Skip to content

Commit 6231324

Browse files
kmcquadekmcquade
authored
Merge pull request #31 from kmcquade/fix/GH-30-windows-compatibility
Windows compability fix. 0.0.13 bump
2 parents d6d57c5 + 9ff0952 commit 6231324

File tree

7 files changed

+96
-37
lines changed

7 files changed

+96
-37
lines changed

CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,11 @@
11
# CHANGELOG
22

3+
## Unreleased
4+
* Docker
5+
6+
## 0.0.13 (2020=05-07)
7+
* Windows compatibility fixes
8+
39
## 0.0.12 (2020-05-07)
410
* Various UI improvements, like sortable tables. Fixes #22. See https://opensource.salesforce.com/cloudsplaining/ for the latest example.
511
* Fixes #27 - issue arising from where "expanded_actions" is empty

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -313,4 +313,4 @@ Try upgrading to the latest version of Cloudsplaining. This error was fixed in v
313313
* [Parliament](https://github.com/duo-labs/parliament/) by [Scott Piper](https://twitter.com/0xdabbad00) at [Summit Route](http://summitroute.com/) and Duo Labs.
314314
* [AWS Privilege Escalation Methods](https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation) by [Spencer Gietzen](https://twitter.com/SpenGietz) at Rhino Security Labs
315315
* [Understanding Access Level Summaries within Policy Summaries](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html)
316-
* [Using Blockchain-based machine learning algorithms on multiple service meshes to transparently automate multi-cloud IAM Kung-Fu](http://kmcquade.com/rick.html)
316+
* [Leveraging next-generation blockchain-based AI across multiple service meshes to transparently automate multi-cloud IAM wizardry :mage_man:](http://kmcquade.com/rick.html)

cloudsplaining/bin/cloudsplaining renamed to cloudsplaining/bin/cli.py

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
"""
88
Cloudsplaining is an AWS IAM Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report with a triage worksheet.
99
"""
10-
__version__ = "0.0.12"
10+
__version__ = "0.0.13"
1111
import click
1212
from cloudsplaining import command
1313

@@ -26,5 +26,11 @@ def cloudsplaining():
2626
cloudsplaining.add_command(command.scan_policy_file.scan_policy_file)
2727
cloudsplaining.add_command(command.download.download)
2828

29+
30+
def main():
31+
"""Cloudsplaining is an AWS IAM Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report with a triage worksheet."""
32+
cloudsplaining()
33+
34+
2935
if __name__ == "__main__":
3036
cloudsplaining()

cloudsplaining/output/templates/appendix/references.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@
22
<li><a href="https://github.com/salesforce/policy_sentry/">Policy Sentry</a> by <a href="https://twitter.com/kmcquade3">Kinnaird McQuade</a> at Salesforce</li>
33
<li><a href="https://github.com/duo-labs/parliament/">Parliament</a> by <a href="https://twitter.com/0xdabbad00">Scott Piper</a> at Duo Labs</li>
44
<li><a href="https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation">AWS Privilege Escalation Methods</a> by <a href="https://twitter.com/SpenGietz">Spencer Gietzen</a> at Rhino Security Labs</li>
5-
<li><a href="http://kmcquade.com/rick.html">Using Blockchain-based machine learning algorithms on multiple service meshes to transparently automate multi-cloud IAM Kung-Fu</a></li>
5+
<li><a href="http://kmcquade.com/rick.html">Leveraging next-generation blockchain-based AI across multiple service meshes to transparently automate multi-cloud IAM wizardry</a></li>
66
</ul>
77
<br>

examples/files/iam-report-example.html

Lines changed: 59 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,10 @@
1313
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css"
1414
integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
1515

16+
<!--Data Tables-->
17+
<link rel="stylesheet" href="https://cdn.datatables.net/1.10.20/css/jquery.dataTables.min.css"
18+
crossorigin="anonymous">
19+
1620
<!--Custom CSS-->
1721
<style>
1822
.nav li {
@@ -27,14 +31,20 @@
2731
body {
2832
position: relative;
2933
}
30-
/*Use Bootstrap 3 button colors with bootstrap 4. Personal preference.*/
31-
/*The next line has this minified but you can view the expanded one here: https://gist.github.com/kmcquade/ea8be1948c0ae260c93291fae7f7880a*/
32-
/*.btn{display:inline-block;padding:6px 12px;margin-bottom:0;font-size:14px;font-weight:400;line-height:1.42857143;text-align:center;white-space:nowrap;vertical-align:middle;-ms-touch-action:manipulation;touch-action:manipulation;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;background-image:none;border:1px solid transparent;border-radius:4px}.btn.active.focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn:active:focus,.btn:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn.focus,.btn:focus,.btn:hover{color:#333;text-decoration:none}.btn.active,.btn:active{background-image:none;outline:0;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;-webkit-box-shadow:none;box-shadow:none;opacity:.65}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default.focus,.btn-default:focus{color:#333;background-color:#e6e6e6;border-color:#8c8c8c}.btn-default:hover{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default.active,.btn-default:active,.open>.dropdown-toggle.btn-default{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default.active.focus,.btn-default.active:focus,.btn-default.active:hover,.btn-default:active.focus,.btn-default:active:focus,.btn-default:active:hover,.open>.dropdown-toggle.btn-default.focus,.open>.dropdown-toggle.btn-default:focus,.open>.dropdown-toggle.btn-default:hover{color:#333;background-color:#d4d4d4;border-color:#8c8c8c}.btn-default.active,.btn-default:active,.open>.dropdown-toggle.btn-default{background-image:none}.btn-default.disabled.focus,.btn-default.disabled:focus,.btn-default.disabled:hover,.btn-default[disabled].focus,.btn-default[disabled]:focus,.btn-default[disabled]:hover,fieldset[disabled] .btn-default.focus,fieldset[disabled] .btn-default:focus,fieldset[disabled] .btn-default:hover{background-color:#fff;border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#337ab7;border-color:#2e6da4}.btn-primary.focus,.btn-primary:focus{color:#fff;background-color:#286090;border-color:#122b40}.btn-primary:hover{color:#fff;background-color:#286090;border-color:#204d74}.btn-primary.active,.btn-primary:active,.open>.dropdown-toggle.btn-primary{color:#fff;background-color:#286090;border-color:#204d74}.btn-primary.active.focus,.btn-primary.active:focus,.btn-primary.active:hover,.btn-primary:active.focus,.btn-primary:active:focus,.btn-primary:active:hover,.open>.dropdown-toggle.btn-primary.focus,.open>.dropdown-toggle.btn-primary:focus,.open>.dropdown-toggle.btn-primary:hover{color:#fff;background-color:#204d74;border-color:#122b40}.btn-primary.active,.btn-primary:active,.open>.dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled.focus,.btn-primary.disabled:focus,.btn-primary.disabled:hover,.btn-primary[disabled].focus,.btn-primary[disabled]:focus,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary.focus,fieldset[disabled] .btn-primary:focus,fieldset[disabled] .btn-primary:hover{background-color:#337ab7;border-color:#2e6da4}.btn-primary .badge{color:#337ab7;background-color:#fff}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success.focus,.btn-success:focus{color:#fff;background-color:#449d44;border-color:#255625}.btn-success:hover{color:#fff;background-color:#449d44;border-color:#398439}.btn-success.active,.btn-success:active,.open>.dropdown-toggle.btn-success{color:#fff;background-color:#449d44;border-color:#398439}.btn-success.active.focus,.btn-success.active:focus,.btn-success.active:hover,.btn-success:active.focus,.btn-success:active:focus,.btn-success:active:hover,.open>.dropdown-toggle.btn-success.focus,.open>.dropdown-toggle.btn-success:focus,.open>.dropdown-toggle.btn-success:hover{color:#fff;background-color:#398439;border-color:#255625}.btn-success.active,.btn-success:active,.open>.dropdown-toggle.btn-success{background-image:none}.btn-success.disabled.focus,.btn-success.disabled:focus,.btn-success.disabled:hover,.btn-success[disabled].focus,.btn-success[disabled]:focus,.btn-success[disabled]:hover,fieldset[disabled] .btn-success.focus,fieldset[disabled] .btn-success:focus,fieldset[disabled] .btn-success:hover{background-color:#5cb85c;border-color:#4cae4c}.btn-success .badge{color:#5cb85c;background-color:#fff}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info.focus,.btn-info:focus{color:#fff;background-color:#31b0d5;border-color:#1b6d85}.btn-info:hover{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info.active,.btn-info:active,.open>.dropdown-toggle.btn-info{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info.active.focus,.btn-info.active:focus,.btn-info.active:hover,.btn-info:active.focus,.btn-info:active:focus,.btn-info:active:hover,.open>.dropdown-toggle.btn-info.focus,.open>.dropdown-toggle.btn-info:focus,.open>.dropdown-toggle.btn-info:hover{color:#fff;background-color:#269abc;border-color:#1b6d85}.btn-info.active,.btn-info:active,.open>.dropdown-toggle.btn-info{background-image:none}.btn-info.disabled.focus,.btn-info.disabled:focus,.btn-info.disabled:hover,.btn-info[disabled].focus,.btn-info[disabled]:focus,.btn-info[disabled]:hover,fieldset[disabled] .btn-info.focus,fieldset[disabled] .btn-info:focus,fieldset[disabled] .btn-info:hover{background-color:#5bc0de;border-color:#46b8da}.btn-info .badge{color:#5bc0de;background-color:#fff}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning.focus,.btn-warning:focus{color:#fff;background-color:#ec971f;border-color:#985f0d}.btn-warning:hover{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning.active,.btn-warning:active,.open>.dropdown-toggle.btn-warning{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning.active.focus,.btn-warning.active:focus,.btn-warning.active:hover,.btn-warning:active.focus,.btn-warning:active:focus,.btn-warning:active:hover,.open>.dropdown-toggle.btn-warning.focus,.open>.dropdown-toggle.btn-warning:focus,.open>.dropdown-toggle.btn-warning:hover{color:#fff;background-color:#d58512;border-color:#985f0d}.btn-warning.active,.btn-warning:active,.open>.dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled.focus,.btn-warning.disabled:focus,.btn-warning.disabled:hover,.btn-warning[disabled].focus,.btn-warning[disabled]:focus,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning.focus,fieldset[disabled] .btn-warning:focus,fieldset[disabled] .btn-warning:hover{background-color:#f0ad4e;border-color:#eea236}.btn-warning .badge{color:#f0ad4e;background-color:#fff}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger.focus,.btn-danger:focus{color:#fff;background-color:#c9302c;border-color:#761c19}.btn-danger:hover{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger.active,.btn-danger:active,.open>.dropdown-toggle.btn-danger{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger.active.focus,.btn-danger.active:focus,.btn-danger.active:hover,.btn-danger:active.focus,.btn-danger:active:focus,.btn-danger:active:hover,.open>.dropdown-toggle.btn-danger.focus,.open>.dropdown-toggle.btn-danger:focus,.open>.dropdown-toggle.btn-danger:hover{color:#fff;background-color:#ac2925;border-color:#761c19}.btn-danger.active,.btn-danger:active,.open>.dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled.focus,.btn-danger.disabled:focus,.btn-danger.disabled:hover,.btn-danger[disabled].focus,.btn-danger[disabled]:focus,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger.focus,fieldset[disabled] .btn-danger:focus,fieldset[disabled] .btn-danger:hover{background-color:#d9534f;border-color:#d43f3a}.btn-danger .badge{color:#d9534f;background-color:#fff}.btn-link{font-weight:400;color:#337ab7;border-radius:0}.btn-link,.btn-link.active,.btn-link:active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:active,.btn-link:focus,.btn-link:hover{border-color:transparent}.btn-link:focus,.btn-link:hover{color:#23527c;text-decoration:underline;background-color:transparent}.btn-link[disabled]:focus,.btn-link[disabled]:hover,fieldset[disabled] .btn-link:focus,fieldset[disabled] .btn-link:hover{color:#777;text-decoration:none}.btn-group-lg>.btn,.btn-lg{padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.btn-group-sm>.btn,.btn-sm{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-group-xs>.btn,.btn-xs{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:5px}*/
34+
div.customer-managed-table {
35+
word-wrap: break-word;
36+
}
37+
div.aws-managed-table {
38+
word-wrap: break-word;
39+
}
40+
div.principals-table {
41+
word-wrap: break-word;
42+
}
3343
</style>
3444

3545
</head>
3646

37-
<body onload="setSummaryAsActiveTab()">
47+
<body>
3848
<!------------------>
3949
<!-- Row -->
4050
<!------------------>
@@ -124,10 +134,10 @@
124134
<!--EXECUTIVE SUMMARY TAB-->
125135
<div class="tab-pane fade show active" id="nav-summary" role="tabpanel" aria-labelledby="nav-summary-tab">
126136
<br>
127-
Report metadata:
137+
<h4>Report metadata</h4>
128138
<ul>
129139
<li>Account: example (012345678901)</li>
130-
<li>Report Generated: 2020-05-03</li>
140+
<li>Report Generated: 2020-05-07</li>
131141
</ul>
132142
<br>
133143
<!--Executive Summary-->
@@ -175,10 +185,8 @@ <h4>Risk Summary</h4>
175185
<td style="background-color: #FFE295;">Medium</td>
176186
</tr>
177187

178-
<!-- <tr><td>Credentials Exposure</td><td>Value</td><td>Value</td><td>Value</td>-->
179188
</tbody>
180189
</table>
181-
<br>
182190
</div>
183191
</div>
184192
</div><!--/END SUMMARY TAB-->
@@ -187,11 +195,15 @@ <h4>Risk Summary</h4>
187195
<div class="tab-pane fade" id="nav-principals" role="tabpanel" aria-labelledby="nav-principals-tab">
188196
<h3 id="iam-principals">IAM Principals</h3>
189197

190-
<p>
191-
The following table shows the list of IAM Users, Groups, and Roles in the account, whether they have findings or not.
198+
<br>
199+
<p>
200+
The following table shows the list of IAM Users, Groups, and Roles in the account - whether they have findings or not.
192201
</p>
202+
<br>
193203
<span class="badge badge-default"></span>
194-
<table class="table table-striped table-bordered table-sm">
204+
<div class="principals-table">
205+
<table id="principals-table" class="display compact" style="width:100%">
206+
<!--<table id="principals-table" class="table table-striped table-bordered table-sm">-->
195207
<thead>
196208
<tr>
197209
<th>Type</th>
@@ -287,23 +299,26 @@ <h3 id="iam-principals">IAM Principals</h3>
287299

288300
</tbody>
289301
</table>
302+
</div>
290303
<br>
291-
292304
</div><!--/end PRINCIPALS TAB-->
293305

294306
<!--CUSTOMER-MANAGED TAB-->
295307
<div class="tab-pane fade" id="nav-customer-managed" role="tabpanel" aria-labelledby="nav-customer-managed-tab">
296308

297309
<!--Summary: Customer-managed policies-->
298310
<h3 id="customer-managed-policies-summary">Findings: Customer-managed Policies</h3>
299-
<span class="badge badge-default"></span>
300-
<table class="table table-striped table-bordered table-sm">
311+
<br>
312+
<span class="badge badge-default"></span>
313+
<div class="customer-managed-table">
314+
<table id="customer-managed-table" class="display compact" style="width:100%; border-radius: 10px">
315+
<!--<table id="customer-managed-table" class="table table-striped table-bordered table-sm">-->
301316
<thead>
302317
<tr>
303318
<th>Name</th>
304319
<th>Type</th>
305320
<th>Services Count</th>
306-
<th>Infrastructure Modification <a href="#definition-infrastructure-modification"><small>[0]</small></a></td></th>
321+
<th>Infrastructure Modification<a href="#definition-infrastructure-modification"><small>[0]</small></a></td></th>
307322
<th>Services Affected</th>
308323
<th>Privilege Escalation<a href="#definition-privilege-escalation"><small>[1]</small></a></th>
309324
<th>Resource Exposure<a href="#definition-resource-exposure"><small>[2]</small></a></th>
@@ -423,6 +438,7 @@ <h3 id="customer-managed-policies-summary">Findings: Customer-managed Policies</
423438

424439
</tbody>
425440
</table>
441+
</div>
426442
<br>
427443

428444
<!--Analysis: Customer-managed-policies-->
@@ -1187,7 +1203,10 @@ <h6 class="card-header" id="OverprivilegedEC2">Role: OverprivilegedEC2</h6>
11871203
<!--Summary: AWS-managed policies-->
11881204
<h3 id="aws-managed-policies-summary">Findings: AWS-managed Policies</h3>
11891205
<span class="badge badge-default"></span>
1190-
<table class="table table-striped table-bordered table-sm">
1206+
<br>
1207+
<div class="aws-managed-table">
1208+
<table id="aws-managed-table" class="display compact" style="width:100%; border-radius: 10px">
1209+
<!--<table id="aws-managed-table" class="table table-striped table-bordered table-sm">-->
11911210
<thead>
11921211
<tr>
11931212
<th>Policy Name</th>
@@ -1196,7 +1215,7 @@ <h3 id="aws-managed-policies-summary">Findings: AWS-managed Policies</h3>
11961215
<th>Services Affected</th>
11971216
<th>Privilege Escalation<a href="#definition-privilege-escalation"><small>[1]</small></a></th>
11981217
<th>Resource Exposure<a href="#definition-resource-exposure"><small>[2]</small></a></th>
1199-
<th>Data Exfiltration <a href="#definition-data-exfiltration"><small>[3]</small></a></th>
1218+
<th>Data Exfiltration<a href="#definition-data-exfiltration"><small>[3]</small></a></th>
12001219
</tr>
12011220
</thead>
12021221
<tbody>
@@ -1441,6 +1460,7 @@ <h3 id="aws-managed-policies-summary">Findings: AWS-managed Policies</h3>
14411460

14421461
</tbody>
14431462
</table>
1463+
</div>
14441464
<br>
14451465

14461466
<!--Analysis: AWS-managed-policies-->
@@ -8684,7 +8704,7 @@ <h6 class="card-header" id="ReadOnlyAccess">Policy: ReadOnlyAccess</h6>
86848704
</div><!--/end Tab content-->
86858705
</div><!--/end data spy-->
86868706

8687-
<br>
8707+
86888708
<hr>
86898709
<br>
86908710
<!--Guidance-->
@@ -9000,6 +9020,7 @@ <h4 id="references">References</h4>
90009020
<li><a href="https://github.com/salesforce/policy_sentry/">Policy Sentry</a> by <a href="https://twitter.com/kmcquade3">Kinnaird McQuade</a> at Salesforce</li>
90019021
<li><a href="https://github.com/duo-labs/parliament/">Parliament</a> by <a href="https://twitter.com/0xdabbad00">Scott Piper</a> at Duo Labs</li>
90029022
<li><a href="https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation">AWS Privilege Escalation Methods</a> by <a href="https://twitter.com/SpenGietz">Spencer Gietzen</a> at Rhino Security Labs</li>
9023+
<li><a href="http://kmcquade.com/rick.html">Using Blockchain-based machine learning algorithms on multiple service meshes to transparently automate multi-cloud IAM Kung-Fu</a></li>
90039024
</ul>
90049025
<br>
90059026

@@ -9021,8 +9042,20 @@ <h4 id="references">References</h4>
90219042
integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6"
90229043
crossorigin="anonymous"></script>
90239044

9024-
<!--Press Collapse/expand button so you can Ctrl+F through the report-->
9045+
<!--Data Tables-->
9046+
<script type="text/javascript" src="https://cdn.datatables.net/1.10.20/js/jquery.dataTables.min.js"></script>
9047+
<!--<script type="text/javascript" src="https://cdn.datatables.net/1.10.20/js/dataTables.bootstrap4.min.js"></script>-->
9048+
90259049
<script>
9050+
$(document).ready(function() {
9051+
$('#aws-managed-table').DataTable();
9052+
$('#customer-managed-table').DataTable();
9053+
$('#principals-table').DataTable();
9054+
} );
9055+
</script>
9056+
9057+
<!--Press Collapse/expand button so you can Ctrl+F through the report-->
9058+
<script type="text/javascript">
90269059
$(function () {
90279060
$('#collapseAccordion').on('click', function (e) {
90289061
$('.panel-collapse').collapse('hide');
@@ -9032,11 +9065,13 @@ <h4 id="references">References</h4>
90329065
})
90339066
});
90349067
</script>
9035-
<script>
9036-
function setSummaryAsActiveTab() {
9037-
$('.nav-tabs a[href="#nav-summary"]').tab('show')
9038-
}
90399068

9040-
</script>
9069+
<!--Force first tab as active tab-->
9070+
<script type="text/javascript">
9071+
$(document).ready(function(){
9072+
$('.nav-tabs a[href="#nav-summary"]').tab('show');
9073+
});
9074+
</script>
9075+
90419076
</body>
90429077
</html>

0 commit comments

Comments
 (0)