Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'develop' into feature/9-ec2-findings
- Loading branch information
Showing
14 changed files
with
367 additions
and
1 deletion.
There are no files selected for viewing
80 changes: 80 additions & 0 deletions
80
ScoutSuite/output/data/html/partials/azure/services.network.network_security_groups.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
<!-- Network Security Groups partial --> | ||
<script id="services.network.network_security_groups.partial" type="text/x-handlebars-template"> | ||
<div id="ressource-name" class="list-group-item active"> | ||
<h4 class="list-group-item-heading">{{name}}</h4> | ||
</div> | ||
|
||
<div class="list-group-item"> | ||
<h4 class="list-group-item-heading">Information</h4> | ||
<div class="list-group-item-text item-margin">Name: <span id="network.network_security_groups.{{@key}}.name">{{name}}</span></div> | ||
<div class="list-group-item-text item-margin">Location: <span id="network.network_security_groups.{{@key}}.location">{{ location }}</span></div> | ||
|
||
<div class="list-group-item-text item-margin">Exposed Ports: | ||
<div class="list-group-item-text item-margin"> | ||
{{#each exposed_port_ranges}} | ||
<li id="network.network_security_groups.{{@../key}}.exposed_port_ranges.{{@key}}">{{ this }}</li> | ||
{{/each}} | ||
</div> | ||
</div> | ||
</div> | ||
<div class="list-group-item"> | ||
<h4 class="list-group-item-heading">Security Rules</h4> | ||
<div class="list-group-item-text item-margin"> | ||
{{#each security_rules}} | ||
{{name}} | ||
<div class="list-group-item-text item-margin"> | ||
<div class="list-group-item-text item-margin">Allow: <span id="network.network_security_groups.{{@../key}}.security_rule.{{@key}}.allow">{{ allow }}</span></div> | ||
<div class="list-group-item-text item-margin">Priority: <span id="network.network_security_groups.{{@../key}}.security_rule.{{@key}}.priority">{{ priority }}</span></div> | ||
<div class="list-group-item-text item-margin">Description: <span id="network.network_security_groups.{{@../key}}.security_rule.{{@key}}.description">{{ description }}</span></div> | ||
<div class="list-group-item-text item-margin">Provisioning State: <span id="network.network_security_groups.{{@../key}}.security_rule.{{@key}}.provisioning_state">{{ provisioning_state }}</span></div> | ||
<div class="list-group-item-text item-margin">Protocol: <span id="network.network_security_groups.{{@../key}}.security_rule.{{@key}}.protocol">{{ protocol }}</span></div> | ||
<div class="list-group-item-text item-margin">Direction: <span id="network.network_security_groups.{{@../key}}.security_rule.{{@key}}.direction">{{ direction }}</span></div> | ||
|
||
<div class="list-group-item-text item-margin">Source Address Prefixes: | ||
<div class="list-group-item-text item-margin"> | ||
{{#each source_address_prefixes}} | ||
<li id="network.network_security_groups.{{@../../key}}.security_rule.{{@../key}}.source_address_prefixes.{{@key}}">{{ this }}</li> | ||
{{/each}} | ||
</div> | ||
</div> | ||
|
||
<div class="list-group-item-text item-margin">Source Ports: | ||
<div class="list-group-item-text item-margin"> | ||
{{#each source_port_ranges}} | ||
<li id="network.network_security_groups.{{@../../key}}.security_rule.{{@../key}}.source_port_ranges.{{@key}}">{{ this }}</li> | ||
{{/each}} | ||
</div> | ||
</div> | ||
|
||
<div class="list-group-item-text item-margin">Destination Address Prefixes: | ||
<div class="list-group-item-text item-margin"> | ||
{{#each destination_address_prefixes}} | ||
<li id="network.network_security_groups.{{@../../key}}.security_rule.{{@../key}}.destination_address_prefixes.{{@key}}">{{ this }}</li> | ||
{{/each}} | ||
</div> | ||
</div> | ||
|
||
<div class="list-group-item-text item-margin">Destination Port Ranges: | ||
<div class="list-group-item-text item-margin"> | ||
{{#each destination_port_ranges}} | ||
<li id="network.network_security_groups.{{@../../key}}.security_rule.{{@../key}}.destination_port_ranges.{{@key}}">{{ this }}</li> | ||
{{/each}} | ||
</div> | ||
</div> | ||
</div> | ||
{{/each}} | ||
</div> | ||
</div> | ||
</script> | ||
|
||
<script> | ||
Handlebars.registerPartial("services.network.network_security_groups", $("#services\\.network\\.network_security_groups\\.partial").html()); | ||
</script> | ||
|
||
<!-- Single security group template --> | ||
<script id="single_network_network_security_group-template" type="text/x-handlebars-template"> | ||
{{> modal_template template='services.network.network_security_groups'}} | ||
</script> | ||
<script> | ||
var single_network_network_security_group_template = Handlebars.compile($("#single_network_network_security_group-template").html()); | ||
</script> |
24 changes: 24 additions & 0 deletions
24
ScoutSuite/output/data/html/partials/azure/services.network.network_watchers.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
<!-- Network Watchers partial --> | ||
<script id="services.network.network_watchers.partial" type="text/x-handlebars-template"> | ||
<div id="ressource-name" class="list-group-item active"> | ||
<h4 class="list-group-item-heading">{{location}}</h4> | ||
</div> | ||
|
||
<div class="list-group-item"> | ||
<h4 class="list-group-item-heading">Information</h4> | ||
<div class="list-group-item-text item-margin">Name: <span id="network.network_watchers.{{@key}}.name">{{name}}</span></div> | ||
<div class="list-group-item-text item-margin">Provisioning State: <span id="network.network_watchers.{{@key}}.provisioning_state">{{ provisioning_state }}</span></div> | ||
</div> | ||
</script> | ||
|
||
<script> | ||
Handlebars.registerPartial("services.network.network_watchers", $("#services\\.network\\.network_watchers\\.partial").html()); | ||
</script> | ||
|
||
<!-- Single watcher template --> | ||
<script id="single_network_network_watcher-template" type="text/x-handlebars-template"> | ||
{{> modal_template template='services.network.network_watchers'}} | ||
</script> | ||
<script> | ||
var single_network_network_watcher_template = Handlebars.compile($("#single_network_network_watcher-template").html()); | ||
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
{ | ||
"conditions":[ | ||
"or", | ||
["network.network_security_groups.id.security_rules.id.protocol", "equal", "*"], | ||
["network.network_security_groups.id.security_rules.id.protocol", "equal", "TCP"] | ||
] | ||
} |
12 changes: 12 additions & 0 deletions
12
ScoutSuite/providers/azure/rules/conditions/exposed-to-the-internet.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
{ | ||
"conditions":[ | ||
"and", | ||
["network.network_security_groups.id.security_rules.id.allow", "true", ""], | ||
["network.network_security_groups.id.security_rules.id.direction", "equal", "Inbound"], | ||
[ | ||
"or", | ||
["network.network_security_groups.id.security_rules.id.source_address_prefixes", "containAtLeastOneOf", "*"], | ||
["network.network_security_groups.id.security_rules.id.source_address_prefixes", "containAtLeastOneOf", "Internet"] | ||
] | ||
] | ||
} |
15 changes: 15 additions & 0 deletions
15
ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{ | ||
"dashboard_name": "Network", | ||
"arg_names": [ "Protocol (ex: SSH, RDP, etc.)", "Protocol's port", "Associated CIS rule" ], | ||
"key": "network-security-groups-rule-inbound-_ARG_0_", | ||
"description": "Security rule allowing _ARG_0_ inbound access in security group", | ||
"rationale": "You should not permit _ARG_0_(port _ARG_1_) inbound access to a network security group (CIS _ARG_2_).", | ||
"path": "network.network_security_groups.id.security_rules.id", | ||
"display_path": "network.network_security_groups.id", | ||
"conditions": [ "and", | ||
["network.network_security_groups.id.security_rules.id.destination_ports", "containAtLeastOneOf", "_ARG_1_"], | ||
["_INCLUDE_(conditions/exposed-to-the-internet.json)", "", ""], | ||
["_INCLUDE_(conditions/allow-tcp.json)", "", ""] | ||
], | ||
"id_suffix": "security_groups_rule_inbound__ARG_0_" | ||
} |
11 changes: 11 additions & 0 deletions
11
ScoutSuite/providers/azure/rules/findings/network-watcher-not-enabled.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
{ | ||
"dashboard_name": "Network", | ||
"description": "Network watcher not enabled", | ||
"rationale": "Network watchers should be enabled (CIS 6.5).", | ||
"path": "network.network_watchers", | ||
"display_path": "network.network_watchers", | ||
"conditions": [ "and", | ||
["network.network_watchers", "empty", ""] | ||
], | ||
"id_suffix": "network_watchers_disabled" | ||
} |
11 changes: 11 additions & 0 deletions
11
ScoutSuite/providers/azure/rules/findings/network-watcher-not-provisioned.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
{ | ||
"dashboard_name": "Network", | ||
"description": "Network watcher not provisioned", | ||
"rationale": "Network watchers should be provisioned to work (CIS 6.5).", | ||
"path": "network.network_watchers.id", | ||
"display_path": "network.network_watchers.id", | ||
"conditions": [ "and", | ||
["network.network_watchers.id.provisioning_state", "notEqual", "Succeeded"] | ||
], | ||
"id_suffix": "network_watchers_not_provisioned" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.