa-east-1",
"service": "AMAZON",
"network_border_group": "sa-east-1"
},
{
"ip_prefix": "52.93.127.194/32",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "54.156.0.0/14",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "54.222.90.0/24",
"region": "cn-north-1",
"service": "AMAZON",
"network_border_group": "cn-north-1"
},
{
"ip_prefix": "54.236.0.0/15",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "99.150.8.0/21",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "150.222.234.18/31",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "150.222.234.98/31",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "3.5.40.0/22",
"region": "ap-southeast-4",
"service": "AMAZON",
"network_border_group": "ap-southeast-4"
},
{
"ip_prefix": "3.5.136.0/22",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "13.34.3.160/27",
"region": "ap-south-2",
"service": "AMAZON",
"network_border_group": "ap-south-2"
},
{
"ip_prefix": "15.181.160.0/20",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1-nyc-1"
},
{
"ip_prefix": "15.230.29.0/24",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "15.230.39.14/31",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "16.56.0.0/16",
"region": "eu-north-1",
"service": "AMAZON",
"network_border_group": "eu-north-1"
},
{
"ip_prefix": "18.191.0.0/16",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "43.224.79.56/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.144.210.0/26",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "98.131.0.0/16",
"region": "ap-south-2",
"service": "AMAZON",
"network_border_group": "ap-south-2"
},
{
"ip_prefix": "99.77.159.0/24",
"region": "eu-south-1",
"service": "AMAZON",
"network_border_group": "eu-south-1"
},
{
"ip_prefix": "99.83.97.0/24",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "150.222.232.88/32",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "13.34.21.128/27",
"region": "eu-south-1",
"service": "AMAZON",
"network_border_group": "eu-south-1"
},
{
"ip_prefix": "13.34.55.0/27",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "15.177.82.0/24",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "15.181.80.0/20",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1-atl-1"
},
{
"ip_prefix": "15.230.241.0/24",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "16.55.0.0/16",
"region": "ca-central-1",
"service": "AMAZON",
"network_border_group": "ca-central-1"
},
{
"ip_prefix": "47.128.0.0/14",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "52.46.191.60/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.46.191.156/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.127.112/32",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "52.93.178.134/32",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "52.93.240.160/31",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "52.144.211.196/31",
"region": "eu-west-2",
"service": "AMAZON",
"network_border_group": "eu-west-2"
},
{
"ip_prefix": "52.219.72.0/22",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "54.153.128.0/17",
"region": "ap-southeast-2",
"service": "AMAZON",
"network_border_group": "ap-southeast-2"
},
{
"ip_prefix": "54.222.58.0/28",
"region": "cn-north-1",
"service": "AMAZON",
"network_border_group": "cn-north-1"
},
{
"ip_prefix": "122.248.192.0/18",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "150.222.119.0/24",
"region": "ap-southeast-2",
"service": "AMAZON",
"network_border_group": "ap-southeast-2"
},
{
"ip_prefix": "13.34.19.64/27",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "13.34.22.160/27",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "13.34.39.64/27",
"region": "eu-central-2",
"service": "AMAZON",
"network_border_group": "eu-central-2"
},
{
"ip_prefix": "13.247.0.0/16",
"region": "af-south-1",
"service": "AMAZON",
"network_border_group": "af-south-1"
},
{
"ip_prefix": "15.230.39.34/31",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "15.230.218.0/24",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "18.192.0.0/15",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "35.71.114.0/24",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1"
},
{
"ip_prefix": "52.46.191.68/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.46.191.234/31",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "52.93.126.132/32",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "52.93.127.126/32",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1"
},
{
"ip_prefix": "52.93.133.177/32",
"region": "eu-south-1",
"service": "AMAZON",
"network_border_group": "eu-south-1"
},
{
"ip_prefix": "52.93.178.183/32",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "52.144.215.192/31",
"region": "eu-north-1",
"service": "AMAZON",
"network_border_group": "eu-north-1"
},
{
"ip_prefix": "52.219.68.0/22",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1"
},
{
"ip_prefix": "54.229.0.0/16",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "54.239.1.96/28",
"region": "eu-north-1",
"service": "AMAZON",
"network_border_group": "eu-north-1"
},
{
"ip_prefix": "54.239.102.234/31",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "104.255.59.103/32",
"region": "ap-southeast-3",
"service": "AMAZON",
"network_border_group": "ap-southeast-3"
},
{
"ip_prefix": "150.222.28.136/31",
"region": "sa-east-1",
"service": "AMAZON",
"network_border_group": "sa-east-1"
},
{
"ip_prefix": "3.2.34.128/26",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "13.34.59.96/27",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "13.34.67.224/27",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "13.34.74.64/27",
"region": "sa-east-1",
"service": "AMAZON",
"network_border_group": "sa-east-1"
},
{
"ip_prefix": "13.248.100.0/24",
"region": "eu-north-1",
"service": "AMAZON",
"network_border_group": "eu-north-1"
},
{
"ip_prefix": "15.230.130.0/24",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "15.230.183.0/24",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "18.160.0.0/15",
"region": "GLOBAL",
"service": "AMAZON",
"network_border_group": "GLOBAL"
},
{
"ip_prefix": "52.46.190.204/31",
"region": "us-west-2",
"service": "AMAZON",
"network_border_group": "us-west-2"
},
{
"ip_prefix": "52.93.5.0/24",
"region": "ca-central-1",
"service": "AMAZON",
"network_border_group": "ca-central-1"
},
{
"ip_prefix": "52.93.50.146/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.50.156/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.55.146/31",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "52.93.71.30/32",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.120.178/32",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "52.93.127.124/32",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.144.193.128/26",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "54.20.0.0/16",
"region": "sa-east-1",
"service": "AMAZON",
"network_border_group": "sa-east-1"
},
{
"ip_prefix": "54.250.0.0/16",
"region": "ap-northeast-1",
"service": "AMAZON",
"network_border_group": "ap-northeast-1"
},
{
"ip_prefix": "64.252.89.0/24",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "69.107.7.136/29",
"region": "me-south-1",
"service": "AMAZON",
"network_border_group": "me-south-1"
},
{
"ip_prefix": "76.223.168.0/24",
"region": "us-gov-west-1",
"service": "AMAZON",
"network_border_group": "us-gov-west-1"
},
{
"ip_prefix": "107.20.0.0/14",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "150.222.28.130/31",
"region": "sa-east-1",
"service": "AMAZON",
"network_border_group": "sa-east-1"
},
{
"ip_prefix": "150.222.28.140/31",
"region": "sa-east-1",
"service": "AMAZON",
"network_border_group": "sa-east-1"
},
{
"ip_prefix": "150.222.129.62/31",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "3.5.160.0/22",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "13.34.7.0/27",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "13.34.13.0/27",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "15.221.36.0/22",
"region": "ap-southeast-1",
"service": "AMAZON",
"network_border_group": "ap-southeast-1"
},
{
"ip_prefix": "15.230.40.0/24",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "46.51.192.0/20",
"region": "eu-west-1",
"service": "AMAZON",
"network_border_group": "eu-west-1"
},
{
"ip_prefix": "52.93.50.174/31",
"region": "us-east-1",
"service": "AMAZON",
"network_border_group": "us-east-1"
},
{
"ip_prefix": "52.93.115.0/24",
"region": "ap-south-2",
"service": "AMAZON",
"network_border_group": "ap-south-2"
},
{
"ip_prefix": "52.93.178.161/32",
"region": "us-west-1",
"service": "AMAZON",
"network_border_group": "us-west-1"
},
{
"ip_prefix": "52.93.193.200/32",
"region": "ca-central-1",
"service": "AMAZON",
"network_border_group": "ca-central-1"
},
{
"ip_prefix": "52.95.174.0/24",
"region": "me-south-1",
"service": "AMAZON",
"network_border_group": "me-south-1"
},
{
"ip_prefix": "99.77.149.0/24",
"region": "sa-east-1",
"service": "AMAZON",
"network_border_group": "sa-east-1"
},
{
"ip_prefix": "99.78.156.0/22",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "150.222.120.20/31",
"region": "eu-central-1",
"service": "AMAZON",
"network_border_group": "eu-central-1"
},
{
"ip_prefix": "150.222.220.0/24",
"region": "ap-south-1",
"service": "AMAZON",
"network_border_group": "ap-south-1"
},
{
"ip_prefix": "3.132.0.0/14",
"region": "us-east-2",
"service": "AMAZON",
"network_border_group": "us-east-2"
},
{
"ip_prefix": "13.34.3.224/27",
"region": "ap-south-2",
"service": "AMAZON",
"network_border_group": "ap-south-2"
},
{
"ip_prefix": "13.34.5.46/32",
"region": "eu-central-1",
"service": "AMAZO
gitextract_u53o_x4_/
├── .coveragerc
├── .flake8
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug_report.md
│ │ └── feature_request.md
│ ├── PULL_REQUEST_TEMPLATE.md
│ └── workflows/
│ ├── frontend-build.yml
│ └── testing.yml
├── .gitignore
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE
├── MANIFEST.in
├── README.md
├── ScoutSuite/
│ ├── __init__.py
│ ├── __main__.py
│ ├── core/
│ │ ├── __init__.py
│ │ ├── cli_parser.py
│ │ ├── conditions.py
│ │ ├── console.py
│ │ ├── exceptions.py
│ │ ├── fs.py
│ │ ├── processingengine.py
│ │ ├── rule.py
│ │ ├── rule_definition.py
│ │ ├── ruleset.py
│ │ ├── server.py
│ │ └── utils.py
│ ├── data/
│ │ ├── aws/
│ │ │ └── ip-ranges/
│ │ │ ├── aws-in-ec2.json
│ │ │ ├── aws-in-us.json
│ │ │ └── aws.json
│ │ ├── icmp_message_types.json
│ │ └── protocols.json
│ ├── output/
│ │ ├── __init__.py
│ │ ├── data/
│ │ │ ├── html/
│ │ │ │ ├── conditionals/
│ │ │ │ │ ├── json_format.html
│ │ │ │ │ └── sqlite_format.html
│ │ │ │ ├── partials/
│ │ │ │ │ ├── about_scoutsuite.html
│ │ │ │ │ ├── accordion.html
│ │ │ │ │ ├── accordion_policy.html
│ │ │ │ │ ├── aliyun/
│ │ │ │ │ │ ├── left_menu_for_aliyun_region.html
│ │ │ │ │ │ ├── services.actiontrail.trails.html
│ │ │ │ │ │ ├── services.ecs.regions.id.instances.html
│ │ │ │ │ │ ├── services.kms.regions.id.keys.html
│ │ │ │ │ │ ├── services.oss.buckets.html
│ │ │ │ │ │ ├── services.ram.groups.html
│ │ │ │ │ │ ├── services.ram.policies.html
│ │ │ │ │ │ ├── services.ram.roles.html
│ │ │ │ │ │ ├── services.ram.users.html
│ │ │ │ │ │ ├── services.rds.regions.id.instances.html
│ │ │ │ │ │ └── services.vpc.regions.id.vpcs.html
│ │ │ │ │ ├── aws/
│ │ │ │ │ │ ├── left_menu_for_region.html
│ │ │ │ │ │ ├── left_menu_for_vpc.html
│ │ │ │ │ │ ├── services.acm.regions.id.certificates.html
│ │ │ │ │ │ ├── services.awslambda.regions.id.functions.html
│ │ │ │ │ │ ├── services.cloudformation.regions.id.stacks.html
│ │ │ │ │ │ ├── services.cloudfront.distributions.html
│ │ │ │ │ │ ├── services.cloudtrail.regions.html
│ │ │ │ │ │ ├── services.cloudtrail.regions.id.trails.html
│ │ │ │ │ │ ├── services.cloudwatch.regions.id.alarms.html
│ │ │ │ │ │ ├── services.cloudwatch.regions.id.metric_filters.html
│ │ │ │ │ │ ├── services.config.regions.html
│ │ │ │ │ │ ├── services.config.regions.id.recorders.html
│ │ │ │ │ │ ├── services.config.regions.id.rules.html
│ │ │ │ │ │ ├── services.dynamodb.regions.id.tables.html
│ │ │ │ │ │ ├── services.ec2.regions.id.regional_settings.html
│ │ │ │ │ │ ├── services.ec2.regions.id.snapshots.html
│ │ │ │ │ │ ├── services.ec2.regions.id.volumes.html
│ │ │ │ │ │ ├── services.ec2.regions.id.vpcs.id.images.html
│ │ │ │ │ │ ├── services.ec2.regions.id.vpcs.id.instances.html
│ │ │ │ │ │ ├── services.ec2.regions.id.vpcs.id.security_groups.html
│ │ │ │ │ │ ├── services.ec2.regions.vpcs.security_groups.resource_list.html
│ │ │ │ │ │ ├── services.ec2.regions.vpcs.security_groups.rule_list.html
│ │ │ │ │ │ ├── services.elasticache.regions.id.parameter_groups.html
│ │ │ │ │ │ ├── services.elasticache.regions.id.security_groups.html
│ │ │ │ │ │ ├── services.elasticache.regions.id.subnet_groups.html
│ │ │ │ │ │ ├── services.elasticache.regions.id.vpcs.id.clusters.html
│ │ │ │ │ │ ├── services.elb.regions.id.elb_policies.html
│ │ │ │ │ │ ├── services.elb.regions.id.vpcs.id.elbs.html
│ │ │ │ │ │ ├── services.elb.regions.id.vpcs.id.elbs.linked_resources.html
│ │ │ │ │ │ ├── services.elb.regions.id.vpcs.id.elbs.listener.html
│ │ │ │ │ │ ├── services.elb.regions.id.vpcsid.elbs.linked_policy.html
│ │ │ │ │ │ ├── services.elbv2.regions.id.vpcs.id.elbs.html
│ │ │ │ │ │ ├── services.emr.regions.id.vpcs.id.clusters.html
│ │ │ │ │ │ ├── services.iam.credential_reports.html
│ │ │ │ │ │ ├── services.iam.groups.html
│ │ │ │ │ │ ├── services.iam.inline_policies.html
│ │ │ │ │ │ ├── services.iam.managed_policies.html
│ │ │ │ │ │ ├── services.iam.managed_policies_list.html
│ │ │ │ │ │ ├── services.iam.roles.html
│ │ │ │ │ │ ├── services.iam.users.html
│ │ │ │ │ │ ├── services.kms.regions.id.keys.html
│ │ │ │ │ │ ├── services.rds.regions.id.parameter_groups.html
│ │ │ │ │ │ ├── services.rds.regions.id.security_groups.html
│ │ │ │ │ │ ├── services.rds.regions.id.vpcs.id.instances.html
│ │ │ │ │ │ ├── services.rds.regions.id.vpcs.id.snapshots.html
│ │ │ │ │ │ ├── services.rds.regions.id.vpcs.id.subnet_groups.html
│ │ │ │ │ │ ├── services.redshift.regions.id.parameter_groups.html
│ │ │ │ │ │ ├── services.redshift.regions.id.vpcs.id.clusters.html
│ │ │ │ │ │ ├── services.redshift.regions.id.vpcs.id.security_groups.html
│ │ │ │ │ │ ├── services.redshift.regions.vpcs.cluster_nodes.html
│ │ │ │ │ │ ├── services.route53.regions.id.domains.html
│ │ │ │ │ │ ├── services.route53.regions.id.hosted_zones.html
│ │ │ │ │ │ ├── services.s3.acls.html
│ │ │ │ │ │ ├── services.s3.bucket_iam_policies.html
│ │ │ │ │ │ ├── services.s3.buckets.html
│ │ │ │ │ │ ├── services.s3.buckets.objects.html
│ │ │ │ │ │ ├── services.s3.public_access_block_configuration.html
│ │ │ │ │ │ ├── services.secretsmanager.regions.id.secrets.html
│ │ │ │ │ │ ├── services.ses.regions.id.identities.html
│ │ │ │ │ │ ├── services.sns.regions.id.topics.html
│ │ │ │ │ │ ├── services.sqs.regions.id.queues.html
│ │ │ │ │ │ ├── services.stackdriverlogging.sinks.html
│ │ │ │ │ │ ├── services.vpc.regions.id.flow_logs.html
│ │ │ │ │ │ ├── services.vpc.regions.id.peering_connections.html
│ │ │ │ │ │ ├── services.vpc.regions.id.vpcs.html
│ │ │ │ │ │ ├── services.vpc.regions.id.vpcs.id.network_acls.html
│ │ │ │ │ │ ├── services.vpc.regions.id.vpcs.id.peering_connections.html
│ │ │ │ │ │ └── services.vpc.regions.id.vpcs.id.subnets.html
│ │ │ │ │ ├── azure/
│ │ │ │ │ │ ├── details_for_subscription.html
│ │ │ │ │ │ ├── left_menu_for_subscription.html
│ │ │ │ │ │ ├── services.aad.applications.html
│ │ │ │ │ │ ├── services.aad.groups.html
│ │ │ │ │ │ ├── services.aad.policies.html
│ │ │ │ │ │ ├── services.aad.service_principals.html
│ │ │ │ │ │ ├── services.aad.users.html
│ │ │ │ │ │ ├── services.appservice.subscriptions.id.web_apps.html
│ │ │ │ │ │ ├── services.keyvault.subscriptions.id.vaults.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.diagnostic_settings.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.log_alerts.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.log_profiles.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.resources_logging.html
│ │ │ │ │ │ ├── services.mysqldatabase.subscriptions.id.servers.html
│ │ │ │ │ │ ├── services.network.subscriptions.id.application_security_groups.html
│ │ │ │ │ │ ├── services.network.subscriptions.id.network_interfaces.html
│ │ │ │ │ │ ├── services.network.subscriptions.id.security_groups.html
│ │ │ │ │ │ ├── services.network.subscriptions.id.virtual_networks.html
│ │ │ │ │ │ ├── services.network.subscriptions.id.virtual_networks.id.subnets.html
│ │ │ │ │ │ ├── services.network.subscriptions.id.watchers.html
│ │ │ │ │ │ ├── services.postgresqldatabase.subscriptions.id.servers.html
│ │ │ │ │ │ ├── services.rbac.subscriptions.id.custom_roles_report.html
│ │ │ │ │ │ ├── services.rbac.subscriptions.id.roles.html
│ │ │ │ │ │ ├── services.securitycenter.subscriptions.id.auto_provisioning_settings.html
│ │ │ │ │ │ ├── services.securitycenter.subscriptions.id.compliance_results.html
│ │ │ │ │ │ ├── services.securitycenter.subscriptions.id.pricings.html
│ │ │ │ │ │ ├── services.securitycenter.subscriptions.id.regulatory_compliance_results.html
│ │ │ │ │ │ ├── services.securitycenter.subscriptions.id.security_contacts.html
│ │ │ │ │ │ ├── services.securitycenter.subscriptions.id.settings.html
│ │ │ │ │ │ ├── services.sqldatabase.subscriptions.id.servers.html
│ │ │ │ │ │ ├── services.storageaccounts.subscriptions.id.storage_accounts.html
│ │ │ │ │ │ ├── services.virtualmachines.subscriptions.id.disks.html
│ │ │ │ │ │ ├── services.virtualmachines.subscriptions.id.images.html
│ │ │ │ │ │ ├── services.virtualmachines.subscriptions.id.instances.html
│ │ │ │ │ │ └── services.virtualmachines.subscriptions.id.snapshots.html
│ │ │ │ │ ├── count_badge.html
│ │ │ │ │ ├── dashboard.html
│ │ │ │ │ ├── details.html
│ │ │ │ │ ├── details_for_region.html
│ │ │ │ │ ├── details_for_vpc.html
│ │ │ │ │ ├── do/
│ │ │ │ │ │ ├── services.database.databases.html
│ │ │ │ │ │ ├── services.droplet.droplets.html
│ │ │ │ │ │ ├── services.kubernetes.cluster.html
│ │ │ │ │ │ ├── services.networking.domains.html
│ │ │ │ │ │ ├── services.networking.firewalls.html
│ │ │ │ │ │ ├── services.networking.load_balancers.html
│ │ │ │ │ │ └── services.spaces.buckets.html
│ │ │ │ │ ├── ec2_grants.html
│ │ │ │ │ ├── filters.html
│ │ │ │ │ ├── gcp/
│ │ │ │ │ │ ├── details_for_gcp_region.html
│ │ │ │ │ │ ├── details_for_gcp_zone.html
│ │ │ │ │ │ ├── details_for_project.html
│ │ │ │ │ │ ├── left_menu_for_gcp_region.html
│ │ │ │ │ │ ├── left_menu_for_gcp_zone.html
│ │ │ │ │ │ ├── left_menu_for_project.html
│ │ │ │ │ │ ├── services.bigquery.projects.id.datasets.html
│ │ │ │ │ │ ├── services.cloudmemorystore.projects.id.redis_instances.html
│ │ │ │ │ │ ├── services.cloudsql.projects.id.instances.html
│ │ │ │ │ │ ├── services.cloudstorage.projects.id.buckets.html
│ │ │ │ │ │ ├── services.computeengine.projects.id.firewalls.html
│ │ │ │ │ │ ├── services.computeengine.projects.id.global_forwarding_rules.html
│ │ │ │ │ │ ├── services.computeengine.projects.id.networks.html
│ │ │ │ │ │ ├── services.computeengine.projects.id.regions.id.forwarding_rules.html
│ │ │ │ │ │ ├── services.computeengine.projects.id.regions.id.subnetworks.html
│ │ │ │ │ │ ├── services.computeengine.projects.id.snapshots.html
│ │ │ │ │ │ ├── services.computeengine.projects.id.zones.id.instances.html
│ │ │ │ │ │ ├── services.dns.projects.id.managed_zones.html
│ │ │ │ │ │ ├── services.functions.projects.id.functions_v1.html
│ │ │ │ │ │ ├── services.functions.projects.id.functions_v2.html
│ │ │ │ │ │ ├── services.iam.projects.id.bindings.html
│ │ │ │ │ │ ├── services.iam.projects.id.bindings_separation_duties.html
│ │ │ │ │ │ ├── services.iam.projects.id.domains.html
│ │ │ │ │ │ ├── services.iam.projects.id.groups.html
│ │ │ │ │ │ ├── services.iam.projects.id.service_accounts.html
│ │ │ │ │ │ ├── services.iam.projects.id.users.html
│ │ │ │ │ │ ├── services.kms.projects.id.keyrings.html
│ │ │ │ │ │ ├── services.kubernetesengine.clusters.html
│ │ │ │ │ │ ├── services.stackdriverlogging.projects.id.logging_metrics.html
│ │ │ │ │ │ ├── services.stackdriverlogging.projects.id.metrics.html
│ │ │ │ │ │ ├── services.stackdriverlogging.projects.id.sinks.html
│ │ │ │ │ │ ├── services.stackdrivermonitoring.projects.id.alert_policies.html
│ │ │ │ │ │ ├── services.stackdrivermonitoring.projects.id.monitoring_alert_policies.html
│ │ │ │ │ │ └── services.stackdrivermonitoring.projects.id.uptime_checks.html
│ │ │ │ │ ├── generic_object.html
│ │ │ │ │ ├── ip_grants.html
│ │ │ │ │ ├── kubernetes/
│ │ │ │ │ │ ├── details_for_kubernetes_resource.html
│ │ │ │ │ │ ├── details_for_project.html
│ │ │ │ │ │ ├── details_for_subscription.html
│ │ │ │ │ │ ├── kubernetes_code.html
│ │ │ │ │ │ ├── kubernetes_container_security_context.html
│ │ │ │ │ │ ├── kubernetes_data.html
│ │ │ │ │ │ ├── kubernetes_object.html
│ │ │ │ │ │ ├── kubernetes_pod_security_context.html
│ │ │ │ │ │ ├── kubernetes_resource_containers.html
│ │ │ │ │ │ ├── kubernetes_resource_host.html
│ │ │ │ │ │ ├── kubernetes_resource_limits.html
│ │ │ │ │ │ ├── left_menu_for_kubernetes_resource.html
│ │ │ │ │ │ ├── left_menu_for_project.html
│ │ │ │ │ │ ├── left_menu_for_subscription.html
│ │ │ │ │ │ ├── services.eks.encryption.html
│ │ │ │ │ │ ├── services.eks.logging.html
│ │ │ │ │ │ ├── services.kubernetesengine.clusters.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.diagnostic_settings.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.log_alerts.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.log_profiles.html
│ │ │ │ │ │ ├── services.loggingmonitoring.subscriptions.id.resources_logging.html
│ │ │ │ │ │ ├── services.version.details.html
│ │ │ │ │ │ └── utils.html
│ │ │ │ │ ├── last_run_details.html
│ │ │ │ │ ├── left_menu.html
│ │ │ │ │ ├── metadata.html
│ │ │ │ │ ├── modal.html
│ │ │ │ │ ├── network_interface.html
│ │ │ │ │ ├── oci/
│ │ │ │ │ │ ├── services.identity.groups.html
│ │ │ │ │ │ ├── services.identity.policies.html
│ │ │ │ │ │ ├── services.identity.users.html
│ │ │ │ │ │ ├── services.kms.keyvaults.html
│ │ │ │ │ │ └── services.objectstorage.buckets.html
│ │ │ │ │ ├── policy.html
│ │ │ │ │ ├── report_footer.html
│ │ │ │ │ ├── resource_link.html
│ │ │ │ │ ├── resources_details.html
│ │ │ │ │ └── singles.html
│ │ │ │ ├── report.html
│ │ │ │ └── summaries/
│ │ │ │ ├── aliyun/
│ │ │ │ │ ├── services.ram.password_policy.html
│ │ │ │ │ └── services.ram.security_policy.html
│ │ │ │ ├── attack_surface.html
│ │ │ │ ├── aws/
│ │ │ │ │ ├── services.ec2.external_attack_surface.html
│ │ │ │ │ ├── services.elb.external_attack_surface.html
│ │ │ │ │ ├── services.elbv2.external_attack_surface.html
│ │ │ │ │ ├── services.iam.password_policy.html
│ │ │ │ │ ├── services.iam.permissions.html
│ │ │ │ │ ├── services.rds.external_attack_surface.html
│ │ │ │ │ └── services.redshift.external_attack_surface.html
│ │ │ │ ├── azure/
│ │ │ │ │ └── .keep
│ │ │ │ ├── do/
│ │ │ │ │ └── .gitkeep
│ │ │ │ ├── gcp/
│ │ │ │ │ └── .keep
│ │ │ │ ├── kubernetes/
│ │ │ │ │ ├── services.kubernetes_workload.images.html
│ │ │ │ │ ├── services.rbac.dangerous_grants.html
│ │ │ │ │ ├── services.rbac.dodgy_subjects.html
│ │ │ │ │ └── services.rbac.permissive_bindings.html
│ │ │ │ ├── oci/
│ │ │ │ │ └── services.identity.password_policy.html
│ │ │ │ ├── service_groups.compute.summaries.external_attack_surface.html
│ │ │ │ └── service_groups.database.summaries.external_attack_surface.html
│ │ │ ├── inc-scoutsuite/
│ │ │ │ ├── css/
│ │ │ │ │ ├── modal.css
│ │ │ │ │ ├── scoutsuite-dark.css
│ │ │ │ │ ├── scoutsuite-light.css
│ │ │ │ │ └── scoutsuite.css
│ │ │ │ ├── helpers.js
│ │ │ │ ├── pagination.js
│ │ │ │ ├── provider.js
│ │ │ │ ├── scoutsuite.js
│ │ │ │ ├── sqlite.js
│ │ │ │ └── theme.js
│ │ │ └── listall-configs/
│ │ │ └── ec2.regions.id.vpcs.id.security_groups.id.json
│ │ ├── html.py
│ │ ├── result_encoder.py
│ │ └── utils.py
│ ├── providers/
│ │ ├── __init__.py
│ │ ├── aliyun/
│ │ │ ├── __init__.py
│ │ │ ├── authentication_strategy.py
│ │ │ ├── facade/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── actiontrail.py
│ │ │ │ ├── base.py
│ │ │ │ ├── ecs.py
│ │ │ │ ├── kms.py
│ │ │ │ ├── oss.py
│ │ │ │ ├── ram.py
│ │ │ │ ├── rds.py
│ │ │ │ ├── utils.py
│ │ │ │ └── vpc.py
│ │ │ ├── metadata.json
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── actiontrail/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── trails.py
│ │ │ │ ├── base.py
│ │ │ │ ├── ecs/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── instances.py
│ │ │ │ ├── kms/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── keys.py
│ │ │ │ ├── oss/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── buckets.py
│ │ │ │ ├── ram/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── api_keys.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── groups.py
│ │ │ │ │ ├── password_policy.py
│ │ │ │ │ ├── policies.py
│ │ │ │ │ ├── roles.py
│ │ │ │ │ ├── security_policy.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── rds/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── instances.py
│ │ │ │ ├── regions.py
│ │ │ │ └── vpc/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ └── vpcs.py
│ │ │ ├── rules/
│ │ │ │ ├── findings/
│ │ │ │ │ ├── actiontrail-not-configured.json
│ │ │ │ │ ├── actiontrail-not-enabled.json
│ │ │ │ │ ├── ecs-instance-with-deletion-protection-disabled.json
│ │ │ │ │ ├── ecs-instance-with-public-ip.json
│ │ │ │ │ ├── kms-no-key-rotation.json
│ │ │ │ │ ├── ram-password-policy-expiration-threshold.json
│ │ │ │ │ ├── ram-password-policy-minimum-length.json
│ │ │ │ │ ├── ram-password-policy-no-expiration.json
│ │ │ │ │ ├── ram-password-policy-no-lowercase-required.json
│ │ │ │ │ ├── ram-password-policy-no-number-required.json
│ │ │ │ │ ├── ram-password-policy-no-symbol-required.json
│ │ │ │ │ ├── ram-password-policy-no-uppercase-required.json
│ │ │ │ │ ├── ram-password-policy-reuse-enabled.json
│ │ │ │ │ ├── ram-user-lacking-mfa.json
│ │ │ │ │ ├── ram-user-unused-api-key.json
│ │ │ │ │ ├── ram-user-unused-console-password.json
│ │ │ │ │ ├── ram-user-with-multiple-api-keys.json
│ │ │ │ │ └── ram-user-with-old-api-key.json
│ │ │ │ └── rulesets/
│ │ │ │ ├── default.json
│ │ │ │ └── filters.json
│ │ │ ├── services.py
│ │ │ └── utils.py
│ │ ├── aws/
│ │ │ ├── __init__.py
│ │ │ ├── authentication_strategy.py
│ │ │ ├── facade/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── acm.py
│ │ │ │ ├── awslambda.py
│ │ │ │ ├── base.py
│ │ │ │ ├── basefacade.py
│ │ │ │ ├── cloudformation.py
│ │ │ │ ├── cloudfront.py
│ │ │ │ ├── cloudtrail.py
│ │ │ │ ├── cloudwatch.py
│ │ │ │ ├── codebuild.py
│ │ │ │ ├── config.py
│ │ │ │ ├── directconnect.py
│ │ │ │ ├── dynamodb.py
│ │ │ │ ├── ec2.py
│ │ │ │ ├── efs.py
│ │ │ │ ├── elasticache.py
│ │ │ │ ├── elb.py
│ │ │ │ ├── elbv2.py
│ │ │ │ ├── emr.py
│ │ │ │ ├── iam.py
│ │ │ │ ├── kms.py
│ │ │ │ ├── rds.py
│ │ │ │ ├── redshift.py
│ │ │ │ ├── route53.py
│ │ │ │ ├── s3.py
│ │ │ │ ├── secretsmanager.py
│ │ │ │ ├── ses.py
│ │ │ │ ├── sns.py
│ │ │ │ ├── sqs.py
│ │ │ │ └── utils.py
│ │ │ ├── metadata.json
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── acm/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── certificates.py
│ │ │ │ ├── awslambda/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── functions.py
│ │ │ │ ├── base.py
│ │ │ │ ├── cloudformation/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── stacks.py
│ │ │ │ ├── cloudfront/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── distributions.py
│ │ │ │ ├── cloudtrail/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── trails.py
│ │ │ │ ├── cloudwatch/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── alarms.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── metric_filters.py
│ │ │ │ ├── codebuild/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── build_projects.py
│ │ │ │ ├── config/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── recorders.py
│ │ │ │ │ └── rules.py
│ │ │ │ ├── directconnect/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── connections.py
│ │ │ │ ├── dynamodb/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── tables.py
│ │ │ │ ├── ec2/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── ami.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── instances.py
│ │ │ │ │ ├── networkinterfaces.py
│ │ │ │ │ ├── regional_settings.py
│ │ │ │ │ ├── securitygroups.py
│ │ │ │ │ ├── snapshots.py
│ │ │ │ │ ├── volumes.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ ├── efs/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── filesystems.py
│ │ │ │ ├── elasticache/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── cluster.py
│ │ │ │ │ ├── parametergroups.py
│ │ │ │ │ ├── securitygroups.py
│ │ │ │ │ ├── subnetgroups.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ ├── elb/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── load_balancers.py
│ │ │ │ │ ├── policies.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ ├── elbv2/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── listeners.py
│ │ │ │ │ ├── load_balancers.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ ├── emr/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── clusters.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ ├── iam/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── credentialreports.py
│ │ │ │ │ ├── groups.py
│ │ │ │ │ ├── passwordpolicy.py
│ │ │ │ │ ├── policies.py
│ │ │ │ │ ├── roles.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── kms/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── grants.py
│ │ │ │ │ └── keys.py
│ │ │ │ ├── rds/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── instances.py
│ │ │ │ │ ├── parametergroups.py
│ │ │ │ │ ├── securitygroups.py
│ │ │ │ │ ├── snapshots.py
│ │ │ │ │ ├── subnetgroups.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ ├── redshift/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── cluster_parameter_groups.py
│ │ │ │ │ ├── cluster_parameters.py
│ │ │ │ │ ├── cluster_security_groups.py
│ │ │ │ │ ├── clusters.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ ├── regions.py
│ │ │ │ ├── route53/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── domains.py
│ │ │ │ │ └── hosted_zones.py
│ │ │ │ ├── s3/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── buckets.py
│ │ │ │ ├── secretsmanager/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── secrets.py
│ │ │ │ ├── ses/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── identities.py
│ │ │ │ │ └── identity_policies.py
│ │ │ │ ├── sns/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── subscriptions.py
│ │ │ │ │ └── topics.py
│ │ │ │ ├── sqs/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── queues.py
│ │ │ │ ├── vpc/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── flow_logs.py
│ │ │ │ │ ├── network_acls.py
│ │ │ │ │ ├── peering_connections.py
│ │ │ │ │ ├── subnets.py
│ │ │ │ │ └── vpcs.py
│ │ │ │ └── vpcs.py
│ │ │ ├── rules/
│ │ │ │ ├── conditions/
│ │ │ │ │ ├── cidr-is-all.json
│ │ │ │ │ ├── ec2-security-group-in-use.json
│ │ │ │ │ ├── ec2-security-group-not-used.json
│ │ │ │ │ ├── instance-with-open-nacls.json
│ │ │ │ │ ├── instance-with-public-ip.json
│ │ │ │ │ ├── ip-not-in-private-space.json
│ │ │ │ │ ├── policy-statement-any-principal.json
│ │ │ │ │ ├── policy-statement-any-resource.json
│ │ │ │ │ ├── policy-statement-poor-condition.json
│ │ │ │ │ └── security-group-opens-all-ports.json
│ │ │ │ ├── filters/
│ │ │ │ │ ├── ec2-instance-with-open-nacls.json
│ │ │ │ │ ├── ec2-security-group-with-public-cidr-grant.json
│ │ │ │ │ ├── iam-role-for-aws-account.json
│ │ │ │ │ ├── iam-role-for-service.json
│ │ │ │ │ └── s3-bucket-website-enabled.json
│ │ │ │ ├── findings/
│ │ │ │ │ ├── acm-certificate-with-close-expiration-date.json
│ │ │ │ │ ├── acm-certificate-with-transparency-logging-disabled.json
│ │ │ │ │ ├── cloudformation-stack-with-role.json
│ │ │ │ │ ├── cloudfront-distribution-cleartext-origin.json
│ │ │ │ │ ├── cloudfront-distribution-insecure-origin.json
│ │ │ │ │ ├── cloudfront-distribution-insufficient-viewer-security.json
│ │ │ │ │ ├── cloudtrail-duplicated-global-services-logging.json
│ │ │ │ │ ├── cloudtrail-no-cloudwatch-integration.json
│ │ │ │ │ ├── cloudtrail-no-data-logging.json
│ │ │ │ │ ├── cloudtrail-no-encryption-with-kms.json
│ │ │ │ │ ├── cloudtrail-no-global-services-logging.json
│ │ │ │ │ ├── cloudtrail-no-log-file-validation.json
│ │ │ │ │ ├── cloudtrail-no-logging.json
│ │ │ │ │ ├── cloudtrail-not-configured.json
│ │ │ │ │ ├── cloudtrail-partial-data-logging.json
│ │ │ │ │ ├── cloudwatch-alarm-without-actions.json
│ │ │ │ │ ├── config-recorder-not-configured.json
│ │ │ │ │ ├── ec2-ami-public.json
│ │ │ │ │ ├── ec2-default-security-group-in-use.json
│ │ │ │ │ ├── ec2-default-security-group-with-rules.json
│ │ │ │ │ ├── ec2-ebs-default-encryption-disabled.json
│ │ │ │ │ ├── ec2-ebs-snapshot-not-encrypted.json
│ │ │ │ │ ├── ec2-ebs-snapshot-public.json
│ │ │ │ │ ├── ec2-ebs-volume-not-encrypted.json
│ │ │ │ │ ├── ec2-instance-in-security-group.json
│ │ │ │ │ ├── ec2-instance-type.json
│ │ │ │ │ ├── ec2-instance-types.json
│ │ │ │ │ ├── ec2-instance-with-public-ip.json
│ │ │ │ │ ├── ec2-instance-with-user-data-secrets.json
│ │ │ │ │ ├── ec2-security-group-opens-all-ports-to-all.json
│ │ │ │ │ ├── ec2-security-group-opens-all-ports-to-self.json
│ │ │ │ │ ├── ec2-security-group-opens-all-ports.json
│ │ │ │ │ ├── ec2-security-group-opens-icmp-to-all.json
│ │ │ │ │ ├── ec2-security-group-opens-known-port-to-all.json
│ │ │ │ │ ├── ec2-security-group-opens-plaintext-port.json
│ │ │ │ │ ├── ec2-security-group-opens-port-range.json
│ │ │ │ │ ├── ec2-security-group-opens-port-to-all.json
│ │ │ │ │ ├── ec2-security-group-whitelists-aws-ip-from-banned-region.json
│ │ │ │ │ ├── ec2-security-group-whitelists-aws.json
│ │ │ │ │ ├── ec2-security-group-whitelists-non-elastic-ips.json
│ │ │ │ │ ├── ec2-security-group-whitelists-unknown-aws.json
│ │ │ │ │ ├── ec2-security-group-whitelists-unknown-cidrs.json
│ │ │ │ │ ├── ec2-unused-security-group.json
│ │ │ │ │ ├── elb-listener-allowing-cleartext.json
│ │ │ │ │ ├── elb-no-access-logs.json
│ │ │ │ │ ├── elb-older-ssl-policy.json
│ │ │ │ │ ├── elbv2-http-request-smuggling.json
│ │ │ │ │ ├── elbv2-listener-allowing-cleartext.json
│ │ │ │ │ ├── elbv2-no-access-logs.json
│ │ │ │ │ ├── elbv2-no-deletion-protection.json
│ │ │ │ │ ├── elbv2-older-ssl-policy.json
│ │ │ │ │ ├── iam-assume-role-lacks-external-id-and-mfa.json
│ │ │ │ │ ├── iam-assume-role-no-mfa.json
│ │ │ │ │ ├── iam-assume-role-policy-allows-all.json
│ │ │ │ │ ├── iam-ec2-role-without-instances.json
│ │ │ │ │ ├── iam-group-with-inline-policies.json
│ │ │ │ │ ├── iam-group-with-no-users.json
│ │ │ │ │ ├── iam-human-user-with-policies.json
│ │ │ │ │ ├── iam-inline-policy-allows-NotActions.json
│ │ │ │ │ ├── iam-inline-policy-allows-non-sts-action.json
│ │ │ │ │ ├── iam-inline-policy-for-role.json
│ │ │ │ │ ├── iam-lightspin-user-action-denied-for-group.json
│ │ │ │ │ ├── iam-managed-policy-allows-NotActions.json
│ │ │ │ │ ├── iam-managed-policy-allows-full-privileges.json
│ │ │ │ │ ├── iam-managed-policy-allows-non-sts-action.json
│ │ │ │ │ ├── iam-managed-policy-for-role.json
│ │ │ │ │ ├── iam-managed-policy-no-attachments.json
│ │ │ │ │ ├── iam-no-support-role.json
│ │ │ │ │ ├── iam-password-policy-expiration-threshold.json
│ │ │ │ │ ├── iam-password-policy-minimum-length.json
│ │ │ │ │ ├── iam-password-policy-no-expiration.json
│ │ │ │ │ ├── iam-password-policy-no-lowercase-required.json
│ │ │ │ │ ├── iam-password-policy-no-number-required.json
│ │ │ │ │ ├── iam-password-policy-no-symbol-required.json
│ │ │ │ │ ├── iam-password-policy-no-uppercase-required.json
│ │ │ │ │ ├── iam-password-policy-reuse-enabled.json
│ │ │ │ │ ├── iam-role-with-inline-policies.json
│ │ │ │ │ ├── iam-root-account-no-hardware-mfa.json
│ │ │ │ │ ├── iam-root-account-no-mfa.json
│ │ │ │ │ ├── iam-root-account-used-recently.json
│ │ │ │ │ ├── iam-root-account-with-active-certs.json
│ │ │ │ │ ├── iam-root-account-with-active-keys.json
│ │ │ │ │ ├── iam-service-user-with-password.json
│ │ │ │ │ ├── iam-unused-credentials-not-disabled.json
│ │ │ │ │ ├── iam-user-no-key-rotation.json
│ │ │ │ │ ├── iam-user-not-in-category-group.json
│ │ │ │ │ ├── iam-user-not-in-common-group.json
│ │ │ │ │ ├── iam-user-unused-access-key-initial-setup.json
│ │ │ │ │ ├── iam-user-with-multiple-access-keys.json
│ │ │ │ │ ├── iam-user-with-password-and-key.json
│ │ │ │ │ ├── iam-user-with-policies.json
│ │ │ │ │ ├── iam-user-without-mfa.json
│ │ │ │ │ ├── kms-cmk-rotation-disabled.json
│ │ │ │ │ ├── logs-no-alarm-aws-configuration-changes.json
│ │ │ │ │ ├── logs-no-alarm-cloudtrail-configuration-changes.json
│ │ │ │ │ ├── logs-no-alarm-cmk-deletion.json
│ │ │ │ │ ├── logs-no-alarm-console-authentication-failures.json
│ │ │ │ │ ├── logs-no-alarm-iam-policy-changes.json
│ │ │ │ │ ├── logs-no-alarm-nacl-changes.json
│ │ │ │ │ ├── logs-no-alarm-network-gateways-changes.json
│ │ │ │ │ ├── logs-no-alarm-root-usage.json
│ │ │ │ │ ├── logs-no-alarm-route-table-changes.json
│ │ │ │ │ ├── logs-no-alarm-s3-policy-changes.json
│ │ │ │ │ ├── logs-no-alarm-security-group-changes.json
│ │ │ │ │ ├── logs-no-alarm-signin-without-mfa.json
│ │ │ │ │ ├── logs-no-alarm-unauthorized-api-calls.json
│ │ │ │ │ ├── logs-no-alarm-vpc-changes.json
│ │ │ │ │ ├── rds-instance-backup-disabled.json
│ │ │ │ │ ├── rds-instance-ca-certificate-deprecated.json
│ │ │ │ │ ├── rds-instance-no-minor-upgrade.json
│ │ │ │ │ ├── rds-instance-publicly-accessible.json
│ │ │ │ │ ├── rds-instance-short-backup-retention-period.json
│ │ │ │ │ ├── rds-instance-single-az.json
│ │ │ │ │ ├── rds-instance-storage-not-encrypted.json
│ │ │ │ │ ├── rds-postgres-instance-with-invalid-certificate.json
│ │ │ │ │ ├── rds-security-group-allows-all.json
│ │ │ │ │ ├── rds-snapshot-public.json
│ │ │ │ │ ├── redshift-cluster-database-not-encrypted.json
│ │ │ │ │ ├── redshift-cluster-no-version-upgrade.json
│ │ │ │ │ ├── redshift-cluster-publicly-accessible.json
│ │ │ │ │ ├── redshift-parameter-group-logging-disabled.json
│ │ │ │ │ ├── redshift-parameter-group-ssl-not-required.json
│ │ │ │ │ ├── redshift-security-group-whitelists-all.json
│ │ │ │ │ ├── route53-domain-no-autorenew.json
│ │ │ │ │ ├── route53-domain-no-transferlock.json
│ │ │ │ │ ├── route53-domain-transferlock-not-authorized.json
│ │ │ │ │ ├── s3-bucket-allowing-cleartext.json
│ │ │ │ │ ├── s3-bucket-no-default-encryption.json
│ │ │ │ │ ├── s3-bucket-no-logging.json
│ │ │ │ │ ├── s3-bucket-no-mfa-delete.json
│ │ │ │ │ ├── s3-bucket-no-versioning.json
│ │ │ │ │ ├── s3-bucket-world-acl.json
│ │ │ │ │ ├── s3-bucket-world-policy-arg.json
│ │ │ │ │ ├── s3-bucket-world-policy-star.json
│ │ │ │ │ ├── ses-identity-dkim-not-enabled.json
│ │ │ │ │ ├── ses-identity-dkim-not-verified.json
│ │ │ │ │ ├── ses-identity-world-policy.json
│ │ │ │ │ ├── sns-topic-world-policy.json
│ │ │ │ │ ├── sqs-queue-server-side-encryption-disabled.json
│ │ │ │ │ ├── sqs-queue-world-policy.json
│ │ │ │ │ ├── vpc-custom-network-acls-allow-all.json
│ │ │ │ │ ├── vpc-default-network-acls-allow-all.json
│ │ │ │ │ ├── vpc-network-acl-not-used.json
│ │ │ │ │ ├── vpc-routing-tables-with-peering.json
│ │ │ │ │ ├── vpc-subnet-with-bad-acls.json
│ │ │ │ │ ├── vpc-subnet-with-default-acls.json
│ │ │ │ │ └── vpc-subnet-without-flow-log.json
│ │ │ │ └── rulesets/
│ │ │ │ ├── cis-1.2.0.json
│ │ │ │ ├── default.json
│ │ │ │ ├── detailed.json
│ │ │ │ └── filters.json
│ │ │ ├── services.py
│ │ │ └── utils.py
│ │ ├── azure/
│ │ │ ├── __init__.py
│ │ │ ├── authentication_strategy.py
│ │ │ ├── facade/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── aad.py
│ │ │ │ ├── appservice.py
│ │ │ │ ├── base.py
│ │ │ │ ├── keyvault.py
│ │ │ │ ├── loggingmonitoring.py
│ │ │ │ ├── mysqldatabase.py
│ │ │ │ ├── network.py
│ │ │ │ ├── postgresqldatabse.py
│ │ │ │ ├── rbac.py
│ │ │ │ ├── resourcemanagement.py
│ │ │ │ ├── securitycenter.py
│ │ │ │ ├── sqldatabase.py
│ │ │ │ ├── storageaccounts.py
│ │ │ │ └── virtualmachines.py
│ │ │ ├── metadata.json
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── aad/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── applications.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── groups.py
│ │ │ │ │ ├── policies.py
│ │ │ │ │ ├── serviceprincipals.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── appservice/
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── web_apps.py
│ │ │ │ ├── base.py
│ │ │ │ ├── keyvault/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── vaults.py
│ │ │ │ ├── loggingmonitoring/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── activity_log_alerts.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── diagnostic_resource_key_vault.py
│ │ │ │ │ ├── diagnostic_settings.py
│ │ │ │ │ ├── log_profiles.py
│ │ │ │ │ └── resources.py
│ │ │ │ ├── mysqldatabase/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── mysql_servers.py
│ │ │ │ ├── network/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── application_security_groups.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── network_interfaces.py
│ │ │ │ │ ├── security_groups.py
│ │ │ │ │ ├── virtual_networks.py
│ │ │ │ │ └── watchers.py
│ │ │ │ ├── postgresqldatabase/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── configuration_connection_throttling.py
│ │ │ │ │ ├── configuration_log_checkpoints.py
│ │ │ │ │ ├── configuration_log_connections.py
│ │ │ │ │ ├── configuration_log_disconnections.py
│ │ │ │ │ ├── configuration_log_duration.py
│ │ │ │ │ ├── configuration_log_retention_days.py
│ │ │ │ │ ├── posgresql_firewall_rules.py
│ │ │ │ │ └── postgresql_servers.py
│ │ │ │ ├── rbac/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── custom_roles_report.py
│ │ │ │ │ ├── role_assignments.py
│ │ │ │ │ └── roles.py
│ │ │ │ ├── securitycenter/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── alerts.py
│ │ │ │ │ ├── auto_provisioning_settings.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── compliance_results.py
│ │ │ │ │ ├── information_protection_policies.py
│ │ │ │ │ ├── pricings.py
│ │ │ │ │ ├── regulatory_compliance_results.py
│ │ │ │ │ ├── security_contacts.py
│ │ │ │ │ └── settings.py
│ │ │ │ ├── sqldatabase/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── database_blob_auditing_policies.py
│ │ │ │ │ ├── database_threat_detection_policies.py
│ │ │ │ │ ├── databases.py
│ │ │ │ │ ├── firewall_rules.py
│ │ │ │ │ ├── replication_links.py
│ │ │ │ │ ├── server_azure_ad_administrators.py
│ │ │ │ │ ├── server_blob_auditing_policies.py
│ │ │ │ │ ├── server_encryption_protectors.py
│ │ │ │ │ ├── server_security_alert_policies.py
│ │ │ │ │ ├── server_vulnerability_assessments.py
│ │ │ │ │ ├── servers.py
│ │ │ │ │ └── transparent_data_encryptions.py
│ │ │ │ ├── storageaccounts/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── blob_containers.py
│ │ │ │ │ ├── blob_services.py
│ │ │ │ │ ├── queues.py
│ │ │ │ │ └── storage_accounts.py
│ │ │ │ ├── subscriptions.py
│ │ │ │ └── virtualmachines/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── disks.py
│ │ │ │ ├── images.py
│ │ │ │ ├── instances.py
│ │ │ │ └── snapshots.py
│ │ │ ├── rules/
│ │ │ │ ├── conditions/
│ │ │ │ │ ├── allow-tcp.json
│ │ │ │ │ ├── allow-udp.json
│ │ │ │ │ └── exposed-to-the-internet.json
│ │ │ │ ├── findings/
│ │ │ │ │ ├── aad-guest-users.json
│ │ │ │ │ ├── aad-users-create-security-groups-disabled.json
│ │ │ │ │ ├── appservice-authentication-disabled.json
│ │ │ │ │ ├── appservice-client-certificates-disabled.json
│ │ │ │ │ ├── appservice-ftp-deployment-enabled.json
│ │ │ │ │ ├── appservice-http-2-disabled.json
│ │ │ │ │ ├── appservice-http-allowed.json
│ │ │ │ │ ├── appservice-managed-service-identities-disabled.json
│ │ │ │ │ ├── appservice-outdated-version-dotnet.json
│ │ │ │ │ ├── appservice-outdated-version-java.json
│ │ │ │ │ ├── appservice-outdated-version-php.json
│ │ │ │ │ ├── appservice-outdated-version-python.json
│ │ │ │ │ ├── appservice-tls-v1-supported.json
│ │ │ │ │ ├── appservice-webapp-using-outdated-progamming-language-version.json
│ │ │ │ │ ├── keyvault-not-recoverable.json
│ │ │ │ │ ├── keyvault-public-traffic-allowed.json
│ │ │ │ │ ├── keyvault-rbac-authorization-disabled.json
│ │ │ │ │ ├── logging-monitoring-diagnostic-setting-does-not-exist.json
│ │ │ │ │ ├── logging-monitoring-log-alert-not-exist-create-policy-assignment.json
│ │ │ │ │ ├── logging-monitoring-log-alert-not-exist-nsg.json
│ │ │ │ │ ├── logging-monitoring-log-alert-not-exist-security-solution.json
│ │ │ │ │ ├── logging-monitoring-logging-key-vault-disabled.json
│ │ │ │ │ ├── logging-monitoring-profile-does-not-capture-all-activities.json
│ │ │ │ │ ├── mysql-database-servers-ssl-enforcement-disabled.json
│ │ │ │ │ ├── network-security-groups-rule-inbound-internet-all.json
│ │ │ │ │ ├── network-security-groups-rule-inbound-service-mssql.json
│ │ │ │ │ ├── network-security-groups-rule-inbound-service-udp.json
│ │ │ │ │ ├── network-security-groups-rule-inbound-service.json
│ │ │ │ │ ├── network-watcher-not-enabled.json
│ │ │ │ │ ├── network-watcher-not-provisioned.json
│ │ │ │ │ ├── postgresql-database-servers-allow-any-ip.json
│ │ │ │ │ ├── postgresql-database-servers-connection-throttling-not-on.json
│ │ │ │ │ ├── postgresql-database-servers-log-checkpoints-not-on.json
│ │ │ │ │ ├── postgresql-database-servers-log-connections-not-on.json
│ │ │ │ │ ├── postgresql-database-servers-log-disconnections-not-on.json
│ │ │ │ │ ├── postgresql-database-servers-log-duration-not-on.json
│ │ │ │ │ ├── postgresql-database-servers-log-retention-days-less-than-4.json
│ │ │ │ │ ├── postgresql-database-servers-ssl-enforcement-disabled.json
│ │ │ │ │ ├── rbac-administering-resource-locks-assigned.json
│ │ │ │ │ ├── rbac-custom-subscription-owner-role-not-allowed.json
│ │ │ │ │ ├── securitycenter-auto-provisioning-off.json
│ │ │ │ │ ├── securitycenter-security-contacts-email-not-set.json
│ │ │ │ │ ├── securitycenter-security-contacts-no-admin-email-notifications.json
│ │ │ │ │ ├── securitycenter-security-contacts-no-email-notifications.json
│ │ │ │ │ ├── securitycenter-security-contacts-not-set.json
│ │ │ │ │ ├── securitycenter-security-contacts-phone-not-set.json
│ │ │ │ │ ├── securitycenter-settings-MCAS-integration-disabled.json
│ │ │ │ │ ├── securitycenter-settings-WDATP-integration-disabled.json
│ │ │ │ │ ├── securitycenter-standard-tier-not-enabled.json
│ │ │ │ │ ├── sqldatabase-allow-any-ip.json
│ │ │ │ │ ├── sqldatabase-databases-auditing-low-retention.json
│ │ │ │ │ ├── sqldatabase-databases-no-auditing.json
│ │ │ │ │ ├── sqldatabase-databases-no-threat-detection.json
│ │ │ │ │ ├── sqldatabase-databases-no-transparent-data-encryption.json
│ │ │ │ │ ├── sqldatabase-databases-threat-detection-disabled-alerts.json
│ │ │ │ │ ├── sqldatabase-databases-threat-detection-low-retention.json
│ │ │ │ │ ├── sqldatabase-databases-threat-detection-send-alerts-disabled.json
│ │ │ │ │ ├── sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json
│ │ │ │ │ ├── sqldatabase-servers-auditing-low-retention.json
│ │ │ │ │ ├── sqldatabase-servers-no-ad-admin-configured.json
│ │ │ │ │ ├── sqldatabase-servers-no-auditing.json
│ │ │ │ │ ├── sqldatabase-servers-no-threat-detection.json
│ │ │ │ │ ├── sqldatabase-servers-threat-detection-disabled-alerts.json
│ │ │ │ │ ├── sqldatabase-servers-threat-detection-low-retention.json
│ │ │ │ │ ├── sqldatabase-servers-threat-detection-send-alerts-disabled.json
│ │ │ │ │ ├── sqldatabase-servers-vulnerability-assessments-disabled.json
│ │ │ │ │ ├── sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json
│ │ │ │ │ ├── sqldatabase-servers-vulnerability-recurring-scans-disabled.json
│ │ │ │ │ ├── sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json
│ │ │ │ │ ├── storageaccount-access-keys-not-rotated.json
│ │ │ │ │ ├── storageaccount-account-allowing-clear-text.json
│ │ │ │ │ ├── storageaccount-encrypted-not-customer-managed.json
│ │ │ │ │ ├── storageaccount-public-blob-container.json
│ │ │ │ │ ├── storageaccount-public-traffic-allowed.json
│ │ │ │ │ ├── storageaccount-soft-delete-enabled.json
│ │ │ │ │ ├── storageaccount-trusted-microsoft-services.json
│ │ │ │ │ ├── virtual-machines-disk-encryption.json
│ │ │ │ │ ├── virtual-machines-extensions-installed.json
│ │ │ │ │ ├── virtual-machines-managed-disks.json
│ │ │ │ │ ├── virtual-machines-os-data-encrypted-cmk.json
│ │ │ │ │ └── virtual-machines-unattached-disks-encrypted-cmk.json
│ │ │ │ └── rulesets/
│ │ │ │ ├── cis-1.0.0.json
│ │ │ │ ├── cis-1.1.0.json
│ │ │ │ ├── cis-1.2.0.json
│ │ │ │ ├── default.json
│ │ │ │ └── filters.json
│ │ │ ├── services.py
│ │ │ └── utils.py
│ │ ├── base/
│ │ │ ├── __init__.py
│ │ │ ├── authentication_strategy.py
│ │ │ ├── authentication_strategy_factory.py
│ │ │ ├── configs/
│ │ │ │ ├── __init__.py
│ │ │ │ └── browser.py
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ └── base.py
│ │ │ └── services.py
│ │ ├── do/
│ │ │ ├── authentication_strategy.py
│ │ │ ├── facade/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── database.py
│ │ │ │ ├── droplet.py
│ │ │ │ ├── kubernetes.py
│ │ │ │ ├── networking.py
│ │ │ │ ├── spaces.py
│ │ │ │ └── utils.py
│ │ │ ├── metadata.json
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── database/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── databases.py
│ │ │ │ ├── droplet/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── droplets.py
│ │ │ │ ├── kubernetes/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── kubernetes.py
│ │ │ │ ├── networking/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── domains.py
│ │ │ │ │ ├── firewalls.py
│ │ │ │ │ └── load_balancers.py
│ │ │ │ └── spaces/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ └── buckets.py
│ │ │ ├── rules/
│ │ │ │ ├── filters/
│ │ │ │ │ └── .gitkeep
│ │ │ │ ├── findings/
│ │ │ │ │ ├── database-databases-mysql-publically-exposed.json
│ │ │ │ │ ├── database-databases-mysql-user-legacy-encryption.json
│ │ │ │ │ ├── database-databases-postgres-connection-pools.json
│ │ │ │ │ ├── database-databases-postgres-trusted-sources.json
│ │ │ │ │ ├── database-databases-redis-evicition-policy.json
│ │ │ │ │ ├── droplet-droplets-all-ports-exposed.json
│ │ │ │ │ ├── droplet-droplets-backup-not-enabled.json
│ │ │ │ │ ├── droplet-droplets-backup-not-present.json
│ │ │ │ │ ├── droplet-droplets-custom-image.json
│ │ │ │ │ ├── droplet-droplets-features-monitoring.json
│ │ │ │ │ ├── droplet-droplets-firewall-not-attached.json
│ │ │ │ │ ├── droplet-droplets-port-22-exposed.json
│ │ │ │ │ ├── droplet-droplets-snapshot-not-present.json
│ │ │ │ │ ├── kubernetes-kubernetes-autoupgrade-minor.json
│ │ │ │ │ ├── kubernetes-kubernetes-ha-enabled.json
│ │ │ │ │ ├── kubernetes-kubernetes-surge-upgrade.json
│ │ │ │ │ ├── networking-domains-high-ttl.json
│ │ │ │ │ ├── networking-domains-missing-dkim.json
│ │ │ │ │ ├── networking-domains-missing-dmarc.json
│ │ │ │ │ ├── networking-domains-missing-spf.json
│ │ │ │ │ ├── networking-domains-spf-overly-permissive.json
│ │ │ │ │ ├── networking-firewalls-public-ports.json
│ │ │ │ │ ├── networking-firewalls-quad-zero.json
│ │ │ │ │ ├── networking-load-balancer-backend-keepalive-disabled.json
│ │ │ │ │ ├── networking-load-balancer-ssl-redirect-disabled.json
│ │ │ │ │ ├── networking-load-balancer-without-droplet.json
│ │ │ │ │ ├── spaces-buckets-cors.json
│ │ │ │ │ ├── spaces-buckets-public-read.json
│ │ │ │ │ └── spaces-buckets-public-write.json
│ │ │ │ └── rulesets/
│ │ │ │ ├── default.json
│ │ │ │ └── filters.json
│ │ │ ├── services.py
│ │ │ └── utils.py
│ │ ├── gcp/
│ │ │ ├── __init__.py
│ │ │ ├── authentication_strategy.py
│ │ │ ├── facade/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── basefacade.py
│ │ │ │ ├── bigquery.py
│ │ │ │ ├── cloudresourcemanager.py
│ │ │ │ ├── cloudsql.py
│ │ │ │ ├── cloudstorage.py
│ │ │ │ ├── dns.py
│ │ │ │ ├── functions.py
│ │ │ │ ├── gce.py
│ │ │ │ ├── gke.py
│ │ │ │ ├── iam.py
│ │ │ │ ├── kms.py
│ │ │ │ ├── memorystoreredis.py
│ │ │ │ ├── stackdriverlogging.py
│ │ │ │ ├── stackdrivermonitoring.py
│ │ │ │ └── utils.py
│ │ │ ├── metadata.json
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── bigquery/
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── datasets.py
│ │ │ │ ├── cloudsql/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── backups.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── database_instances.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── cloudstorage/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── buckets.py
│ │ │ │ ├── dns/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── managed_zones.py
│ │ │ │ ├── functions/
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── functions_v1.py
│ │ │ │ │ ├── functions_v2.py
│ │ │ │ │ └── utils.py
│ │ │ │ ├── gce/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── disks.py
│ │ │ │ │ ├── firewalls.py
│ │ │ │ │ ├── forwarding_rules.py
│ │ │ │ │ ├── global_forwarding_rules.py
│ │ │ │ │ ├── instance_disks.py
│ │ │ │ │ ├── instances.py
│ │ │ │ │ ├── networks.py
│ │ │ │ │ ├── regions.py
│ │ │ │ │ ├── snapshots.py
│ │ │ │ │ ├── subnetworks.py
│ │ │ │ │ └── zones.py
│ │ │ │ ├── gke/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── clusters.py
│ │ │ │ │ └── node_pools.py
│ │ │ │ ├── iam/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── bindings_separation_duties.py
│ │ │ │ │ ├── domains.py
│ │ │ │ │ ├── groups.py
│ │ │ │ │ ├── keys.py
│ │ │ │ │ ├── member_bindings.py
│ │ │ │ │ ├── service_account_bindings.py
│ │ │ │ │ ├── service_accounts.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── kms/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── keyrings.py
│ │ │ │ │ ├── keys.py
│ │ │ │ │ └── kms_policy.py
│ │ │ │ ├── memorystore/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ └── redis_instances.py
│ │ │ │ ├── projects.py
│ │ │ │ ├── regions.py
│ │ │ │ ├── stackdriverlogging/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── logging_metrics.py
│ │ │ │ │ ├── metrics.py
│ │ │ │ │ └── sinks.py
│ │ │ │ ├── stackdrivermonitoring/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── alert_policies.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── monitoring_alert_policies.py
│ │ │ │ │ └── uptime_checks.py
│ │ │ │ └── zones.py
│ │ │ ├── rules/
│ │ │ │ ├── findings/
│ │ │ │ │ ├── bigquery-dataset-member.json
│ │ │ │ │ ├── bigquery-encryption-no-cmk.json
│ │ │ │ │ ├── cloudsql-allows-root-login-from-any-host.json
│ │ │ │ │ ├── cloudsql-instance-backups-disabled.json
│ │ │ │ │ ├── cloudsql-instance-is-open-to-public-range.json
│ │ │ │ │ ├── cloudsql-instance-is-open-to-the-world.json
│ │ │ │ │ ├── cloudsql-instance-no-binary-logging.json
│ │ │ │ │ ├── cloudsql-instance-ssl-not-required.json
│ │ │ │ │ ├── cloudsql-instance-with-no-backups.json
│ │ │ │ │ ├── cloudsql-instances-public-ips.json
│ │ │ │ │ ├── cloudsql-mysql-instances-local-infile-on.json
│ │ │ │ │ ├── cloudsql-postgresql-instances-log-checkpoints-off.json
│ │ │ │ │ ├── cloudsql-postgresql-instances-log-connections-off.json
│ │ │ │ │ ├── cloudsql-postgresql-instances-log-disconnections-off.json
│ │ │ │ │ ├── cloudsql-postgresql-instances-log-lock-waits-off.json
│ │ │ │ │ ├── cloudsql-postgresql-instances-log-min-duration-not-set-1.json
│ │ │ │ │ ├── cloudsql-postgresql-instances-log-min-messages-not-set.json
│ │ │ │ │ ├── cloudsql-postgresql-instances-log-temp-files-not-set-0.json
│ │ │ │ │ ├── cloudsql-sqlservers-instances-contained-database-authentication-on.json
│ │ │ │ │ ├── cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json
│ │ │ │ │ ├── cloudstorage-bucket-member.json
│ │ │ │ │ ├── cloudstorage-bucket-no-logging.json
│ │ │ │ │ ├── cloudstorage-bucket-no-public-access-prevention.json
│ │ │ │ │ ├── cloudstorage-bucket-no-versioning.json
│ │ │ │ │ ├── cloudstorage-uniform-bucket-level-access-disabled.json
│ │ │ │ │ ├── computeengine-firewall-default-rule-in-use.json
│ │ │ │ │ ├── computeengine-firewall-rule-allows-all-ports.json
│ │ │ │ │ ├── computeengine-firewall-rule-allows-internal-traffic.json
│ │ │ │ │ ├── computeengine-firewall-rule-allows-port-range.json
│ │ │ │ │ ├── computeengine-firewall-rule-allows-public-access.json
│ │ │ │ │ ├── computeengine-firewall-rule-opens-all-ports-to-all.json
│ │ │ │ │ ├── computeengine-firewall-rule-opens-sensitive-port-to-all.json
│ │ │ │ │ ├── computeengine-instance-block-project-ssh-keys-disabled.json
│ │ │ │ │ ├── computeengine-instance-connecting-serial-ports-enabled.json
│ │ │ │ │ ├── computeengine-instance-default-service-account.json
│ │ │ │ │ ├── computeengine-instance-disk-not-csek-encrypted.json
│ │ │ │ │ ├── computeengine-instance-disk-with-no-snapshot.json
│ │ │ │ │ ├── computeengine-instance-full-api-access.json
│ │ │ │ │ ├── computeengine-instance-ip-forwarding-enabled.json
│ │ │ │ │ ├── computeengine-instance-os-login-disabled.json
│ │ │ │ │ ├── computeengine-instance-public-ip-adresses.json
│ │ │ │ │ ├── computeengine-instance-shielded-vm-disabled.json
│ │ │ │ │ ├── computeengine-instance-with-deletion-protection-disabled.json
│ │ │ │ │ ├── computeengine-loadbalancer-forwarding-rule-forwards-sensitive-port.json
│ │ │ │ │ ├── computeengine-loadbalancer-global-forwarding-rule-forwards-sensitive-port.json
│ │ │ │ │ ├── computeengine-network-default-in-use.json
│ │ │ │ │ ├── computeengine-network-legacy-in-use.json
│ │ │ │ │ ├── computeengine-network-with-no-instances.json
│ │ │ │ │ ├── computeengine-old-disk-snapshot.json
│ │ │ │ │ ├── computeengine-vpc-flow-logs-disabled.json
│ │ │ │ │ ├── dns-zones-dnssec-not-enabled.json
│ │ │ │ │ ├── dns-zones-key-signing-key-using-rsasha1.json
│ │ │ │ │ ├── dns-zones-zone-signing-key-using-rsasha1.json
│ │ │ │ │ ├── functions-v1-allowing-http.json
│ │ │ │ │ ├── functions-v1-environment-variables-secrets.json
│ │ │ │ │ ├── functions-v1-member.json
│ │ │ │ │ ├── functions-v1-public-endpoint.json
│ │ │ │ │ ├── functions-v2-environment-variables-secrets.json
│ │ │ │ │ ├── functions-v2-public-endpoint.json
│ │ │ │ │ ├── iam-gmail-accounts-used.json
│ │ │ │ │ ├── iam-lack-of-service-account-key-rotation.json
│ │ │ │ │ ├── iam-primitive-role-in-use.json
│ │ │ │ │ ├── iam-role-account-separation-duties-is-false.json
│ │ │ │ │ ├── iam-role-assigned-to-domain.json
│ │ │ │ │ ├── iam-role-assigned-to-user.json
│ │ │ │ │ ├── iam-role-kms-separation-duties-is-false.json
│ │ │ │ │ ├── iam-sa-has-admin-privileges.json
│ │ │ │ │ ├── iam-service-account-user-member.json
│ │ │ │ │ ├── iam-service-account-with-user-managed-keys.json
│ │ │ │ │ ├── iam-user-has-sa-user-role.json
│ │ │ │ │ ├── kms-cryptokeys-anonymously-publicly-accessible.json
│ │ │ │ │ ├── kms-encryption-keys-not-rotated.json
│ │ │ │ │ ├── kubernetesengine-basic-authentication-enabled.json
│ │ │ │ │ ├── kubernetesengine-certificate-authentication-enabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-alias-ip-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-application-layer-encryption-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-binary-authorization-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-has-no-labels.json
│ │ │ │ │ ├── kubernetesengine-cluster-logging-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-master-authorized-networks-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-metadata-server-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-monitoring-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-network-policy-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-pod-security-policy-config-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-private-endpoint-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-private-google-access-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-release-channel.json
│ │ │ │ │ ├── kubernetesengine-cluster-shielded-nodes-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-workload-identity-disabled.json
│ │ │ │ │ ├── kubernetesengine-dashboard-enabled.json
│ │ │ │ │ ├── kubernetesengine-default-service-account-used.json
│ │ │ │ │ ├── kubernetesengine-legacy-abac-enabled.json
│ │ │ │ │ ├── kubernetesengine-legacy-metadata-endpoints-enabled.json
│ │ │ │ │ ├── kubernetesengine-node-auto-repair-disabled.json
│ │ │ │ │ ├── kubernetesengine-node-auto-upgrade-disabled.json
│ │ │ │ │ ├── kubernetesengine-node-container-optimized-os-not-used.json
│ │ │ │ │ ├── kubernetesengine-node-integrity-monitoring-disabled.json
│ │ │ │ │ ├── kubernetesengine-node-secure-boot-disabled.json
│ │ │ │ │ ├── kubernetesengine-private-nodes-disabled.json
│ │ │ │ │ ├── kubernetesengine-scopes-not-limited.json
│ │ │ │ │ ├── memorystore-redis-instance-auth-not-enabled.json
│ │ │ │ │ ├── memorystore-redis-instance-ssl-not-required.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json
│ │ │ │ │ ├── stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json
│ │ │ │ │ ├── stackdriverlogging-no-export-sinks.json
│ │ │ │ │ ├── stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json
│ │ │ │ │ ├── stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json
│ │ │ │ │ ├── stackdrivermonitoring-alerts-does-not-exist-custom-role-changes.json
│ │ │ │ │ ├── stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json
│ │ │ │ │ ├── stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json
│ │ │ │ │ ├── stackdrivermonitoring-alerts-does-not-exist-vpc-network-changes.json
│ │ │ │ │ ├── stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json
│ │ │ │ │ └── stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json
│ │ │ │ └── rulesets/
│ │ │ │ ├── cis-1.0.0.json
│ │ │ │ ├── cis-1.1.0.json
│ │ │ │ ├── default.json
│ │ │ │ └── filters.json
│ │ │ ├── services.py
│ │ │ └── utils.py
│ │ ├── kubernetes/
│ │ │ ├── __init__.py
│ │ │ ├── authentication_strategy.py
│ │ │ ├── facade/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── core.py
│ │ │ │ ├── eks.py
│ │ │ │ ├── extra.py
│ │ │ │ └── version.py
│ │ │ ├── metadata.json
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── aks.py
│ │ │ │ ├── base.py
│ │ │ │ ├── eks.py
│ │ │ │ ├── fake_network_policy.py
│ │ │ │ ├── gke.py
│ │ │ │ ├── rbac.py
│ │ │ │ ├── version.py
│ │ │ │ └── workload.py
│ │ │ ├── rules/
│ │ │ │ ├── findings/
│ │ │ │ │ ├── configmap-unnecessary-secrets.json
│ │ │ │ │ ├── cron-job-apparmor-annotation-missing.json
│ │ │ │ │ ├── cron-job-automounted-service-account-token.json
│ │ │ │ │ ├── cron-job-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── cron-job-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── cron-job-container-running-as-root-group.json
│ │ │ │ │ ├── cron-job-container-running-as-root-user.json
│ │ │ │ │ ├── cron-job-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── cron-job-container-with-possible-root-privileges.json
│ │ │ │ │ ├── cron-job-host-ipc-true.json
│ │ │ │ │ ├── cron-job-host-network-true.json
│ │ │ │ │ ├── cron-job-host-pid-true.json
│ │ │ │ │ ├── cron-job-kubernetes-container-manifest-hardening.json
│ │ │ │ │ ├── cron-job-privileged-container-running.json
│ │ │ │ │ ├── cron-job-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── cron-job-resources-without-defined-limits.json
│ │ │ │ │ ├── cron-job-resources-without-defined-memory-limit.json
│ │ │ │ │ ├── daemonset-apparmor-annotation-missing.json
│ │ │ │ │ ├── daemonset-automounted-service-account-token.json
│ │ │ │ │ ├── daemonset-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── daemonset-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── daemonset-container-running-as-root-group.json
│ │ │ │ │ ├── daemonset-container-running-as-root-user.json
│ │ │ │ │ ├── daemonset-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── daemonset-container-with-possible-root-privileges.json
│ │ │ │ │ ├── daemonset-host-ipc-true.json
│ │ │ │ │ ├── daemonset-host-network-true.json
│ │ │ │ │ ├── daemonset-host-pid-true.json
│ │ │ │ │ ├── daemonset-kubernetes-container-manifest-hardening.json
│ │ │ │ │ ├── daemonset-privileged-container-running.json
│ │ │ │ │ ├── daemonset-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── daemonset-resources-without-defined-limits.json
│ │ │ │ │ ├── daemonset-resources-without-defined-memory-limit.json
│ │ │ │ │ ├── deployment-apparmor-annotation-missing.json
│ │ │ │ │ ├── deployment-automounted-service-account-token.json
│ │ │ │ │ ├── deployment-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── deployment-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── deployment-container-running-as-root-group.json
│ │ │ │ │ ├── deployment-container-running-as-root-user.json
│ │ │ │ │ ├── deployment-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── deployment-container-with-possible-root-privileges.json
│ │ │ │ │ ├── deployment-host-ipc-true.json
│ │ │ │ │ ├── deployment-host-network-true.json
│ │ │ │ │ ├── deployment-host-pid-true.json
│ │ │ │ │ ├── deployment-kubernetes-container-manifest-hardening.json
│ │ │ │ │ ├── deployment-privileged-container-running.json
│ │ │ │ │ ├── deployment-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── deployment-resources-without-defined-limits.json
│ │ │ │ │ ├── deployment-resources-without-defined-memory-limit.json
│ │ │ │ │ ├── eks-insufficient-control-plane-logging.json
│ │ │ │ │ ├── eks-kms-encryption-disabled.json
│ │ │ │ │ ├── eks-publically-accessible-apiserver.json
│ │ │ │ │ ├── job-apparmor-annotation-missing.json
│ │ │ │ │ ├── job-automounted-service-account-token.json
│ │ │ │ │ ├── job-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── job-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── job-container-running-as-root-group.json
│ │ │ │ │ ├── job-container-running-as-root-user.json
│ │ │ │ │ ├── job-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── job-container-with-possible-root-privileges.json
│ │ │ │ │ ├── job-host-ipc-true.json
│ │ │ │ │ ├── job-host-network-true.json
│ │ │ │ │ ├── job-host-pid-true.json
│ │ │ │ │ ├── job-kubernetes-container-manifest-hardening.json
│ │ │ │ │ ├── job-privileged-container-running.json
│ │ │ │ │ ├── job-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── job-resources-without-defined-limits.json
│ │ │ │ │ ├── job-resources-without-defined-memory-limit.json
│ │ │ │ │ ├── kubernetesengine-basic-authentication-enabled.json
│ │ │ │ │ ├── kubernetesengine-certificate-authentication-enabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-alias-ip-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-application-layer-encryption-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-binary-authorization-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-has-no-labels.json
│ │ │ │ │ ├── kubernetesengine-cluster-logging-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-master-authorized-networks-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-metadata-server-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-monitoring-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-network-policy-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-pod-security-policy-config-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-private-endpoint-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-private-google-access-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-release-channel.json
│ │ │ │ │ ├── kubernetesengine-cluster-shielded-nodes-disabled.json
│ │ │ │ │ ├── kubernetesengine-cluster-workload-identity-disabled.json
│ │ │ │ │ ├── kubernetesengine-dashboard-enabled.json
│ │ │ │ │ ├── kubernetesengine-default-service-account-used.json
│ │ │ │ │ ├── kubernetesengine-legacy-abac-enabled.json
│ │ │ │ │ ├── kubernetesengine-legacy-metadata-endpoints-enabled.json
│ │ │ │ │ ├── kubernetesengine-node-auto-repair-disabled.json
│ │ │ │ │ ├── kubernetesengine-node-auto-upgrade-disabled.json
│ │ │ │ │ ├── kubernetesengine-node-container-optimized-os-not-used.json
│ │ │ │ │ ├── kubernetesengine-node-integrity-monitoring-disabled.json
│ │ │ │ │ ├── kubernetesengine-node-secure-boot-disabled.json
│ │ │ │ │ ├── kubernetesengine-private-nodes-disabled.json
│ │ │ │ │ ├── kubernetesengine-scopes-not-limited.json
│ │ │ │ │ ├── logging-monitoring-diagnostic-setting-does-not-exist.json
│ │ │ │ │ ├── logging-monitoring-log-alert-not-exist-create-policy-assignment.json
│ │ │ │ │ ├── logging-monitoring-log-alert-not-exist-nsg.json
│ │ │ │ │ ├── logging-monitoring-log-alert-not-exist-security-solution.json
│ │ │ │ │ ├── logging-monitoring-logging-key-vault-disabled.json
│ │ │ │ │ ├── logging-monitoring-profile-does-not-capture-all-activities.json
│ │ │ │ │ ├── networkpolicy-unrestricted-cluster-network-access.json
│ │ │ │ │ ├── networkpolicy-unrestricted-cluster-network-egress.json
│ │ │ │ │ ├── networkpolicy-unrestricted-cluster-network-ingress.json
│ │ │ │ │ ├── pod-apparmor-annotation-missing.json
│ │ │ │ │ ├── pod-automounted-service-account-token.json
│ │ │ │ │ ├── pod-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── pod-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── pod-container-running-as-root-group.json
│ │ │ │ │ ├── pod-container-running-as-root-user.json
│ │ │ │ │ ├── pod-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── pod-container-with-possible-root-privileges.json
│ │ │ │ │ ├── pod-helm-tiller-in-use.json
│ │ │ │ │ ├── pod-host-ipc-true.json
│ │ │ │ │ ├── pod-host-network-true.json
│ │ │ │ │ ├── pod-host-pid-true.json
│ │ │ │ │ ├── pod-kubernetes-container-manifest-hardening.json
│ │ │ │ │ ├── pod-privileged-container-running.json
│ │ │ │ │ ├── pod-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── pod-resources-without-defined-limits.json
│ │ │ │ │ ├── pod-resources-without-defined-memory-limit.json
│ │ │ │ │ ├── podtemplate-apparmor-annotation-missing.json
│ │ │ │ │ ├── podtemplate-automounted-service-account-token.json
│ │ │ │ │ ├── podtemplate-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── podtemplate-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── podtemplate-container-running-as-root-group.json
│ │ │ │ │ ├── podtemplate-container-running-as-root-user.json
│ │ │ │ │ ├── podtemplate-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── podtemplate-container-with-possible-root-privileges.json
│ │ │ │ │ ├── podtemplate-host-ipc-true.json
│ │ │ │ │ ├── podtemplate-host-network-true.json
│ │ │ │ │ ├── podtemplate-host-pid-true.json
│ │ │ │ │ ├── podtemplate-privileged-container-running.json
│ │ │ │ │ ├── podtemplate-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── podtemplate-resources-without-defined-limits.json
│ │ │ │ │ ├── podtemplate-resources-without-defined-memory-limit.json
│ │ │ │ │ ├── rbac-dangerous-grants.json
│ │ │ │ │ ├── rbac-dodgy-subjects.json
│ │ │ │ │ ├── rbac-permissive-bindings.json
│ │ │ │ │ ├── replicaset-apparmor-annotation-missing.json
│ │ │ │ │ ├── replicaset-automounted-service-account-token.json
│ │ │ │ │ ├── replicaset-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── replicaset-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── replicaset-container-running-as-root-group.json
│ │ │ │ │ ├── replicaset-container-running-as-root-user.json
│ │ │ │ │ ├── replicaset-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── replicaset-container-with-possible-root-privileges.json
│ │ │ │ │ ├── replicaset-host-ipc-true.json
│ │ │ │ │ ├── replicaset-host-network-true.json
│ │ │ │ │ ├── replicaset-host-pid-true.json
│ │ │ │ │ ├── replicaset-kubernetes-container-manifest-hardening.json
│ │ │ │ │ ├── replicaset-privileged-container-running.json
│ │ │ │ │ ├── replicaset-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── replicaset-resources-without-defined-limits.json
│ │ │ │ │ ├── replicaset-resources-without-defined-memory-limit.json
│ │ │ │ │ ├── service-helm-tiller-in-use.json
│ │ │ │ │ ├── serviceaccount-automounted-service-account-token.json
│ │ │ │ │ ├── statefulset-apparmor-annotation-missing.json
│ │ │ │ │ ├── statefulset-automounted-service-account-token.json
│ │ │ │ │ ├── statefulset-container-ability-to-modify-root-filesystem.json
│ │ │ │ │ ├── statefulset-container-allowing-privilege-escalation.json
│ │ │ │ │ ├── statefulset-container-running-as-root-group.json
│ │ │ │ │ ├── statefulset-container-running-as-root-user.json
│ │ │ │ │ ├── statefulset-container-with-overly-permissive-capabilities.json
│ │ │ │ │ ├── statefulset-container-with-possible-root-privileges.json
│ │ │ │ │ ├── statefulset-host-ipc-true.json
│ │ │ │ │ ├── statefulset-host-network-true.json
│ │ │ │ │ ├── statefulset-host-pid-true.json
│ │ │ │ │ ├── statefulset-kubernetes-container-manifest-hardening.json
│ │ │ │ │ ├── statefulset-privileged-container-running.json
│ │ │ │ │ ├── statefulset-resources-without-defined-cpu-limit.json
│ │ │ │ │ ├── statefulset-resources-without-defined-limits.json
│ │ │ │ │ └── statefulset-resources-without-defined-memory-limit.json
│ │ │ │ └── rulesets/
│ │ │ │ ├── aks.json
│ │ │ │ ├── default.json
│ │ │ │ ├── eks.json
│ │ │ │ ├── filters.json
│ │ │ │ └── gke.json
│ │ │ ├── services.py
│ │ │ └── utils.py
│ │ ├── oci/
│ │ │ ├── __init__.py
│ │ │ ├── authentication_strategy.py
│ │ │ ├── facade/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── identity.py
│ │ │ │ ├── kms.py
│ │ │ │ └── objectstorage.py
│ │ │ ├── metadata.json
│ │ │ ├── provider.py
│ │ │ ├── resources/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ ├── identity/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── api_keys.py
│ │ │ │ │ ├── authentication_policy.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── groups.py
│ │ │ │ │ ├── policies.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── kms/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── base.py
│ │ │ │ │ ├── keys.py
│ │ │ │ │ └── keyvaults.py
│ │ │ │ └── objectstorage/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── base.py
│ │ │ │ └── buckets.py
│ │ │ ├── rules/
│ │ │ │ ├── filters/
│ │ │ │ │ └── .keep
│ │ │ │ ├── findings/
│ │ │ │ │ ├── identity-password-policy-minimum-length.json
│ │ │ │ │ ├── identity-password-policy-no-lowercase-required.json
│ │ │ │ │ ├── identity-password-policy-no-number-required.json
│ │ │ │ │ ├── identity-password-policy-no-symbol-required.json
│ │ │ │ │ ├── identity-password-policy-no-uppercase-required.json
│ │ │ │ │ ├── identity-policy-affects-user.json
│ │ │ │ │ ├── identity-user-with-multiple-api-keys.json
│ │ │ │ │ ├── kms-no-key-rotation.json
│ │ │ │ │ ├── objectstorage-bucket-lacking-kms-encryption.json
│ │ │ │ │ └── objectstorage-public-bucket.json
│ │ │ │ └── rulesets/
│ │ │ │ ├── default.json
│ │ │ │ └── filters.json
│ │ │ ├── services.py
│ │ │ └── utils.py
│ │ └── utils.py
│ └── utils.py
├── dev-requirements.txt
├── docker/
│ ├── .dockerignore
│ ├── Dockerfile-aws
│ ├── Dockerfile-azure
│ ├── Dockerfile-base
│ ├── Dockerfile-gcp
│ ├── README.md
│ ├── bin/
│ │ ├── container-install-aws2.sh
│ │ ├── container-install-azure.sh
│ │ ├── container-install-gcp.sh
│ │ ├── container-install-prereqs.sh
│ │ ├── container-install-scoutsuite.sh
│ │ └── container-set-init.sh
│ ├── build.sh
│ ├── config/
│ │ ├── aws.env
│ │ ├── azure.env
│ │ ├── base.env
│ │ ├── combined.env
│ │ ├── gcp.env
│ │ └── ibm.env
│ └── tag.sh
├── pytest.ini
├── requirements.txt
├── scout.py
├── setup.py
├── tests/
│ ├── data/
│ │ ├── invalid-file.json
│ │ ├── ip-ranges-1.json
│ │ ├── ip-ranges-3.json
│ │ ├── policy1.json
│ │ ├── protocols.json
│ │ ├── resources/
│ │ │ └── dummy_resources.json
│ │ ├── rule-configs/
│ │ │ ├── ec2.json
│ │ │ ├── iam-password-policy.json
│ │ │ └── iam-root.json
│ │ ├── rule-results/
│ │ │ ├── ec2-default-security-group-in-use.json
│ │ │ ├── ec2-default-security-group-with-rules.json
│ │ │ ├── ec2-ebs-default-encryption-disabled.json
│ │ │ ├── ec2-security-group-opens-all-ports-to-all.json
│ │ │ ├── ec2-security-group-opens-all-ports-to-self.json
│ │ │ ├── ec2-security-group-opens-all-ports.json
│ │ │ ├── ec2-security-group-opens-known-port-to-all.json
│ │ │ ├── ec2-security-group-opens-port-range.json
│ │ │ ├── ec2-security-group-opens-port-to-all.json
│ │ │ ├── ec2-security-group-whitelists-aws-ip-from-banned-region.json
│ │ │ ├── ec2-security-group-whitelists-aws.json
│ │ │ ├── iam-password-policy-expiration-threshold.json
│ │ │ ├── iam-password-policy-lowercase-required.json
│ │ │ ├── iam-password-policy-minimum-length.json
│ │ │ ├── iam-password-policy-no-expiration.json
│ │ │ ├── iam-password-policy-no-lowercase-required.json
│ │ │ ├── iam-password-policy-no-number-required.json
│ │ │ ├── iam-password-policy-no-symbol-required.json
│ │ │ ├── iam-password-policy-no-uppercase-required.json
│ │ │ └── iam-password-policy-reuse-enabled.json
│ │ ├── ruleset-test.json
│ │ ├── statement1.json
│ │ └── test-ruleset.json
│ ├── results/
│ │ └── read_ip_ranges/
│ │ ├── ip-ranges-1a.json
│ │ ├── ip-ranges-1b.json
│ │ ├── ip-ranges-1c.json
│ │ ├── ip-ranges-3.json
│ │ └── ip-ranges-a.json
│ ├── test_aws_provider.py
│ ├── test_azure_provider.py
│ ├── test_core.py
│ ├── test_main.py
│ ├── test_output.py
│ ├── test_resources.py
│ ├── test_rules_processingengine.py
│ ├── test_rules_ruleset.py
│ ├── test_scoutsuite.py
│ ├── test_utils.py
│ ├── test_utils_conditions.py
│ ├── test_utils_console.py
│ └── test_utils_fs.py
└── tools/
├── README.md
├── __init__.py
├── aws_security_hub_export.py
├── format_findings.py
├── gen-tests.py
├── process_raw_response.py
├── sort-ruleset.py
├── update-aws-ips.sh
└── utils.py
SYMBOL INDEX (2008 symbols across 439 files)
FILE: ScoutSuite/__main__.py
function run_from_cli (line 25) | def run_from_cli():
function run (line 95) | def run(provider,
function _run (line 158) | async def _run(provider,
FILE: ScoutSuite/core/cli_parser.py
class ScoutSuiteArgumentParser (line 5) | class ScoutSuiteArgumentParser:
method __init__ (line 7) | def __init__(self):
method _init_aws_parser (line 35) | def _init_aws_parser(self):
method _init_gcp_parser (line 95) | def _init_gcp_parser(self):
method _init_azure_parser (line 134) | def _init_azure_parser(self):
method _init_aliyun_parser (line 218) | def _init_aliyun_parser(self):
method _init_oci_parser (line 246) | def _init_oci_parser(self):
method _init_do_parser (line 259) | def _init_do_parser(self):
method _init_kubernetes_parser (line 285) | def _init_kubernetes_parser(self):
method _init_common_args_parser (line 317) | def _init_common_args_parser(self):
method parse_args (line 434) | def parse_args(self, args=None):
FILE: ScoutSuite/core/conditions.py
function pass_conditions (line 16) | def pass_conditions(all_info, current_path, conditions, unknown_as_pass_...
function pass_condition (line 60) | def pass_condition(b, test, a):
function fix_path_string (line 325) | def fix_path_string(all_info, current_path, path_to_value):
function __prepare_age_test (line 345) | def __prepare_age_test(a, b):
FILE: ScoutSuite/core/console.py
function set_logger_configuration (line 19) | def set_logger_configuration(is_debug=False, quiet=False, output_file_pa...
function print_generic (line 60) | def print_generic(msg):
function print_info (line 64) | def print_info(msg):
function print_debug (line 68) | def print_debug(msg):
function print_error (line 72) | def print_error(msg):
function print_warning (line 76) | def print_warning(msg):
function print_exception (line 80) | def print_exception(exception, additional_details=None):
function prompt (line 117) | def prompt(test_input=None):
function prompt_overwrite (line 137) | def prompt_overwrite(filename, force_write, test_input=None):
function prompt_value (line 153) | def prompt_value(question, choices=None, default=None, display_choices=T...
function prompt_yes_no (line 245) | def prompt_yes_no(question, test_input=None):
FILE: ScoutSuite/core/exceptions.py
class RuleExceptions (line 6) | class RuleExceptions:
method __init__ (line 11) | def __init__(self, file_path=None):
method process (line 17) | def process(self, cloud_provider):
FILE: ScoutSuite/core/fs.py
class CustomJSONEncoder (line 9) | class CustomJSONEncoder(json.JSONEncoder):
method default (line 14) | def default(self, o):
function load_data (line 21) | def load_data(data_file, key_name=None, local_file=False):
function read_ip_ranges (line 46) | def read_ip_ranges(filename, local_file=True, ip_only=False, conditions=...
function save_blob_as_json (line 88) | def save_blob_as_json(filename, blob, force_write):
FILE: ScoutSuite/core/processingengine.py
class ProcessingEngine (line 7) | class ProcessingEngine:
method __init__ (line 12) | def __init__(self, ruleset):
method run (line 26) | def run(self, cloud_provider, skip_dashboard=False):
method _filter_rules (line 77) | def _filter_rules(rules, services):
FILE: ScoutSuite/core/rule.py
class Rule (line 32) | class Rule:
method to_string (line 34) | def to_string(self):
method __init__ (line 37) | def __init__(self, data_path, filename, rule_type, rule):
method get_attribute (line 48) | def get_attribute(name, rule, default_value):
method set_definition (line 51) | def set_definition(self, rule_definitions, attributes=None, ip_ranges=...
FILE: ScoutSuite/core/rule_definition.py
class RuleDefinition (line 7) | class RuleDefinition:
method __init__ (line 9) | def __init__(self, data_path, file_name=None, rule_dirs=None, string_d...
method __str__ (line 24) | def __str__(self):
method load (line 35) | def load(self):
method load_from_string_definition (line 81) | def load_from_string_definition(self):
FILE: ScoutSuite/core/ruleset.py
class Ruleset (line 14) | class Ruleset:
method __init__ (line 23) | def __init__(self,
method to_string (line 50) | def to_string(self):
method shared_init (line 53) | def shared_init(self, ruleset_generator, rule_dirs, account_id, ip_ran...
method load (line 66) | def load(self, rule_type, quiet=False):
method load_rules (line 93) | def load_rules(self, file, rule_type):
method handle_rule_versions (line 103) | def handle_rule_versions(self, filename, rule_type, rule):
method prepare_rules (line 117) | def prepare_rules(self, attributes=None, ip_ranges=None, params=None):
method load_rule_definitions (line 136) | def load_rule_definitions(self, ruleset_generator=False, rule_dirs=None):
method search_ruleset (line 166) | def search_ruleset(self, environment_name, no_prompt=False):
method find_file (line 186) | def find_file(self, filename, filetype='rulesets'):
class TmpRuleset (line 204) | class TmpRuleset(Ruleset):
method __init__ (line 206) | def __init__(self, cloud_provider, rule_dirs=None, rule_filename=None,...
FILE: ScoutSuite/core/server.py
class Server (line 10) | class Server:
method __init__ (line 15) | def __init__(self, filename):
method summary (line 26) | def summary(self):
method data (line 49) | def data(self, key=None):
method full (line 69) | def full(self, key=None):
method page (line 86) | def page(self, key=None, page=None, pagesize=None):
method init (line 115) | def init(database_filename, host, port):
method get_item (line 139) | def get_item(data, key):
method strip_nested_data (line 159) | def strip_nested_data(data):
FILE: ScoutSuite/core/utils.py
function recurse (line 11) | def recurse(all_info, current_info, target_path, current_path, config, a...
FILE: ScoutSuite/output/data/inc-scoutsuite/pagination.js
function loadPage (line 9) | function loadPage (pathArray, indexDiff) {
function getPageInfo (line 43) | function getPageInfo (pathArray) {
function loadFirstPageEverywhere (line 67) | function loadFirstPageEverywhere () {
function getRegionsResourcesFirstPage (line 101) | function getRegionsResourcesFirstPage (region, service, resources) {
function getLastPageIndex (line 122) | function getLastPageIndex (pathArray, pageSize) {
function getHighestResourceCount (line 138) | function getHighestResourceCount (pathArray) {
function updateButtons (line 151) | function updateButtons () {
function hidePaginationButtons (line 167) | function hidePaginationButtons () {
FILE: ScoutSuite/output/data/inc-scoutsuite/provider.js
function getScoutsuiteResultsJson (line 5) | function getScoutsuiteResultsJson() {
FILE: ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js
function arrayUnique (line 20) | function arrayUnique(array) {
function onPageLoad (line 34) | function onPageLoad() {
function getPathArray (line 118) | function getPathArray() {
function loadConfig (line 147) | function loadConfig(scriptId, cols, force) {
function processTemplate (line 224) | function processTemplate(id1, containerId, list, replace) {
function hideAll (line 241) | function hideAll() {
function showRow (line 256) | function showRow(path) {
function showList (line 266) | function showList(path) {
function showDetails (line 276) | function showDetails(path) {
function hideList (line 286) | function hideList(path) {
function showItems (line 296) | function showItems(path) {
function hideItems (line 310) | function hideItems(resourcePath) {
function hideLinks (line 321) | function hideLinks(resourcePath) {
function updateHash (line 333) | function updateHash(path) {
function showRowWithItems (line 342) | function showRowWithItems(path) {
function showFilters (line 351) | function showFilters(resourcePath) {
function hideFilters (line 363) | function hideFilters() {
function showFindings (line 378) | function showFindings(path, resourcePath) {
function getId (line 418) | function getId(element) {
function showSingleItem (line 426) | function showSingleItem(id) {
function toggleDetails (line 440) | function toggleDetails(keyword, item) {
function updateNavbar (line 449) | function updateNavbar(path) {
function hasNavbarSuffix (line 481) | function hasNavbarSuffix(element) {
function toggleVisibility (line 490) | function toggleVisibility(id) {
function iterateEC2ObjectsAndCall (line 508) | function iterateEC2ObjectsAndCall(data, entities, callback, callbackArgs) {
function findEC2Object (line 529) | function findEC2Object(ec2Data, entities, id) {
function findEC2ObjectByAttr (line 554) | function findEC2ObjectByAttr(ec2Data, entities, attributes) {
function findEC2ObjectAttribute (line 589) | function findEC2ObjectAttribute(ec2Info, path, id, attribute) {
function findAndShowEC2Object (line 603) | function findAndShowEC2Object(path, id) {
function findAndShowEC2ObjectByAttr (line 628) | function findAndShowEC2ObjectByAttr(path, attributes) {
function showEC2Instance2 (line 645) | function showEC2Instance2(data) {
function showEC2Instance (line 655) | function showEC2Instance(region, vpc, id) {
function showEC2SecurityGroup (line 670) | function showEC2SecurityGroup(region, vpc, id) {
function showObject (line 685) | function showObject(path, attrName, attrValue) {
function getResource (line 719) | function getResource(path) {
function makeResourceTypeSingular (line 731) | function makeResourceTypeSingular(resourceType) {
function showIAMManagedPolicy (line 739) | function showIAMManagedPolicy(policyId) {
function showIAMInlinePolicy (line 755) | function showIAMInlinePolicy(iamEntityType, iamEntityName, policyId) {
function showIAMPolicy (line 769) | function showIAMPolicy(data) {
function showS3Bucket (line 779) | function showS3Bucket(bucketName) {
function showS3Object (line 793) | function showS3Object(bucketId, keyId) {
function showPopup (line 808) | function showPopup(content) {
function getFormat (line 816) | function getFormat() {
function loadMetadata (line 828) | function loadMetadata() {
function exportSummary (line 868) | function exportSummary() {
function showAbout (line 892) | function showAbout() {
function hidePleaseWait (line 900) | function hidePleaseWait () {
function showLastRunDetails (line 910) | function showLastRunDetails() {
function showResourcesDetails (line 918) | function showResourcesDetails() {
function showMainDashboard (line 947) | function showMainDashboard() {
function makeTitleAcl (line 967) | function makeTitleAcl(resourcePath) {
function getService (line 988) | function getService(resourcePath) {
function updateTitle (line 1002) | function updateTitle(title) {
function showPageFromHash (line 1009) | function showPageFromHash() {
function getValueAt (line 1025) | function getValueAt(path) {
function getValueAtRecursive (line 1029) | function getValueAtRecursive(path, source) {
function updateDOM (line 1085) | function updateDOM(anchor) {
function lazyLoadingJson (line 1183) | function lazyLoadingJson(path) {
function getResourcePath (line 1204) | function getResourcePath(path) {
function makeTitle (line 1227) | function makeTitle(title) {
function toggleName (line 1298) | function toggleName(name) {
function addTemplates (line 1315) | function addTemplates(group, service, section, resourceType, path, cols) {
function addTemplate (line 1334) | function addTemplate(group, service, section, resourceType, path, suffix) {
function filterRules (line 1393) | function filterRules(group, service) {
function downloadConfiguration (line 1410) | function downloadConfiguration(configuration, name, prefix) {
function downloadExceptions (line 1421) | function downloadExceptions() {
function setFilterUrl (line 1456) | function setFilterUrl(region) {
function downloadAsCsv (line 1474) | function downloadAsCsv(filename, rows) {
function downloadAsJson (line 1523) | function downloadAsJson(filename, dict) {
FILE: ScoutSuite/output/data/inc-scoutsuite/sqlite.js
function requestDb (line 13) | function requestDb (query, pageSize, pageIndex) {
function getResourcePageSqlite (line 48) | function getResourcePageSqlite (pageIndex, pageSize, service, resource) {
function getResourcePageSqliteRegions (line 73) | function getResourcePageSqliteRegions (pageIndex, pageSize, service, reg...
function createQuery (line 97) | function createQuery () {
FILE: ScoutSuite/output/data/inc-scoutsuite/theme.js
constant DARK_BOOTSTRAP_THEME (line 1) | const DARK_BOOTSTRAP_THEME = 'inc-bootstrap/css/bootstrap-dark.min.css';
constant LIGHT_BOOTSTRAP_THEME (line 2) | const LIGHT_BOOTSTRAP_THEME = 'inc-bootstrap/css/bootstrap-light.min.css';
constant DARK_SCOUT_THEME (line 4) | const DARK_SCOUT_THEME = 'inc-scoutsuite/css/scoutsuite-dark.css';
constant LIGHT_SCOUT_THEME (line 5) | const LIGHT_SCOUT_THEME = 'inc-scoutsuite/css/scoutsuite-light.css';
function loadLastTheme (line 16) | function loadLastTheme() {
function toggleTheme (line 26) | function toggleTheme() {
function toggleTheme (line 41) | function toggleTheme() {
function setBootstrapTheme (line 59) | function setBootstrapTheme(file) {
function setScoutTheme (line 67) | function setScoutTheme(file) {
function isDarkThemeEnabled (line 75) | function isDarkThemeEnabled() {
function saveIsDarkThemeEnabled (line 83) | function saveIsDarkThemeEnabled(isDarkThemeEnabled) {
FILE: ScoutSuite/output/html.py
class HTMLReport (line 16) | class HTMLReport:
method __init__ (line 21) | def __init__(self, report_name=None, report_dir=None, timestamp=False,...
method get_content_from_folder (line 40) | def get_content_from_folder(self, templates_type):
method get_content_from_file (line 53) | def get_content_from_file(self, filename):
method prepare_html_report_dir (line 64) | def prepare_html_report_dir(self):
class ScoutReport (line 83) | class ScoutReport(HTMLReport):
method __init__ (line 88) | def __init__(self, provider, report_name=None, report_dir=None, timest...
method save (line 96) | def save(self, config, exceptions, force_write=False, debug=False):
method create_html_report (line 104) | def create_html_report(self, force_write):
FILE: ScoutSuite/output/result_encoder.py
class ScoutJsonEncoder (line 13) | class ScoutJsonEncoder(json.JSONEncoder):
method default (line 18) | def default(self, o):
class ScoutResultEncoder (line 37) | class ScoutResultEncoder:
method __init__ (line 38) | def __init__(self, report_name=None, report_dir=None, timestamp=None):
method to_dict (line 47) | def to_dict(config):
class SqlLiteEncoder (line 51) | class SqlLiteEncoder(ScoutResultEncoder):
method load_from_file (line 52) | def load_from_file(self, config_type, config_path=None):
method save_to_file (line 57) | def save_to_file(self, config, config_type, force_write, _debug):
method __open_file (line 70) | def __open_file(config_filename, force_write):
class JavaScriptEncoder (line 92) | class JavaScriptEncoder(ScoutResultEncoder):
method load_from_file (line 97) | def load_from_file(self, file_type, file_path=None, first_line=None):
method save_to_file (line 107) | def save_to_file(self, content, file_type, force_write, debug):
method __open_file (line 123) | def __open_file(config_filename, force_write):
FILE: ScoutSuite/output/utils.py
function prompt_for_yes_no (line 9) | def prompt_for_yes_no(question):
function prompt_for_overwrite (line 28) | def prompt_for_overwrite(filename, force_write):
function get_filename (line 42) | def get_filename(file_type, file_name=None, file_dir=None, relative_path...
FILE: ScoutSuite/providers/__init__.py
function get_provider_object (line 10) | def get_provider_object(provider):
function get_provider (line 17) | def get_provider(provider,
FILE: ScoutSuite/providers/aliyun/authentication_strategy.py
class AliyunCredentials (line 11) | class AliyunCredentials:
method __init__ (line 13) | def __init__(self, credentials, caller_details):
class AliyunAuthenticationStrategy (line 18) | class AliyunAuthenticationStrategy(AuthenticationStrategy):
method authenticate (line 23) | def authenticate(self, access_key_id=None, access_key_secret=None, **k...
FILE: ScoutSuite/providers/aliyun/facade/actiontrail.py
class ActiontrailFacade (line 9) | class ActiontrailFacade:
method __init__ (line 10) | def __init__(self, credentials: AliyunCredentials):
method get_trails (line 14) | async def get_trails(self):
FILE: ScoutSuite/providers/aliyun/facade/base.py
class AliyunFacade (line 16) | class AliyunFacade:
method __init__ (line 17) | def __init__(self, credentials: AliyunCredentials):
method _instantiate_facades (line 22) | def _instantiate_facades(self):
method build_region_list (line 31) | async def build_region_list(self, service: str, chosen_regions=None):
FILE: ScoutSuite/providers/aliyun/facade/ecs.py
class ECSFacade (line 8) | class ECSFacade:
method __init__ (line 9) | def __init__(self, credentials: AliyunCredentials):
method get_instances (line 12) | async def get_instances(self, region):
FILE: ScoutSuite/providers/aliyun/facade/kms.py
class KMSFacade (line 9) | class KMSFacade:
method __init__ (line 10) | def __init__(self, credentials: AliyunCredentials):
method get_keys (line 13) | async def get_keys(self, region):
method get_key_details (line 31) | async def get_key_details(self, key_id, region):
FILE: ScoutSuite/providers/aliyun/facade/oss.py
class OSSFacade (line 6) | class OSSFacade:
method __init__ (line 7) | def __init__(self, credentials: AliyunCredentials):
method get_buckets (line 10) | async def get_buckets(self):
FILE: ScoutSuite/providers/aliyun/facade/ram.py
class RAMFacade (line 16) | class RAMFacade:
method __init__ (line 17) | def __init__(self, credentials: AliyunCredentials):
method get_users (line 21) | async def get_users(self):
method get_user_details (line 34) | async def get_user_details(self, username):
method get_user_api_keys (line 50) | async def get_user_api_keys(self, username):
method get_user_api_key_last_usage (line 66) | async def get_user_api_key_last_usage(self, username, key_id):
method get_user_mfa_status (line 84) | async def get_user_mfa_status(self, username):
method get_password_policy (line 109) | async def get_password_policy(self):
method get_security_policy (line 123) | async def get_security_policy(self):
method get_groups (line 137) | async def get_groups(self):
method get_group_users (line 150) | async def get_group_users(self, group_name):
method get_roles (line 165) | async def get_roles(self):
method get_policies (line 178) | async def get_policies(self):
method get_policy_version (line 191) | async def get_policy_version(self, name, type, version):
method get_policy_entities (line 208) | async def get_policy_entities(self, name, type):
FILE: ScoutSuite/providers/aliyun/facade/rds.py
class RDSFacade (line 8) | class RDSFacade:
method __init__ (line 9) | def __init__(self, credentials: AliyunCredentials):
method get_instances (line 12) | async def get_instances(self, region):
FILE: ScoutSuite/providers/aliyun/facade/utils.py
function get_response (line 8) | async def get_response(client, request):
function merge_responses (line 38) | async def merge_responses(response_1, response_2):
FILE: ScoutSuite/providers/aliyun/facade/vpc.py
class VPCFacade (line 8) | class VPCFacade:
method __init__ (line 9) | def __init__(self, credentials: AliyunCredentials):
method get_vpcs (line 12) | async def get_vpcs(self, region):
FILE: ScoutSuite/providers/aliyun/provider.py
class AliyunProvider (line 7) | class AliyunProvider(BaseProvider):
method __init__ (line 12) | def __init__(self,
method get_report_name (line 31) | def get_report_name(self):
method preprocessing (line 40) | def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):
FILE: ScoutSuite/providers/aliyun/resources/actiontrail/base.py
class ActionTrail (line 5) | class ActionTrail(AliyunCompositeResources):
method fetch_all (line 10) | async def fetch_all(self, **kwargs):
FILE: ScoutSuite/providers/aliyun/resources/actiontrail/trails.py
class Trails (line 4) | class Trails(AliyunResources):
method fetch_all (line 5) | async def fetch_all(self):
method _parse_trails (line 10) | def _parse_trails(self, raw_trail):
FILE: ScoutSuite/providers/aliyun/resources/base.py
class AliyunResources (line 8) | class AliyunResources(Resources, metaclass=abc.ABCMeta):
class AliyunCompositeResources (line 14) | class AliyunCompositeResources(AliyunResources, CompositeResources, meta...
FILE: ScoutSuite/providers/aliyun/resources/ecs/base.py
class ECS (line 6) | class ECS(Regions):
method __init__ (line 11) | def __init__(self, facade: AliyunFacade):
FILE: ScoutSuite/providers/aliyun/resources/ecs/instances.py
class Instances (line 5) | class Instances(AliyunResources):
method __init__ (line 6) | def __init__(self, facade: AliyunFacade, region: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_instance (line 15) | async def _parse_instance(self, raw_instance):
FILE: ScoutSuite/providers/aliyun/resources/kms/base.py
class KMS (line 6) | class KMS(Regions):
method __init__ (line 11) | def __init__(self, facade: AliyunFacade):
FILE: ScoutSuite/providers/aliyun/resources/kms/keys.py
class Keys (line 5) | class Keys(AliyunResources):
method __init__ (line 6) | def __init__(self, facade: AliyunFacade, region: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_key (line 15) | async def _parse_key(self, raw_key):
FILE: ScoutSuite/providers/aliyun/resources/oss/base.py
class OSS (line 5) | class OSS(AliyunCompositeResources):
method fetch_all (line 10) | async def fetch_all(self, **kwargs):
FILE: ScoutSuite/providers/aliyun/resources/oss/buckets.py
class Buckets (line 4) | class Buckets(AliyunResources):
method fetch_all (line 5) | async def fetch_all(self):
method _parse_bucket (line 10) | def _parse_bucket(self, raw_bucket):
FILE: ScoutSuite/providers/aliyun/resources/ram/api_keys.py
class ApiKeys (line 5) | class ApiKeys(AliyunResources):
method __init__ (line 6) | def __init__(self, facade: AliyunFacade, user):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_api_key (line 15) | async def _parse_api_key(self, raw_api_key):
FILE: ScoutSuite/providers/aliyun/resources/ram/base.py
class RAM (line 11) | class RAM(AliyunCompositeResources):
method __init__ (line 21) | def __init__(self, facade: AliyunFacade):
method fetch_all (line 25) | async def fetch_all(self, **kwargs):
method finalize (line 35) | async def finalize(self):
method _match_users_and_groups (line 39) | def _match_users_and_groups(self):
method _match_policies_and_entities (line 50) | def _match_policies_and_entities(self):
FILE: ScoutSuite/providers/aliyun/resources/ram/groups.py
class Groups (line 5) | class Groups(AliyunResources):
method __init__ (line 6) | def __init__(self, facade: AliyunFacade):
method fetch_all (line 9) | async def fetch_all(self):
method _parse_group (line 14) | async def _parse_group(self, raw_group):
FILE: ScoutSuite/providers/aliyun/resources/ram/password_policy.py
class PasswordPolicy (line 5) | class PasswordPolicy(AliyunResources):
method __init__ (line 6) | def __init__(self, facade: AliyunFacade):
method fetch_all (line 9) | async def fetch_all(self):
method _parse_password_policy (line 14) | def _parse_password_policy(self, raw_password_policy):
FILE: ScoutSuite/providers/aliyun/resources/ram/policies.py
class Policies (line 6) | class Policies(AliyunResources):
method __init__ (line 7) | def __init__(self, facade: AliyunFacade):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_policy (line 16) | async def _parse_policy(self, raw_policy):
FILE: ScoutSuite/providers/aliyun/resources/ram/roles.py
class Roles (line 5) | class Roles(AliyunResources):
method __init__ (line 6) | def __init__(self, facade: AliyunFacade):
method fetch_all (line 9) | async def fetch_all(self):
method _parse_role (line 14) | async def _parse_role(self, raw_role):
FILE: ScoutSuite/providers/aliyun/resources/ram/security_policy.py
class SecurityPolicy (line 5) | class SecurityPolicy(AliyunResources):
method __init__ (line 6) | def __init__(self, facade: AliyunFacade):
method fetch_all (line 9) | async def fetch_all(self):
method _parse_security_policy (line 14) | def _parse_security_policy(self, raw_security_policy):
FILE: ScoutSuite/providers/aliyun/resources/ram/users.py
class Users (line 6) | class Users(AliyunCompositeResources):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_user (line 22) | async def _parse_user(self, raw_user):
FILE: ScoutSuite/providers/aliyun/resources/rds/base.py
class RDS (line 6) | class RDS(Regions):
method __init__ (line 11) | def __init__(self, facade: AliyunFacade):
FILE: ScoutSuite/providers/aliyun/resources/rds/instances.py
class Instances (line 5) | class Instances(AliyunResources):
method __init__ (line 6) | def __init__(self, facade: AliyunFacade, region: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_instance (line 15) | async def _parse_instance(self, raw_instance):
FILE: ScoutSuite/providers/aliyun/resources/regions.py
class Regions (line 7) | class Regions(AliyunCompositeResources, metaclass=abc.ABCMeta):
method __init__ (line 8) | def __init__(self, service: str, facade: AliyunFacade):
method fetch_all (line 12) | async def fetch_all(self, regions=None):
method _set_counts (line 28) | def _set_counts(self):
FILE: ScoutSuite/providers/aliyun/resources/vpc/base.py
class VPC (line 6) | class VPC(Regions):
method __init__ (line 11) | def __init__(self, facade: AliyunFacade):
FILE: ScoutSuite/providers/aliyun/resources/vpc/vpcs.py
class VPCs (line 5) | class VPCs(AliyunResources):
method __init__ (line 6) | def __init__(self, facade: AliyunFacade, region: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_vpcs (line 15) | def _parse_vpcs(self, raw_vpc):
FILE: ScoutSuite/providers/aliyun/services.py
class AliyunServicesConfig (line 13) | class AliyunServicesConfig(BaseServicesConfig):
method __init__ (line 14) | def __init__(self, credentials, **kwargs):
method _is_provider (line 27) | def _is_provider(self, provider_name):
FILE: ScoutSuite/providers/aliyun/utils.py
function get_client (line 7) | def get_client(credentials, region=None):
function get_oss_client (line 17) | def get_oss_client(credentials, region=None):
FILE: ScoutSuite/providers/aws/authentication_strategy.py
class AWSCredentials (line 9) | class AWSCredentials:
method __init__ (line 11) | def __init__(self, session):
class AWSAuthenticationStrategy (line 15) | class AWSAuthenticationStrategy(AuthenticationStrategy):
method authenticate (line 20) | def authenticate(self,
FILE: ScoutSuite/providers/aws/facade/acm.py
class AcmFacade (line 7) | class AcmFacade(AWSBaseFacade):
method get_certificates (line 8) | async def get_certificates(self, region):
method _get_certificate (line 18) | async def _get_certificate(self, cert_arn: str, region: str):
FILE: ScoutSuite/providers/aws/facade/awslambda.py
class LambdaFacade (line 8) | class LambdaFacade(AWSBaseFacade):
method get_functions (line 9) | async def get_functions(self, region):
method get_access_policy (line 16) | async def get_access_policy(self, function_name, region):
method get_role_with_managed_policies (line 28) | async def get_role_with_managed_policies(self, role_name):
method get_env_variables (line 49) | async def get_env_variables(self, function_name, region):
FILE: ScoutSuite/providers/aws/facade/base.py
class AWSFacade (line 66) | class AWSFacade(AWSBaseFacade):
method __init__ (line 67) | def __init__(self, credentials=None):
method build_region_list (line 74) | async def build_region_list(self, service: str, chosen_regions=None, e...
method _instantiate_facades (line 248) | def _instantiate_facades(self):
FILE: ScoutSuite/providers/aws/facade/basefacade.py
class AWSBaseFacade (line 4) | class AWSBaseFacade:
method __init__ (line 5) | def __init__(self, session: boto3.session.Session = None):
FILE: ScoutSuite/providers/aws/facade/cloudformation.py
class CloudFormation (line 10) | class CloudFormation(AWSBaseFacade):
method get_stacks (line 12) | async def get_stacks(self, region: str):
method _get_and_set_description (line 27) | async def _get_and_set_description(self, stack: {}, region: str):
method _get_and_set_template (line 40) | async def _get_and_set_template(self, stack: {}, region: str):
method _get_and_set_policy (line 50) | async def _get_and_set_policy(self, stack: {}, region: str):
method _get_stack_notifications (line 61) | async def _get_stack_notifications(self, stack: {}, region: str):
method _is_stack_deleted (line 73) | def _is_stack_deleted(stack):
FILE: ScoutSuite/providers/aws/facade/cloudfront.py
class CloudFront (line 8) | class CloudFront(AWSBaseFacade):
method get_distributions (line 10) | async def get_distributions(self):
FILE: ScoutSuite/providers/aws/facade/cloudtrail.py
class CloudTrailFacade (line 8) | class CloudTrailFacade(AWSBaseFacade):
method get_trails (line 9) | async def get_trails(self, region):
method _get_and_set_status (line 23) | async def _get_and_set_status(self, trail: {}, region: str):
method _get_and_set_selectors (line 32) | async def _get_and_set_selectors(self, trail: {}, region: str):
FILE: ScoutSuite/providers/aws/facade/cloudwatch.py
class CloudWatch (line 6) | class CloudWatch(AWSBaseFacade):
method get_alarms (line 8) | async def get_alarms(self, region):
method get_metric_filters (line 16) | async def get_metric_filters(self, region):
FILE: ScoutSuite/providers/aws/facade/codebuild.py
class CodeBuild (line 7) | class CodeBuild(AWSBaseFacade):
method get_projects (line 8) | async def get_projects(self, region: str):
method _get_project_details (line 20) | async def _get_project_details(self, project: str, region: str):
FILE: ScoutSuite/providers/aws/facade/config.py
class ConfigFacade (line 7) | class ConfigFacade(AWSBaseFacade):
method get_rules (line 9) | async def get_rules(self, region):
method get_recorders (line 16) | async def get_recorders(self, region: str):
FILE: ScoutSuite/providers/aws/facade/directconnect.py
class DirectConnectFacade (line 7) | class DirectConnectFacade(AWSBaseFacade):
method get_connections (line 8) | async def get_connections(self, region):
FILE: ScoutSuite/providers/aws/facade/dynamodb.py
class DynamoDBFacade (line 7) | class DynamoDBFacade(AWSBaseFacade):
method get_tables (line 10) | async def get_tables(self, region):
method _get_table (line 19) | async def _get_table(self, table_name: str, region: str):
method _get_and_set_backup (line 37) | async def _get_and_set_backup(self, table: {}, region: str):
method _get_and_set_continuous_backups (line 49) | async def _get_and_set_continuous_backups(self, table: {}, region: str):
method _get_and_set_tags (line 62) | async def _get_and_set_tags(self, table: {}, region: str):
FILE: ScoutSuite/providers/aws/facade/ec2.py
class EC2Facade (line 13) | class EC2Facade(AWSBaseFacade):
method __init__ (line 17) | def __init__(self, session: boto3.session.Session, owner_id: str):
method get_instance_user_data (line 22) | async def get_instance_user_data(self, region: str, instance_id: str):
method _decode_user_data (line 40) | async def _decode_user_data(self, user_data):
method get_instances (line 59) | async def get_instances(self, region: str, vpc: str):
method get_security_groups (line 78) | async def get_security_groups(self, region: str, vpc: str):
method get_vpcs (line 87) | async def get_vpcs(self, region: str):
method get_images (line 95) | async def get_images(self, region: str):
method get_network_interfaces (line 104) | async def get_network_interfaces(self, region: str, vpc: str):
method get_volumes (line 113) | async def get_volumes(self, region: str):
method _get_and_set_key_manager (line 122) | async def _get_and_set_key_manager(self, volume: {}, region: str):
method get_snapshots (line 138) | async def get_snapshots(self, region: str):
method _get_and_set_snapshot_attributes (line 152) | async def _get_and_set_snapshot_attributes(self, snapshot: {}, region:...
method get_network_acls (line 164) | async def get_network_acls(self, region: str, vpc: str):
method get_flow_logs (line 173) | async def get_flow_logs(self, region: str):
method cache_flow_logs (line 181) | async def cache_flow_logs(self, region: str):
method get_subnets (line 189) | async def get_subnets(self, region: str, vpc: str):
method _get_and_set_subnet_flow_logs (line 201) | async def _get_and_set_subnet_flow_logs(self, subnet: {}, region: str):
method get_peering_connections (line 207) | async def get_peering_connections(self, region):
method get_route_tables (line 215) | async def get_route_tables(self, region):
method get_ebs_encryption (line 223) | async def get_ebs_encryption(self, region):
method get_ebs_default_encryption_key (line 231) | async def get_ebs_default_encryption_key(self, region):
FILE: ScoutSuite/providers/aws/facade/efs.py
class EFSFacade (line 7) | class EFSFacade(AWSBaseFacade):
method get_file_systems (line 8) | async def get_file_systems(self, region: str):
method _get_and_set_tags (line 22) | async def _get_and_set_tags(self, file_system: {}, region: str):
method _get_and_set_mount_targets (line 30) | async def _get_and_set_mount_targets(self, file_system: {}, region: str):
method _get_and_set_mount_target_security_groups (line 50) | async def _get_and_set_mount_target_security_groups(self, mount_target...
FILE: ScoutSuite/providers/aws/facade/elasticache.py
class ElastiCacheFacade (line 12) | class ElastiCacheFacade(AWSBaseFacade):
method get_clusters (line 18) | async def get_clusters(self, region, vpc):
method cache_clusters (line 22) | async def cache_clusters(self, region):
method _get_and_set_cluster_vpc (line 33) | async def _get_and_set_cluster_vpc(self, cluster: {}, region: str):
method get_security_groups (line 43) | async def get_security_groups(self, region):
method get_subnet_groups (line 58) | async def get_subnet_groups(self, region, vpc):
method cache_subnets (line 62) | async def cache_subnets(self, region):
method get_parameter_groups (line 70) | async def get_parameter_groups(self, region):
FILE: ScoutSuite/providers/aws/facade/elb.py
class ELBFacade (line 11) | class ELBFacade(AWSBaseFacade):
method get_load_balancers (line 16) | async def get_load_balancers(self, region: str, vpc: str):
method cache_load_balancers (line 24) | async def cache_load_balancers(self, region):
method _get_and_set_load_balancer_attributes (line 43) | async def _get_and_set_load_balancer_attributes(self, load_balancer: {...
method _get_and_set_load_balancer_tags (line 53) | async def _get_and_set_load_balancer_tags(self, load_balancer: {}, reg...
method get_policies (line 63) | async def get_policies(self, region: str):
method _get_policies (line 82) | async def _get_policies(self, load_balancer: dict, region: str):
FILE: ScoutSuite/providers/aws/facade/elbv2.py
class ELBv2Facade (line 10) | class ELBv2Facade(AWSBaseFacade):
method get_load_balancers (line 14) | async def get_load_balancers(self, region: str, vpc: str):
method cache_load_balancers (line 22) | async def cache_load_balancers(self, region):
method _get_and_set_load_balancer_attributes (line 41) | async def _get_and_set_load_balancer_attributes(self, load_balancer: d...
method _get_and_set_load_balancer_tags (line 51) | async def _get_and_set_load_balancer_tags(self, load_balancer: dict, r...
method get_listeners (line 64) | async def get_listeners(self, region: str, load_balancer_arn: str):
FILE: ScoutSuite/providers/aws/facade/emr.py
class EMRFacade (line 7) | class EMRFacade(AWSBaseFacade):
method get_clusters (line 8) | async def get_clusters(self, region):
method _get_cluster (line 19) | async def _get_cluster(self, cluster_id: str, region: str):
FILE: ScoutSuite/providers/aws/facade/iam.py
class IAMFacade (line 12) | class IAMFacade(AWSBaseFacade):
method get_credential_reports (line 13) | async def get_credential_reports(self):
method get_groups (line 59) | async def get_groups(self):
method get_policies (line 66) | async def get_policies(self):
method _get_and_set_policy_details (line 72) | async def _get_and_set_policy_details(self, policy):
method get_users (line 100) | async def get_users(self):
method _get_and_set_user_login_profile (line 112) | async def _get_and_set_user_login_profile(self, user: {}):
method _get_and_set_user_groups (line 126) | async def _get_and_set_user_groups(self, user: {}):
method _get_and_set_user_tags (line 131) | async def _get_and_set_user_tags(self, user: {}):
method get_roles (line 135) | async def get_roles(self):
method _get_and_set_role_tags (line 150) | async def _get_and_set_role_tags(self, role: {}):
method _get_and_set_role_profiles (line 154) | async def _get_and_set_role_profiles(self, role: {}):
method get_password_policy (line 167) | async def get_password_policy(self):
method _get_and_set_user_access_keys (line 176) | async def _get_and_set_user_access_keys(self, user: {}):
method _get_and_set_user_mfa_devices (line 184) | async def _get_and_set_user_mfa_devices(self, user: {}):
method get_user_mfa_devices (line 187) | async def get_user_mfa_devices(self, username: str):
method get_virtual_mfa_devices (line 195) | async def get_virtual_mfa_devices(self):
method _get_and_set_group_users (line 204) | async def _get_and_set_group_users(self, group: {}):
method _get_and_set_inline_policies (line 212) | async def _get_and_set_inline_policies(self, resource, iam_resource_ty...
method _normalize_statements (line 250) | def _normalize_statements(self, policy_document):
method _normalize_single_statement (line 262) | def _normalize_single_statement(self, statement):
FILE: ScoutSuite/providers/aws/facade/kms.py
class KMSFacade (line 9) | class KMSFacade(AWSBaseFacade):
method get_keys (line 11) | async def get_keys(self, region: str):
method _get_and_set_key_policy (line 26) | async def _get_and_set_key_policy(self, key: {}, region: str):
method _get_and_set_key_metadata (line 36) | async def _get_and_set_key_metadata(self, key: {}, region: str):
method _get_and_set_key_aliases (line 43) | async def _get_and_set_key_aliases(self, key: {}, region: str):
method get_grants (line 53) | async def get_grants(self, region: str, key_id: str):
method get_key_rotation_status (line 61) | async def get_key_rotation_status(self, region: str, key_id: str):
FILE: ScoutSuite/providers/aws/facade/rds.py
class RDSFacade (line 12) | class RDSFacade(AWSBaseFacade):
method get_instances (line 20) | async def get_instances(self, region: str, vpc: str):
method _cache_instances (line 28) | async def _cache_instances(self, region: str):
method _get_and_set_instance_tags (line 46) | async def _get_and_set_instance_tags(self, instance: {}, region: str):
method _get_and_set_instance_clusters (line 63) | async def _get_and_set_instance_clusters(self, instance: {}, region: s...
method get_snapshots (line 75) | async def get_snapshots(self, region: str, vpc: str):
method _cache_snapshots (line 83) | async def _cache_snapshots(self, region: str):
method _get_and_set_snapshot_attributes (line 110) | async def _get_and_set_snapshot_attributes(self, snapshot: {}, region:...
method _get_and_set_cluster_snapshot_attributes (line 125) | async def _get_and_set_cluster_snapshot_attributes(self, snapshot: {},...
method get_subnet_groups (line 137) | async def get_subnet_groups(self, region: str, vpc: str):
method _cache_subnet_groups (line 145) | async def _cache_subnet_groups(self, region: str):
method get_parameter_groups (line 153) | async def get_parameter_groups(self, region: str):
method _get_and_set_db_parameters (line 165) | async def _get_and_set_db_parameters(self, parameter_group: {}, region...
method get_security_groups (line 180) | async def get_security_groups(self, region: str) :
FILE: ScoutSuite/providers/aws/facade/redshift.py
class RedshiftFacade (line 11) | class RedshiftFacade(AWSBaseFacade):
method get_clusters (line 15) | async def get_clusters(self, region: str, vpc: str):
method cache_clusters (line 24) | async def cache_clusters(self, region):
method get_cluster_parameter_groups (line 36) | async def get_cluster_parameter_groups(self, region: str):
method get_cluster_security_groups (line 44) | async def get_cluster_security_groups(self, region: str):
method get_cluster_parameters (line 54) | async def get_cluster_parameters(self, region: str, parameter_group: s...
FILE: ScoutSuite/providers/aws/facade/route53.py
class Route53Facade (line 6) | class Route53Facade(AWSBaseFacade):
method get_domains (line 7) | async def get_domains(self, region):
method get_hosted_zones (line 15) | async def get_hosted_zones(self):
method get_resource_records (line 22) | async def get_resource_records(self, hosted_zone_id):
FILE: ScoutSuite/providers/aws/facade/s3.py
class S3Facade (line 11) | class S3Facade(AWSBaseFacade):
method get_buckets (line 12) | async def get_buckets(self):
method _get_and_set_s3_bucket_location (line 61) | async def _get_and_set_s3_bucket_location(self, bucket: {}, region=None):
method _get_and_set_s3_bucket_logging (line 83) | async def _get_and_set_s3_bucket_logging(self, bucket: {}):
method _get_and_set_s3_bucket_versioning (line 100) | async def _get_and_set_s3_bucket_versioning(self, bucket: {}):
method _get_and_set_s3_bucket_webhosting (line 114) | async def _get_and_set_s3_bucket_webhosting(self, bucket: {}):
method _get_and_set_s3_bucket_default_encryption (line 128) | async def _get_and_set_s3_bucket_default_encryption(self, bucket: {}):
method _get_and_set_s3_acls (line 160) | async def _get_and_set_s3_acls(self, bucket: {}, key_name=None):
method _get_and_set_s3_bucket_policy (line 194) | async def _get_and_set_s3_bucket_policy(self, bucket: {}):
method _get_and_set_s3_bucket_tags (line 212) | async def _get_and_set_s3_bucket_tags(self, bucket: {}):
method _get_and_set_s3_bucket_block_public_access (line 230) | async def _get_and_set_s3_bucket_block_public_access(self, bucket: {}):
method _get_and_set_s3_bucket_creationdate (line 244) | def _get_and_set_s3_bucket_creationdate(self, buckets):
method _set_s3_bucket_secure_transport (line 261) | def _set_s3_bucket_secure_transport(self, bucket: {}):
method get_s3_public_access_block (line 295) | def get_s3_public_access_block(self, account_id):
method _init_s3_permissions (line 321) | def _init_s3_permissions():
method _set_s3_permissions (line 326) | def _set_s3_permissions(permissions: str, name: str):
method _s3_group_to_string (line 337) | def _s3_group_to_string(uri: str):
method _status_to_bool (line 348) | def _status_to_bool(value: str):
FILE: ScoutSuite/providers/aws/facade/secretsmanager.py
class SecretsManagerFacade (line 9) | class SecretsManagerFacade(AWSBaseFacade):
method get_secrets (line 10) | async def get_secrets(self, region):
method _describe_secrets (line 29) | async def _describe_secrets(self, secret: str, region: str):
method _get_and_set_secret_policy (line 41) | async def _get_and_set_secret_policy(self, secret: {}, region: str):
FILE: ScoutSuite/providers/aws/facade/ses.py
class SESFacade (line 8) | class SESFacade(AWSBaseFacade):
method get_identities (line 9) | async def get_identities(self, region: str):
method _get_identity_dkim_attributes (line 19) | async def _get_identity_dkim_attributes(self, identity_name: str, regi...
method get_identity_policies (line 31) | async def get_identity_policies(self, region: str, identity_name: str):
FILE: ScoutSuite/providers/aws/facade/sns.py
class SNSFacade (line 9) | class SNSFacade(AWSBaseFacade):
method get_topics (line 13) | async def get_topics(self, region: str):
method _get_and_set_topic_attributes (line 23) | async def _get_and_set_topic_attributes(self, topic: {}, region: str):
method get_subscriptions (line 35) | async def get_subscriptions(self, region: str, topic_name: str):
method cache_subscriptions (line 40) | async def cache_subscriptions(self, region: str):
FILE: ScoutSuite/providers/aws/facade/sqs.py
class SQSFacade (line 7) | class SQSFacade(AWSBaseFacade):
method get_queues (line 8) | async def get_queues(self, region: str, attribute_names: []):
method _get_queue_attributes (line 23) | async def _get_queue_attributes(self, queue_url: str, region: str, att...
FILE: ScoutSuite/providers/aws/facade/utils.py
class AWSFacadeUtils (line 8) | class AWSFacadeUtils:
method get_all_pages (line 12) | async def get_all_pages(service: str, region: str, session: boto3.sess...
method get_multiple_entities_from_all_pages (line 35) | async def get_multiple_entities_from_all_pages(service: str, region: s...
method _get_all_pages_from_paginator (line 69) | def _get_all_pages_from_paginator(paginator, entities: list):
method get_client (line 80) | def get_client(service: str, session: boto3.session.Session, region: s...
FILE: ScoutSuite/providers/aws/provider.py
class AWSProvider (line 13) | class AWSProvider(BaseProvider):
method __init__ (line 18) | def __init__(self, profile='default', report_dir=None, timestamp=None,...
method get_report_name (line 45) | def get_report_name(self):
method preprocessing (line 56) | def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):
method _add_cidr_display_name (line 109) | def _add_cidr_display_name(self, ip_ranges, ip_ranges_name_key):
method _add_security_group_name_to_ec2_grants (line 119) | def _add_security_group_name_to_ec2_grants(self):
method _add_security_group_data_to_elbv2 (line 129) | def _add_security_group_data_to_elbv2(self):
method _check_ec2_zone_distribution (line 163) | def _check_ec2_zone_distribution(self):
method _add_last_snapshot_date_to_ec2_volumes (line 174) | def _add_last_snapshot_date_to_ec2_volumes(self):
method add_security_group_name_to_ec2_grants_callback (line 184) | def add_security_group_name_to_ec2_grants_callback(self, current_confi...
method process_network_acls_callback (line 207) | def process_network_acls_callback(self, current_config, path, current_...
method _process_network_acls_check_for_allow_all (line 220) | def _process_network_acls_check_for_allow_all(network_acl, direction):
method _process_network_acls_check_for_aws_default (line 233) | def _process_network_acls_check_for_aws_default(network_acl, direction):
method list_ec2_network_attack_surface_callback (line 242) | def list_ec2_network_attack_surface_callback(self, current_config, pat...
method _complete_information_on_ec2_attack_surface (line 265) | def _complete_information_on_ec2_attack_surface(self, current_config, ...
method _map_all_sgs (line 279) | def _map_all_sgs(self):
method _map_all_subnets (line 288) | def _map_all_subnets(self):
method map_resource (line 298) | def map_resource(current_config, path, current_path, resource_id, call...
method _match_iam_policies_and_buckets (line 304) | def _match_iam_policies_and_buckets(self):
method _update_bucket_permissions (line 346) | def _update_bucket_permissions(self, s3_info, iam_info, action, iam_en...
method _update_iam_permissions (line 380) | def _update_iam_permissions(self, s3_info, bucket_name, iam_entity, al...
method match_network_acls_and_subnets_callback (line 408) | def match_network_acls_and_subnets_callback(self, current_config, path...
method _match_instances_and_subnets (line 415) | def _match_instances_and_subnets(self):
method _get_ec2_instances_details (line 423) | def _get_ec2_instances_details(self, details=None):
method _match_instances_and_vpcs (line 446) | def _match_instances_and_vpcs(self):
method _match_instances_and_roles (line 454) | def _match_instances_and_roles(self):
method _match_lambdas_and_roles (line 478) | def _match_lambdas_and_roles(self):
method process_vpc_peering_connections_callback (line 497) | def process_vpc_peering_connections_callback(self, current_config, pat...
method match_roles_and_cloudformation_stacks_callback (line 525) | def match_roles_and_cloudformation_stacks_callback(self,
method match_roles_and_vpc_flowlogs_callback (line 535) | def match_roles_and_vpc_flowlogs_callback(self, current_config, path, ...
method _get_role_info (line 542) | def _get_role_info(self, attribute_name, attribute_value):
method match_security_groups_and_resources_callback (line 554) | def match_security_groups_and_resources_callback(self, current_config,...
method _set_emr_vpc_ids (line 633) | def _set_emr_vpc_ids(self):
method set_emr_vpc_ids_callback (line 643) | def set_emr_vpc_ids_callback(self, current_config, path, current_path,...
method sort_vpc_flow_logs_callback (line 681) | def sort_vpc_flow_logs_callback(self, current_config, path, current_pa...
method get_db_attack_surface (line 713) | def get_db_attack_surface(self, current_config, path, current_path, db...
method get_lb_attack_surface (line 738) | def get_lb_attack_surface(self, current_config, path, current_path, el...
method _security_group_to_attack_surface (line 779) | def _security_group_to_attack_surface(self, attack_surface_config, pub...
method _parse_elb_policies (line 839) | def _parse_elb_policies(self):
method parse_elb_policies_callback (line 846) | def parse_elb_policies_callback(self, current_config, path, current_pa...
method _update_sg_usage_codebuild (line 871) | def _update_sg_usage_codebuild(self):
FILE: ScoutSuite/providers/aws/resources/acm/base.py
class Certificates (line 7) | class Certificates(Regions):
method __init__ (line 12) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/acm/certificates.py
class Certificates (line 7) | class Certificates(AWSResources):
method __init__ (line 8) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_certificate (line 18) | def _parse_certificate(self, raw_certificate):
FILE: ScoutSuite/providers/aws/resources/awslambda/base.py
class Lambdas (line 7) | class Lambdas(Regions):
method __init__ (line 12) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/awslambda/functions.py
class Functions (line 6) | class Functions(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_function (line 17) | async def _parse_function(self, raw_function):
method _add_role_information (line 40) | async def _add_role_information(self, function_dict, role_id):
method _add_access_policy_information (line 52) | async def _add_access_policy_information(self, function_dict):
method _add_env_variables (line 63) | async def _add_env_variables(self, function_dict):
FILE: ScoutSuite/providers/aws/resources/base.py
class AWSResources (line 8) | class AWSResources(Resources, metaclass=abc.ABCMeta):
class AWSCompositeResources (line 14) | class AWSCompositeResources(AWSResources, CompositeResources, metaclass=...
FILE: ScoutSuite/providers/aws/resources/cloudformation/base.py
class CloudFormation (line 6) | class CloudFormation(Regions):
method __init__ (line 11) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/cloudformation/stacks.py
class Stacks (line 8) | class Stacks(AWSResources):
method __init__ (line 9) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 13) | async def fetch_all(self):
method _parse_stack (line 19) | def _parse_stack(self, raw_stack):
method has_deletion_policy (line 39) | def has_deletion_policy(template):
FILE: ScoutSuite/providers/aws/resources/cloudfront/base.py
class CloudFront (line 8) | class CloudFront(AWSCompositeResources):
method __init__ (line 13) | def __init__(self, facade: AWSFacade):
method fetch_all (line 17) | async def fetch_all(self, partition_name='aws', **kwargs):
FILE: ScoutSuite/providers/aws/resources/cloudfront/distributions.py
class Distributions (line 6) | class Distributions(AWSResources):
method fetch_all (line 7) | async def fetch_all(self):
method _parse_distributions (line 13) | def _parse_distributions(self, raw_distribution):
FILE: ScoutSuite/providers/aws/resources/cloudtrail/base.py
class CloudTrail (line 7) | class CloudTrail(Regions):
method __init__ (line 12) | def __init__(self, facade: AWSFacade):
method finalize (line 15) | async def finalize(self):
FILE: ScoutSuite/providers/aws/resources/cloudtrail/trails.py
class Trails (line 8) | class Trails(AWSResources):
method __init__ (line 9) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 13) | async def fetch_all(self):
method _parse_trail (line 19) | def _parse_trail(self, raw_trail):
method data_logging_status (line 56) | def data_logging_status(self, trail):
method is_fresh (line 67) | def is_fresh(trail_details):
FILE: ScoutSuite/providers/aws/resources/cloudwatch/alarms.py
class Alarms (line 6) | class Alarms(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_alarm (line 17) | def _parse_alarm(self, raw_alarm):
FILE: ScoutSuite/providers/aws/resources/cloudwatch/base.py
class CloudWatch (line 8) | class CloudWatch(Regions):
method __init__ (line 14) | def __init__(self, facade: AWSFacade):
method finalize (line 17) | async def finalize(self):
FILE: ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py
class MetricFilters (line 7) | class MetricFilters(AWSResources):
method __init__ (line 8) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 15) | async def fetch_all(self):
method _parse_metric_filter (line 20) | def _parse_metric_filter(self, raw_metric_filter):
FILE: ScoutSuite/providers/aws/resources/codebuild/base.py
class CodeBuild (line 7) | class CodeBuild(Regions):
method __init__ (line 12) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/codebuild/build_projects.py
class BuildProjects (line 6) | class BuildProjects(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_build_projects (line 18) | def _parse_build_projects(self, raw_build_project):
FILE: ScoutSuite/providers/aws/resources/config/base.py
class Config (line 7) | class Config(Regions):
method __init__ (line 13) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/config/recorders.py
class Recorders (line 6) | class Recorders(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_recorder (line 17) | def _parse_recorder(self, raw_recorder):
FILE: ScoutSuite/providers/aws/resources/config/rules.py
class Rules (line 6) | class Rules(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_rule (line 17) | def _parse_rule(self, raw_rule):
FILE: ScoutSuite/providers/aws/resources/directconnect/base.py
class DirectConnect (line 7) | class DirectConnect(Regions):
method __init__ (line 12) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/directconnect/connections.py
class Connections (line 6) | class Connections(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 14) | async def fetch_all(self):
method _parse_connection (line 20) | def _parse_connection(self, raw_connection):
FILE: ScoutSuite/providers/aws/resources/dynamodb/base.py
class DynamoDB (line 6) | class DynamoDB(Regions):
method __init__ (line 11) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/dynamodb/tables.py
class Tables (line 5) | class Tables(AWSResources):
method __init__ (line 6) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_table (line 16) | def _parse_table(self, raw_table):
FILE: ScoutSuite/providers/aws/resources/ec2/ami.py
class AmazonMachineImages (line 6) | class AmazonMachineImages(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 14) | async def fetch_all(self):
method _parse_image (line 20) | def _parse_image(self, raw_image):
FILE: ScoutSuite/providers/aws/resources/ec2/base.py
class EC2 (line 9) | class EC2(Regions):
method __init__ (line 18) | def __init__(self, facade):
method fetch_all (line 21) | async def fetch_all(self, regions=None, excluded_regions=None, partiti...
FILE: ScoutSuite/providers/aws/resources/ec2/instances.py
class EC2Instances (line 8) | class EC2Instances(AWSResources):
method __init__ (line 9) | def __init__(self, facade: AWSFacade, region: str, vpc: str):
method fetch_all (line 17) | async def fetch_all(self):
method _parse_instance (line 23) | async def _parse_instance(self, raw_instance):
method _identify_user_data_secrets (line 58) | def _identify_user_data_secrets(user_data):
FILE: ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py
class NetworkInterfaces (line 6) | class NetworkInterfaces(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str, vpc: str):
method fetch_all (line 15) | async def fetch_all(self):
method _parse_network_interface (line 21) | def _parse_network_interface(self, raw_network_interface):
FILE: ScoutSuite/providers/aws/resources/ec2/regional_settings.py
class RegionalSettings (line 6) | class RegionalSettings(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 14) | async def fetch_all(self):
FILE: ScoutSuite/providers/aws/resources/ec2/securitygroups.py
class SecurityGroups (line 8) | class SecurityGroups(AWSResources):
method __init__ (line 11) | def __init__(self, facade: AWSFacade, region: str, vpc: str):
method fetch_all (line 19) | async def fetch_all(self):
method _parse_security_group (line 25) | def _parse_security_group(self, raw_security_group):
method _has_default_egress_rule (line 53) | def _has_default_egress_rule(self, rule_list):
method _has_default_ingress_rule (line 61) | def _has_default_ingress_rule(self, rule_list, group_id):
method _parse_security_group_rules (line 69) | def _parse_security_group_rules(self, rules):
FILE: ScoutSuite/providers/aws/resources/ec2/snapshots.py
class Snapshots (line 6) | class Snapshots(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 14) | async def fetch_all(self):
method _parse_snapshot (line 20) | def _parse_snapshot(self, raw_snapshot):
method _is_public (line 39) | def _is_public(snapshot):
FILE: ScoutSuite/providers/aws/resources/ec2/volumes.py
class Volumes (line 6) | class Volumes(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 14) | async def fetch_all(self):
method _parse_volume (line 20) | def _parse_volume(self, raw_volume):
FILE: ScoutSuite/providers/aws/resources/ec2/vpcs.py
class Ec2Vpcs (line 7) | class Ec2Vpcs(Vpcs):
FILE: ScoutSuite/providers/aws/resources/efs/base.py
class EFS (line 7) | class EFS(Regions):
method __init__ (line 12) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/efs/filesystems.py
class FileSystems (line 6) | class FileSystems(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 14) | async def fetch_all(self):
method _parse_file_system (line 20) | def _parse_file_system(self, raw_file_system):
FILE: ScoutSuite/providers/aws/resources/elasticache/base.py
class ElastiCache (line 8) | class ElastiCache(Regions):
method __init__ (line 15) | def __init__(self, facade: AWSFacade):
method fetch_all (line 18) | async def fetch_all(self, regions=None, excluded_regions=None, partiti...
FILE: ScoutSuite/providers/aws/resources/elasticache/cluster.py
class Clusters (line 6) | class Clusters(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str, vpc: str):
method fetch_all (line 15) | async def fetch_all(self):
method _parse_cluster (line 21) | def _parse_cluster(self, raw_cluster):
FILE: ScoutSuite/providers/aws/resources/elasticache/parametergroups.py
class ParameterGroups (line 6) | class ParameterGroups(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_parameter_group (line 17) | def _parse_parameter_group(self, raw_parameter_group):
FILE: ScoutSuite/providers/aws/resources/elasticache/securitygroups.py
class SecurityGroups (line 6) | class SecurityGroups(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_security_group (line 18) | def _parse_security_group(self, raw_security_group):
FILE: ScoutSuite/providers/aws/resources/elasticache/subnetgroups.py
class SubnetGroups (line 6) | class SubnetGroups(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str, vpc: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_subnet_group (line 18) | def _parse_subnet_group(self, raw_subnet_group):
FILE: ScoutSuite/providers/aws/resources/elasticache/vpcs.py
class ElastiCacheVpcs (line 6) | class ElastiCacheVpcs(Vpcs):
FILE: ScoutSuite/providers/aws/resources/elb/base.py
class ELB (line 8) | class ELB(Regions):
method __init__ (line 14) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/elb/load_balancers.py
class LoadBalancers (line 7) | class LoadBalancers(AWSResources):
method __init__ (line 8) | def __init__(self, facade: AWSFacade, region: str, vpc: str):
method fetch_all (line 16) | async def fetch_all(self):
method _parse_load_balancer (line 22) | def _parse_load_balancer(self, raw_load_balancer):
FILE: ScoutSuite/providers/aws/resources/elb/policies.py
class Policies (line 7) | class Policies(AWSResources):
method __init__ (line 8) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 15) | async def fetch_all(self):
method _parse_policy (line 21) | def _parse_policy(self, raw_policy):
FILE: ScoutSuite/providers/aws/resources/elb/vpcs.py
class ELBVpcs (line 5) | class ELBVpcs(Vpcs):
FILE: ScoutSuite/providers/aws/resources/elbv2/base.py
class ELBv2 (line 7) | class ELBv2(Regions):
method __init__ (line 12) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/elbv2/listeners.py
class Listeners (line 5) | class Listeners(AWSResources):
method __init__ (line 6) | def __init__(self, facade: AWSFacade, region: str, load_balancer_arn: ...
method fetch_all (line 11) | async def fetch_all(self):
method _parse_listener (line 17) | def _parse_listener(self, raw_listener):
FILE: ScoutSuite/providers/aws/resources/elbv2/load_balancers.py
class LoadBalancers (line 7) | class LoadBalancers(AWSCompositeResources):
method __init__ (line 12) | def __init__(self, facade: AWSFacade, region: str, vpc: str):
method fetch_all (line 17) | async def fetch_all(self):
method _parse_load_balancer (line 35) | def _parse_load_balancer(self, load_balancer):
FILE: ScoutSuite/providers/aws/resources/elbv2/vpcs.py
class ELBv2Vpcs (line 5) | class ELBv2Vpcs(Vpcs):
FILE: ScoutSuite/providers/aws/resources/emr/base.py
class EMR (line 7) | class EMR(Regions):
method __init__ (line 12) | def __init__(self, facade: AWSFacade):
method fetch_all (line 15) | async def fetch_all(self, regions=None, excluded_regions=None, partiti...
FILE: ScoutSuite/providers/aws/resources/emr/clusters.py
class EMRClusters (line 5) | class EMRClusters(AWSResources):
method __init__ (line 6) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_cluster (line 16) | def _parse_cluster(self, raw_cluster):
FILE: ScoutSuite/providers/aws/resources/emr/vpcs.py
class EMRVpcs (line 7) | class EMRVpcs(AWSCompositeResources):
method __init__ (line 12) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 17) | async def fetch_all(self):
FILE: ScoutSuite/providers/aws/resources/iam/base.py
class IAM (line 12) | class IAM(AWSCompositeResources):
method __init__ (line 22) | def __init__(self, facade: AWSFacade):
method fetch_all (line 26) | async def fetch_all(self, partition_name='aws', **kwargs):
method finalize (line 32) | async def finalize(self):
method _parse_inline_policies_permissions (line 64) | def _parse_inline_policies_permissions(self, resource_type):
method _get_id_for_resource (line 75) | def _get_id_for_resource(self, iam_resource_type, resource_name):
method _parse_permissions (line 80) | def _parse_permissions(self, policy_name, policy_document, policy_type...
method _parse_statement (line 88) | def _parse_statement(self, policy_name, statement, policy_type, iam_re...
method _parse_actions (line 108) | def _parse_actions(self, effect, action_string, actions, resource_stri...
method _parse_action (line 121) | def _parse_action(self, effect, action_string, action, resource_string...
method _parse_resource (line 127) | def _parse_resource(self, effect, action_string, action, resource_stri...
FILE: ScoutSuite/providers/aws/resources/iam/credentialreports.py
class CredentialReports (line 6) | class CredentialReports(AWSResources):
method fetch_all (line 7) | async def fetch_all(self):
method _parse_credential_reports (line 13) | async def _parse_credential_reports(self, raw_credential_report):
method _user_has_hardware_mfa_devices (line 44) | async def _user_has_hardware_mfa_devices(self, username):
method _sanitize_date (line 75) | def _sanitize_date(date):
method _compute_last_used (line 82) | def _compute_last_used(credential_report):
FILE: ScoutSuite/providers/aws/resources/iam/groups.py
class Groups (line 4) | class Groups(AWSResources):
method fetch_all (line 5) | async def fetch_all(self):
method _parse_group (line 11) | def _parse_group(self, raw_group):
FILE: ScoutSuite/providers/aws/resources/iam/passwordpolicy.py
class PasswordPolicy (line 4) | class PasswordPolicy(AWSResources):
method fetch_all (line 5) | async def fetch_all(self):
method _parse_password_policy (line 10) | def _parse_password_policy(self, raw_password_policy):
FILE: ScoutSuite/providers/aws/resources/iam/policies.py
class Policies (line 4) | class Policies(AWSResources):
method fetch_all (line 5) | async def fetch_all(self):
method _parse_policy (line 11) | def _parse_policy(self, raw_policy):
FILE: ScoutSuite/providers/aws/resources/iam/roles.py
class Roles (line 4) | class Roles(AWSResources):
method fetch_all (line 5) | async def fetch_all(self):
method _parse_role (line 11) | def _parse_role(self, raw_role):
FILE: ScoutSuite/providers/aws/resources/iam/users.py
class Users (line 4) | class Users(AWSResources):
method fetch_all (line 5) | async def fetch_all(self):
method _parse_user (line 15) | def _parse_user(self, raw_user):
FILE: ScoutSuite/providers/aws/resources/kms/base.py
class KMS (line 7) | class KMS(Regions):
method __init__ (line 12) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/kms/grants.py
class Grants (line 6) | class Grants(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str, key_id: str):
method fetch_all (line 15) | async def fetch_all(self):
method _parse_grant (line 21) | def _parse_grant(self, raw_grant):
FILE: ScoutSuite/providers/aws/resources/kms/keys.py
class Keys (line 7) | class Keys(AWSCompositeResources):
method __init__ (line 12) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 16) | async def fetch_all(self):
method _parse_key (line 28) | async def _parse_key(self, raw_key):
method _parse_alias (line 66) | def _parse_alias(self, raw_alias):
FILE: ScoutSuite/providers/aws/resources/rds/base.py
class RDS (line 8) | class RDS(Regions):
method __init__ (line 15) | def __init__(self, facade: AWSFacade):
method fetch_all (line 18) | async def fetch_all(self, regions=None, excluded_regions=None, partiti...
FILE: ScoutSuite/providers/aws/resources/rds/instances.py
class RDSInstances (line 6) | class RDSInstances(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str, vpc: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_instance (line 18) | def _parse_instance(self, raw_instance):
method _is_read_replica (line 32) | def _is_read_replica(instance):
FILE: ScoutSuite/providers/aws/resources/rds/parametergroups.py
class ParameterGroups (line 6) | class ParameterGroups(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_parameter_group (line 17) | def _parse_parameter_group(self, raw_parameter_group):
FILE: ScoutSuite/providers/aws/resources/rds/securitygroups.py
class SecurityGroups (line 6) | class SecurityGroups(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_security_group (line 17) | def _parse_security_group(self, raw_security_group):
FILE: ScoutSuite/providers/aws/resources/rds/snapshots.py
class Snapshots (line 5) | class Snapshots(AWSResources):
method __init__ (line 6) | def __init__(self, facade: AWSFacade, region: str, vpc: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_snapshot (line 17) | def _parse_snapshot(self, raw_snapshot):
FILE: ScoutSuite/providers/aws/resources/rds/subnetgroups.py
class SubnetGroups (line 6) | class SubnetGroups(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str, vpc: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_subnet_group (line 18) | def _parse_subnet_group(self, raw_subnet_group):
FILE: ScoutSuite/providers/aws/resources/rds/vpcs.py
class RDSVpcs (line 7) | class RDSVpcs(Vpcs):
FILE: ScoutSuite/providers/aws/resources/redshift/base.py
class Redshift (line 9) | class Redshift(Regions):
method __init__ (line 16) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py
class ClusterParameterGroups (line 9) | class ClusterParameterGroups(AWSCompositeResources):
method __init__ (line 14) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 21) | async def fetch_all(self):
method _parse_parameter_group (line 34) | def _parse_parameter_group(self, raw_parameter_group):
method _is_default (line 45) | def _is_default(self, raw_parameter_group):
FILE: ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py
class ClusterParameters (line 6) | class ClusterParameters(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str, parameter_group_nam...
method fetch_all (line 15) | async def fetch_all(self):
method _parse_parameter (line 22) | def _parse_parameter(self, raw_parameter):
FILE: ScoutSuite/providers/aws/resources/redshift/cluster_security_groups.py
class ClusterSecurityGroups (line 5) | class ClusterSecurityGroups(AWSResources):
method __init__ (line 6) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_security_group (line 16) | def _parse_security_group(self, raw_security_group):
FILE: ScoutSuite/providers/aws/resources/redshift/clusters.py
class Clusters (line 6) | class Clusters(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str, vpc: str):
method fetch_all (line 15) | async def fetch_all(self):
method _parse_cluster (line 21) | def _parse_cluster(self, raw_cluster):
FILE: ScoutSuite/providers/aws/resources/redshift/vpcs.py
class RedshiftVpcs (line 6) | class RedshiftVpcs(Vpcs):
FILE: ScoutSuite/providers/aws/resources/regions.py
class Regions (line 7) | class Regions(AWSCompositeResources, metaclass=abc.ABCMeta):
method __init__ (line 8) | def __init__(self, service: str, facade: AWSFacade):
method fetch_all (line 12) | async def fetch_all(self, regions=None, excluded_regions=None, partiti...
method _set_counts (line 28) | def _set_counts(self):
FILE: ScoutSuite/providers/aws/resources/route53/base.py
class Route53 (line 8) | class Route53(Regions):
method __init__ (line 14) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/route53/domains.py
class Domains (line 7) | class Domains(AWSResources):
method __init__ (line 8) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 15) | async def fetch_all(self):
method _parse_domain (line 21) | def _parse_domain(self, raw_domain):
FILE: ScoutSuite/providers/aws/resources/route53/hosted_zones.py
class HostedZones (line 6) | class HostedZones(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 14) | async def fetch_all(self):
method _parse_hosted_zone (line 20) | async def _parse_hosted_zone(self, raw_hosted_zone):
FILE: ScoutSuite/providers/aws/resources/s3/base.py
class S3 (line 6) | class S3(AWSCompositeResources):
method __init__ (line 11) | def __init__(self, facade: AWSFacade):
method fetch_all (line 15) | async def fetch_all(self, partition_name='aws', **kwargs):
method finalize (line 21) | async def finalize(self):
FILE: ScoutSuite/providers/aws/resources/s3/buckets.py
class Buckets (line 6) | class Buckets(AWSResources):
method fetch_all (line 7) | async def fetch_all(self):
method _parse_bucket (line 16) | def _parse_bucket(self, raw_bucket):
FILE: ScoutSuite/providers/aws/resources/secretsmanager/base.py
class SecretsManager (line 7) | class SecretsManager(Regions):
method __init__ (line 12) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/secretsmanager/secrets.py
class Secrets (line 6) | class Secrets(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_secret (line 16) | def _parse_secret(self, raw_secret):
FILE: ScoutSuite/providers/aws/resources/ses/base.py
class SES (line 7) | class SES(Regions):
method __init__ (line 12) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/ses/identities.py
class Identities (line 9) | class Identities(AWSCompositeResources):
method __init__ (line 14) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 21) | async def fetch_all(self):
method _parse_identity (line 33) | def _parse_identity(self, raw_identity):
FILE: ScoutSuite/providers/aws/resources/ses/identity_policies.py
class IdentityPolicies (line 8) | class IdentityPolicies(AWSResources):
method __init__ (line 10) | def __init__(self, facade: AWSFacade, region: str, identity_name: str):
method fetch_all (line 18) | async def fetch_all(self):
FILE: ScoutSuite/providers/aws/resources/sns/base.py
class SNS (line 7) | class SNS(Regions):
method __init__ (line 12) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/sns/subscriptions.py
class Subscriptions (line 5) | class Subscriptions(AWSResources):
method __init__ (line 6) | def __init__(self, facade: AWSFacade, region: str, topic_name: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_subscription (line 23) | def _parse_subscription(self, raw_subscription):
FILE: ScoutSuite/providers/aws/resources/sns/topics.py
class Topics (line 10) | class Topics(AWSCompositeResources):
method __init__ (line 15) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 19) | async def fetch_all(self):
method _parse_topic (line 35) | def _parse_topic(self, raw_topic):
FILE: ScoutSuite/providers/aws/resources/sqs/base.py
class SQS (line 7) | class SQS(Regions):
method __init__ (line 12) | def __init__(self, facade: AWSFacade):
FILE: ScoutSuite/providers/aws/resources/sqs/queues.py
class Queues (line 8) | class Queues(AWSResources):
method __init__ (line 9) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 13) | async def fetch_all(self):
method _parse_queue (line 20) | def _parse_queue(self, queue_url, queue_attributes):
FILE: ScoutSuite/providers/aws/resources/vpc/base.py
class VPC (line 15) | class VPC(Regions):
method __init__ (line 22) | def __init__(self, facade: AWSFacade):
function put_cidr_name (line 30) | def put_cidr_name(current_config, path, current_path, resource_id, callb...
function get_cidr_name (line 48) | def get_cidr_name(cidr, ip_ranges_files, ip_ranges_name_key):
FILE: ScoutSuite/providers/aws/resources/vpc/flow_logs.py
class FlowLogs (line 6) | class FlowLogs(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 15) | async def fetch_all(self):
method _parse_log (line 22) | def _parse_log(self, raw_flow_log):
FILE: ScoutSuite/providers/aws/resources/vpc/network_acls.py
class NetworkACLs (line 9) | class NetworkACLs(AWSResources):
method __init__ (line 10) | def __init__(self, facade: AWSFacade, region: str, vpc: str):
method fetch_all (line 19) | async def fetch_all(self):
method _parse_network_acl (line 25) | def _parse_network_acl(self, raw_network_acl):
method _parse_network_acl_entries (line 36) | def _parse_network_acl_entries(entries, egress):
FILE: ScoutSuite/providers/aws/resources/vpc/peering_connections.py
class PeeringConnections (line 6) | class PeeringConnections(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str):
method fetch_all (line 15) | async def fetch_all(self):
method _parse_peering_connections (line 22) | def _parse_peering_connections(self, raw_peering_connection):
FILE: ScoutSuite/providers/aws/resources/vpc/subnets.py
class Subnets (line 6) | class Subnets(AWSResources):
method __init__ (line 7) | def __init__(self, facade: AWSFacade, region: str, vpc: str):
method fetch_all (line 13) | async def fetch_all(self):
method _parse_subnet (line 19) | def _parse_subnet(self, raw_subnet):
FILE: ScoutSuite/providers/aws/resources/vpc/vpcs.py
class RegionalVpcs (line 7) | class RegionalVpcs(Vpcs):
FILE: ScoutSuite/providers/aws/resources/vpcs.py
class Vpcs (line 4) | class Vpcs(AWSCompositeResources):
method __init__ (line 10) | def __init__(self, facade, region: str, add_ec2_classic=False):
method fetch_all (line 18) | async def fetch_all(self):
method _parse_vpc (line 31) | def _parse_vpc(self, raw_vpc):
FILE: ScoutSuite/providers/aws/services.py
class AWSServicesConfig (line 62) | class AWSServicesConfig(BaseServicesConfig):
method __init__ (line 86) | def __init__(self, credentials=None, **kwargs):
method _is_provider (line 150) | def _is_provider(self, provider_name):
FILE: ScoutSuite/providers/aws/utils.py
function get_caller_identity (line 8) | def get_caller_identity(session):
function get_aws_account_id (line 14) | def get_aws_account_id(session):
function get_partition_name (line 20) | def get_partition_name(session):
function is_throttled (line 26) | def is_throttled(exception):
function get_keys (line 64) | def get_keys(src, dst, keys):
function get_name (line 77) | def get_name(src, dst, default_attribute):
function no_camel (line 97) | def no_camel(name):
function snake_keys (line 108) | def snake_keys(d):
function format_arn (line 135) | def format_arn(partition, service, region, account_id, resource_id, reso...
FILE: ScoutSuite/providers/azure/authentication_strategy.py
class AzureCredentials (line 16) | class AzureCredentials:
method __init__ (line 18) | def __init__(self,
method get_tenant_id (line 28) | def get_tenant_id(self):
method get_credentials (line 46) | def get_credentials(self):
class AzureAuthenticationStrategy (line 50) | class AzureAuthenticationStrategy(AuthenticationStrategy):
method authenticate (line 52) | def authenticate(self,
FILE: ScoutSuite/providers/azure/facade/aad.py
class AADFacade (line 6) | class AADFacade:
method __init__ (line 8) | def __init__(self, credentials):
method _get_microsoft_graph_response (line 12) | async def _get_microsoft_graph_response(self, api_resource, api_versio...
method get_users (line 32) | async def get_users(self):
method get_user (line 47) | async def get_user(self, user_id):
method get_groups (line 59) | async def get_groups(self):
method get_user_groups (line 70) | async def get_user_groups(self, group_id):
method get_service_principals (line 82) | async def get_service_principals(self):
method get_applications (line 94) | async def get_applications(self):
method get_policies (line 105) | async def get_policies(self):
FILE: ScoutSuite/providers/azure/facade/appservice.py
class AppServiceFacade (line 9) | class AppServiceFacade:
method __init__ (line 11) | def __init__(self, credentials):
method get_client (line 14) | def get_client(self, subscription_id: str):
method get_web_apps (line 19) | async def get_web_apps(self, subscription_id: str):
method _get_and_set_web_app_configuration (line 33) | async def _get_and_set_web_app_configuration(self, web_app, api_client):
method _get_and_set_web_app_auth_settings (line 45) | async def _get_and_set_web_app_auth_settings(self, web_app, api_client):
FILE: ScoutSuite/providers/azure/facade/base.py
class AzureFacade (line 37) | class AzureFacade:
method __init__ (line 38) | def __init__(self,
method get_subscriptions (line 80) | async def get_subscriptions(self):
method _set_subscriptions (line 86) | def _set_subscriptions(self):
FILE: ScoutSuite/providers/azure/facade/keyvault.py
class KeyVaultFacade (line 8) | class KeyVaultFacade:
method __init__ (line 10) | def __init__(self, credentials):
method get_client (line 13) | def get_client(self, subscription_id: str):
method get_key_vaults (line 18) | async def get_key_vaults(self, subscription_id: str):
FILE: ScoutSuite/providers/azure/facade/loggingmonitoring.py
class LoggingMonitoringFacade (line 7) | class LoggingMonitoringFacade:
method __init__ (line 9) | def __init__(self, credentials):
method get_client (line 12) | def get_client(self, subscription_id: str):
method get_log_profiles (line 18) | async def get_log_profiles(self, subscription_id: str):
method get_subscription_diagnostic_settings (line 29) | async def get_subscription_diagnostic_settings(self, subscription_id: ...
method get_diagnostic_settings (line 40) | async def get_diagnostic_settings(self, subscription_id: str, resource...
method get_activity_log_alerts (line 51) | async def get_activity_log_alerts(self, subscription_id: str):
FILE: ScoutSuite/providers/azure/facade/mysqldatabase.py
class MySQLDatabaseFacade (line 7) | class MySQLDatabaseFacade:
method __init__ (line 9) | def __init__(self, credentials):
method get_client (line 12) | def get_client(self, subscription_id: str):
method get_servers (line 18) | async def get_servers(self, subscription_id: str):
FILE: ScoutSuite/providers/azure/facade/network.py
class NetworkFacade (line 8) | class NetworkFacade:
method __init__ (line 10) | def __init__(self, credentials):
method get_client (line 13) | def get_client(self, subscription_id: str):
method get_network_watchers (line 19) | async def get_network_watchers(self, subscription_id: str):
method get_network_security_groups (line 29) | async def get_network_security_groups(self, subscription_id: str):
method get_application_security_groups (line 39) | async def get_application_security_groups(self, subscription_id: str):
method get_virtual_networks (line 49) | async def get_virtual_networks(self, subscription_id: str):
method get_network_interfaces (line 59) | async def get_network_interfaces(self, subscription_id: str):
FILE: ScoutSuite/providers/azure/facade/postgresqldatabse.py
class PostgreSQLDatabaseFacade (line 7) | class PostgreSQLDatabaseFacade:
method __init__ (line 9) | def __init__(self, credentials):
method get_client (line 12) | def get_client(self, subscription_id: str):
method get_servers (line 18) | async def get_servers(self, subscription_id: str):
method get_config (line 28) | async def get_config(self, resource_group_name, server_name,
method get_firewall_rules (line 40) | async def get_firewall_rules(self, resource_group_name, server_name, s...
FILE: ScoutSuite/providers/azure/facade/rbac.py
class RBACFacade (line 8) | class RBACFacade:
method __init__ (line 10) | def __init__(self, credentials):
method get_client (line 13) | def get_client(self, subscription_id: str):
method get_roles (line 19) | async def get_roles(self, subscription_id: str):
method get_role_assignments (line 28) | async def get_role_assignments(self, subscription_id: str):
FILE: ScoutSuite/providers/azure/facade/resourcemanagement.py
class ResourceManagementFacade (line 7) | class ResourceManagementFacade:
method __init__ (line 9) | def __init__(self, credentials):
method get_client (line 12) | def get_client(self, subscription_id: str):
method get_specific_type_resources_with_filter (line 18) | async def get_specific_type_resources_with_filter(self, subscription_i...
method get_all_resources (line 32) | async def get_all_resources(self, subscription_id: str):
FILE: ScoutSuite/providers/azure/facade/securitycenter.py
class SecurityCenterFacade (line 8) | class SecurityCenterFacade:
method __init__ (line 10) | def __init__(self, credentials):
method get_client (line 13) | def get_client(self, subscription_id: str):
method get_pricings (line 19) | async def get_pricings(self, subscription_id: str):
method get_security_contacts (line 33) | async def get_security_contacts(self, subscription_id: str):
method get_auto_provisioning_settings (line 43) | async def get_auto_provisioning_settings(self, subscription_id: str):
method get_information_protection_policies (line 53) | async def get_information_protection_policies(self, subscription_id: s...
method get_settings (line 62) | async def get_settings(self, subscription_id: str):
method get_alerts (line 72) | async def get_alerts(self, subscription_id: str):
method remove_last_ItemPage_from_the_list (line 82) | def remove_last_ItemPage_from_the_list(self, results):
method get_compliance_results (line 108) | async def get_compliance_results(self, subscription_id: str):
method get_regulatory_compliance_results (line 119) | async def get_regulatory_compliance_results(self, subscription_id: str):
FILE: ScoutSuite/providers/azure/facade/sqldatabase.py
class SQLDatabaseFacade (line 8) | class SQLDatabaseFacade:
method __init__ (line 10) | def __init__(self, credentials):
method get_client (line 13) | def get_client(self, subscription_id: str):
method get_database_blob_auditing_policies (line 20) | async def get_database_blob_auditing_policies(self, resource_group_nam...
method get_database_threat_detection_policies (line 32) | async def get_database_threat_detection_policies(self, resource_group_...
method get_databases (line 44) | async def get_databases(self, resource_group_name, server_name, subscr...
method get_database_replication_links (line 54) | async def get_database_replication_links(self, resource_group_name, se...
method get_server_azure_ad_administrators (line 66) | async def get_server_azure_ad_administrators(self, resource_group_name...
method get_server_blob_auditing_policies (line 76) | async def get_server_blob_auditing_policies(self, resource_group_name,...
method get_server_security_alert_policies (line 86) | async def get_server_security_alert_policies(self, resource_group_name...
method get_servers (line 96) | async def get_servers(self, subscription_id: str):
method get_database_transparent_data_encryptions (line 106) | async def get_database_transparent_data_encryptions(self, resource_gro...
method get_server_vulnerability_assessments (line 118) | async def get_server_vulnerability_assessments(self, resource_group_na...
method get_server_encryption_protectors (line 128) | async def get_server_encryption_protectors(self, resource_group_name, ...
method get_firewall_rules (line 138) | async def get_firewall_rules(self, resource_group_name, server_name, s...
FILE: ScoutSuite/providers/azure/facade/storageaccounts.py
class StorageAccountsFacade (line 10) | class StorageAccountsFacade:
method __init__ (line 12) | def __init__(self, credentials):
method get_client (line 15) | def get_client(self, subscription_id: str):
method get_storage_accounts (line 21) | async def get_storage_accounts(self, subscription_id: str):
method get_blob_containers (line 35) | async def get_blob_containers(self, resource_group_name, storage_accou...
method get_blob_services (line 48) | async def get_blob_services(self, resource_group_name, storage_account...
method _get_and_set_activity_logs (line 62) | async def _get_and_set_activity_logs(self, storage_account, subscripti...
FILE: ScoutSuite/providers/azure/facade/virtualmachines.py
class VirtualMachineFacade (line 8) | class VirtualMachineFacade:
method __init__ (line 10) | def __init__(self, credentials):
method get_client (line 13) | def get_client(self, subscription_id: str):
method get_instances (line 20) | async def get_instances(self, subscription_id: str):
method get_instance_extensions (line 30) | async def get_instance_extensions(self, subscription_id: str,
method get_disks (line 44) | async def get_disks(self, subscription_id: str):
method get_snapshots (line 54) | async def get_snapshots(self, subscription_id: str):
method get_images (line 64) | async def get_images(self, subscription_id: str):
FILE: ScoutSuite/providers/azure/provider.py
class AzureProvider (line 9) | class AzureProvider(BaseProvider):
method __init__ (line 14) | def __init__(self,
method get_report_name (line 54) | def get_report_name(self):
method preprocessing (line 64) | def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):
method _match_rbac_roles_and_principals (line 80) | def _match_rbac_roles_and_principals(self):
FILE: ScoutSuite/providers/azure/resources/aad/applications.py
class Applications (line 4) | class Applications(AzureResources):
method fetch_all (line 5) | async def fetch_all(self):
method _parse_application (line 10) | async def _parse_application(self, raw_application):
FILE: ScoutSuite/providers/azure/resources/aad/base.py
class AAD (line 11) | class AAD(AzureCompositeResources):
method fetch_all (line 20) | async def fetch_all(self):
method fetch_additional_users (line 23) | async def fetch_additional_users(self, user_list):
method finalize (line 40) | async def finalize(self):
method assign_group_memberships (line 43) | def assign_group_memberships(self):
FILE: ScoutSuite/providers/azure/resources/aad/groups.py
class Groups (line 4) | class Groups(AzureResources):
method fetch_all (line 5) | async def fetch_all(self):
method _parse_group (line 10) | async def _parse_group(self, raw_group):
FILE: ScoutSuite/providers/azure/resources/aad/policies.py
class Policies (line 4) | class Policies(AzureResources):
method fetch_all (line 5) | async def fetch_all(self):
method _parse_policy (line 10) | async def _parse_policy(self, raw_policy):
FILE: ScoutSuite/providers/azure/resources/aad/serviceprincipals.py
class ServicePrincipals (line 4) | class ServicePrincipals(AzureResources):
method fetch_all (line 5) | async def fetch_all(self):
method _parse_service_principal (line 12) | async def _parse_service_principal(self, raw_service_principal):
FILE: ScoutSuite/providers/azure/resources/aad/users.py
class Users (line 4) | class Users(AzureResources):
method fetch_all (line 5) | async def fetch_all(self):
method fetch_additional_users (line 10) | async def fetch_additional_users(self, user_list):
method _parse_user (line 21) | async def _parse_user(self, raw_user):
FILE: ScoutSuite/providers/azure/resources/appservice/base.py
class AppServices (line 6) | class AppServices(Subscriptions):
FILE: ScoutSuite/providers/azure/resources/appservice/web_apps.py
class WebApplication (line 7) | class WebApplication(AzureResources):
method __init__ (line 9) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 13) | async def fetch_all(self):
method _parse_web_app (line 18) | def _parse_web_app(self, raw_web_app):
FILE: ScoutSuite/providers/azure/resources/base.py
class AzureResources (line 8) | class AzureResources(Resources, metaclass=abc.ABCMeta):
class AzureCompositeResources (line 14) | class AzureCompositeResources(AzureResources, CompositeResources, metacl...
FILE: ScoutSuite/providers/azure/resources/keyvault/base.py
class KeyVaults (line 6) | class KeyVaults(Subscriptions):
FILE: ScoutSuite/providers/azure/resources/keyvault/vaults.py
class Vaults (line 7) | class Vaults(AzureResources):
method __init__ (line 9) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 13) | async def fetch_all(self):
method _parse_key_vault (line 18) | def _parse_key_vault(self, raw_vault):
method _is_public_access_allowed (line 39) | def _is_public_access_allowed(self, raw_vault):
FILE: ScoutSuite/providers/azure/resources/loggingmonitoring/activity_log_alerts.py
class ActivityLogAlerts (line 5) | class ActivityLogAlerts(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_log_alerts (line 15) | def _parse_log_alerts(self, log_alerts):
method ensure_alert_exist (line 44) | def ensure_alert_exist(self, log_alerts, equals_value: str):
FILE: ScoutSuite/providers/azure/resources/loggingmonitoring/base.py
class LoggingMonitoring (line 9) | class LoggingMonitoring(Subscriptions):
FILE: ScoutSuite/providers/azure/resources/loggingmonitoring/diagnostic_resource_key_vault.py
class DiagnosticResourceKeyVault (line 5) | class DiagnosticResourceKeyVault(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_id: str, subscription...
method fetch_all (line 12) | async def fetch_all(self):
method _parse_diagnostic_settings (line 17) | def _parse_diagnostic_settings(self, diagnostic_settings):
method ensure_audit_event_enabled (line 22) | def ensure_audit_event_enabled(self, diagnostic_settings):
FILE: ScoutSuite/providers/azure/resources/loggingmonitoring/diagnostic_settings.py
class DiagnosticSettings (line 5) | class DiagnosticSettings(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 11) | async def fetch_all(self):
FILE: ScoutSuite/providers/azure/resources/loggingmonitoring/log_profiles.py
class LogProfiles (line 6) | class LogProfiles(AzureResources):
method __init__ (line 8) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_log_profile (line 17) | def _parse_log_profile(self, log_profile):
method profile_captures_all_activities (line 30) | def profile_captures_all_activities(self, log_profile):
FILE: ScoutSuite/providers/azure/resources/loggingmonitoring/resources.py
class Resources (line 7) | class Resources(AzureCompositeResources):
method __init__ (line 14) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 17) | async def fetch_all(self):
method _parse_resource (line 33) | def _parse_resource(self, raw_resource):
FILE: ScoutSuite/providers/azure/resources/mysqldatabase/base.py
class MySQLServers (line 6) | class MySQLServers(Subscriptions):
FILE: ScoutSuite/providers/azure/resources/mysqldatabase/mysql_servers.py
class MySQLServers (line 7) | class MySQLServers(AzureCompositeResources):
method __init__ (line 9) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 13) | async def fetch_all(self):
method _parse_server (line 18) | def _parse_server(self, raw_server):
FILE: ScoutSuite/providers/azure/resources/network/application_security_groups.py
class ApplicationSecurityGroups (line 7) | class ApplicationSecurityGroups(AzureResources):
method __init__ (line 9) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 13) | async def fetch_all(self):
method _parse_application_security_group (line 18) | def _parse_application_security_group(self, raw_application_security_g...
FILE: ScoutSuite/providers/azure/resources/network/base.py
class Networks (line 9) | class Networks(Subscriptions):
method finalize (line 18) | async def finalize(self):
method _match_subnets_and_security_groups (line 23) | async def _match_subnets_and_security_groups(self):
method _match_subnets_and_network_interfaces (line 36) | async def _match_subnets_and_network_interfaces(self):
method _match_asgs_and_network_interfaces (line 53) | async def _match_asgs_and_network_interfaces(self):
FILE: ScoutSuite/providers/azure/resources/network/network_interfaces.py
class NetworkInterfaces (line 7) | class NetworkInterfaces(AzureResources):
method __init__ (line 9) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 13) | async def fetch_all(self):
method _parse_network_interface (line 18) | def _parse_network_interface(self, raw_network_interface):
FILE: ScoutSuite/providers/azure/resources/network/security_groups.py
class SecurityGroups (line 7) | class SecurityGroups(AzureResources):
method __init__ (line 9) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 13) | async def fetch_all(self):
method _parse_network_security_group (line 18) | def _parse_network_security_group(self, network_security_group):
method _parse_security_rules (line 50) | def _parse_security_rules(self, network_security_group):
method _parse_security_rule (line 62) | def _parse_security_rule(self, rule, default=False):
method _merge_prefixes_or_ports (line 100) | def _merge_prefixes_or_ports(self, port_range, port_ranges):
FILE: ScoutSuite/providers/azure/resources/network/virtual_networks.py
class VirtualNetworks (line 7) | class VirtualNetworks(AzureResources):
method __init__ (line 9) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 13) | async def fetch_all(self):
method _parse_virtual_network (line 18) | def _parse_virtual_network(self, raw_virtual_network):
FILE: ScoutSuite/providers/azure/resources/network/watchers.py
class Watchers (line 7) | class Watchers(AzureResources):
method __init__ (line 9) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 13) | async def fetch_all(self):
method _parse_network_watcher (line 18) | def _parse_network_watcher(self, raw_watcher):
FILE: ScoutSuite/providers/azure/resources/postgresqldatabase/base.py
class PostgreSQLServers (line 6) | class PostgreSQLServers(Subscriptions):
FILE: ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_connection_throttling.py
class ConfigurationConnectionThrottling (line 5) | class ConfigurationConnectionThrottling(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 13) | async def fetch_all(self):
method _parse_configuration (line 18) | def _parse_configuration(self, configuration):
FILE: ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_checkpoints.py
class ConfigurationLogCheckpoints (line 5) | class ConfigurationLogCheckpoints(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 13) | async def fetch_all(self):
method _parse_configuration (line 18) | def _parse_configuration(self, configuration):
FILE: ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_connections.py
class ConfigurationLogConnections (line 5) | class ConfigurationLogConnections(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 13) | async def fetch_all(self):
method _parse_configuration (line 18) | def _parse_configuration(self, configuration):
FILE: ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_disconnections.py
class ConfigurationLogDisconnections (line 5) | class ConfigurationLogDisconnections(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 13) | async def fetch_all(self):
method _parse_configuration (line 18) | def _parse_configuration(self, configuration):
FILE: ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_duration.py
class ConfigurationLogDuration (line 5) | class ConfigurationLogDuration(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 13) | async def fetch_all(self):
method _parse_configuration (line 18) | def _parse_configuration(self, configuration):
FILE: ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_retention_days.py
class ConfigurationLogRetentionDays (line 5) | class ConfigurationLogRetentionDays(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 13) | async def fetch_all(self):
method _parse_configuration (line 18) | def _parse_configuration(self, configuration):
FILE: ScoutSuite/providers/azure/resources/postgresqldatabase/posgresql_firewall_rules.py
class PostgreSQLFirewallRules (line 6) | class PostgreSQLFirewallRules(AzureResources):
method __init__ (line 8) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 14) | async def fetch_all(self):
method _parse_firewall_rules (line 21) | def _parse_firewall_rules(self, firewall_rule):
FILE: ScoutSuite/providers/azure/resources/postgresqldatabase/postgresql_servers.py
class PostgreSQLServers (line 18) | class PostgreSQLServers(AzureCompositeResources):
method __init__ (line 30) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 34) | async def fetch_all(self):
method _parse_server (line 47) | def _parse_server(self, raw_server):
FILE: ScoutSuite/providers/azure/resources/rbac/base.py
class RBAC (line 8) | class RBAC(Subscriptions):
method get_user_id_list (line 15) | def get_user_id_list(self):
FILE: ScoutSuite/providers/azure/resources/rbac/custom_roles_report.py
class CustomRolesReport (line 5) | class CustomRolesReport(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 11) | async def fetch_all(self):
FILE: ScoutSuite/providers/azure/resources/rbac/role_assignments.py
class RoleAssignments (line 5) | class RoleAssignments(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_role_assignment (line 16) | def _parse_role_assignment(self, raw_role_assignment):
FILE: ScoutSuite/providers/azure/resources/rbac/roles.py
class Roles (line 5) | class Roles(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_role (line 18) | def _parse_role(self, raw_role):
method _no_custom_subscription_owner_role_allowed (line 35) | def _no_custom_subscription_owner_role_allowed(self, role):
FILE: ScoutSuite/providers/azure/resources/securitycenter/alerts.py
class Alerts (line 6) | class Alerts(AzureResources):
method __init__ (line 8) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_alert (line 17) | def _parse_alert(self, alert):
FILE: ScoutSuite/providers/azure/resources/securitycenter/auto_provisioning_settings.py
class AutoProvisioningSettings (line 6) | class AutoProvisioningSettings(AzureResources):
method __init__ (line 8) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_auto_provisioning_settings (line 18) | def _parse_auto_provisioning_settings(self, auto_provisioning_settings):
FILE: ScoutSuite/providers/azure/resources/securitycenter/base.py
class SecurityCenter (line 13) | class SecurityCenter(Subscriptions):
FILE: ScoutSuite/providers/azure/resources/securitycenter/compliance_results.py
class ComplianceResults (line 6) | class ComplianceResults(AzureResources):
method __init__ (line 8) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_compliance_result (line 17) | def _parse_compliance_result(self, raw_compliance_result):
FILE: ScoutSuite/providers/azure/resources/securitycenter/information_protection_policies.py
class InformationProtectionPolicies (line 5) | class InformationProtectionPolicies(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_information_protection_policies (line 18) | def _parse_information_protection_policies(self, auto_provisioning_set...
FILE: ScoutSuite/providers/azure/resources/securitycenter/pricings.py
class Pricings (line 6) | class Pricings(AzureResources):
method __init__ (line 8) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_pricing (line 17) | def _parse_pricing(self, pricing):
FILE: ScoutSuite/providers/azure/resources/securitycenter/regulatory_compliance_results.py
class RegulatoryComplianceResults (line 6) | class RegulatoryComplianceResults(AzureResources):
method __init__ (line 8) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_regulatory_compliance_result (line 19) | def _parse_regulatory_compliance_result(self, raw_regulatory_complianc...
FILE: ScoutSuite/providers/azure/resources/securitycenter/security_contacts.py
class SecurityContacts (line 6) | class SecurityContacts(AzureResources):
method __init__ (line 8) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_security_contact (line 17) | def _parse_security_contact(self, security_contact):
FILE: ScoutSuite/providers/azure/resources/securitycenter/settings.py
class Settings (line 6) | class Settings(AzureResources):
method __init__ (line 8) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_settings (line 18) | def _parse_settings(self, settings):
FILE: ScoutSuite/providers/azure/resources/sqldatabase/base.py
class Servers (line 6) | class Servers(Subscriptions):
FILE: ScoutSuite/providers/azure/resources/sqldatabase/database_blob_auditing_policies.py
class DatabaseBlobAuditingPolicies (line 5) | class DatabaseBlobAuditingPolicies(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 15) | async def fetch_all(self):
method _parse_policies (line 20) | def _parse_policies(self, policies):
FILE: ScoutSuite/providers/azure/resources/sqldatabase/database_threat_detection_policies.py
class DatabaseThreatDetectionPolicies (line 5) | class DatabaseThreatDetectionPolicies(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 15) | async def fetch_all(self):
method _parse_policies (line 20) | def _parse_policies(self, policies):
FILE: ScoutSuite/providers/azure/resources/sqldatabase/databases.py
class Databases (line 11) | class Databases(AzureCompositeResources):
method __init__ (line 19) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 25) | async def fetch_all(self):
FILE: ScoutSuite/providers/azure/resources/sqldatabase/firewall_rules.py
class FirewallRules (line 6) | class FirewallRules(AzureResources):
method __init__ (line 8) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 14) | async def fetch_all(self):
method _parse_firewall_rules (line 20) | def _parse_firewall_rules(self, firewall_rule):
FILE: ScoutSuite/providers/azure/resources/sqldatabase/replication_links.py
class ReplicationLinks (line 5) | class ReplicationLinks(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 15) | async def fetch_all(self):
method _parse_links (line 20) | def _parse_links(self, links):
FILE: ScoutSuite/providers/azure/resources/sqldatabase/server_azure_ad_administrators.py
class ServerAzureAdAdministrators (line 5) | class ServerAzureAdAdministrators(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 13) | async def fetch_all(self):
FILE: ScoutSuite/providers/azure/resources/sqldatabase/server_blob_auditing_policies.py
class ServerBlobAuditingPolicies (line 5) | class ServerBlobAuditingPolicies(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 13) | async def fetch_all(self):
method _parse_policies (line 18) | def _parse_policies(self, policies):
FILE: ScoutSuite/providers/azure/resources/sqldatabase/server_encryption_protectors.py
class ServerEncryptionProtectors (line 5) | class ServerEncryptionProtectors(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 13) | async def fetch_all(self):
method _parse_protectors (line 18) | def _parse_protectors(self, protectors):
FILE: ScoutSuite/providers/azure/resources/sqldatabase/server_security_alert_policies.py
class ServerSecurityAlertPolicies (line 5) | class ServerSecurityAlertPolicies(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 13) | async def fetch_all(self):
method _parse_policies (line 18) | def _parse_policies(self, policies):
FILE: ScoutSuite/providers/azure/resources/sqldatabase/server_vulnerability_assessments.py
class ServerVulnerabilityAssessments (line 5) | class ServerVulnerabilityAssessments(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 13) | async def fetch_all(self):
method _parse_vulnerabilities (line 18) | def _parse_vulnerabilities(self, vulnerability):
FILE: ScoutSuite/providers/azure/resources/sqldatabase/servers.py
class Servers (line 15) | class Servers(AzureCompositeResources):
method __init__ (line 26) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 30) | async def fetch_all(self):
method _parse_server (line 43) | def _parse_server(self, raw_server):
FILE: ScoutSuite/providers/azure/resources/sqldatabase/transparent_data_encryptions.py
class TransparentDataEncryptions (line 5) | class TransparentDataEncryptions(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, serv...
method fetch_all (line 15) | async def fetch_all(self):
method _parse_encryptions (line 20) | def _parse_encryptions(self, encryptions):
FILE: ScoutSuite/providers/azure/resources/storageaccounts/base.py
class StorageAccounts (line 6) | class StorageAccounts(Subscriptions):
FILE: ScoutSuite/providers/azure/resources/storageaccounts/blob_containers.py
class BlobContainers (line 5) | class BlobContainers(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, stor...
method fetch_all (line 13) | async def fetch_all(self):
method _parse_blob_container (line 21) | def _parse_blob_container(self, raw_blob_container):
FILE: ScoutSuite/providers/azure/resources/storageaccounts/blob_services.py
class BlobServices (line 6) | class BlobServices(AzureResources):
method __init__ (line 8) | def __init__(self, facade: AzureFacade, resource_group_name: str, stor...
method fetch_all (line 14) | async def fetch_all(self):
method _parse_blob_service (line 22) | def _parse_blob_service(self, raw_blob_service):
FILE: ScoutSuite/providers/azure/resources/storageaccounts/queues.py
class Queues (line 5) | class Queues(AzureResources):
method __init__ (line 7) | def __init__(self, facade: AzureFacade, resource_group_name: str, stor...
method fetch_all (line 13) | async def fetch_all(self):
method _parse_queue (line 21) | def _parse_queue(self, raw_queue):
FILE: ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py
class StorageAccounts (line 11) | class StorageAccounts(AzureCompositeResources):
method __init__ (line 18) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 22) | async def fetch_all(self):
method _parse_storage_account (line 35) | def _parse_storage_account(self, raw_storage_account):
method _is_public_traffic_allowed (line 61) | def _is_public_traffic_allowed(self, storage_account):
method _is_trusted_microsoft_services_enabled (line 64) | def _is_trusted_microsoft_services_enabled(self, storage_account):
method _parse_access_keys_last_rotation_date (line 69) | def _parse_access_keys_last_rotation_date(self, activity_logs):
method _is_encryption_key_customer_managed (line 77) | def _is_encryption_key_customer_managed(self, key_source):
FILE: ScoutSuite/providers/azure/resources/subscriptions.py
class Subscriptions (line 4) | class Subscriptions(AzureCompositeResources):
method fetch_all (line 11) | async def fetch_all(self):
method _set_counts (line 28) | def _set_counts(self):
FILE: ScoutSuite/providers/azure/resources/virtualmachines/base.py
class VirtualMachines (line 9) | class VirtualMachines(Subscriptions):
FILE: ScoutSuite/providers/azure/resources/virtualmachines/disks.py
class Disks (line 6) | class Disks(AzureResources):
method __init__ (line 8) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_disk (line 17) | def _parse_disk(self, raw_disk):
FILE: ScoutSuite/providers/azure/resources/virtualmachines/images.py
class Images (line 6) | class Images(AzureResources):
method __init__ (line 8) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_image (line 17) | def _parse_image(self, raw_image):
FILE: ScoutSuite/providers/azure/resources/virtualmachines/instances.py
class Instances (line 8) | class Instances(AzureResources):
method __init__ (line 10) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 14) | async def fetch_all(self):
method _parse_instance (line 19) | async def _parse_instance(self, raw_instance):
FILE: ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py
class Snapshots (line 6) | class Snapshots(AzureResources):
method __init__ (line 8) | def __init__(self, facade: AzureFacade, subscription_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_snapshot (line 17) | def _parse_snapshot(self, raw_snapshot):
FILE: ScoutSuite/providers/azure/services.py
class AzureServicesConfig (line 32) | class AzureServicesConfig(BaseServicesConfig):
method __init__ (line 34) | def __init__(self,
method _is_provider (line 73) | def _is_provider(self, provider_name):
method fetch (line 76) | async def fetch(self, services: list, regions: list, excluded_regions:...
FILE: ScoutSuite/providers/azure/utils.py
function get_resource_group_name (line 4) | def get_resource_group_name(id):
FILE: ScoutSuite/providers/base/authentication_strategy.py
class AuthenticationStrategy (line 4) | class AuthenticationStrategy(metaclass=ABCMeta):
method authenticate (line 10) | def authenticate(self, **kwargs):
class AuthenticationException (line 17) | class AuthenticationException(Exception):
method __init__ (line 18) | def __init__(self, message, errors=None):
FILE: ScoutSuite/providers/base/authentication_strategy_factory.py
function import_authentication_strategy (line 12) | def import_authentication_strategy(provider):
function get_authentication_strategy (line 19) | def get_authentication_strategy(provider: str):
FILE: ScoutSuite/providers/base/configs/browser.py
function combine_paths (line 10) | def combine_paths(path1, path2):
function get_object_at (line 20) | def get_object_at(object, path, attribute_name=None):
function get_value_at (line 45) | def get_value_at(all_info, current_path, key, to_string=False):
FILE: ScoutSuite/providers/base/provider.py
class BaseProvider (line 10) | class BaseProvider:
method __init__ (line 21) | def __init__(self, report_dir=None, timestamp=None,
method get_report_name (line 50) | def get_report_name(self):
method preprocessing (line 56) | def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):
method postprocessing (line 63) | def postprocessing(self, current_time, ruleset, run_parameters):
method fetch (line 70) | async def fetch(self, regions=None, excluded_regions=None, partition_n...
method _load_metadata (line 92) | def _load_metadata(self):
method _build_services_list (line 103) | def _build_services_list(supported_services, services, skipped_services):
method _update_last_run (line 116) | def _update_last_run(self, current_time, ruleset, run_parameters):
method _update_metadata (line 150) | def _update_metadata(self):
method recursive_get_count (line 179) | def recursive_get_count(self, resource, resources):
method manage_object (line 193) | def manage_object(self, object, attr, init, callback=None):
method _process_metadata_callbacks (line 210) | def _process_metadata_callbacks(self):
method _go_to_and_do (line 295) | def _go_to_and_do(self, current_config, path, current_path, callback, ...
method _new_go_to_and_do (line 342) | def _new_go_to_and_do(self, current_config, path, current_path, callba...
FILE: ScoutSuite/providers/base/resources/base.py
function call (line 13) | async def call(child_name, child):
class Resources (line 22) | class Resources(dict, metaclass=abc.ABCMeta):
method __init__ (line 28) | def __init__(self, service_facade):
method fetch_all (line 34) | async def fetch_all(self, **kwargs):
class CompositeResources (line 43) | class CompositeResources(Resources, metaclass=abc.ABCMeta):
method _children (line 51) | def _children(self):
method _fetch_children_of_all_resources (line 57) | async def _fetch_children_of_all_resources(self, resources: dict, scop...
method _fetch_children (line 76) | async def _fetch_children(self, resource_parent: object, scope: dict =...
FILE: ScoutSuite/providers/base/services.py
class BaseServicesConfig (line 8) | class BaseServicesConfig:
method __init__ (line 10) | def __init__(self, credentials):
method _is_provider (line 13) | def _is_provider(self, provider_name):
method fetch (line 16) | async def fetch(self, services: list, regions: list, excluded_regions:...
method _fetch (line 39) | async def _fetch(self, service, regions=None, excluded_regions=None):
FILE: ScoutSuite/providers/do/authentication_strategy.py
class DoCredentials (line 10) | class DoCredentials:
method __init__ (line 11) | def __init__(self, client, session=None):
class DigitalOceanAuthenticationStrategy (line 16) | class DigitalOceanAuthenticationStrategy(AuthenticationStrategy):
method authenticate (line 18) | def authenticate(self, token=None, access_key=None, access_secret=None...
FILE: ScoutSuite/providers/do/facade/base.py
class DoFacade (line 9) | class DoFacade:
method __init__ (line 10) | def __init__(self, credentials: DoCredentials):
method _instantiate_facades (line 14) | def _instantiate_facades(self):
FILE: ScoutSuite/providers/do/facade/database.py
class DatabasesFacade (line 6) | class DatabasesFacade:
method __init__ (line 7) | def __init__(self, credentials: DoCredentials):
method get_databases (line 11) | async def get_databases(self):
method get_databaseusers (line 21) | async def get_databaseusers(self, db_uuid):
method get_eviction_policy (line 31) | async def get_eviction_policy(self, db_uuid):
method get_connection_pools (line 43) | async def get_connection_pools(self, db_uuid):
method get_firewalls (line 53) | async def get_firewalls(self, db_uuid):
method get_resources (line 63) | async def get_resources(self, tag):
FILE: ScoutSuite/providers/do/facade/droplet.py
class DropletFacade (line 7) | class DropletFacade:
method __init__ (line 8) | def __init__(self, credentials: DoCredentials):
method get_droplets (line 14) | async def get_droplets(self):
method get_droplet_fwconfig (line 24) | async def get_droplet_fwconfig(self, id):
FILE: ScoutSuite/providers/do/facade/kubernetes.py
class KubernetesDoFacade (line 6) | class KubernetesDoFacade:
method __init__ (line 7) | def __init__(self, credentials: DoCredentials):
method get_kubernetes (line 11) | async def get_kubernetes(self):
FILE: ScoutSuite/providers/do/facade/networking.py
class Networkingfacade (line 7) | class Networkingfacade:
method __init__ (line 8) | def __init__(self, credentials: DoCredentials):
method get_firewalls (line 14) | async def get_firewalls(self):
method get_domains (line 27) | async def get_domains(self):
method get_load_balancers (line 37) | async def get_load_balancers(self):
FILE: ScoutSuite/providers/do/facade/spaces.py
class SpacesFacade (line 9) | class SpacesFacade:
method __init__ (line 10) | def __init__(self, credentials: DoCredentials):
method get_all_buckets (line 15) | async def get_all_buckets(self):
method get_buckets (line 24) | async def get_buckets(self, region=None):
method _get_CORS (line 60) | async def _get_CORS(self, bucket: {}, region=None):
method _get_and_set_s3_bucket_location (line 75) | async def _get_and_set_s3_bucket_location(self, bucket: {}, region=None):
method _get_and_set_s3_acls (line 107) | async def _get_and_set_s3_acls(self, bucket: {}, key_name=None):
method get_client (line 151) | def get_client(service: str, session: boto3.session.Session, region: s...
method _init_s3_permissions (line 177) | def _init_s3_permissions():
method _set_s3_permissions (line 187) | def _set_s3_permissions(permissions: str, name: str):
method _s3_group_to_string (line 198) | def _s3_group_to_string(uri: str):
method _status_to_bool (line 209) | def _status_to_bool(value: str):
FILE: ScoutSuite/providers/do/facade/utils.py
class DOFacadeUtils (line 6) | class DOFacadeUtils:
method get_all_from_pagination (line 9) | async def get_all_from_pagination(
FILE: ScoutSuite/providers/do/provider.py
class DigitalOceanProvider (line 6) | class DigitalOceanProvider(BaseProvider):
method __init__ (line 11) | def __init__(
method get_report_name (line 39) | def get_report_name(self):
method preprocessing (line 48) | def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):
FILE: ScoutSuite/providers/do/resources/base.py
class DoResources (line 8) | class DoResources(Resources, metaclass=abc.ABCMeta):
class DoCompositeResources (line 14) | class DoCompositeResources(DoResources, CompositeResources, metaclass=ab...
FILE: ScoutSuite/providers/do/resources/database/base.py
class Databases (line 6) | class Databases(DoCompositeResources):
method __init__ (line 9) | def __init__(self, facade: DoFacade):
method fetch_all (line 13) | async def fetch_all(self, **kwargs):
FILE: ScoutSuite/providers/do/resources/database/databases.py
class Databases (line 5) | class Databases(DoResources):
method __init__ (line 6) | def __init__(self, facade: DoFacade):
method fetch_all (line 9) | async def fetch_all(self):
method _parse_cluster (line 16) | async def _parse_cluster(self, raw_cluster):
FILE: ScoutSuite/providers/do/resources/droplet/base.py
class Droplets (line 6) | class Droplets(DoCompositeResources):
method __init__ (line 9) | def __init__(self, facade: DoFacade):
method fetch_all (line 13) | async def fetch_all(self, **kwargs):
FILE: ScoutSuite/providers/do/resources/droplet/droplets.py
class Droplets (line 5) | class Droplets(DoResources):
method __init__ (line 6) | def __init__(self, facade: DoFacade):
method fetch_all (line 9) | async def fetch_all(self):
method _parse_droplet (line 17) | async def _parse_droplet(self, raw_droplet):
FILE: ScoutSuite/providers/do/resources/kubernetes/base.py
class Kubernetes (line 6) | class Kubernetes(DoCompositeResources):
method __init__ (line 9) | def __init__(self, facade: DoFacade):
method fetch_all (line 13) | async def fetch_all(self, **kwargs):
FILE: ScoutSuite/providers/do/resources/kubernetes/kubernetes.py
class Kubernetes (line 5) | class Kubernetes(DoResources):
method __init__ (line 6) | def __init__(self, facade: DoFacade):
method fetch_all (line 9) | async def fetch_all(self):
method _parse_cluster (line 16) | async def _parse_cluster(self, raw_cluster):
FILE: ScoutSuite/providers/do/resources/networking/base.py
class Networking (line 8) | class Networking(DoCompositeResources):
method __init__ (line 15) | def __init__(self, facade: DoFacade):
method fetch_all (line 19) | async def fetch_all(self, **kwargs):
FILE: ScoutSuite/providers/do/resources/networking/domains.py
class Domains (line 7) | class Domains(DoResources):
method __init__ (line 8) | def __init__(self, facade: DoFacade):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_domain (line 18) | async def _parse_domain(self, raw_domain):
FILE: ScoutSuite/providers/do/resources/networking/firewalls.py
class Firewalls (line 5) | class Firewalls(DoResources):
method __init__ (line 6) | def __init__(self, facade: DoFacade):
method fetch_all (line 9) | async def fetch_all(self):
method _parse_firewall (line 17) | async def _parse_firewall(self, raw_firewall):
FILE: ScoutSuite/providers/do/resources/networking/load_balancers.py
class LoadBalancers (line 5) | class LoadBalancers(DoResources):
method __init__ (line 6) | def __init__(self, facade: DoFacade):
method fetch_all (line 9) | async def fetch_all(self):
method _parse_load_balancer (line 16) | async def _parse_load_balancer(self, raw_load_balancer):
FILE: ScoutSuite/providers/do/resources/spaces/base.py
class Spaces (line 6) | class Spaces(DoCompositeResources):
method __init__ (line 9) | def __init__(self, facade: DoFacade):
method fetch_all (line 13) | async def fetch_all(self, **kwargs):
FILE: ScoutSuite/providers/do/resources/spaces/buckets.py
class Buckets (line 7) | class Buckets(DoResources):
method __init__ (line 8) | def __init__(self, facade: DoFacade):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_buckets (line 19) | async def _parse_buckets(self, raw_buckets):
FILE: ScoutSuite/providers/do/services.py
class DigitalOceanServicesConfig (line 11) | class DigitalOceanServicesConfig(BaseServicesConfig):
method __init__ (line 12) | def __init__(self, credentials: DoCredentials = None, **kwargs):
method _is_provider (line 24) | def _is_provider(self, provider_name):
FILE: ScoutSuite/providers/do/utils.py
function get_client (line 5) | def get_client(service: str, session: boto3.session.Session, region: str...
FILE: ScoutSuite/providers/gcp/authentication_strategy.py
class GCPAuthenticationStrategy (line 10) | class GCPAuthenticationStrategy(AuthenticationStrategy):
method authenticate (line 12) | def authenticate(self, user_account=None, service_account=None, **kwar...
FILE: ScoutSuite/providers/gcp/facade/base.py
class GCPFacade (line 23) | class GCPFacade(GCPBaseFacade):
method __init__ (line 24) | def __init__(self,
method get_projects (line 57) | async def get_projects(self):
method _get_projects_recursively (line 89) | async def _get_projects_recursively(self, parent_type, parent_id):
method get_enabled_services (line 155) | async def get_enabled_services(self, project_id, attempt=1, has_lock=F...
method is_api_enabled (line 197) | async def is_api_enabled(self, project_id, service):
FILE: ScoutSuite/providers/gcp/facade/basefacade.py
class GCPBaseFacade (line 15) | class GCPBaseFacade:
method __init__ (line 16) | def __init__(self, client_name: str, client_version: str):
method _build_client (line 21) | def _build_client(self) -> discovery.Resource:
method _build_arbitrary_client (line 24) | def _build_arbitrary_client(self, client_name, client_version, force_n...
method _get_client (line 43) | def _get_client(self) -> discovery.Resource:
class MemoryCache (line 47) | class MemoryCache:
method get (line 53) | def get(self, url):
method set (line 56) | def set(self, url, content):
FILE: ScoutSuite/providers/gcp/facade/bigquery.py
class BigQueryFacade (line 7) | class BigQueryFacade(GCPBaseFacade):
method __init__ (line 8) | def __init__(self):
method get_datasets (line 12) | async def get_datasets(self, project_id: str):
method _get_dataset (line 28) | async def _get_dataset(self, dataset_id: str, project_id: str):
FILE: ScoutSuite/providers/gcp/facade/cloudresourcemanager.py
class CloudResourceManagerFacade (line 5) | class CloudResourceManagerFacade(GCPBaseFacade):
method __init__ (line 6) | def __init__(self):
method get_member_bindings (line 9) | async def get_member_bindings(self, project_id: str):
FILE: ScoutSuite/providers/gcp/facade/cloudsql.py
class CloudSQLFacade (line 6) | class CloudSQLFacade(GCPBaseFacade):
method __init__ (line 7) | def __init__(self):
method get_backups (line 10) | async def get_backups(self, project_id: str, instance_name: str):
method get_database_instances (line 20) | async def get_database_instances(self, project_id: str):
method get_users (line 30) | async def get_users(self, project_id: str, instance_name: str):
FILE: ScoutSuite/providers/gcp/facade/cloudstorage.py
class CloudStorageFacade (line 9) | class CloudStorageFacade:
method get_client (line 11) | def get_client(self, project_id: str):
method get_buckets (line 17) | async def get_buckets(self, project_id: str):
method _get_and_set_bucket_logging (line 28) | async def _get_and_set_bucket_logging(self, bucket):
method _get_and_set_bucket_iam_policy (line 36) | async def _get_and_set_bucket_iam_policy(self, bucket):
FILE: ScoutSuite/providers/gcp/facade/dns.py
class DNSFacade (line 7) | class DNSFacade(GCPBaseFacade):
method __init__ (line 8) | def __init__(self):
method get_zones (line 11) | async def get_zones(self, project_id):
FILE: ScoutSuite/providers/gcp/facade/functions.py
class FunctionsFacade (line 7) | class FunctionsFacade(GCPBaseFacade):
method __init__ (line 8) | def __init__(self):
method get_functions_v1 (line 12) | async def get_functions_v1(self, project_id: str):
method get_functions_v2 (line 15) | async def get_functions_v2(self, project_id: str):
method _get_functions_version (line 18) | async def _get_functions_version(self, api_version: str, project_id: s...
method _list_functions_version (line 34) | async def _list_functions_version(self, project_id: str, api_version: ...
method _get_function_version (line 42) | async def _get_function_version(self, name: str, api_version: str):
method _get_and_set_function_iam_policy (line 52) | async def _get_and_set_function_iam_policy(self, function, api_version...
FILE: ScoutSuite/providers/gcp/facade/gce.py
class GCEFacade (line 7) | class GCEFacade(GCPBaseFacade):
method __init__ (line 8) | def __init__(self):
method get_disks (line 11) | async def get_disks(self, project_id, zone):
method get_firewalls (line 21) | async def get_firewalls(self, project_id):
method get_instances (line 31) | async def get_instances(self, project_id, zone):
method _add_metadata (line 45) | async def _add_metadata(self, project_id, instances):
method metadata_to_dict (line 52) | def metadata_to_dict(self, metadata):
method get_networks (line 55) | async def get_networks(self, project_id):
method get_project (line 65) | async def get_project(self, project_id):
method get_regions (line 75) | async def get_regions(self, project_id):
method get_snapshots (line 85) | async def get_snapshots(self, project_id):
method get_subnetwork (line 95) | async def get_subnetwork(self, project_id, region, subnetwork_id):
method get_subnetworks (line 109) | async def get_subnetworks(self, project_id, region):
method get_zones (line 122) | async def get_zones(self, project_id):
method get_forwarding_rules (line 132) | async def get_forwarding_rules(self, project_id, region):
method get_global_forwarding_rules (line 142) | async def get_global_forwarding_rules(self, project_id):
FILE: ScoutSuite/providers/gcp/facade/gke.py
class GKEFacade (line 8) | class GKEFacade(GCPBaseFacade):
method __init__ (line 9) | def __init__(self, gce_facade):
method get_clusters (line 13) | async def get_clusters(self, project_id):
method _get_and_set_private_google_access_enabled (line 27) | async def _get_and_set_private_google_access_enabled(self, cluster, pr...
method _get_cluster_region (line 42) | def _get_cluster_region(self, cluster):
method _get_cluster_subnetwork_project (line 49) | def _get_cluster_subnetwork_project(self, cluster):
FILE: ScoutSuite/providers/gcp/facade/iam.py
class IAMFacade (line 6) | class IAMFacade(GCPBaseFacade):
method __init__ (line 7) | def __init__(self):
method get_service_accounts (line 10) | async def get_service_accounts(self, project_id: str):
method get_service_account_bindings (line 21) | async def get_service_account_bindings(self, project_id: str, service_...
method get_service_account_keys (line 33) | async def get_service_account_keys(self, project_id: str, service_acco...
method get_service_account_key (line 46) | async def get_service_account_key(self, key_name: str):
method get_role_definition (line 58) | async def get_role_definition(self, role: str):
FILE: ScoutSuite/providers/gcp/facade/kms.py
class KMSFacade (line 11) | class KMSFacade(GCPBaseFacade):
method __init__ (line 12) | def __init__(self):
method get_locations (line 19) | async def get_locations(self, project_id: str):
method list_key_rings (line 31) | async def list_key_rings(self, project_id: str):
method list_keys (line 46) | async def list_keys(self, project_id: str, location: str, keyring_name...
method keys_iam_policy (line 58) | async def keys_iam_policy(self, project_id: str, location: str, keyrin...
FILE: ScoutSuite/providers/gcp/facade/memorystoreredis.py
class MemoryStoreRedisFacade (line 6) | class MemoryStoreRedisFacade(GCPBaseFacade):
method __init__ (line 7) | def __init__(self):
method get_redis_instances (line 10) | async def get_redis_instances(self, project_id: str):
FILE: ScoutSuite/providers/gcp/facade/stackdriverlogging.py
class StackdriverLoggingFacade (line 9) | class StackdriverLoggingFacade:
method get_client (line 11) | def get_client(self, project_id: str):
method get_sinks (line 17) | async def get_sinks(self, project_id: str):
method get_metrics (line 25) | async def get_metrics(self, project_id: str):
FILE: ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py
class StackdriverMonitoringFacade (line 9) | class StackdriverMonitoringFacade:
method get_uptime_client (line 12) | def get_uptime_client(self):
method get_alerts_client (line 17) | def get_alerts_client(self):
method get_uptime_checks (line 22) | async def get_uptime_checks(self, project_id: str):
method get_alert_policies (line 32) | async def get_alert_policies(self, project_id: str):
FILE: ScoutSuite/providers/gcp/facade/utils.py
class GCPFacadeUtils (line 4) | class GCPFacadeUtils:
method _get_all (line 6) | async def _get_all(resources, resource_key: str, request, resources_gr...
method get_all (line 15) | async def get_all(resource_key: str, request, resources_group):
FILE: ScoutSuite/providers/gcp/provider.py
class GCPProvider (line 8) | class GCPProvider(BaseProvider):
method __init__ (line 13) | def __init__(self,
method get_report_name (line 42) | def get_report_name(self):
method _set_account_id (line 51) | def _set_account_id(self):
method preprocessing (line 75) | def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):
method _match_instances_and_snapshots (line 91) | def _match_instances_and_snapshots(self):
method _match_networks_and_instances (line 116) | def _match_networks_and_instances(self):
method _match_networks_and_firewalls (line 142) | def _match_networks_and_firewalls(self):
method _match_subnetworks_and_instances (line 162) | def _match_subnetworks_and_instances(self):
FILE: ScoutSuite/providers/gcp/resources/base.py
class GCPCompositeResources (line 6) | class GCPCompositeResources(CompositeResources):
FILE: ScoutSuite/providers/gcp/resources/bigquery/base.py
class BigQuery (line 5) | class BigQuery(Projects):
FILE: ScoutSuite/providers/gcp/resources/bigquery/datasets.py
class Datasets (line 6) | class Datasets(Resources):
method __init__ (line 7) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_dataset (line 17) | def _parse_dataset(self, raw_dataset):
FILE: ScoutSuite/providers/gcp/resources/cloudsql/backups.py
class Backups (line 5) | class Backups(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str, instance_name: ...
method fetch_all (line 11) | async def fetch_all(self):
method _parse_backup (line 18) | def _parse_backup(self, raw_backup):
FILE: ScoutSuite/providers/gcp/resources/cloudsql/base.py
class CloudSQL (line 5) | class CloudSQL(Projects):
FILE: ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py
class DatabaseInstances (line 9) | class DatabaseInstances(GCPCompositeResources):
method __init__ (line 15) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 19) | async def fetch_all(self):
method _parse_instance (line 30) | def _parse_instance(self, raw_instance):
method _is_log_enabled (line 93) | def _is_log_enabled(self, raw_instance):
method _is_ssl_required (line 96) | def _is_ssl_required(self, raw_instance):
method _set_last_backup_timestamps (line 99) | def _set_last_backup_timestamps(self, instances):
method _get_last_backup_timestamp (line 104) | def _get_last_backup_timestamp(self, backups):
method _mysql_local_infile_flag_off (line 111) | def _mysql_local_infile_flag_off(self, raw_instance):
method _check_database_type (line 118) | def _check_database_type(self, raw_instance):
method _postgres_flags_on (line 123) | def _postgres_flags_on(self, raw_instance, flag_name: str):
method _postgres_log_min_error_statement_flags (line 132) | def _postgres_log_min_error_statement_flags(self, raw_instance):
method _postgres_log_temp_files_flags_0 (line 141) | def _postgres_log_temp_files_flags_0(self, raw_instance):
method _postgres_log_min_duration_statement_flags_1 (line 150) | def _postgres_log_min_duration_statement_flags_1(self, raw_instance):
method _sqlservers_cross_db_ownership_chaining_flag_off (line 159) | def _sqlservers_cross_db_ownership_chaining_flag_off(self, raw_instanc...
FILE: ScoutSuite/providers/gcp/resources/cloudsql/users.py
class Users (line 5) | class Users(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str, instance_name: ...
method fetch_all (line 11) | async def fetch_all(self):
method _parse_user (line 17) | def _parse_user(self, raw_user):
FILE: ScoutSuite/providers/gcp/resources/cloudstorage/base.py
class CloudStorage (line 5) | class CloudStorage(Projects):
FILE: ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
class Buckets (line 7) | class Buckets(Resources):
method __init__ (line 8) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_bucket (line 18) | def _parse_bucket(self, raw_bucket):
method _get_cloudstorage_bucket_iam_member_bindings (line 58) | def _get_cloudstorage_bucket_iam_member_bindings(self, raw_bucket):
FILE: ScoutSuite/providers/gcp/resources/dns/base.py
class DNS (line 5) | class DNS(Projects):
FILE: ScoutSuite/providers/gcp/resources/dns/managed_zones.py
class ManagedZones (line 5) | class ManagedZones(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_zone (line 16) | def _parse_zone(self, raw_zone):
method _get_description (line 37) | def _get_description(self, raw_zone):
method _get_keys (line 41) | def _get_keys(self, dnssec_config,zone_dict):
FILE: ScoutSuite/providers/gcp/resources/functions/base.py
class Functions (line 5) | class Functions(Projects):
FILE: ScoutSuite/providers/gcp/resources/functions/functions_v1.py
class FunctionsV1 (line 7) | class FunctionsV1(Resources):
method __init__ (line 8) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_function (line 18) | def _parse_function(self, raw_function):
FILE: ScoutSuite/providers/gcp/resources/functions/functions_v2.py
class FunctionsV2 (line 7) | class FunctionsV2(Resources):
method __init__ (line 8) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_function (line 18) | def _parse_function(self, raw_function):
FILE: ScoutSuite/providers/gcp/resources/functions/utils.py
function get_environment_secrets (line 4) | def get_environment_secrets(environment_variables):
FILE: ScoutSuite/providers/gcp/resources/gce/base.py
class ComputeEngine (line 10) | class ComputeEngine(Projects):
method fetch_all (line 20) | async def fetch_all(self):
FILE: ScoutSuite/providers/gcp/resources/gce/disks.py
class Disks (line 5) | class Disks(Resources):
method _parse_disk (line 6) | def _parse_disk(self, raw_disk):
method _is_encrypted_with_csek (line 17) | def _is_encrypted_with_csek(self, raw_disk):
FILE: ScoutSuite/providers/gcp/resources/gce/firewalls.py
class Firewalls (line 5) | class Firewalls(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_firewall (line 16) | def _parse_firewall(self, raw_firewall):
method _parse_firewall_rules (line 37) | def _parse_firewall_rules(self, firewall_dict, raw_firewall):
method _get_description (line 69) | def _get_description(self, raw_firewall):
FILE: ScoutSuite/providers/gcp/resources/gce/forwarding_rules.py
class ForwardingRules (line 5) | class ForwardingRules(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str, region: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_forwarding_rule (line 17) | def _parse_forwarding_rule(self, raw_forwarding_rule):
FILE: ScoutSuite/providers/gcp/resources/gce/global_forwarding_rules.py
class GlobalForwardingRules (line 5) | class GlobalForwardingRules(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_forwarding_rule (line 16) | def _parse_forwarding_rule(self, raw_global_forwarding_rule):
FILE: ScoutSuite/providers/gcp/resources/gce/instance_disks.py
class InstanceDisks (line 4) | class InstanceDisks(Disks):
method __init__ (line 5) | def __init__(self, facade, instance):
method fetch_all (line 9) | def fetch_all(self):
FILE: ScoutSuite/providers/gcp/resources/gce/instances.py
class Instances (line 7) | class Instances(GCPCompositeResources):
method __init__ (line 12) | def __init__(self, facade: GCPFacade, project_id: str, zone: str):
method fetch_all (line 17) | async def fetch_all(self):
method _parse_instance (line 24) | def _parse_instance(self, raw_instance):
method _get_description (line 63) | def _get_description(self, raw_instance):
method _is_block_project_ssh_keys_enabled (line 67) | def _is_block_project_ssh_keys_enabled(self, raw_instance):
method _is_oslogin_enabled (line 70) | def _is_oslogin_enabled(self, raw_instance):
method _is_serial_port_enabled (line 76) | def _is_serial_port_enabled(self, raw_instance):
method _is_default_service_account (line 79) | def _is_default_service_account(self, service_account: str):
method _allow_full_access_to_all_cloud_api (line 84) | def _allow_full_access_to_all_cloud_api(self, raw_instance):
method _shielded_vm_enabled (line 91) | def _shielded_vm_enabled(self, raw_instance):
method _public_ip_adresses (line 97) | def _public_ip_adresses(self, raw_instance):
FILE: ScoutSuite/providers/gcp/resources/gce/networks.py
class Networks (line 5) | class Networks(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_network (line 16) | def _parse_network(self, raw_network):
method _get_description (line 37) | def _get_description(self, raw_network):
FILE: ScoutSuite/providers/gcp/resources/gce/regions.py
class GCERegions (line 6) | class GCERegions(Regions):
FILE: ScoutSuite/providers/gcp/resources/gce/snapshots.py
class Snapshots (line 5) | class Snapshots(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_snapshot (line 16) | def _parse_snapshot(self, raw_snapshot):
method _get_description (line 27) | def _get_description(self, raw_snapshot):
FILE: ScoutSuite/providers/gcp/resources/gce/subnetworks.py
class Subnetworks (line 5) | class Subnetworks(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str, region: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_subnetwork (line 17) | def _parse_subnetwork(self, raw_subnetwork):
FILE: ScoutSuite/providers/gcp/resources/gce/zones.py
class GCEZones (line 5) | class GCEZones(Zones):
FILE: ScoutSuite/providers/gcp/resources/gke/base.py
class KubernetesEngine (line 5) | class KubernetesEngine(Projects):
method fetch_all (line 10) | async def fetch_all(self):
FILE: ScoutSuite/providers/gcp/resources/gke/clusters.py
class Clusters (line 7) | class Clusters(Resources):
method __init__ (line 8) | def __init__(self, facade: GCPFacade, project_id):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_cluster (line 19) | async def _parse_cluster(self, raw_cluster):
method _metadata_server_enabled (line 59) | def _metadata_server_enabled(self, node_pools):
method _get_master_authorized_networks_config (line 65) | def _get_master_authorized_networks_config(self, raw_cluster):
method _is_pod_security_policy_enabled (line 80) | def _is_pod_security_policy_enabled(self, raw_cluster):
method _is_basic_authentication_enabled (line 87) | def _is_basic_authentication_enabled(self, raw_cluster):
method _is_client_certificate_enabled (line 90) | def _is_client_certificate_enabled(self, raw_cluster):
method _is_logging_enabled (line 93) | def _is_logging_enabled(self, raw_cluster):
method _is_monitoring_enabled (line 96) | def _is_monitoring_enabled(self, raw_cluster):
method _parse_scope (line 99) | def _parse_scope(self, scope_url):
method _get_scopes (line 102) | def _get_scopes(self, raw_cluster):
method _has_limited_scopes (line 105) | def _has_limited_scopes(self, raw_cluster):
method _get_dashboard_status (line 110) | def _get_dashboard_status(self, raw_cluster):
FILE: ScoutSuite/providers/gcp/resources/gke/node_pools.py
class NodePools (line 4) | class NodePools(Resources):
method __init__ (line 5) | def __init__(self, cluster):
method fetch_all (line 9) | def fetch_all(self):
method _parse_node_pool (line 18) | def _parse_node_pool(self, raw_node_pool):
FILE: ScoutSuite/providers/gcp/resources/iam/base.py
class IAM (line 10) | class IAM(Projects):
FILE: ScoutSuite/providers/gcp/resources/iam/bindings_separation_duties.py
class BindingsSeparationDuties (line 5) | class BindingsSeparationDuties(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_binding_separation (line 15) | async def _parse_binding_separation(self, raw_bindings):
method ensure_seperation_duties (line 24) | def ensure_seperation_duties(self, raw_bindings):
method ensure_KMS_seperation_duties (line 41) | def ensure_KMS_seperation_duties(self, raw_bindings):
FILE: ScoutSuite/providers/gcp/resources/iam/domains.py
class Domains (line 6) | class Domains(Resources):
method __init__ (line 7) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_binding (line 17) | def _parse_binding(self, raw_bindings):
FILE: ScoutSuite/providers/gcp/resources/iam/groups.py
class Groups (line 6) | class Groups(Resources):
method __init__ (line 7) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_binding (line 17) | def _parse_binding(self, raw_bindings):
FILE: ScoutSuite/providers/gcp/resources/iam/keys.py
class Keys (line 5) | class Keys(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str, service_account...
method fetch_all (line 11) | async def fetch_all(self):
method _parse_key (line 23) | async def _parse_key(self, raw_key, key_type):
FILE: ScoutSuite/providers/gcp/resources/iam/member_bindings.py
class Bindings (line 7) | class Bindings(Resources):
method __init__ (line 8) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_binding (line 18) | async def _parse_binding(self, raw_binding):
method _parse_members (line 33) | def _parse_members(self, raw_binding):
FILE: ScoutSuite/providers/gcp/resources/iam/service_account_bindings.py
class ServiceAccountBindings (line 5) | class ServiceAccountBindings(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str, service_account...
method fetch_all (line 11) | async def fetch_all(self):
method _parse_binding (line 17) | def _parse_binding(self, raw_binding):
FILE: ScoutSuite/providers/gcp/resources/iam/service_accounts.py
class ServiceAccounts (line 8) | class ServiceAccounts(GCPCompositeResources):
method __init__ (line 14) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 18) | async def fetch_all(self):
method _parse_service_account (line 28) | def _parse_service_account(self, raw_service_account):
FILE: ScoutSuite/providers/gcp/resources/iam/users.py
class Users (line 6) | class Users(Resources):
method __init__ (line 7) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_binding (line 17) | def _parse_binding(self, raw_bindings):
FILE: ScoutSuite/providers/gcp/resources/kms/base.py
class KMS (line 5) | class KMS(Projects):
FILE: ScoutSuite/providers/gcp/resources/kms/keyrings.py
class KeyRings (line 6) | class KeyRings(GCPCompositeResources):
method __init__ (line 11) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 15) | async def fetch_all(self):
method _parse_keyring (line 28) | def _parse_keyring(self, raw_keyring, location):
FILE: ScoutSuite/providers/gcp/resources/kms/keys.py
class Keys (line 10) | class Keys(GCPCompositeResources):
method __init__ (line 15) | def __init__(self, facade: GCPFacade, project_id: str, keyring_name: s...
method fetch_all (line 21) | async def fetch_all(self):
method _parse_key (line 33) | def _parse_key(self, raw_key):
FILE: ScoutSuite/providers/gcp/resources/kms/kms_policy.py
class KMSPolicy (line 7) | class KMSPolicy(Resources):
method __init__ (line 9) | def __init__(self, facade: GCPFacade, project_id: str, keyring_name: s...
method fetch_all (line 16) | async def fetch_all(self):
method _parse_binding (line 22) | async def _parse_binding(self, kms_raw_binding):
method keys_not_anonymous_public_accessible (line 38) | def keys_not_anonymous_public_accessible(self, kms_raw_binding):
FILE: ScoutSuite/providers/gcp/resources/memorystore/base.py
class MemoryStore (line 5) | class MemoryStore(Projects):
FILE: ScoutSuite/providers/gcp/resources/memorystore/redis_instances.py
class RedisInstances (line 6) | class RedisInstances(GCPCompositeResources):
method __init__ (line 8) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_instance (line 18) | def _parse_instance(self, raw_instance):
method _is_ssl_required (line 37) | def _is_ssl_required(self, raw_instance):
method _is_auth_required (line 45) | def _is_auth_required(self, raw_instance):
FILE: ScoutSuite/providers/gcp/resources/projects.py
class Projects (line 4) | class Projects(GCPCompositeResources):
method fetch_all (line 11) | async def fetch_all(self):
method _set_counts (line 30) | def _set_counts(self):
FILE: ScoutSuite/providers/gcp/resources/regions.py
class Regions (line 5) | class Regions(GCPCompositeResources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 10) | async def fetch_all(self):
FILE: ScoutSuite/providers/gcp/resources/stackdriverlogging/base.py
class StackdriverLogging (line 7) | class StackdriverLogging(Projects):
FILE: ScoutSuite/providers/gcp/resources/stackdriverlogging/logging_metrics.py
class LoggingMetrics (line 5) | class LoggingMetrics(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_metric (line 15) | def _parse_metric(self, raw_metrics):
method _specific_filter_present (line 59) | def _specific_filter_present(self, raw_metrics, filter_value: str):
FILE: ScoutSuite/providers/gcp/resources/stackdriverlogging/metrics.py
class Metrics (line 5) | class Metrics(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_metric (line 16) | def _parse_metric(self, raw_metric):
FILE: ScoutSuite/providers/gcp/resources/stackdriverlogging/sinks.py
class Sinks (line 5) | class Sinks(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_sink (line 16) | def _parse_sink(self, raw_sink):
FILE: ScoutSuite/providers/gcp/resources/stackdrivermonitoring/alert_policies.py
class AlertPolicies (line 6) | class AlertPolicies(Resources):
method __init__ (line 7) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_alert_policy (line 17) | def _parse_alert_policy(self, raw_alert_policy):
FILE: ScoutSuite/providers/gcp/resources/stackdrivermonitoring/base.py
class StackdriverMonitoring (line 7) | class StackdriverMonitoring(Projects):
FILE: ScoutSuite/providers/gcp/resources/stackdrivermonitoring/monitoring_alert_policies.py
class MonitoringAlertPolicies (line 5) | class MonitoringAlertPolicies(Resources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_alert_policy (line 15) | def _parse_alert_policy(self, raw_alert_policies):
method _specific_alert_policy_present (line 29) | def _specific_alert_policy_present(self, alert_policies):
FILE: ScoutSuite/providers/gcp/resources/stackdrivermonitoring/uptime_checks.py
class UptimeChecks (line 6) | class UptimeChecks(Resources):
method __init__ (line 7) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_uptime_check (line 17) | def _parse_uptime_check(self, raw_uptime_check):
FILE: ScoutSuite/providers/gcp/resources/zones.py
class Zones (line 5) | class Zones(GCPCompositeResources):
method __init__ (line 6) | def __init__(self, facade: GCPFacade, project_id: str):
method fetch_all (line 10) | async def fetch_all(self):
FILE: ScoutSuite/providers/gcp/services.py
class GCPServicesConfig (line 17) | class GCPServicesConfig(BaseServicesConfig):
method __init__ (line 19) | def __init__(self, credentials=None, default_project_id=None,
method _is_provider (line 40) | def _is_provider(self, provider_name):
FILE: ScoutSuite/providers/gcp/utils.py
function is_throttled (line 4) | def is_throttled(exception):
FILE: ScoutSuite/providers/kubernetes/authentication_strategy.py
class KubernetesCredentials (line 12) | class KubernetesCredentials:
method __init__ (line 13) | def __init__(self) -> None:
class ClusterProvider (line 23) | class ClusterProvider(enum.Enum):
class ResourceTemplates (line 31) | class ResourceTemplates(enum.Enum):
class KubernetesAuthenticationStrategy (line 35) | class KubernetesAuthenticationStrategy(AuthenticationStrategy):
method authenticate (line 40) | def authenticate(self, **kwargs):
FILE: ScoutSuite/providers/kubernetes/facade/__init__.py
class KubernetesFacade (line 10) | class KubernetesFacade:
method __init__ (line 11) | def __init__(self, credentials: KubernetesCredentials):
FILE: ScoutSuite/providers/kubernetes/facade/base.py
class KubernetesBaseFacade (line 17) | class KubernetesBaseFacade:
method continue_upon_exception (line 18) | def continue_upon_exception(function):
method __init__ (line 32) | def __init__(self, credentials: KubernetesCredentials) -> None:
method get (line 46) | def get(self, path) -> dict:
method parse_data (line 60) | def parse_data(self, raw_resources):
FILE: ScoutSuite/providers/kubernetes/facade/core.py
class CoreFacade (line 5) | class CoreFacade(KubernetesBaseFacade):
method __init__ (line 6) | def __init__(self, credentials):
method get_resource_definitions (line 9) | def get_resource_definitions(self) -> dict:
method get_resources (line 19) | def get_resources(self) -> dict:
FILE: ScoutSuite/providers/kubernetes/facade/eks.py
class EKSFacade (line 5) | class EKSFacade(KubernetesBaseFacade):
method __init__ (line 8) | def __init__(self, credentials: KubernetesCredentials, **kwargs):
method get_cluster (line 16) | def get_cluster(self, **kwargs):
FILE: ScoutSuite/providers/kubernetes/facade/extra.py
class ExtraFacade (line 5) | class ExtraFacade(KubernetesBaseFacade):
method __init__ (line 6) | def __init__(self, credentials):
method get_resource_definitions (line 10) | def get_resource_definitions(self) -> dict:
method get_resources (line 18) | def get_resources(self) -> dict:
FILE: ScoutSuite/providers/kubernetes/facade/version.py
class VersionFacade (line 5) | class VersionFacade(KubernetesBaseFacade):
method __init__ (line 6) | def __init__(self, credentials):
method get_versions (line 9) | def get_versions(self) -> dict:
FILE: ScoutSuite/providers/kubernetes/provider.py
class KubernetesProvider (line 11) | class KubernetesProvider(BaseProvider):
method __init__ (line 33) | def __init__(self, **kwargs):
method get_report_name (line 61) | def get_report_name(self):
method preprocessing (line 67) | def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):
method postprocessing (line 113) | def postprocessing(self, current_time, ruleset: Ruleset, run_parameters):
method _get_resource_versions (line 140) | def _get_resource_versions(self, service: dict):
method _load_resource_metadata (line 144) | def _load_resource_metadata(self, service_group, service_name, versions):
method _postprocess_regular_resources (line 155) | def _postprocess_regular_resources(self):
method _postprocess_composite_resource (line 202) | def _postprocess_composite_resource(self, composite_resource_name):
FILE: ScoutSuite/providers/kubernetes/resources/aks.py
class AKS (line 8) | class AKS(Subscriptions):
FILE: ScoutSuite/providers/kubernetes/resources/base.py
class KubernetesResources (line 7) | class KubernetesResources(Resources):
method __init__ (line 10) | def __init__(self, resources):
method fetch_all (line 13) | async def fetch_all(self):
class KubernetesResourcesWithFacade (line 19) | class KubernetesResourcesWithFacade(Resources):
method __init__ (line 22) | def __init__(self, facade: KubernetesFacade):
method save (line 26) | def save(self, data):
class KubernetesCompositeResources (line 31) | class KubernetesCompositeResources(KubernetesResourcesWithFacade, Compos...
method fetch_all (line 38) | async def fetch_all(self):
FILE: ScoutSuite/providers/kubernetes/resources/eks.py
class ControlPlaneLogging (line 4) | class ControlPlaneLogging(KubernetesResourcesWithFacade):
method fetch_all (line 5) | async def fetch_all(self):
class KMSEncryption (line 29) | class KMSEncryption(KubernetesResourcesWithFacade):
method fetch_all (line 30) | async def fetch_all(self):
class ResourcesVPCConfig (line 43) | class ResourcesVPCConfig(KubernetesResourcesWithFacade):
method fetch_all (line 44) | async def fetch_all(self):
class EKS (line 55) | class EKS(KubernetesCompositeResources):
FILE: ScoutSuite/providers/kubernetes/resources/fake_network_policy.py
class FakeNetworkPolicy (line 4) | class FakeNetworkPolicy(KubernetesResourcesWithFacade):
method fetch_all (line 7) | async def fetch_all(self):
FILE: ScoutSuite/providers/kubernetes/resources/gke.py
class GKE (line 5) | class GKE(Projects):
FILE: ScoutSuite/providers/kubernetes/resources/rbac.py
class ClusterRoles (line 4) | class ClusterRoles(KubernetesResourcesWithFacade):
method fetch_all (line 5) | async def fetch_all(self):
class ClusterRoleBindings (line 9) | class ClusterRoleBindings(KubernetesResourcesWithFacade):
method fetch_all (line 10) | async def fetch_all(self):
class Roles (line 14) | class Roles(KubernetesResourcesWithFacade):
method fetch_all (line 15) | async def fetch_all(self):
class RoleBindings (line 19) | class RoleBindings(KubernetesResourcesWithFacade):
method fetch_all (line 20) | async def fetch_all(self):
class RBAC (line 24) | class RBAC(KubernetesCompositeResources):
method finalize (line 47) | async def finalize(self):
FILE: ScoutSuite/providers/kubernetes/resources/version.py
class KubernetesVersions (line 4) | class KubernetesVersions(KubernetesResourcesWithFacade):
method fetch_all (line 5) | async def fetch_all(self):
FILE: ScoutSuite/providers/kubernetes/resources/workload.py
class Pod (line 3) | class Pod(KubernetesResourcesWithFacade):
method fetch_all (line 4) | async def fetch_all(self):
class PodTemplate (line 8) | class PodTemplate(KubernetesResourcesWithFacade):
method fetch_all (line 9) | async def fetch_all(self):
class CronJob (line 13) | class CronJob(KubernetesResourcesWithFacade):
method fetch_all (line 14) | async def fetch_all(self):
class DaemonSet (line 18) | class DaemonSet(KubernetesResourcesWithFacade):
method fetch_all (line 19) | async def fetch_all(self):
class Deployment (line 23) | class Deployment(KubernetesResourcesWithFacade):
method fetch_all (line 24) | async def fetch_all(self):
class Job (line 28) | class Job(KubernetesResourcesWithFacade):
method fetch_all (line 29) | async def fetch_all(self):
class ReplicaSet (line 33) | class ReplicaSet(KubernetesResourcesWithFacade):
method fetch_all (line 34) | async def fetch_all(self):
class StatefulSet (line 38) | class StatefulSet(KubernetesResourcesWithFacade):
method fetch_all (line 39) | async def fetch_all(self):
class Workload (line 43) | class Workload(KubernetesCompositeResources):
method finalize (line 66) | async def finalize(self):
FILE: ScoutSuite/providers/kubernetes/services.py
class KubernetesServicesConfig (line 16) | class KubernetesServicesConfig(BaseServicesConfig):
method __init__ (line 19) | def __init__(self, credentials: KubernetesCredentials):
method _is_provider (line 52) | def _is_provider(self, provider_name):
FILE: ScoutSuite/providers/kubernetes/utils.py
function format_resource_kind (line 4) | def format_resource_kind(kind: str):
function format_api_version (line 7) | def format_api_version(api_version: str):
function format_resource_name (line 14) | def format_resource_name(name: str):
function format_resource_id (line 18) | def format_resource_id(name: str, namespace: str = ''):
FILE: ScoutSuite/providers/oci/authentication_strategy.py
class OracleCredentials (line 9) | class OracleCredentials:
method __init__ (line 11) | def __init__(self, config):
method get_scope (line 14) | def get_scope(self):
class OracleAuthenticationStrategy (line 21) | class OracleAuthenticationStrategy(AuthenticationStrategy):
method authenticate (line 26) | def authenticate(self, profile=None, **kwargs):
FILE: ScoutSuite/providers/oci/facade/base.py
class OracleFacade (line 7) | class OracleFacade:
method __init__ (line 8) | def __init__(self, credentials: OracleCredentials):
method _instantiate_facades (line 12) | def _instantiate_facades(self):
FILE: ScoutSuite/providers/oci/facade/identity.py
class IdentityFacade (line 10) | class IdentityFacade:
method __init__ (line 11) | def __init__(self, credentials: OracleCredentials):
method get_users (line 15) | async def get_users(self):
method get_user_api_keys (line 24) | async def get_user_api_keys(self, user_id):
method get_groups (line 33) | async def get_groups(self):
method get_group_users (line 42) | async def get_group_users(self, group_id):
method get_policies (line 53) | async def get_policies(self):
method get_authentication_policy (line 62) | async def get_authentication_policy(self):
FILE: ScoutSuite/providers/oci/facade/kms.py
class KMSFacade (line 9) | class KMSFacade:
method __init__ (line 10) | def __init__(self, credentials: OracleCredentials):
method get_vaults (line 14) | async def get_vaults(self):
method get_keys (line 23) | async def get_keys(self, keyvault):
FILE: ScoutSuite/providers/oci/facade/objectstorage.py
class ObjectStorageFacade (line 9) | class ObjectStorageFacade:
method __init__ (line 10) | def __init__(self, credentials: OracleCredentials):
method get_namespace (line 14) | async def get_namespace(self):
method get_bucket_details (line 24) | async def get_bucket_details(self, namespace, bucket_name):
method get_buckets (line 34) | async def get_buckets(self, namespace):
method get_bucket_objects (line 43) | async def get_bucket_objects(self, namespace, bucket_name):
FILE: ScoutSuite/providers/oci/provider.py
class OracleProvider (line 7) | class OracleProvider(BaseProvider):
method __init__ (line 12) | def __init__(self,
method get_report_name (line 31) | def get_report_name(self):
method preprocessing (line 40) | def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):
FILE: ScoutSuite/providers/oci/resources/base.py
class OracleResources (line 8) | class OracleResources(Resources, metaclass=abc.ABCMeta):
class OracleCompositeResources (line 14) | class OracleCompositeResources(OracleResources, CompositeResources, meta...
FILE: ScoutSuite/providers/oci/resources/identity/api_keys.py
class ApiKeys (line 6) | class ApiKeys(OracleResources):
method __init__ (line 7) | def __init__(self, facade: OracleFacade, user):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_api_key (line 16) | async def _parse_api_key(self, raw_api_key):
FILE: ScoutSuite/providers/oci/resources/identity/authentication_policy.py
class PasswordPolicy (line 5) | class PasswordPolicy(OracleResources):
method __init__ (line 6) | def __init__(self, facade: OracleFacade):
method fetch_all (line 9) | async def fetch_all(self):
method _parse_authentication_policy (line 17) | def _parse_authentication_policy(self, raw_authentication_policy):
FILE: ScoutSuite/providers/oci/resources/identity/base.py
class Identity (line 9) | class Identity(OracleCompositeResources):
method __init__ (line 17) | def __init__(self, facade: OracleFacade):
method fetch_all (line 21) | async def fetch_all(self, **kwargs):
method finalize (line 28) | async def finalize(self):
method _match_users_and_groups (line 33) | def _match_users_and_groups(self):
method _set_user_names_to_group_members (line 44) | def _set_user_names_to_group_members(self):
FILE: ScoutSuite/providers/oci/resources/identity/groups.py
class Groups (line 6) | class Groups(OracleResources):
method __init__ (line 7) | def __init__(self, facade: OracleFacade):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_group (line 15) | async def _parse_group(self, raw_group):
FILE: ScoutSuite/providers/oci/resources/identity/policies.py
class Policies (line 6) | class Policies(OracleResources):
method __init__ (line 7) | def __init__(self, facade: OracleFacade):
method fetch_all (line 10) | async def fetch_all(self):
method _parse_policy (line 15) | async def _parse_policy(self, raw_policy):
FILE: ScoutSuite/providers/oci/resources/identity/users.py
class Users (line 7) | class Users(OracleCompositeResources):
method fetch_all (line 12) | async def fetch_all(self):
method _parse_user (line 23) | async def _parse_user(self, raw_user):
FILE: ScoutSuite/providers/oci/resources/kms/base.py
class KMS (line 6) | class KMS(OracleCompositeResources):
method __init__ (line 11) | def __init__(self, facade: OracleFacade):
method fetch_all (line 15) | async def fetch_all(self, **kwargs):
FILE: ScoutSuite/providers/oci/resources/kms/keys.py
class Keys (line 6) | class Keys(OracleResources):
method __init__ (line 7) | def __init__(self, facade: OracleFacade, keyvault):
method fetch_all (line 11) | async def fetch_all(self):
method _parse_key (line 17) | async def _parse_key(self, raw_key):
FILE: ScoutSuite/providers/oci/resources/kms/keyvaults.py
class KeyVaults (line 7) | class KeyVaults(OracleCompositeResources):
method __init__ (line 13) | def __init__(self, facade: OracleFacade):
method fetch_all (line 16) | async def fetch_all(self):
method _parse_keyvault (line 29) | def _parse_keyvault(self, raw_keyvault):
FILE: ScoutSuite/providers/oci/resources/objectstorage/base.py
class ObjectStorage (line 6) | class ObjectStorage(OracleCompositeResources):
method __init__ (line 11) | def __init__(self, facade: OracleFacade):
method fetch_all (line 15) | async def fetch_all(self, **kwargs):
FILE: ScoutSuite/providers/oci/resources/objectstorage/buckets.py
class Buckets (line 5) | class Buckets(OracleResources):
method __init__ (line 6) | def __init__(self, facade: OracleFacade):
method fetch_all (line 9) | async def fetch_all(self):
method _parse_bucket (line 17) | async def _parse_bucket(self, raw_bucket):
FILE: ScoutSuite/providers/oci/services.py
class OracleServicesConfig (line 9) | class OracleServicesConfig(BaseServicesConfig):
method __init__ (line 10) | def __init__(self, credentials: OracleCredentials = None, **kwargs):
method _is_provider (line 19) | def _is_provider(self, provider_name):
FILE: ScoutSuite/providers/oci/utils.py
function oracle_connect_service (line 6) | def oracle_connect_service(service, credentials, region_name=None):
FILE: ScoutSuite/providers/utils.py
function get_non_provider_id (line 11) | def get_non_provider_id(name):
function run_concurrently (line 24) | async def run_concurrently(function, backoff_seconds=15):
function run_function_concurrently (line 44) | def run_function_concurrently(function):
function get_and_set_concurrently (line 56) | async def get_and_set_concurrently(get_and_set_funcs: [], entities: [], ...
function map_concurrently (line 82) | async def map_concurrently(coroutine, entities, **kwargs):
function is_throttled (line 118) | def is_throttled(exception):
function is_secret (line 318) | def is_secret(string):
FILE: ScoutSuite/utils.py
function manage_dictionary (line 74) | def manage_dictionary(dictionary, key, init, callback=None):
function format_provider_code (line 95) | def format_provider_code(provider_code):
function format_service_name (line 103) | def format_service_name(service):
function get_user_agent (line 111) | def get_user_agent():
FILE: tests/test_aws_provider.py
class Object (line 12) | class Object(object):
class TestAWSProviderClass (line 17) | class TestAWSProviderClass(unittest.TestCase):
method test_authenticate (line 20) | def test_authenticate(self, mock_get_caller_identity, mock_boto3):
method test_get_report_name (line 92) | def test_get_report_name(
method test_identify_user_data_secrets (line 121) | def test_identify_user_data_secrets(self):
FILE: tests/test_azure_provider.py
class TestAzureProviderClass (line 12) | class TestAzureProviderClass(unittest.TestCase):
method test_authenticate (line 14) | def test_authenticate(self, mock_UsernamePasswordCredential):
method test_authenticate_CLI (line 37) | def test_authenticate_CLI(self, mock_AzureCliCredential):
FILE: tests/test_core.py
class TestScoutCore (line 10) | class TestScoutCore(unittest.TestCase):
method test_argument_parser (line 16) | def test_argument_parser(self):
method test_prompt (line 29) | def test_prompt(self):
method test_prompt_overwrite (line 33) | def test_prompt_overwrite(self):
method test_prompt_value (line 36) | def test_prompt_value(self):
FILE: tests/test_main.py
class TestMainClass (line 9) | class TestMainClass(unittest.TestCase):
method setUp (line 11) | def setUp(self):
method tearDown (line 33) | def tearDown(self):
method test_empty (line 36) | async def test_empty(self):
method test_aws_provider (line 47) | async def test_aws_provider(self):
method test_gcp_provider (line 62) | async def test_gcp_provider(self):
method test_azure_provider (line 77) | async def test_azure_provider(self):
method test_unauthenticated (line 92) | async def test_unauthenticated(self):
method test_keyboardinterrupted (line 103) | async def test_keyboardinterrupted(self):
FILE: tests/test_output.py
class TestScoutOutput (line 8) | class TestScoutOutput(unittest.TestCase):
method test_html_report (line 14) | def test_html_report(self):
method test_get_filename (line 20) | def test_get_filename(self):
FILE: tests/test_resources.py
class DummyResources (line 9) | class DummyResources(Resources):
method __init__ (line 10) | def __init__(self, facade, region: str, some_other_scope: str, **kwar...
method fetch_all (line 14) | async def fetch_all(self):
class DummyComposite (line 21) | class DummyComposite(CompositeResources):
method __init__ (line 27) | def __init__(self):
method fetch_all (line 30) | async def fetch_all(self):
class TestResources (line 41) | class TestResources(unittest.TestCase):
method test_composite_resource (line 44) | def test_composite_resource(self):
FILE: tests/test_rules_processingengine.py
class DummyObject (line 11) | class DummyObject(object):
class TestScoutRulesProcessingEngine (line 15) | class TestScoutRulesProcessingEngine(unittest.TestCase):
method setUp (line 17) | def setUp(self):
method test_all_finding_rules (line 25) | def test_all_finding_rules(self):
method _test_rule (line 43) | def _test_rule(self, ruleset_file_name, rule_file_name, rule):
method _generate_ruleset (line 80) | def _generate_ruleset(self, rule_file_name, rule):
FILE: tests/test_rules_ruleset.py
class TestScoutRulesRuleset (line 10) | class TestScoutRulesRuleset(unittest.TestCase):
method setUp (line 12) | def setUp(self):
method test_ruleset_class (line 20) | def test_ruleset_class(self, printError):
method test_ruleset_file_not_exist (line 50) | def test_ruleset_file_not_exist(self, printError):
method test_ruleset_invalid (line 57) | def test_ruleset_invalid(self, printException):
method test_path_for_cloud_providers (line 63) | def test_path_for_cloud_providers(self):
method test_path_for_ruletypes (line 73) | def test_path_for_ruletypes(self):
method test_file_search (line 88) | def test_file_search(self, prompt_yes_no):
method test_find_file (line 102) | def test_find_file(self):
method test_search_ruleset (line 106) | def test_search_ruleset(self):
FILE: tests/test_scoutsuite.py
class TestScoutSuiteClass (line 10) | class TestScoutSuiteClass(unittest.TestCase):
method setUpClass (line 13) | def setUpClass(cls):
method call_scout_suite (line 19) | def call_scout_suite(args):
method test_scout_suite_help (line 40) | def test_scout_suite_help(self):
method test_scout_suite_default_run (line 48) | def test_scout_suite_default_run(self):
FILE: tests/test_utils.py
class TestScoutUtilsClass (line 20) | class TestScoutUtilsClass(unittest.TestCase):
method test_format_service_name (line 21) | def test_format_service_name(self):
method test_get_keys (line 25) | def test_get_keys(self):
method test_no_camel (line 34) | def test_no_camel(self):
method test_is_throttled (line 37) | def test_is_throttled(self):
method test_get_name (line 50) | def test_get_name(self):
method test_get_identity (line 72) | def test_get_identity(self):
method test_get_partition_name (line 79) | def test_get_partition_name(self):
method test_snake_case (line 86) | def test_snake_case(self):
FILE: tests/test_utils_conditions.py
class TestOpinelConditionClass (line 8) | class TestOpinelConditionClass(unittest.TestCase):
method test___prepare_age_test (line 13) | def test___prepare_age_test(self):
method test_pass_condition (line 16) | def test_pass_condition(self):
FILE: tests/test_utils_console.py
class TestOpinelUtilsConsoleClass (line 6) | class TestOpinelUtilsConsoleClass(unittest.TestCase):
method test_configPrintException (line 8) | def test_configPrintException(self):
method test_printDebug (line 13) | def test_printDebug(self):
method test_printError (line 17) | def test_printError(self):
method test_printException (line 21) | def test_printException(self):
method test_printInfo (line 38) | def test_printInfo(msg, newLine=True):
method test_printGeneric (line 42) | def test_printGeneric(self):
method test_prompt (line 46) | def test_prompt(self):
method test_prompt_4_value (line 55) | def test_prompt_4_value(self):
method test_prompt_4_yes_no (line 69) | def test_prompt_4_yes_no(self):
FILE: tests/test_utils_fs.py
class TestOpinelFsClass (line 7) | class TestOpinelFsClass(unittest.TestCase):
method cmp (line 12) | def cmp(self, a, b):
method test_CustomJSONEncoder (line 18) | def test_CustomJSONEncoder(self):
method test_load_data (line 25) | def test_load_data(self):
method test_read_ip_ranges (line 40) | def test_read_ip_ranges(self):
method test_save_blob_as_json (line 94) | def test_save_blob_as_json(self):
FILE: tools/aws_security_hub_export.py
function upload_findigs_to_securityhub (line 12) | def upload_findigs_to_securityhub(session, formatted_findings_list):
function format_finding_to_securityhub_format (line 25) | def format_finding_to_securityhub_format(aws_account_id,
function process_results_file (line 81) | def process_results_file(f,
function run (line 105) | def run(profile, file):
FILE: tools/format_findings.py
function get_folder_files (line 12) | def get_folder_files(folder_path):
function format_folder (line 20) | def format_folder(folder_path):
FILE: tools/process_raw_response.py
function camel_to_snake (line 37) | def camel_to_snake(name, upper=False):
FILE: tools/sort-ruleset.py
function get_folder_files (line 9) | def get_folder_files(folder_path):
function format_folder (line 17) | def format_folder(folder_path):
FILE: tools/utils.py
function is_mixed_case (line 19) | def is_mixed_case(word):
function get_capitalized_title (line 23) | def get_capitalized_title(initial_title: str) -> str:
function results_file_to_dict (line 74) | def results_file_to_dict(f):
Condensed preview — 1474 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (4,620K chars).
[
{
"path": ".coveragerc",
"chars": 540,
"preview": "[report]\ninclude = ScoutSuite/*.py\n ScoutSuite/core/*.py\n ScoutSuite/output/*.py\n Sco"
},
{
"path": ".flake8",
"chars": 297,
"preview": "[flake8]\nselect =\n E901,\n E999,\n F821,\n F822,\n F823\nstatistics = True\nshow-source = True\nmax-line-length "
},
{
"path": ".github/ISSUE_TEMPLATE/bug_report.md",
"chars": 753,
"preview": "---\nname: Bug report\nabout: Create a report to help us improve Scout Suite!\ntitle: ''\nlabels: bug, potential\nassignees: "
},
{
"path": ".github/ISSUE_TEMPLATE/feature_request.md",
"chars": 615,
"preview": "---\nname: Feature request\nabout: Suggest an idea to improve Scout Suite!\ntitle: ''\nlabels: enhancement\nassignees: ''\n\n--"
},
{
"path": ".github/PULL_REQUEST_TEMPLATE.md",
"chars": 1089,
"preview": "# Description\n\n**Make sure the PR is against the `develop` branch (see [Contributing](https://github.com/nccgroup/ScoutS"
},
{
"path": ".github/workflows/frontend-build.yml",
"chars": 373,
"preview": "name: Fronted Build CI (dummy version)\n\non:\n # Triggers the workflow on push or pull request events but only for the ma"
},
{
"path": ".github/workflows/testing.yml",
"chars": 1604,
"preview": "name: CI Workflow\n\non:\n push:\n branches:\n - develop\n - master\n pull_request:\n\n\njobs:\n build:\n\n runs-o"
},
{
"path": ".gitignore",
"chars": 698,
"preview": "# virtualenv \nenv/\nvenv/\n\n# Compiled files\n*.py[cod]\n\n# C extensions\n*.so\n\n# Packages\n*.egg\n*.egg-info\n.eggs\n.cache/\ndis"
},
{
"path": "CODE_OF_CONDUCT.md",
"chars": 3265,
"preview": "# Code of conduct \n\n## Our Pledge\nIn the interest of fostering an open and welcoming environment, we as contributors and"
},
{
"path": "CONTRIBUTING.md",
"chars": 2505,
"preview": "# Contributing \n\n## Table of Contents\n * [Introduction](#introduction)\n * [Getting started](#getting-started)\n * [How to"
},
{
"path": "LICENSE",
"chars": 15170,
"preview": " GNU GENERAL PUBLIC LICENSE\n Version 2, June 1991\n\n Copyright (C) 1989, 1991 Fr"
},
{
"path": "MANIFEST.in",
"chars": 737,
"preview": "include LICENSE\ninclude README.md\ninclude requirements.txt\nrecursive-include ScoutSuite/data *\nrecursive-include ScoutSu"
},
{
"path": "README.md",
"chars": 2732,
"preview": "<p align=\"center\">\n <img src=\"https://user-images.githubusercontent.com/4206926/49877604-10457580-fe26-11e8-92d7-cd876c"
},
{
"path": "ScoutSuite/__init__.py",
"chars": 216,
"preview": "__author__ = 'NCC Group'\n__version__ = '5.14.0'\n\nERRORS_LIST = []\n\nDEFAULT_REPORT_DIRECTORY = 'scoutsuite-report'\nDEFAUL"
},
{
"path": "ScoutSuite/__main__.py",
"chars": 18614,
"preview": "import asyncio\nimport os\nimport webbrowser\n\nfrom asyncio_throttle import Throttler\nfrom ScoutSuite import ERRORS_LIST\n\nf"
},
{
"path": "ScoutSuite/core/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "ScoutSuite/core/cli_parser.py",
"chars": 25222,
"preview": "import argparse\nfrom ScoutSuite import __version__\n\n\nclass ScoutSuiteArgumentParser:\n\n def __init__(self):\n se"
},
{
"path": "ScoutSuite/core/conditions.py",
"chars": 12010,
"preview": "import datetime\nimport dateutil.parser\nimport json\nimport netaddr\nimport re\nimport ipaddress\n\nfrom policyuniverse.expand"
},
{
"path": "ScoutSuite/core/console.py",
"chars": 9432,
"preview": "import logging\nimport platform\nimport os\nimport sys\nimport traceback\n\nimport coloredlogs\n\nfrom ScoutSuite import ERRORS_"
},
{
"path": "ScoutSuite/core/exceptions.py",
"chars": 1297,
"preview": "from ScoutSuite.core.console import print_debug\n\nfrom ScoutSuite.output.result_encoder import JavaScriptEncoder\n\n\nclass "
},
{
"path": "ScoutSuite/core/fs.py",
"chars": 2810,
"preview": "import datetime\nimport json\nimport os\n\nfrom ScoutSuite.core.console import print_exception, prompt_overwrite, print_info"
},
{
"path": "ScoutSuite/core/processingengine.py",
"chars": 4477,
"preview": "from ScoutSuite.core.console import print_debug, print_exception\nfrom ScoutSuite.utils import manage_dictionary\n\nfrom Sc"
},
{
"path": "ScoutSuite/core/rule.py",
"chars": 6693,
"preview": "import json\nimport re\n\nfrom ScoutSuite.core.fs import read_ip_ranges\nfrom ScoutSuite.core.console import print_exception"
},
{
"path": "ScoutSuite/core/rule_definition.py",
"chars": 3560,
"preview": "import json\nimport os\n\nfrom ScoutSuite.core.console import print_error, print_exception\n\n\nclass RuleDefinition:\n\n def"
},
{
"path": "ScoutSuite/core/ruleset.py",
"chars": 9533,
"preview": "import json\nimport os\nimport tempfile\n\nfrom ScoutSuite.core.console import print_debug, print_error, prompt_yes_no, prin"
},
{
"path": "ScoutSuite/core/server.py",
"chars": 6991,
"preview": "from sqlitedict import SqliteDict\nimport cherrypy\nimport cherrypy_cors\n\nimport re\n\ncount_re = re.compile(r\".*_count$\")\n\n"
},
{
"path": "ScoutSuite/core/utils.py",
"chars": 4188,
"preview": "\"\"\"\nSingle-service rule processing functions\n\"\"\"\n\nimport copy\n\nfrom ScoutSuite.core.console import print_exception\nfrom "
},
{
"path": "ScoutSuite/data/aws/ip-ranges/aws-in-ec2.json",
"chars": 115,
"preview": "{\n \"source\": \"aws/ip-ranges/aws.json\",\n \"conditions\": [ \"and\",\n [ \"service\", \"equal\", \"EC2\" ]\n ]\n}\n"
},
{
"path": "ScoutSuite/data/aws/ip-ranges/aws-in-us.json",
"chars": 120,
"preview": "{\n \"source\": \"aws/ip-ranges/aws.json\",\n \"conditions\": [ \"and\",\n [ \"region\", \"match\", [ \"us-.*\" ] ]\n ]\n}\n"
},
{
"path": "ScoutSuite/data/aws/ip-ranges/aws.json",
"chars": 1318626,
"preview": "{\n \"syncToken\": \"1662013390\",\n \"createDate\": \"2022-09-01-06-23-10\",\n \"prefixes\": [\n {\n \"ip_prefix\": \"3.2.34.0"
},
{
"path": "ScoutSuite/data/icmp_message_types.json",
"chars": 8262,
"preview": "{\n \"metadata\": {\n \"generated_on\": \"September 14, 2015\",\n \"source\": \"https://www.iana.org/assignments/ic"
},
{
"path": "ScoutSuite/data/protocols.json",
"chars": 3456,
"preview": "{\n \"metadata\": {\n \"generated_on\": \"February 12, 2014\",\n \"source\": \"http://www.iana.org/assignments/prot"
},
{
"path": "ScoutSuite/output/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "ScoutSuite/output/data/html/conditionals/json_format.html",
"chars": 418,
"preview": "<!-- Element to notify that we are reading a report in json format -->\n<script id=\"json_format\" type=\"text/x-handlebars-"
},
{
"path": "ScoutSuite/output/data/html/conditionals/sqlite_format.html",
"chars": 361,
"preview": "<!-- Element to notify that we are reading a report in sqlite format -->\n<script id=\"sqlite_format\" type=\"text/x-handleb"
},
{
"path": "ScoutSuite/output/data/html/partials/about_scoutsuite.html",
"chars": 1276,
"preview": "<script id=\"about_scoutsuite-template\" type=\"text/x-handlebars-template\">\n <div class=\"modal-dialog modal-lg modal-di"
},
{
"path": "ScoutSuite/output/data/html/partials/accordion.html",
"chars": 1346,
"preview": "<!-- Accordion partial -->\n<script id=\"accordion.partial\" type=\"text/x-handlebars-template\">\n <div class=\"accordi"
},
{
"path": "ScoutSuite/output/data/html/partials/accordion_policy.html",
"chars": 934,
"preview": " <!-- Policy partial -->\n <script id=\"accordion_policy.partial\" type=\"text/x-handlebars-template\">\n <div clas"
},
{
"path": "ScoutSuite/output/data/html/partials/aliyun/left_menu_for_aliyun_region.html",
"chars": 1732,
"preview": "<!-- Generic left-menu link partial for region-then-resource -->\n<script id=\"left_menu_for_region.partial\" type=\"text/x-"
},
{
"path": "ScoutSuite/output/data/html/partials/aliyun/services.actiontrail.trails.html",
"chars": 2625,
"preview": "<!-- ActionTrail trails -->\n<script id=\"services.actiontrail.trails.partial\" type=\"text/x-handlebars-template\">\n <div"
},
{
"path": "ScoutSuite/output/data/html/partials/aliyun/services.ecs.regions.id.instances.html",
"chars": 11807,
"preview": "\n<!-- ECS instances -->\n<script id=\"services.ecs.regions.id.instances.partial\" type=\"text/x-handlebars-template\">\n <d"
},
{
"path": "ScoutSuite/output/data/html/partials/aliyun/services.kms.regions.id.keys.html",
"chars": 2400,
"preview": "\n<!-- KMS keys -->\n<script id=\"services.kms.regions.id.keys.partial\" type=\"text/x-handlebars-template\">\n <div id=\"res"
},
{
"path": "ScoutSuite/output/data/html/partials/aliyun/services.oss.buckets.html",
"chars": 1267,
"preview": "<!-- oss buckets -->\n<script id=\"services.oss.buckets.partial\" type=\"text/x-handlebars-template\">\n <div id=\"resource-"
},
{
"path": "ScoutSuite/output/data/html/partials/aliyun/services.ram.groups.html",
"chars": 2256,
"preview": "\n<!-- RAM groups -->\n<script id=\"services.ram.groups.partial\" type=\"text/x-handlebars-template\">\n <div id=\"resource-n"
},
{
"path": "ScoutSuite/output/data/html/partials/aliyun/services.ram.policies.html",
"chars": 2497,
"preview": "\n<!-- RAM policies -->\n<script id=\"services.ram.policies.partial\" type=\"text/x-handlebars-template\">\n <div id=\"resour"
},
{
"path": "ScoutSuite/output/data/html/partials/aliyun/services.ram.roles.html",
"chars": 1821,
"preview": "\n<!-- RAM roles -->\n<script id=\"services.ram.roles.partial\" type=\"text/x-handlebars-template\">\n <div id=\"resource-nam"
},
{
"path": "ScoutSuite/output/data/html/partials/aliyun/services.ram.users.html",
"chars": 3536,
"preview": "\n<!-- RAM users -->\n<script id=\"services.ram.users.partial\" type=\"text/x-handlebars-template\">\n <div id=\"resource-nam"
},
{
"path": "ScoutSuite/output/data/html/partials/aliyun/services.rds.regions.id.instances.html",
"chars": 5339,
"preview": "\n<!-- RDS instances -->\n<script id=\"services.rds.regions.id.instances.partial\" type=\"text/x-handlebars-template\">\n <d"
},
{
"path": "ScoutSuite/output/data/html/partials/aliyun/services.vpc.regions.id.vpcs.html",
"chars": 3694,
"preview": "<!-- VPC VPCs -->\n<script id=\"services.vpc.regions.id.vpcs.partial\" type=\"text/x-handlebars-template\">\n <div id=\"reso"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/left_menu_for_region.html",
"chars": 1736,
"preview": "<!-- Generic left-menu link partial for region-then-resource -->\n<script id=\"left_menu_for_region.partial\" type=\"text/x-"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/left_menu_for_vpc.html",
"chars": 2199,
"preview": "<!-- Generic left-menu link partial for region-then-vpc-then-resource -->\n<script id=\"left_menu_for_vpc.partial\" type=\"t"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.acm.regions.id.certificates.html",
"chars": 4934,
"preview": "\n<!-- acm certificates -->\n<script id=\"services.acm.regions.id.certificates.partial\" type=\"text/x-handlebars-template\">\n"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.awslambda.regions.id.functions.html",
"chars": 3475,
"preview": "<!-- Lambda function partial -->\n<script id=\"services.awslambda.regions.id.functions.partial\" type=\"text/x-handlebars-te"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.cloudformation.regions.id.stacks.html",
"chars": 3299,
"preview": "<!-- CloudFormation stack partial -->\n<script id=\"services.cloudformation.regions.id.stacks.partial\" type=\"text/x-handle"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html",
"chars": 4655,
"preview": "<!-- cloudfront distributions -->\n<script id=\"services.cloudfront.distributions.partial\" type=\"text/x-handlebars-templat"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.html",
"chars": 1356,
"preview": "<!-- Region partial -->\n<script id=\"services.cloudtrail.regions.partial\" type=\"text/x-handlebars-template\">\n <div cla"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.id.trails.html",
"chars": 3537,
"preview": "\n<!-- Trail partial -->\n<script id=\"services.cloudtrail.regions.id.trails.partial\" type=\"text/x-handlebars-template\">\n "
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.alarms.html",
"chars": 2101,
"preview": "\n<!-- Alarm partial -->\n<script id=\"services.cloudwatch.regions.id.alarms.partial\" type=\"text/x-handlebars-template\">\n "
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.metric_filters.html",
"chars": 1880,
"preview": "<!-- cloudwatch metric_filters -->\n<script id=\"services.cloudwatch.regions.id.metric_filters.partial\" type=\"text/x-handl"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.config.regions.html",
"chars": 1954,
"preview": "\n<!-- Recorder partial -->\n<script id=\"services.config.regions.partial\" type=\"text/x-handlebars-template\">\n <div clas"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.config.regions.id.recorders.html",
"chars": 1282,
"preview": "<!-- Recorder partial -->\n<script id=\"services.config.regions.id.recorders.partial\" type=\"text/x-handlebars-template\">\n "
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.config.regions.id.rules.html",
"chars": 1183,
"preview": "\n<!-- Rule partial -->\n<script id=\"services.config.regions.id.rules.partial\" type=\"text/x-handlebars-template\">\n {{#unl"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.dynamodb.regions.id.tables.html",
"chars": 2244,
"preview": "\n<!-- dynamodb tables -->\n<script id=\"services.dynamodb.regions.id.tables.partial\" type=\"text/x-handlebars-template\">\n "
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.regional_settings.html",
"chars": 1421,
"preview": "<!-- EC2 regional settings partial -->\n<script id=\"services.ec2.regions.id.regional_settings.partial\" type=\"text/x-handl"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html",
"chars": 2669,
"preview": "\n\n<!-- ec2 snapshots -->\n<script id=\"services.ec2.regions.id.snapshots.partial\" type=\"text/x-handlebars-template\">\n <"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.volumes.html",
"chars": 2191,
"preview": "<!-- EBS volume partial -->\n<script id=\"services.ec2.regions.id.volumes.partial\" type=\"text/x-handlebars-template\">\n "
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.images.html",
"chars": 1285,
"preview": "\n<!-- AMIs partial -->\n<script id=\"services.ec2.regions.id.images.partial\" type=\"text/x-handlebars-template\">\n <div c"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html",
"chars": 3917,
"preview": " <!-- EC2 instance partial -->\n <script id=\"services.ec2.regions.id.vpcs.id.instances.partial\" type=\"text/x-handle"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html",
"chars": 2257,
"preview": "<!-- EC2 security group partial -->\n<script id=\"services.ec2.regions.id.vpcs.id.security_groups.partial\" type=\"text/x-ha"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.vpcs.security_groups.resource_list.html",
"chars": 1972,
"preview": " <!-- EC2 security group associated resources list partial -->\n <script id=\"services.ec2.regions.vpcs.security_gro"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.vpcs.security_groups.rule_list.html",
"chars": 2509,
"preview": "\n <!-- EC2 security group rules partial -->\n <script id=\"services.ec2.regions.vpcs.security_groups.rule_list.parti"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.parameter_groups.html",
"chars": 590,
"preview": "\n<!-- ElastiCache cluster partial -->\n<script id=\"services.elasticache.regions.id.parameter_groups.partial\" type=\"text/x"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.security_groups.html",
"chars": 587,
"preview": "\n<!-- ElastiCache cluster partial -->\n<script id=\"services.elasticache.regions.id.security_groups.partial\" type=\"text/x-"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.subnet_groups.html",
"chars": 609,
"preview": "\n<!-- ElastiCache cluster partial -->\n<script id=\"services.elasticache.regions.id.vpcs.id.subnet_groups.partial\" type=\"t"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.vpcs.id.clusters.html",
"chars": 645,
"preview": "\n <!-- ElastiCache cluster partial -->\n <script id=\"services.elasticache.regions.id.vpcs.id.clusters.partial\" type"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.elb_policies.html",
"chars": 2413,
"preview": " <!-- ELB Policy partial -->\n <script id=\"services.elb.regions.id.elb_policies.partial\" type=\"text/x-handlebars-te"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.html",
"chars": 4063,
"preview": "\n <!-- elb ELB partial -->\n <script id=\"services.elb.regions.id.vpcs.id.elbs.partial\" type=\"text/x-handlebars-temp"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.linked_resources.html",
"chars": 1405,
"preview": "\n <!-- elb ELB partial -->\n <script id=\"services.elb.regions.vpcs.elbs.linked_resources.partial\" type=\"text/x-hand"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.listener.html",
"chars": 442,
"preview": "\n <!-- elb ELB partial -->\n <script id=\"services.elb.regions.vpcs.elbs.listener.partial\" type=\"text/x-handlebars-t"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcsid.elbs.linked_policy.html",
"chars": 543,
"preview": " <!-- elb ELB partial -->\n <script id=\"services.elb.regions.vpcs.elbs.linked_policy.partial\" type=\"text/x-handleba"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.elbs.html",
"chars": 3865,
"preview": "\n <!-- ELBv2 LB partial -->\n <script id=\"services.elbv2.regions.id.vpcs.id.lbs.partial\" type=\"text/x-handlebars-te"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.emr.regions.id.vpcs.id.clusters.html",
"chars": 3451,
"preview": "\n <!-- EMR cluster partial -->\n <script id=\"services.emr.regions.id.vpcs.id.clusters.partial\" type=\"text/x-handleb"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html",
"chars": 4774,
"preview": "\n <!-- IAM credential report partial -->\n <script id=\"services.iam.credential_reports.partial\" type=\"text/x-handlebars"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.iam.groups.html",
"chars": 1791,
"preview": "\n <!-- IAM group partial -->\n <script id=\"services.iam.groups.partial\" type=\"text/x-handlebars-template\">\n "
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.iam.inline_policies.html",
"chars": 752,
"preview": "\n <!-- IAM inline policies partial -->\n <script id=\"services.iam.inline_policies.partial\" type=\"text/x-handlebars-"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.iam.managed_policies.html",
"chars": 1373,
"preview": "\n <!-- IAM managed policy partial -->\n <script id=\"services.iam.policies.partial\" type=\"text/x-handlebars-template"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.iam.managed_policies_list.html",
"chars": 725,
"preview": "\n <!-- IAM managed policies partial -->\n <script id=\"services.iam.policies_list.partial\" type=\"text/x-handlebars-t"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.iam.roles.html",
"chars": 4010,
"preview": "\n <!-- IAM role partial -->\n <script id=\"services.iam.roles.partial\" type=\"text/x-handlebars-template\">\n <d"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.iam.users.html",
"chars": 3545,
"preview": "\n <!-- IAM user partial -->\n <script id=\"services.iam.users.partial\" type=\"text/x-handlebars-template\">\n <div id=\"r"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html",
"chars": 3027,
"preview": "\n<!-- Key partial -->\n<script id=\"services.kms.regions.id.keys.partial\" type=\"text/x-handlebars-template\">\n {{#unless s"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.parameter_groups.html",
"chars": 1873,
"preview": "\n <!-- RDS parameter group partial -->\n <script id=\"services.rds.regions.id.parameter_groups.partial\" type=\"text/x"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.security_groups.html",
"chars": 1195,
"preview": "\n <!-- RDS security group partials -->\n <script id=\"services.rds.regions.id.security_groups.partial\" type=\"text/x-"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html",
"chars": 3469,
"preview": "\n <!-- RDS instance partial -->\n <script id=\"services.rds.regions.id.vpcs.id.instances.partial\" type=\"text/x-handl"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.snapshots.html",
"chars": 1993,
"preview": "\n <!-- RDS snapshot partial -->\n <script id=\"services.rds.regions.id.vpcs.id.snapshots.partial\" type=\"text/x-handl"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.subnet_groups.html",
"chars": 635,
"preview": "\n <!-- RDS subnet group partial -->\n <script id=\"services.rds.regions.id.vpcs.id.subnet_groups.partial\" type=\"text"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html",
"chars": 1438,
"preview": "<!-- Redshift parameter group partial -->\n\n<script id=\"services.redshift.regions.id.parameter_groups.partial\" type=\"text"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.vpcs.id.clusters.html",
"chars": 2889,
"preview": "\n <!-- Redshift cluster partial -->\n <script id=\"services.redshift.regions.id.vpcs.id.clusters.partial\" type=\"text"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.vpcs.id.security_groups.html",
"chars": 1618,
"preview": "\n <!-- Redshift security group partials -->\n <script id=\"services.redshift.regions.id.vpcs.id.security_groups.part"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.redshift.regions.vpcs.cluster_nodes.html",
"chars": 407,
"preview": "\n <!-- Redshift node partial -->\n <script id=\"services.redshift.regions.vpcs.cluster_nodes.partial\" type=\"text/x-h"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.domains.html",
"chars": 1854,
"preview": "<!-- route53 domains -->\n<script id=\"services.route53.regions.id.domains.partial\" type=\"text/x-handlebars-template\">\n "
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.hosted_zones.html",
"chars": 1646,
"preview": "<!-- route53 hosted_zones -->\n<script id=\"services.route53.regions.id.hosted_zones.partial\" type=\"text/x-handlebars-temp"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.s3.acls.html",
"chars": 2833,
"preview": "\n <script id=\"services.s3.acls.partial\" type=\"text/x-handlebars-template\">\n <div class=\"list-group-item\">\n "
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.s3.bucket_iam_policies.html",
"chars": 2929,
"preview": "\n <!-- List of IAM policies referring a given bucket -->\n <script id=\"services.s3.bucket_iam_policies.partial\" typ"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html",
"chars": 5266,
"preview": "\n <!-- S3 bucket partial -->\n <script id=\"services.s3.buckets.partial\" type=\"text/x-handlebars-template\">\n "
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.s3.buckets.objects.html",
"chars": 1594,
"preview": "\n <!-- S3 object partial -->\n <script id=\"services.s3.buckets.objects.partial\" type=\"text/x-handlebars-template\">\n"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.s3.public_access_block_configuration.html",
"chars": 1292,
"preview": "<!-- public_access_block_configuration partial -->\n<script id=\"services.s3.public_access_block_configuration.partial\" ty"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.secretsmanager.regions.id.secrets.html",
"chars": 2970,
"preview": "<!-- secretsmanager secrets -->\n<script id=\"services.secretsmanager.regions.id.secrets.partial\" type=\"text/x-handlebars-"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.ses.regions.id.identities.html",
"chars": 1648,
"preview": "\n <!-- SES queue partial -->\n <script id=\"services.ses.regions.id.identities.partial\" type=\"text/x-handlebars-temp"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html",
"chars": 3112,
"preview": "\n <!-- SNS topic partial -->\n <script id=\"services.sns.regions.id.topics.partial\" type=\"text/x-handlebars-template"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.sqs.regions.id.queues.html",
"chars": 2141,
"preview": "\n <!-- SNS queue partial -->\n <script id=\"services.sqs.regions.id.queues.partial\" type=\"text/x-handlebars-template"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.stackdriverlogging.sinks.html",
"chars": 1340,
"preview": "\n<!-- Stackdriver Logging sinks partial -->\n<script id=\"services.stackdriverlogging.sinks.partial\" type=\"text/x-handleba"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.flow_logs.html",
"chars": 3471,
"preview": "<!-- vpc flow_logs -->\n<script id=\"services.vpc.regions.id.flow_logs.partial\" type=\"text/x-handlebars-template\">\n <di"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.peering_connections.html",
"chars": 2847,
"preview": "\n <!-- VPC peering connection partial -->\n <script id=\"services.vpc.regions.id.peering_connections.partial\" type=\""
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html",
"chars": 3999,
"preview": "\n <!-- VPC partial -->\n <script id=\"services.vpc.regions.id.vpcs.partial\" type=\"text/x-handlebars-template\">\n "
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.network_acls.html",
"chars": 3510,
"preview": "\n <!-- VPC Network ACL partial -->\n <script id=\"services.vpc.regions.id.vpcs.id.network_acls.partial\" type=\"text/x"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.peering_connections.html",
"chars": 787,
"preview": "\n <!-- Default accordion item -->\n <script id=\"services.vpc.regions.vpcs.peering_connections.partial\" type=\"text/x"
},
{
"path": "ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.subnets.html",
"chars": 3082,
"preview": "\n <!-- VPC Subnet partial -->\n <script id=\"services.vpc.regions.id.vpcs.id.subnets.partial\" type=\"text/x-handlebar"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/details_for_subscription.html",
"chars": 839,
"preview": "\n <!-- Generic partial showing details about subscriptions and their resources -->\n <script id=\"details_for_subscripti"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/left_menu_for_subscription.html",
"chars": 1730,
"preview": "<!-- Generic left-menu link partial for subscription-then-resource -->\n<script id=\"left_menu_for_subscription.partial\" t"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.aad.applications.html",
"chars": 3782,
"preview": "\n<!-- aad applications -->\n<script id=\"services.aad.applications.partial\" type=\"text/x-handlebars-template\">\n <div id"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.aad.groups.html",
"chars": 3048,
"preview": "\n<!-- aad groups -->\n<script id=\"services.aad.groups.partial\" type=\"text/x-handlebars-template\">\n <div id=\"resource-n"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.aad.policies.html",
"chars": 2055,
"preview": "<!-- aad policies -->\n<script id=\"services.aad.policies.partial\" type=\"text/x-handlebars-template\">\n <div id=\"resourc"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.aad.service_principals.html",
"chars": 4776,
"preview": "\n<!-- aad service_principals -->\n<script id=\"services.aad.service_principals.partial\" type=\"text/x-handlebars-template\">"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.aad.users.html",
"chars": 3728,
"preview": "\n<!-- aad users -->\n<script id=\"services.aad.users.partial\" type=\"text/x-handlebars-template\">\n <div id=\"resource-nam"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html",
"chars": 7207,
"preview": "<!-- appservice web_apps -->\n<script id=\"services.appservice.subscriptions.id.web_apps.partial\" type=\"text/x-handlebars-"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html",
"chars": 2590,
"preview": "<!-- Key Vault partial -->\n<script id=\"services.keyvault.subscriptions.id.vaults.partial\" type=\"text/x-handlebars-templa"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.diagnostic_settings.html",
"chars": 1288,
"preview": "<!-- Logging and Monitoring Diagnostic-->\n<script id=\"services.loggingmonitoring.subscriptions.id.diagnostic_settings.pa"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.log_alerts.html",
"chars": 3330,
"preview": "<!-- Logging and Monitoring Log Alerts-->\n<script id=\"services.loggingmonitoring.subscriptions.id.log_alerts.partial\" ty"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.log_profiles.html",
"chars": 2110,
"preview": "<!-- Logging and Monitoring Log Profiles-->\n<script id=\"services.loggingmonitoring.subscriptions.id.log_profiles.partial"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.resources_logging.html",
"chars": 1360,
"preview": "<!-- Logging and Monitoring Resource Logging-->\n<script id=\"services.loggingmonitoring.subscriptions.id.resources_loggin"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.mysqldatabase.subscriptions.id.servers.html",
"chars": 1280,
"preview": "<!-- MySQL Database partial -->\n<script id=\"services.mysqldatabase.subscriptions.id.servers.partial\" type=\"text/x-handle"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.application_security_groups.html",
"chars": 2984,
"preview": "\n<!-- network application_security_groups -->\n<script id=\"services.network.subscriptions.id.application_security_groups."
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.network_interfaces.html",
"chars": 8462,
"preview": "\n<!-- network network_interfaces -->\n<script id=\"services.network.subscriptions.id.network_interfaces.partial\" type=\"tex"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.security_groups.html",
"chars": 8199,
"preview": "\n<!-- Network Security Groups partial -->\n<script id=\"services.network.subscriptions.id.security_groups.partial\" type=\"t"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.virtual_networks.html",
"chars": 4821,
"preview": "\n<!-- network virtual_networks -->\n<script id=\"services.network.subscriptions.id.virtual_networks.partial\" type=\"text/x-"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.virtual_networks.id.subnets.html",
"chars": 4619,
"preview": "\n<!-- network virtual_networks subnet -->\n<script id=\"services.network.subscriptions.id.virtual_networks.id.subnets.part"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.watchers.html",
"chars": 2194,
"preview": "\n<!-- network watchers -->\n<script id=\"services.network.subscriptions.id.watchers.partial\" type=\"text/x-handlebars-templ"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.postgresqldatabase.subscriptions.id.servers.html",
"chars": 3600,
"preview": "<!-- PostgreSQL Database partial -->\n<script id=\"services.postgresqldatabase.subscriptions.id.servers.partial\" type=\"tex"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.rbac.subscriptions.id.custom_roles_report.html",
"chars": 1201,
"preview": "<!-- RBAC -->\n<script id=\"services.rbac.subscriptions.id.custom_roles_report.partial\" type=\"text/x-handlebars-template\""
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.rbac.subscriptions.id.roles.html",
"chars": 4181,
"preview": "<!-- rbac roles -->\n<script id=\"services.rbac.subscriptions.id.roles.partial\" type=\"text/x-handlebars-template\">\n <di"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.auto_provisioning_settings.html",
"chars": 1446,
"preview": "<!-- Storage Accounts partial -->\n<script id=\"services.securitycenter.subscriptions.id.auto_provisioning_settings.partia"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.compliance_results.html",
"chars": 1465,
"preview": "<!-- securitycenter compliance_results -->\n<script id=\"services.securitycenter.subscriptions.id.compliance_results.parti"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.pricings.html",
"chars": 1295,
"preview": "<!-- Storage Accounts partial -->\n<script id=\"services.securitycenter.subscriptions.id.pricings.partial\" type=\"text/x-ha"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.regulatory_compliance_results.html",
"chars": 2793,
"preview": "<!-- securitycenter regulatory_compliance_results -->\n<script id=\"services.securitycenter.subscriptions.id.regulatory_co"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.security_contacts.html",
"chars": 2035,
"preview": "<!-- Storage Accounts partial -->\n<script id=\"services.securitycenter.subscriptions.id.security_contacts.partial\" type=\""
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.settings.html",
"chars": 1452,
"preview": "<!-- Settings partial -->\n<script id=\"services.securitycenter.subscriptions.id.settings.partial\" type=\"text/x-handlebars"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html",
"chars": 9112,
"preview": "<!-- SQL Database partial -->\n<script id=\"services.sqldatabase.subscriptions.id.servers.partial\" type=\"text/x-handlebars"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html",
"chars": 4731,
"preview": "<!-- Storage Accounts partial -->\n<script id=\"services.storageaccounts.subscriptions.id.storage_accounts.partial\" type=\""
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.disks.html",
"chars": 3434,
"preview": "<!-- virtualmachines disks -->\n<script id=\"services.virtualmachines.subscriptions.id.disks.partial\" type=\"text/x-handleb"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.images.html",
"chars": 1781,
"preview": "<!-- virtualmachines images -->\n<script id=\"services.virtualmachines.subscriptions.id.images.partial\" type=\"text/x-handl"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html",
"chars": 6210,
"preview": "<!-- virtualmachines instances -->\n<script id=\"services.virtualmachines.subscriptions.id.instances.partial\" type=\"text/x"
},
{
"path": "ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.snapshots.html",
"chars": 3299,
"preview": "<!-- virtualmachines snapshots -->\n<script id=\"services.virtualmachines.subscriptions.id.snapshots.partial\" type=\"text/x"
},
{
"path": "ScoutSuite/output/data/html/partials/count_badge.html",
"chars": 377,
"preview": "<script id=\"count_badge.partial\" type=\"text/x-handlebars-template\">\n {{#ifPositive count}}\n <span class=\"badge"
},
{
"path": "ScoutSuite/output/data/html/partials/dashboard.html",
"chars": 4882,
"preview": "<!-- Dashboard partial -->\n<script id=\"services.id.findings.partial\" type=\"text/x-handlebars-template\">\n<div class=\"row\""
},
{
"path": "ScoutSuite/output/data/html/partials/details.html",
"chars": 594,
"preview": "\n <!-- Generic partial for resource -->\n <script id=\"details.partial\" type=\"text/x-handlebars-template\">\n <div id=\""
},
{
"path": "ScoutSuite/output/data/html/partials/details_for_region.html",
"chars": 772,
"preview": "\n <!-- Generic partial for region-then-resource -->\n <script id=\"details_for_region.partial\" type=\"text/x-handlebars-t"
},
{
"path": "ScoutSuite/output/data/html/partials/details_for_vpc.html",
"chars": 886,
"preview": "\n <!-- Generic partial for region-then-vpc-then-resource -->\n <script id=\"details_for_vpc.partial\" type=\"text/x-handle"
},
{
"path": "ScoutSuite/output/data/html/partials/do/services.database.databases.html",
"chars": 2750,
"preview": "<!-- database databases -->\n<script id=\"services.database.databases.partial\" type=\"text/x-handlebars-template\">\n <div"
},
{
"path": "ScoutSuite/output/data/html/partials/do/services.droplet.droplets.html",
"chars": 4891,
"preview": "<!-- droplet droplets -->\n<script id=\"services.droplet.droplets.partial\" type=\"text/x-handlebars-template\">\n <div id="
},
{
"path": "ScoutSuite/output/data/html/partials/do/services.kubernetes.cluster.html",
"chars": 1710,
"preview": "<!-- kubernetes.kubernetes -->\n<script id=\"services.kubernetes.kubernetes.partial\" type=\"text/x-handlebars-template\">\n "
},
{
"path": "ScoutSuite/output/data/html/partials/do/services.networking.domains.html",
"chars": 1886,
"preview": "<!-- networking domains -->\n<script id=\"services.networking.domains.partial\" type=\"text/x-handlebars-template\">\n <div"
},
{
"path": "ScoutSuite/output/data/html/partials/do/services.networking.firewalls.html",
"chars": 3007,
"preview": "<!-- networking firewalls -->\n<script id=\"services.networking.firewalls.partial\" type=\"text/x-handlebars-template\">\n "
},
{
"path": "ScoutSuite/output/data/html/partials/do/services.networking.load_balancers.html",
"chars": 1815,
"preview": "<!-- networking load_balancers -->\n<script id=\"services.networking.load_balancers.partial\" type=\"text/x-handlebars-templ"
},
{
"path": "ScoutSuite/output/data/html/partials/do/services.spaces.buckets.html",
"chars": 1758,
"preview": "<!-- spaces buckets -->\n<script id=\"services.spaces.buckets.partial\" type=\"text/x-handlebars-template\">\n <div id=\"res"
},
{
"path": "ScoutSuite/output/data/html/partials/ec2_grants.html",
"chars": 825,
"preview": "\n <!-- EC2 grant -->\n <script id=\"ec2_grants.partial\" type=\"text/x-handlebars-template\">\n <ul>\n {{#eac"
},
{
"path": "ScoutSuite/output/data/html/partials/filters.html",
"chars": 317,
"preview": "<!-- Filters -->\n<script id=\"filters.list.template\" type=\"text/x-handlebars-template\">\n {{#each items}}\n {{#each fil"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/details_for_gcp_region.html",
"chars": 920,
"preview": "\n <!-- Generic partial for region-then-resource -->\n <script id=\"details_for_gcp_region.partial\" type=\"text/x-handleba"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/details_for_gcp_zone.html",
"chars": 904,
"preview": "\n <!-- Generic partial for zone-then-resource -->\n <script id=\"details_for_gcp_zone.partial\" type=\"text/x-handlebars-t"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/details_for_project.html",
"chars": 804,
"preview": "\n <!-- Generic partial showing details about projects and their resources -->\n <script id=\"details_for_project.partial"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/left_menu_for_gcp_region.html",
"chars": 2361,
"preview": "<!-- Generic left-menu link partial for region-then-resource -->\n<script id=\"left_menu_for_gcp_region.partial\" type=\"tex"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/left_menu_for_gcp_zone.html",
"chars": 2333,
"preview": "<!-- Generic left-menu link partial for zone-then-resource -->\n<script id=\"left_menu_for_gcp_zone.partial\" type=\"text/x-"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/left_menu_for_project.html",
"chars": 1675,
"preview": "<!-- Generic left-menu link partial for project-then-resource -->\n<script id=\"left_menu_for_project.partial\" type=\"text/"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.bigquery.projects.id.datasets.html",
"chars": 2589,
"preview": "<!-- bigquery datasets -->\n<script id=\"services.bigquery.projects.id.datasets.partial\" type=\"text/x-handlebars-template\""
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.cloudmemorystore.projects.id.redis_instances.html",
"chars": 1766,
"preview": "\n<!-- Cloud Memorystore for Redis partial -->\n<script id=\"services.cloudmemorystore.projects.id.redis_instances.partial\""
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.cloudsql.projects.id.instances.html",
"chars": 5489,
"preview": "\n<!-- Cloud Storage instances partial -->\n<script id=\"services.cloudsql.projects.id.instances.partial\" type=\"text/x-hand"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html",
"chars": 4435,
"preview": "\n<!-- Cloud Storage bucket partial -->\n<script id=\"services.cloudstorage.projects.id.buckets.partial\" type=\"text/x-handl"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.firewalls.html",
"chars": 6099,
"preview": "\n<!-- Compute Engine firewalls partial -->\n<script id=\"services.computeengine.projects.id.firewalls.partial\" type=\"text/"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.global_forwarding_rules.html",
"chars": 5294,
"preview": "<!-- computeengine global_forwarding_rules -->\n<script id=\"services.computeengine.projects.id.global_forwarding_rules.pa"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.networks.html",
"chars": 3623,
"preview": "\n<!-- Compute Engine networks partial -->\n<script id=\"services.computeengine.projects.id.networks.partial\" type=\"text/x-"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.forwarding_rules.html",
"chars": 5814,
"preview": "<!-- computeengine forwarding_rules -->\n<script id=\"services.computeengine.projects.id.regions.id.forwarding_rules.parti"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.subnetworks.html",
"chars": 3798,
"preview": "\n<!-- Compute Engine subnetworks partial -->\n<script id=\"services.computeengine.projects.id.regions.id.subnetworks.parti"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.snapshots.html",
"chars": 1808,
"preview": "\n<!-- Compute Engine snapshots partial -->\n<script id=\"services.computeengine.projects.id.snapshots.partial\" type=\"text/"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.zones.id.instances.html",
"chars": 7267,
"preview": "\n<!-- Compute Engine instances partial -->\n<script id=\"services.computeengine.projects.id.zones.id.instances.partial\" ty"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.dns.projects.id.managed_zones.html",
"chars": 2809,
"preview": "\n<!-- Cloud DNS zones partial -->\n<script id=\"services.dns.projects.id.managed_zones.partial\" type=\"text/x-handlebars-te"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html",
"chars": 4647,
"preview": "<!-- functions functions_v1 -->\n<script id=\"services.functions.projects.id.functions_v1.partial\" type=\"text/x-handlebars"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html",
"chars": 4437,
"preview": "<!-- functions functions_v2 -->\n<script id=\"services.functions.projects.id.functions_v2.partial\" type=\"text/x-handlebars"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.bindings.html",
"chars": 3588,
"preview": "\n<!-- Cloud Resources Manager bindings' partial -->\n<script id=\"services.iam.projects.id.bindings.partial\" type=\"text/x-"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.bindings_separation_duties.html",
"chars": 1547,
"preview": "\n<!-- Cloud Resources Manager Separation Duties bindings' partial -->\n<script id=\"services.iam.projects.id.bindings_sepa"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.domains.html",
"chars": 1521,
"preview": "\n<!-- Cloud Resources Manager domains' partial -->\n<script id=\"services.iam.projects.id.domains.partial\" type=\"text/x-ha"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.groups.html",
"chars": 1509,
"preview": "\n<!-- Cloud Resources Manager groups' partial -->\n<script id=\"services.iam.projects.id.groups.partial\" type=\"text/x-hand"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.service_accounts.html",
"chars": 3559,
"preview": "\n<!-- Cloud Storage service_accounts partial -->\n<script id=\"services.iam.projects.id.service_accounts.partial\" type=\"te"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.users.html",
"chars": 1497,
"preview": "\n<!-- Cloud Resources Manager users' partial -->\n<script id=\"services.iam.projects.id.users.partial\" type=\"text/x-handle"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.kms.projects.id.keyrings.html",
"chars": 4385,
"preview": "\n<!-- Cloud KMS keyrings' partial -->\n<script id=\"services.kms.projects.id.keyrings.partial\" type=\"text/x-handlebars-tem"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html",
"chars": 10649,
"preview": "<!-- Kubernetes Engine clusters partial -->\n<script id=\"services.kubernetesengine.projects.id.clusters.partial\" type=\"te"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.stackdriverlogging.projects.id.logging_metrics.html",
"chars": 3052,
"preview": "\n<!-- Stackdriver All Logging metrics partial -->\n<script id=\"services.stackdriverlogging.projects.id.logging_metrics.pa"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.stackdriverlogging.projects.id.metrics.html",
"chars": 1677,
"preview": "\n<!-- Stackdriver Logging metrics partial -->\n<script id=\"services.stackdriverlogging.projects.id.metrics.partial\" type="
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.stackdriverlogging.projects.id.sinks.html",
"chars": 1644,
"preview": "\n<!-- Stackdriver Logging sinks partial -->\n<script id=\"services.stackdriverlogging.projects.id.sinks.partial\" type=\"tex"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.stackdrivermonitoring.projects.id.alert_policies.html",
"chars": 2070,
"preview": "<!-- stackdrivermonitoring uptime_checks -->\n<script id=\"services.stackdrivermonitoring.projects.id.uptime_checks.partia"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.stackdrivermonitoring.projects.id.monitoring_alert_policies.html",
"chars": 3194,
"preview": "<!-- stackdrivermonitoring all alert policies -->\n<script id=\"services.stackdrivermonitoring.projects.id.monitoring_aler"
},
{
"path": "ScoutSuite/output/data/html/partials/gcp/services.stackdrivermonitoring.projects.id.uptime_checks.html",
"chars": 2298,
"preview": "<!-- stackdrivermonitoring alert_policies -->\n<script id=\"services.stackdrivermonitoring.projects.id.alert_policies.part"
}
]
// ... and 1274 more files (download for full content)
About this extraction
This page contains the full source code of the nccgroup/ScoutSuite GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 1474 files (4.0 MB), approximately 1.1M tokens, and a symbol index with 2008 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.