Skip to content

Commit

Permalink
Update OtherTools.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@dafthack
dafthack authored May 14, 2021
1 parent 2964418 commit 9de8938
Showing 1 changed file with 40 additions and 0 deletions.
40 changes: 40 additions & 0 deletions cheatsheets/OtherTools.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,46 @@ or if installed...
scout aws --profile=<aws profile name>
```
jq queries to help with parsing many ScoutSuite reports
Sometimes you may need to work with multiple ScoutSuite files and report similar items across all of them. The ScoutSuite reports are in json format so the 'jq' tool can be used to parse through them easily. Here are a few short script examples for doing this. Run these from the directory where you output each of the ScoutSuite folders to.
```bash

### Find All Lambda Environment Variables
for d in */ ; do
tail $d/scoutsuite-results/scoutsuite_results*.js -n +2 | jq '.services.awslambda.regions[].functions[] | select (.env_variables != []) | .arn, .env_variables' >> lambda-all-environment-variables.txt
done

### Find World Listable S3 Buckets
for d in */ ; do
tail $d/scoutsuite-results/scoutsuite_results*.js -n +2 | jq '.account_id, .services.s3.findings."s3-bucket-AuthenticatedUsers-read".items[]' >> s3-buckets-world-listable.txt
done

### Find All EC2 User Data
for d in */ ; do
tail $d/scoutsuite-results/scoutsuite_results*.js -n +2 | jq '.services.ec2.regions[].vpcs[].instances[] | select (.user_data != null) | .arn, .user_data' >> ec2-instance-all-user-data.txt
done

### Find EC2 Security Groups That Whitelist AWS CIDRs
for d in */ ; do
tail $d/scoutsuite-results/scoutsuite_results*.js -n +2 | jq '.account_id' >> ec2-security-group-whitelists-aws-cidrs.txt
tail $d/scoutsuite-results/scoutsuite_results*.js -n +2 | jq '.services.ec2.findings."ec2-security-group-whitelists-aws".items' >> ec2-security-group-whitelists-aws-cidrs.txt
done

### Find EC2 EBS Public AMIs
for d in */ ; do
tail $d/scoutsuite-results/scoutsuite_results*.js -n +2 | jq '.services.ec2.regions[].images[] | select (.Public == true) | .arn' >> ec2-public-amis.txt
done

### Find All EC2 EBS Volumes Unencrypted
for d in */ ; do
tail $d/scoutsuite-results/scoutsuite_results*.js -n +2 | jq '.services.ec2.regions[].volumes[] | select(.encrypted == false) | .arn' >> ec2-ebs-volume-not-encrypted.txt
done


```
### Cloud_Enum
Tool to search for public resources in AWS, Azure, and GCP
Expand Down

0 comments on commit 9de8938

Please sign in to comment.