From 9ea92adce2c1607e769d1bcbc054c3d4340703ad Mon Sep 17 00:00:00 2001 From: Jeff Kwiat Date: Tue, 24 May 2022 15:29:32 -0400 Subject: [PATCH 1/2] Added README.md file detailing Tools, Permsissions, and Basic command usage --- bash/README.md | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 bash/README.md diff --git a/bash/README.md b/bash/README.md new file mode 100644 index 0000000..a751c6c --- /dev/null +++ b/bash/README.md @@ -0,0 +1,86 @@ +# Inventory and Exploits Scripts +## Inventory Scripts +The inventory scripts contained with this directory report the number of cloud resources in use within a cloud provider environment. + +### AWS Inventory Script +#### Prerequisites +The following tools are required in order to run the [AWS Inventory Script](./lw_aws_inventory.sh): +- `awscli` +- `jq` +#### Permissions Required +The following permissions are required to run the [AWS Inventory Script](./lw_aws_inventory.sh): + + +``` +ec2:DescribeRegions +ec2:DescribeNatGateways +ec2:DescribeInstances +ecs:ListClusters +elb:DescribeLoadBalancers +elbv2:DescribeLoadBalancer +fargate:DescribeTasks +rds:DescribeDbInstances +redshift:DescribeClusters +sts:GetCallerIdentity +``` + +#### Basic Usage +To execute the script with the default parameters, you may run the following commands: +``` +curl -O https://raw.githubusercontent.com/lacework-dev/scripts/main/bash/lw_aws_inventory.sh +chmod +x lw_aws_inventory.sh +./lw_aws_inventory.sh +``` + +### Azure Inventory Script +#### Prerequisites +The following tools are required in order to run the [Azure Inventory Script](./lw_azure_inventory.sh): + +- `gcloud` +- `jq` + +#### Permissions Required +The following commands will be executed as part of the [Azure Inventory Script](./lw_azure_inventory.sh): + +``` +az account list +az account set +az group list +az network lb list +az network vnet-gateway list +az sql server list +az vm list +az vmss list +``` +#### Basic Usage +To execute the script with the default parameters, you may run the following commands: +``` +curl -O https://raw.githubusercontent.com/lacework-dev/scripts/main/bash/lw_azure_inventory.sh +chmod +x lw_azure_inventory.sh +./lw_azure_inventory.sh +``` +### GCP Inventory Script +#### Prerequisites +The following tools are required in order to run the [GCP Inventory Script](./lw_gcp_inventory.sh): +- `gcloud` +- `jq` +#### Permissions Required +The following commands will be executed as part of the [GCP Inventory Script](./lw_gcp_inventory.sh): + +``` +gcloud compute forwarding-rules lis +gcloud compute instances list +gcloud compute routers list +gcloud projects list +gcloud services list +gcloud sql instances list +``` +#### Basic Usage +To execute the script with the default parameters, you may run the following commands: +``` +curl -O https://raw.githubusercontent.com/lacework-dev/scripts/main/bash/lw_gcp_inventory.sh +chmod +x lw_gcp_inventory.sh +./lw_gcp_inventory.sh +``` +## Exploit Scripts +TBD \ No newline at end of file From 780455bf39bdfd300c6f486531e1f7e304fa43ea Mon Sep 17 00:00:00 2001 From: Jeff Kwiat Date: Tue, 24 May 2022 16:00:13 -0400 Subject: [PATCH 2/2] Replaced "gcloud" with "az" --- bash/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bash/README.md b/bash/README.md index a751c6c..bf469b7 100644 --- a/bash/README.md +++ b/bash/README.md @@ -36,7 +36,7 @@ chmod +x lw_aws_inventory.sh #### Prerequisites The following tools are required in order to run the [Azure Inventory Script](./lw_azure_inventory.sh): -- `gcloud` +- `az` - `jq` #### Permissions Required