Merge pull request #151 from nccgroup/refactor/127-cli-refactoring

Refactor/127 cli refactoring
nccgroup · Feb 10, 2019 · ef5c080 · ef5c080
2 parents 9d5b799 + 988f8b7
commit ef5c080
Show file tree

Hide file tree

Showing 14 changed files with 382 additions and 390 deletions.
diff --git a/README.md b/README.md
@@ -111,23 +111,23 @@ There are five ways to run scout against an Azure organization.
     1. On most system, you can install azure-cli using `pip install azure-cli`.
     2. Log into an account. The easiest way to do it it with `az login`(for more authentication method, 
     you can refer to https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli?view=azure-cli-latest).
-    3. Run Scout with the `--azure-cli` flag.
+    3. Run Scout with the `--cli` flag.
 2.  Managed Service Identity
     1. Configure your identity on the Azure portal(you can refer to 
     https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/)
-    2. Run Scout with the `--azure-msi` flag.
+    2. Run Scout with the `--msi` flag.
 3.  Service Principal
     1. Set up a service principal on the Azure portal(you can refer to 
     https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal)
-    2. Run Scout with the `--azure-service-principal` flag. Scout will prompt you for the 
+    2. Run Scout with the `--service-principal` flag. Scout will prompt you for the 
     required information.
 4.  File-based Authentication
     1. Create a Service Principal for azure SDK. You can do this with azure-cli using 
     `az ad sp create-for-rbac --sdk-auth > mycredentials.json`.
     2. Run Scout while providing it with the credentials file using 
     `--azure-file-auth path/to/credentials/file`.
 5.  User Credentials
-    1. Run Scout using `--azure-user-credentials`. The application will prompt you for your credentials.
+    1. Run Scout using `--user-account`. The application will prompt you for your credentials.
 
 Scout will require the Reader role over all the resources you want to check. The easiest way is to give 
 it Reader over the Subscription, as it will be inherited on all the resources.
@@ -165,36 +165,45 @@ The following command will provide the list of available command line options:
 
     $ python Scout.py --help
 
+You can also use this to get help on a specific provider:
+
+    $ python Scout.py aws --help
+
 For further details, checkout our Wiki pages at <https://github.com/nccgroup/ScoutSuite/wiki>.
 
 After performing a number of API calls, Scout will create a local HTML report and open it in the default browser.
 
+Also note that the command line will try to infer the argument name if possible when receiving partial switch. For
+example, this will work and use the selected profile:
+
+    $python Scout.py aws --pro PROFILE
+
 #### Amazon Web Services
 
 Using a computer already configured to use the AWS CLI, you may use Scout using the following command:
 
-    $ python Scout.py --provider aws
+    $ python Scout.py aws
 
 **Note:** EC2 instances with an IAM role fit in this category.
 
 If multiple profiles are configured in your .aws/credentials and .aws/config files, you may specify which credentials
 to use with the following command:
 
-    $ python Scout.py --profile <PROFILE_NAME>
+    $ python Scout.py aws --profile <PROFILE_NAME>
 
 If you have a CSV file containing the API access key ID and secret, you may run Scout with the following command:
 
-    $ python Scout.py --csv-credentials <CREDENTIALS.CSV>
+    $ python Scout.py aws --csv-credentials <CREDENTIALS.CSV>
 
 #### Google Cloud Platform
 
 Using a computer already configured to use gcloud command-line tool, you may use Scout using the following command:
 
-    $ python Scout.py --provider gcp --user-account
+    $ python Scout.py gcp --user-account
 
 To run Scout using Service Account keys, using the following command:
 
-    $ python Scout.py --provider gcp --service-account --key-file </PATH/TO/KEY_FILE.JSON>
+    $ python Scout.py gcp --service-account </PATH/TO/KEY_FILE.JSON>
 By default, using the `--service-account` argument will audit all the projects that the provided service account has access to. If you only want to scan a single project, include the `--project-id` argument.
 
 To scan a GCP ...
@@ -206,21 +215,32 @@ To scan a GCP ...
 
 Using a computer already configured to use azure-cli, you may use Scout using the following command:
 
-    $ python Scout.py --provider azure --azure-cli
+    $ python Scout.py azure --cli
 
 When using Scout in an Azure virtual machine with the Reader role, you may use 
 Scout using the following command:
 
-    $ python Scout.py --provider azure --azure-msi
+    $ python Scout.py azure --msi
 
 When using Scout with a Service Principal, you may run Scout using the following command:
 
-    $ python Scout.py --provider azure --azure-service-principal
+    $ python Scout.py azure --service-principal
+
+You can also pass the credentials you want directly with command line arguments. The remaining ones will be asked
+interactively:
+
+    $ python Scout.py azure --service-principal --tenant <TENANT_ID> --subscription <SUBSCRIPTION_ID> --client-id <CLIENT_ID>
+    --client-secret <CLIENT_SECRET>
 
 When using Scout with an authentication file, you may run Scout using the following command:
 
-    $ python Scout.py --provider azure --azure-file-auth path/to/auth/file
+    $ python Scout.py azure --file-auth </PATH/TO/KEY_FILE.JSON>
 
 When using Scout against your user account, you may run Scout using the following command:
 
-    $ python Scout.py --provider azure --azure-user-credentials
+    $ python Scout.py azure --user-account
+
+You can also pass the credentials you want directly with command line arguments. The remaining ones will be asked
+interactively:
+
+    $ python Scout.py azure --username <USERNAME> --password <PASSWORD>
diff --git a/Scout.py b/Scout.py
@@ -1,8 +1,13 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 
-from ScoutSuite.__main__ import main
 import sys
 
-if __name__ == '__main__':
-    sys.exit(main())
+from ScoutSuite.__main__ import main as scout
+from ScoutSuite.cli_parser import ScoutSuiteArgumentParser
+
+if __name__ == "__main__":
+    parser = ScoutSuiteArgumentParser()
+    args = parser.parse_args()
+
+    sys.exit(scout(args))
diff --git a/Scout2Listall.py b/Scout2Listall.py
diff --git a/ScoutRulesGenerator.py b/ScoutRulesGenerator.py
diff --git a/ScoutSuite/__listall__.py b/ScoutSuite/__listall__.py
@@ -5,7 +5,6 @@
 import os
 import sys
 
-
 try:
     from opinel.utils.globals import check_requirements
     from opinel.utils.console import configPrintException, printError, printException, printInfo
@@ -17,7 +16,6 @@
 
 from ScoutSuite import AWSCONFIG
 from ScoutSuite.providers import get_provider
-from ScoutSuite.cli_parser import ListallArgumentParser
 from ScoutSuite.core.ruleset import TmpRuleset
 from ScoutSuite.core.processingengine import ProcessingEngine
 from ScoutSuite.output.console import format_listall_output, generate_listall_output
@@ -28,11 +26,7 @@
 ##### Main
 ########################################
 
-def main():
-    # Parse arguments
-    parser = ListallArgumentParser()
-    args = parser.parse_args()
-
+def main(args):
     # Configure the debug level
     configPrintException(args.debug)
 
@@ -46,7 +40,7 @@ def main():
 
         # Load the config
         try:
-            #FIXME this is specific to AWS
+            # FIXME this is specific to AWS
             report_file_name = 'aws-%s' % profile_name
             report = Scout2Report('aws', report_file_name, args.report_dir, args.timestamp)
             aws_config = report.jsrw.load_from_file(AWSCONFIG)