Giter Club home page Giter Club logo

ghostbuster's People

Contributors

fardin01 avatar gister9000 avatar gister9000tripadvisor avatar infosec-au avatar yash2999 avatar yashbharadwajuc avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

bbhunter slooppe excloudx6 gprime31 attacker-codeninja jonz-secops objecttechnica sumitsisodiya321 ckolos rajkamal996 verkada avineshwar dreamtrie 5l1v3r1 tony163163 batchi-m lpmi-13 yash2999 fardin01 0xflotus gmh5225 zeeshan0346 magnologan 0xsojalsec doytsujin z3t4byt3 babywyrm filthyshoe listenermoya nmasur tektite-io anthony-joseph palmal24 mark-thm

ghostbuster's Issues

Support additional types of public IPs

There may be other ways that public IPs get assigned to resources in an AWS account that would be worth adding to the enumeration logic:

  • Nat Gateways
  • Eks Clusters
  • Elastic Load Balancers
  • Redshift Clusters

These are ones that I'm aware of, there may be others.

Cloudflare 3.x.x compatibility (No module named 'CloudFlare')

Thank you for supporting Ghostbuster. At my organization we have a Github Action that runs Ghostbuster daily. Starting on Tue 06/25/2024 Ghostbuster started failing with

Traceback (most recent call last):
  File "/runner/_work/infra-fleet/infra-fleet/venv/bin/ghostbuster", line 5, in <module>
    from ghostbuster.cli import cli
  File "/runner/_work/infra-fleet/infra-fleet/venv/lib/python3.11/site-packages/ghostbuster/cli.py", line 24, in <module>
    import ghostbuster.scan
  File "/runner/_work/infra-fleet/infra-fleet/venv/lib/python3.11/site-packages/ghostbuster/scan.py", line 20, in <module>
    import CloudFlare
ModuleNotFoundError: No module named 'CloudFlare'

This coincides with the release of the 3.x.x versions of the cloudflare PyPI package https://pypi.org/project/cloudflare/#history

We resolved this for now by pinning the dependencies to Cloudflare 2.20.0, more specifically this requirements.txt list:

attrs~=23.2.0
awsipranges~=0.3.3
click~=7.1.2
cloudflare~=2.20.0
ghostbuster~=1.0.2
jsonlines~=4.0.0
slack-sdk~=3.30.0

However, it serves the best interest of the community to eventually get the Cloudflare package updated

Feature: Explicitly name profiles

It would be great to be able to explicitly give a --profile or --profiles argument to only target a selected account; some of us have an awful lot of accounts in our config.

Support AWS SSO and Organizations

This tool would be amazing for my organization!

However, we leverage AWS SSO to manage access to our hundreds of accounts. It's therefore unfeasible to create specific IAM users and roles for each account.

Instead, it would be great if I could pass an SSO role and either a list of accounts or have the tool automatically query orgs to parse all accounts within our OUs to run in each.

Thanks for working on this (❤️ the name as well!)

Hardcoded `GhostbusterTargetAccountRole` makes it difficult for Control Tower users

Hey, thanks for this great project! I want to use this tool with AWS Control Tower with all the accounts in the organization. One of the features of Control Tower is that every account gets an aws-controltower-ReadOnlyExecutionRole which can be assumed by Lambda functions in the Audit account.

There is an option for setting the name of the role to assume in a CSV file, but I won't have that in a Lambda function, and we want to use the autorole. Currently, when using the autorole, the name of the role assumed in each account is hardcoded to GhostbusterTargetAccountRole.

Ideally, we would make this an input option so that we could use aws-controltower-ReadOnlyExecutionRole or any other role that sits in each of the accounts. Thanks!

Version 1.0.2 route53 not all A records found

Recent version 1.0.2 founds less records for Route53 that 0.0.7.
It may be connected with pagination errors.
Version 1.0.2:
Obtained 215 DNS A records so far
Version 0.0.7:
Obtained 1377 DNS A records so far.

allregions flag doesn't seem to be working as expected

Good afternoon! When attempting to scan my aws environment across all regions by passing the --allregions flag, I noticed the following error telling me that I needed to specify a region.

shotop@SHOTOP-M-M5DY ansible % ghostbuster scan aws --profile kenna_us_prod --allregions

Obtaining Route53 hosted zones for AWS profile: kenna_us_prod.
Obtained 324 DNS A records so far.
Traceback (most recent call last):
  File "/usr/local/bin/ghostbuster", line 8, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/click/decorators.py", line 73, in new_func
    return ctx.invoke(f, obj, *args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/ghostbuster/scan.py", line 265, in aws
    ec2 = boto3.client("ec2")
  File "/usr/local/lib/python3.9/site-packages/boto3/__init__.py", line 93, in client
    return _get_default_session().client(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/boto3/session.py", line 270, in client
    return self._session.create_client(
  File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 870, in create_client
    client = client_creator.create_client(
  File "/usr/local/lib/python3.9/site-packages/botocore/client.py", line 91, in create_client
    client_args = self._get_client_args(
  File "/usr/local/lib/python3.9/site-packages/botocore/client.py", line 360, in _get_client_args
    return args_creator.get_client_args(
  File "/usr/local/lib/python3.9/site-packages/botocore/args.py", line 71, in get_client_args
    final_args = self.compute_client_args(
  File "/usr/local/lib/python3.9/site-packages/botocore/args.py", line 148, in compute_client_args
    endpoint_config = self._compute_endpoint_config(
  File "/usr/local/lib/python3.9/site-packages/botocore/args.py", line 234, in _compute_endpoint_config
    return self._resolve_endpoint(**resolve_endpoint_kwargs)
  File "/usr/local/lib/python3.9/site-packages/botocore/args.py", line 320, in _resolve_endpoint
    return endpoint_bridge.resolve(
  File "/usr/local/lib/python3.9/site-packages/botocore/client.py", line 441, in resolve
    resolved = self.endpoint_resolver.construct_endpoint(
  File "/usr/local/lib/python3.9/site-packages/botocore/regions.py", line 181, in construct_endpoint
    result = self._endpoint_for_partition(
  File "/usr/local/lib/python3.9/site-packages/botocore/regions.py", line 215, in _endpoint_for_partition
    raise NoRegionError()
botocore.exceptions.NoRegionError: You must specify a region.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.