From 265615311241b8be17e53d043fcf29d015f4a357 Mon Sep 17 00:00:00 2001
From: hupe1980 <frankhuebner1980@gmail.com>
Date: Fri, 18 Nov 2022 16:26:24 +0100
Subject: [PATCH] Add more endpoints

---
 go.mod                 |  1 +
 go.sum                 |  2 +
 pkg/recon/endpoints.go | 90 ++++++++++++++++++++++++++++++++++++++++--
 3 files changed, 89 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index fb33cb8..bbe4fe0 100644
--- a/go.mod
+++ b/go.mod
@@ -74,6 +74,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.3
 	github.com/aws/aws-sdk-go-v2/service/ssm v1.31.2
 	github.com/aws/aws-sdk-go-v2/service/sts v1.16.19
+	github.com/aws/aws-sdk-go-v2/service/transfer v1.24.0
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index da4fb88..5ca369b 100644
--- a/go.sum
+++ b/go.sum
@@ -110,6 +110,8 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.6 h1:OwhhKc1P9ElfWbMKPIbMMZBV
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.6/go.mod h1:csZuQY65DAdFBt1oIjO5hhBR49kQqop4+lcuCjf2arA=
 github.com/aws/aws-sdk-go-v2/service/sts v1.16.19 h1:9pPi0PsFNAGILFfPCk8Y0iyEBGc6lu6OQ97U7hmdesg=
 github.com/aws/aws-sdk-go-v2/service/sts v1.16.19/go.mod h1:h4J3oPZQbxLhzGnk+j9dfYHi5qIOVJ5kczZd658/ydM=
+github.com/aws/aws-sdk-go-v2/service/transfer v1.24.0 h1:WT4vWmJGTZz2nSIu+cDxGB4SIvWxDiu4q8RuwRH5caU=
+github.com/aws/aws-sdk-go-v2/service/transfer v1.24.0/go.mod h1:i+vVvmtMBMxR8mCxlkWpRA4hPC4zcJQ6uB0GaxFRm1k=
 github.com/aws/smithy-go v1.13.3/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.13.4 h1:/RN2z1txIJWeXeOkzX+Hk/4Uuvv7dWtCjbmVJcrskyk=
 github.com/aws/smithy-go v1.13.4/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
diff --git a/pkg/recon/endpoints.go b/pkg/recon/endpoints.go
index ae8d01f..40f12f5 100644
--- a/pkg/recon/endpoints.go
+++ b/pkg/recon/endpoints.go
@@ -29,6 +29,8 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/opensearch"
 	"github.com/aws/aws-sdk-go-v2/service/rds"
 	"github.com/aws/aws-sdk-go-v2/service/redshift"
+	"github.com/aws/aws-sdk-go-v2/service/transfer"
+	transferTypes "github.com/aws/aws-sdk-go-v2/service/transfer/types"
 	"github.com/hupe1980/awsrecon/pkg/config"
 )
 
@@ -76,6 +78,7 @@ type EndpointsRecon struct {
 	opensearchClient   *opensearch.Client
 	rdsClient          *rds.Client
 	redshiftClient     *redshift.Client
+	transferClient     *transfer.Client
 }
 
 func NewEndpointsRecon(cfg *config.Config, optFns ...func(o *EndpointsOptions)) *EndpointsRecon {
@@ -102,6 +105,7 @@ func NewEndpointsRecon(cfg *config.Config, optFns ...func(o *EndpointsOptions))
 		opensearchClient:   opensearch.NewFromConfig(cfg.AWSConfig),
 		rdsClient:          rds.NewFromConfig(cfg.AWSConfig),
 		redshiftClient:     redshift.NewFromConfig(cfg.AWSConfig),
+		transferClient:     transfer.NewFromConfig(cfg.AWSConfig),
 	}
 
 	r.recon = newRecon[Endpoint](func() {
@@ -149,8 +153,12 @@ func NewEndpointsRecon(cfg *config.Config, optFns ...func(o *EndpointsOptions))
 			r.enumerateLambdaFunctionsPerRegion(region)
 		})
 
-		r.runEnumerateServicePerRegion("lightsail", cfg.Regions, func(region string) {
-			r.enumerateLightsailEndpointsPerRegion(region)
+		r.runEnumerateServicePerRegion("lightsail-cs", cfg.Regions, func(region string) {
+			r.enumerateLightsailContainersEndpointsPerRegion(region)
+		})
+
+		r.runEnumerateServicePerRegion("lightsail-inst", cfg.Regions, func(region string) {
+			r.enumerateLightsailInstancesEndpointsPerRegion(region)
 		})
 
 		r.runEnumerateServicePerRegion("mq", cfg.Regions, func(region string) {
@@ -168,6 +176,10 @@ func NewEndpointsRecon(cfg *config.Config, optFns ...func(o *EndpointsOptions))
 		r.runEnumerateServicePerRegion("redshift", cfg.Regions, func(region string) {
 			r.enumerateRedshiftEndpointsPerRegion(region)
 		})
+
+		r.runEnumerateServicePerRegion("transfer", cfg.Regions, func(region string) {
+			r.enumerateTransferEndpointsPerRegion(region)
+		})
 	}, func(o *reconOptions) {
 		o.IgnoreServices = opts.IgnoreServices
 		o.BeforeHook = opts.BeforeHook
@@ -931,7 +943,7 @@ func (rec *EndpointsRecon) enumerateLambdaFunctionsPerRegion(region string) {
 	}
 }
 
-func (rec *EndpointsRecon) enumerateLightsailEndpointsPerRegion(region string) {
+func (rec *EndpointsRecon) enumerateLightsailContainersEndpointsPerRegion(region string) {
 	output, err := rec.lightsailClient.GetContainerServices(context.TODO(), &lightsail.GetContainerServicesInput{}, func(o *lightsail.Options) {
 		o.Region = region
 	})
@@ -942,7 +954,7 @@ func (rec *EndpointsRecon) enumerateLightsailEndpointsPerRegion(region string) {
 
 	for _, item := range output.ContainerServices {
 		rec.addResult(Endpoint{
-			AWSService: "Lightsail",
+			AWSService: "Lightsail [CS]",
 			Name:       aws.ToString(item.ContainerServiceName),
 			Region:     region,
 			Type:       "URL",
@@ -954,6 +966,29 @@ func (rec *EndpointsRecon) enumerateLightsailEndpointsPerRegion(region string) {
 	}
 }
 
+func (rec *EndpointsRecon) enumerateLightsailInstancesEndpointsPerRegion(region string) {
+	output, err := rec.lightsailClient.GetInstances(context.TODO(), &lightsail.GetInstancesInput{}, func(o *lightsail.Options) {
+		o.Region = region
+	})
+	if err != nil {
+		rec.addError(err)
+		return
+	}
+
+	for _, item := range output.Instances {
+		rec.addResult(Endpoint{
+			AWSService: "Lightsail [Inst]",
+			Name:       aws.ToString(item.Name),
+			Region:     region,
+			Type:       "IP",
+			Endpoint:   fmt.Sprintf("http://%s", aws.ToString(item.PublicIpAddress)),
+			Port:       80,
+			Protocol:   "http",
+			Visibility: VisibilityPublic,
+		})
+	}
+}
+
 func (rec *EndpointsRecon) enumerateRDSEndpointsPerRegion(region string) {
 	p := rds.NewDescribeDBInstancesPaginator(rec.rdsClient, &rds.DescribeDBInstancesInput{})
 	for p.HasMorePages() {
@@ -1031,3 +1066,50 @@ func (rec *EndpointsRecon) enumerateRedshiftEndpointsPerRegion(region string) {
 		}
 	}
 }
+
+func (rec *EndpointsRecon) enumerateTransferEndpointsPerRegion(region string) {
+	p := transfer.NewListServersPaginator(rec.transferClient, &transfer.ListServersInput{})
+	for p.HasMorePages() {
+		page, err := p.NextPage(context.TODO(), func(o *transfer.Options) {
+			o.Region = region
+		})
+		if err != nil {
+			rec.addError(err)
+			return
+		}
+
+		for _, server := range page.Servers {
+			var hints []string
+
+			switch server.IdentityProviderType {
+			case transferTypes.IdentityProviderTypeApiGateway:
+				hints = append(hints, "ApiGatewayIdentityProvider")
+			case transferTypes.IdentityProviderTypeAwsDirectoryService:
+				hints = append(hints, "DirectoryServiceIdentityProvider")
+			case transferTypes.IdentityProviderTypeAwsLambda:
+				hints = append(hints, "LambdaIdentityProvider")
+			case transferTypes.IdentityProviderTypeServiceManaged:
+				hints = append(hints, "ServiceManagedIdentityProvider")
+			}
+
+			visibility := VisibiltyPrivate
+			if server.EndpointType == transferTypes.EndpointTypePublic {
+				visibility = VisibilityPublic
+			}
+
+			serverID := aws.ToString(server.ServerId)
+
+			rec.addResult(Endpoint{
+				AWSService: fmt.Sprintf("Transfer [%s]", server.Domain),
+				Region:     region,
+				Name:       serverID,
+				Type:       "Endpoint",
+				Endpoint:   fmt.Sprintf("%s.server.transfer.%s.amazonaws.com", serverID, region),
+				Port:       22,
+				Protocol:   "sftp",
+				Visibility: visibility,
+				Hints:      hints,
+			})
+		}
+	}
+}