/
access_keys.go
88 lines (73 loc) · 1.8 KB
/
access_keys.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
package recon
import (
"context"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/iam"
"github.com/hupe1980/awsrecon/pkg/common"
"github.com/hupe1980/awsrecon/pkg/config"
)
type AccessKey struct {
AWSService string
UserName string
ID string
CreateDate time.Time
Status string
}
type AccessKeysOptions struct {
UserNames []string
IDs []string
BeforeHook BeforeHookFunc
AfterRunHook AfterRunHookFunc
}
type AccessKeysRecon struct {
*recon[AccessKey]
iamClient *iam.Client
opts AccessKeysOptions
}
func NewAccessKeysRecon(cfg *config.Config, optFns ...func(o *AccessKeysOptions)) *AccessKeysRecon {
opts := AccessKeysOptions{}
for _, fn := range optFns {
fn(&opts)
}
r := &AccessKeysRecon{
iamClient: iam.NewFromConfig(cfg.AWSConfig),
opts: opts,
}
r.recon = newRecon[AccessKey](func() {
r.runEnumerateService("iam", func() {
r.enumerateAccessKeys()
})
}, func(o *reconOptions) {
o.BeforeHook = opts.BeforeHook
o.AfterRunHook = opts.AfterRunHook
})
return r
}
func (rec *AccessKeysRecon) enumerateAccessKeys() {
p := iam.NewListAccessKeysPaginator(rec.iamClient, &iam.ListAccessKeysInput{})
for p.HasMorePages() {
page, err := p.NextPage(context.TODO())
if err != nil {
rec.addError(err)
return
}
for _, key := range page.AccessKeyMetadata {
id := aws.ToString(key.AccessKeyId)
name := aws.ToString(key.UserName)
if len(rec.opts.IDs) > 0 && !common.SliceContains(rec.opts.IDs, id) {
continue
}
if len(rec.opts.UserNames) > 0 && !common.SliceContains(rec.opts.UserNames, name) {
continue
}
rec.addResult(AccessKey{
AWSService: "IAM",
UserName: name,
ID: id,
CreateDate: aws.ToTime(key.CreateDate),
Status: string(key.Status),
})
}
}
}