Merge pull request #66 from BishopFox/seth-dev

Seth dev
BishopFox · Dec 19, 2023 · 75a4467 · 75a4467
2 parents f51c1e9 + 9be3792
commit 75a4467
Show file tree

Hide file tree

Showing 8 changed files with 253 additions and 210 deletions.
diff --git a/aws/client-initializers.go b/aws/client-initializers.go
@@ -30,39 +30,39 @@ func initIAMSimClient(iamSimPPClient sdk.AWSIAMClientInterface, caller sts.GetCa
 
 }
 
-func InitCloudFoxSNSClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSWrapTable bool) SNSModule {
-	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion)
+func InitCloudFoxSNSClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSWrapTable bool, AWSMFAToken string) SNSModule {
+	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion, AWSMFAToken)
 	cloudFoxSNSClient := SNSModule{
 		SNSClient:  sns.NewFromConfig(AWSConfig),
 		Caller:     caller,
 		AWSProfile: AWSProfile,
-		AWSRegions: internal.GetEnabledRegions(AWSProfile, cfVersion),
+		AWSRegions: internal.GetEnabledRegions(AWSProfile, cfVersion, AWSMFAToken),
 		Goroutines: Goroutines,
 		WrapTable:  AWSWrapTable,
 	}
 	return cloudFoxSNSClient
 
 }
 
-func initCloudFoxS3Client(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string) BucketsModule {
-	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion)
+func initCloudFoxS3Client(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, AWSMFAToken string) BucketsModule {
+	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion, AWSMFAToken)
 	cloudFoxS3Client := BucketsModule{
 		S3Client:   s3.NewFromConfig(AWSConfig),
 		Caller:     caller,
 		AWSProfile: AWSProfile,
-		AWSRegions: internal.GetEnabledRegions(AWSProfile, cfVersion),
+		AWSRegions: internal.GetEnabledRegions(AWSProfile, cfVersion, AWSMFAToken),
 	}
 	return cloudFoxS3Client
 
 }
 
-func InitSQSClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int) SQSModule {
-	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion)
+func InitSQSClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) SQSModule {
+	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion, AWSMFAToken)
 	sqsClient := SQSModule{
 		SQSClient: sqs.NewFromConfig(AWSConfig),
 
 		Caller:     caller,
-		AWSRegions: internal.GetEnabledRegions(AWSProfile, cfVersion),
+		AWSRegions: internal.GetEnabledRegions(AWSProfile, cfVersion, AWSMFAToken),
 		AWSProfile: AWSProfile,
 		Goroutines: Goroutines,
 	}
@@ -71,68 +71,68 @@ func InitSQSClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVers
 
 }
 
-func InitLambdaClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int) LambdasModule {
-	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion)
+func InitLambdaClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) LambdasModule {
+	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion, AWSMFAToken)
 	lambdaClient := LambdasModule{
 		LambdaClient: lambda.NewFromConfig(AWSConfig),
 		Caller:       caller,
 		AWSProfile:   AWSProfile,
-		AWSRegions:   internal.GetEnabledRegions(AWSProfile, cfVersion),
+		AWSRegions:   internal.GetEnabledRegions(AWSProfile, cfVersion, AWSMFAToken),
 	}
 	return lambdaClient
 }
 
-func InitCodeBuildClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int) CodeBuildModule {
-	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion)
+func InitCodeBuildClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) CodeBuildModule {
+	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion, AWSMFAToken)
 	codeBuildClient := CodeBuildModule{
 		CodeBuildClient: codebuild.NewFromConfig(AWSConfig),
 		Caller:          caller,
 		AWSProfile:      AWSProfile,
-		AWSRegions:      internal.GetEnabledRegions(AWSProfile, cfVersion),
+		AWSRegions:      internal.GetEnabledRegions(AWSProfile, cfVersion, AWSMFAToken),
 	}
 	return codeBuildClient
 }
 
-func InitECRClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int) ECRModule {
-	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion)
+func InitECRClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) ECRModule {
+	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion, AWSMFAToken)
 	ecrClient := ECRModule{
 		ECRClient:  ecr.NewFromConfig(AWSConfig),
 		Caller:     caller,
 		AWSProfile: AWSProfile,
-		AWSRegions: internal.GetEnabledRegions(AWSProfile, cfVersion),
+		AWSRegions: internal.GetEnabledRegions(AWSProfile, cfVersion, AWSMFAToken),
 	}
 	return ecrClient
 }
 
-func InitFileSystemsClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int) FilesystemsModule {
-	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion)
+func InitFileSystemsClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) FilesystemsModule {
+	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion, AWSMFAToken)
 	fileSystemsClient := FilesystemsModule{
 		EFSClient:  efs.NewFromConfig(AWSConfig),
 		FSxClient:  fsx.NewFromConfig(AWSConfig),
 		Caller:     caller,
 		AWSProfile: AWSProfile,
-		AWSRegions: internal.GetEnabledRegions(AWSProfile, cfVersion),
+		AWSRegions: internal.GetEnabledRegions(AWSProfile, cfVersion, AWSMFAToken),
 	}
 	return fileSystemsClient
 }
 
-func InitOrgClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int) OrgModule {
-	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion)
+func InitOrgClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) OrgModule {
+	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion, AWSMFAToken)
 	orgClient := OrgModule{
 		OrganizationsClient: organizations.NewFromConfig(AWSConfig),
 		Caller:              caller,
 		AWSProfile:          AWSProfile,
-		AWSRegions:          internal.GetEnabledRegions(AWSProfile, cfVersion),
+		AWSRegions:          internal.GetEnabledRegions(AWSProfile, cfVersion, AWSMFAToken),
 	}
 	return orgClient
 }
 
-func InitSecretsManagerClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int) *secretsmanager.Client {
-	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion)
+func InitSecretsManagerClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) *secretsmanager.Client {
+	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion, AWSMFAToken)
 	return secretsmanager.NewFromConfig(AWSConfig)
 }
 
-func InitGlueClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int) *glue.Client {
-	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion)
+func InitGlueClient(caller sts.GetCallerIdentityOutput, AWSProfile string, cfVersion string, Goroutines int, AWSMFAToken string) *glue.Client {
+	var AWSConfig = internal.AWSConfigFileLoader(AWSProfile, cfVersion, AWSMFAToken)
 	return glue.NewFromConfig(AWSConfig)
 }
diff --git a/aws/resource-trusts.go b/aws/resource-trusts.go
@@ -26,6 +26,7 @@ type ResourceTrustsModule struct {
 	WrapTable     bool
 	AWSOutputType string
 	AWSTableCols  string
+	AWSMFAToken   string
 
 	AWSProfile      string
 	CloudFoxVersion string
@@ -291,7 +292,7 @@ func (m *ResourceTrustsModule) getSNSTopicsPerRegion(r string, wg *sync.WaitGrou
 	semaphore <- struct{}{}
 	defer func() { <-semaphore }()
 
-	cloudFoxSNSClient := InitCloudFoxSNSClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines, m.WrapTable)
+	cloudFoxSNSClient := InitCloudFoxSNSClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines, m.WrapTable, m.AWSMFAToken)
 
 	ListTopics, err := cloudFoxSNSClient.listTopics(r)
 	if err != nil {
@@ -367,7 +368,7 @@ func (m *ResourceTrustsModule) getS3Buckets(wg *sync.WaitGroup, semaphore chan s
 	semaphore <- struct{}{}
 	defer func() { <-semaphore }()
 
-	cloudFoxS3Client := initCloudFoxS3Client(m.Caller, m.AWSProfile, m.CloudFoxVersion)
+	cloudFoxS3Client := initCloudFoxS3Client(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.AWSMFAToken)
 
 	ListBuckets, err := sdk.CachedListBuckets(cloudFoxS3Client.S3Client, aws.ToString(m.Caller.Account))
 	if err != nil {
@@ -450,7 +451,7 @@ func (m *ResourceTrustsModule) getSQSQueuesPerRegion(r string, wg *sync.WaitGrou
 	semaphore <- struct{}{}
 	defer func() { <-semaphore }()
 
-	cloudFoxSQSClient := InitSQSClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines)
+	cloudFoxSQSClient := InitSQSClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines, m.AWSMFAToken)
 
 	ListQueues, err := cloudFoxSQSClient.listQueues(r)
 	if err != nil {
@@ -512,7 +513,7 @@ func (m *ResourceTrustsModule) getECRRecordsPerRegion(r string, wg *sync.WaitGro
 	semaphore <- struct{}{}
 	defer func() { <-semaphore }()
 
-	cloudFoxECRClient := InitECRClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines)
+	cloudFoxECRClient := InitECRClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines, m.AWSMFAToken)
 
 	DescribeRepositories, err := sdk.CachedECRDescribeRepositories(cloudFoxECRClient.ECRClient, aws.ToString(m.Caller.Account), r)
 	if err != nil {
@@ -576,7 +577,7 @@ func (m *ResourceTrustsModule) getCodeBuildResourcePoliciesPerRegion(r string, w
 	semaphore <- struct{}{}
 	defer func() { <-semaphore }()
 
-	cloudFoxCodeBuildClient := InitCodeBuildClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines)
+	cloudFoxCodeBuildClient := InitCodeBuildClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines, m.AWSMFAToken)
 
 	ListProjects, err := sdk.CachedCodeBuildListProjects(cloudFoxCodeBuildClient.CodeBuildClient, aws.ToString(cloudFoxCodeBuildClient.Caller.Account), r)
 	if err != nil {
@@ -650,7 +651,7 @@ func (m *ResourceTrustsModule) getLambdaPolicyPerRegion(r string, wg *sync.WaitG
 	semaphore <- struct{}{}
 	defer func() { <-semaphore }()
 
-	cloudFoxLambdaClient := InitLambdaClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines)
+	cloudFoxLambdaClient := InitLambdaClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines, m.AWSMFAToken)
 
 	ListFunctions, err := cloudFoxLambdaClient.listFunctions(r)
 	if err != nil {
@@ -715,7 +716,7 @@ func (m *ResourceTrustsModule) getEFSfilesystemPoliciesPerRegion(r string, wg *s
 	semaphore <- struct{}{}
 	defer func() { <-semaphore }()
 
-	cloudFoxEFSClient := InitFileSystemsClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines)
+	cloudFoxEFSClient := InitFileSystemsClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines, m.AWSMFAToken)
 
 	ListFileSystems, err := sdk.CachedDescribeFileSystems(cloudFoxEFSClient.EFSClient, aws.ToString(m.Caller.Account), r)
 	if err != nil {
@@ -785,7 +786,7 @@ func (m *ResourceTrustsModule) getSecretsManagerSecretsPoliciesPerRegion(r strin
 	semaphore <- struct{}{}
 	defer func() { <-semaphore }()
 
-	cloudFoxSecretsManagerClient := InitSecretsManagerClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines)
+	cloudFoxSecretsManagerClient := InitSecretsManagerClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines, m.AWSMFAToken)
 
 	ListSecrets, err := sdk.CachedSecretsManagerListSecrets(cloudFoxSecretsManagerClient, aws.ToString(m.Caller.Account), r)
 	if err != nil {
@@ -851,7 +852,7 @@ func (m *ResourceTrustsModule) getGlueResourcePoliciesPerRegion(r string, wg *sy
 	semaphore <- struct{}{}
 	defer func() { <-semaphore }()
 
-	cloudFoxGlueClient := InitGlueClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines)
+	cloudFoxGlueClient := InitGlueClient(m.Caller, m.AWSProfile, m.CloudFoxVersion, m.Goroutines, m.AWSMFAToken)
 
 	ResourcePolicies, err := sdk.CachedGlueGetResourcePolicies(cloudFoxGlueClient, aws.ToString(m.Caller.Account), r)
 	if err != nil {

diff --git a/aws/role-trusts.go b/aws/role-trusts.go
@@ -314,7 +314,7 @@ func (m *RoleTrustsModule) printServiceTrusts(outputDirectory string) ([]string,
 
 	// sort the rows based on column 2 (service)
 	sort.SliceStable(body, func(i, j int) bool {
-		return body[i][1] < body[j][1]
+		return body[i][3] < body[j][3]
 	})
 
 	return header, body, tableCols

diff --git a/aws/sdk/glue.go b/aws/sdk/glue.go
@@ -27,6 +27,7 @@ func init() {
 	gob.Register(glueTypes.Job{})
 	gob.Register([]glueTypes.Table{})
 	gob.Register([]glueTypes.Database{})
+	gob.Register([]policy.Policy{})
 }
 
 func CachedGlueListDevEndpoints(GlueClient AWSGlueClientInterface, accountID string, region string) ([]string, error) {