v1.12.2

Commits

• 9f8ae08: another fix to pass brew tests (sethsec-bf) #49
• 40e0c92: another fix to pass brew tests (sethsec-bf) #49

v1.12.1

Commits

• 42d7cfe: hacky fix to have error log written to local dir if user dir does not exist (so it can pass brew test) (sethsec-bf) #48

v1.12.0

AWS

• Updates
  • Inventory - Inventory's rows are now dynamic. It will only show you rows if at least one of that resource type exists. Also added a bunch of new resources to inventory!
  • Caching - Continued to transfer more functions to cached versions.

Azure

• Updates
  • Global - Updated the -t tentant and -s subscription to accept common names for subscription ID and tentant ID in addition to the ID's themselves. Should make for a much better user experience.
  • Global -Completely reworked the logging directory structure to use the common names for subscription and ID, and to nest subscriptions within their tentants.
  • vms - Renamed the instances command to vms command to be more inline with azure terminology
  • vms - Added user-data extraction to the vms command

Commits

• 471da59: Updated ecs-tasks and eni to use cached functions (sethsec-bf) #46
• 602332a: Updated ecs-tasks and eni to use cached functions (sethsec-bf) #46
• 06a7e7e: Updated sdk package to do the gob initializations in self contained init functions (sethsec-bf) #46
• 659b2e7: Completed inventory migration to use sdk, also finally removed need for second global table (sethsec-bf) #46
• fc52e01: updated tests, added new sdk functions, added started the migration of keeping all mocks in _mocks.go files (sethsec-bf) #46
• e88cb77: updated inventory to include more ec2, ecs, and ecr resources (sethsec-bf) #46
• cef1aa3: updated inventory to include more ec2, ecs, and ecr resources (sethsec-bf) #46
• 60daff3: updated inventory to include more redshift, route53, updated route53 to use new cached functions and to include CNAME records in loot (sethsec-bf) #46
• 00ed8a7: Added many new resources to inventory. Made inventory rows dynamic. Only non-empty rows will print (sethsec-bf) #46
• d94fafe: go get -u (sethsec-bf) #46
• 3a19fdb: reworking the tenant/subscription file structure (sethsec-bf) #46
• 102b91e: Got rbac working with the new directory stucture and accepting common names for tentant and subscirption as input params (sethsec-bf) #46
• 08b5cd1: renamed rbac and storage, and converted instances and storage over to user names in addition to IDs as input params. (sethsec-bf) #46
• 5132622: updated azure to use same home directory logic as the aws command (sethsec-bf) #46
• 01d320d: inventory now supports tenant mode, both merged and split. fixed all tests (sethsec-bf) #46
• 5aab3b4: updated logging path for tenant data to make it more clear (sethsec-bf) #46
• aa42c8b: renamed azure instances -> vms, got userdata loot working on azure vms command (sethsec-bf) #46
• 8221b5f: bumped version to 1.12.0 (sethsec-bf) #46

v1.11.3

Commits

• dc0396f: updated logging path to have profile come before account-id to make it easier to find the right data (sethsec-bf) #45

v1.11.2

Commits

• 1fb9f4c: fixed services table to sort by service which is way more helpful (sethsec-bf) #44
• 03177e8: Fix paths on API Gateways & V2. Clean up path for S3 bucket endpoints as well (Wyatt Dahlenburg) #43
• adb9bcd: Handle stage in apigatewayv2 (Wyatt Dahlenburg) #43
• a9b95d9: merged from main (sethsec-bf) #44
• 2c5fec4: loading cache from files by default was a bad idea. changed default to not load cache from disk, and if the -c flag is used, then cache is loaded from disk (sethsec-bf) #44
• 6c8936c: fixed two segfault issues due to not checking if fields within a struct are nil (sethsec-bf)
• c11ebf9: fixed newly introduced eks bug in the caching function (region and cluster name were passed in the wrong order) (sethsec-bf)

v1.11.1

Commits

• 690b3c8: found and fixed some bugs in the new resource-trusts command (sethsec-bf)
• b8bf12f: found and fixed some bugs in the new resource-trusts command (sethsec-bf) #41
• 3c6c59e: Update README.md (Seth Art)

v1.11.0

AWS

• New Commands
  • resource-trusts - Looks at CodeBuild, ECR, EFS, Lambda, S3, SNS, SQS for any resource policies that might be interesting for a penetration tester
  • org - Checks if an account is in an org, and if it is, it tells you the org mgmt account. If run on the org management account, lists all accounts IDs and names
  • codebuild - Lists codebuild projects
  • databases - Enumerates databases including RDS, DynamoDB, RedShift, and DocsDB
• Updates
  • Output location - Changed the default output directory to ~./cloudfox/cloudfox-output (instead of current directory)
  • Output bug fix - Fixed bug that wrote buckets, sns, and sqs ouptut to the wrong directory when env vars were used instead of a profile
  • Permissions - Fixed multiple bugs that were skipping some policies - added support for just specifying the principal name and not the whole arn
  • Instances - Added ssm and ec2-instanceconnect commands to instance loot
  • Caching - Added function caching to reduce the number of AWS calls required (added a —ignore-cache option to disable this if needed). Only partially implemented so far.

Commits

• 59157b4: updated EFS to show file permissions and root directory info (sethsec-bf) #39
• f2f9377: updated inventory to include codebuild and started to break it out a bit into api call functions (sethsec-bf) #39
• 7f413fc: fixed bug in filesystems command (sethsec-bf) #39
• 1aca8cf: fixed bug in filesystems command related mount targets (sethsec-bf) #39
• bc91da0: fixed bug in permissions command where it was choking on statements with conditions (sethsec-bf) #39
• 56247f4: first draft of resource-trusts command (sethsec-bf) #39
• 186cd04: Finished codebuild test, added codeguild to resource-trusts command, updated ecr test to add new function to the client interface (sethsec-bf) #39
• 766fe55: added more to resource trusts module, started to move commands to shared initalizers (sethsec-bf) #39
• 7490d1a: fixed bug that wrote buckets, sns, sqs files in the wrong place when using environment variables (sethsec-bf) #39
• 0276ce2: initial draft of the orgs command (sethsec-bf) #39
• 5f7596b: more draft work on the orgs command (sethsec-bf) #39
• 8722782: merged from main (sethsec-bf) #39
• 8b2f13c: added ssm and ec2-instanceconnect commands to instances loot (sethsec-bf) #39
• 8e9bd42: finally added some logic so that if the user submits the name of the user/role/group instead of hte arn it will work anyway (sethsec-bf) #39
• ef1b37c: Added conditions col to the output to at least say if conditions exist on a permission (sethsec-bf) #39
• c059776: reworked the option to specify a principal so it works with groups also. i don't think it was working before (sethsec-bf) #39
• 2756cd0: changed default output dir to ~/.cloudfox/cloudfox-output (sethsec-bf) #39
• b29e4ea: changed output directory, added beginning phases of cached support - both within one single run, but also loading cached data from previous runs, added codebuild command, added orgs command, added databases command, switched everything to use carlos's output2 functions, changed the output flag from type (csv,table) to be like kubectl with wide/narrow (sethsec-bf) #39
• 497c794: migrated ecr to cached functions (sethsec-bf) #39
• ce6c3f7: migrated ecr and a few other functions in the endpoints and env-vars commands to use the cached functions (sethsec-bf) #39
• 9581425: updates to resource-trust command (sethsec-bf) #39
• d5956ce: tweak to database command cols (sethsec-bf) #39
• 2b294e5: updated wrapping for files written to disk, updated go modules (sethsec-bf) #39
• a0a64c5: bumped go version for releaser (sethsec-bf) #39
• 7b51d9d: updated tests (sethsec-bf) #39
• 5607558: bumped version to 1.11.0 (sethsec-bf) #39
• fc7a571: updated lambda header to name instead of arn (sethsec-bf) #40

v1.10.3

Commits

• 0397b5d: fixed bug in aws permissions - it was not handling policies applied to groups properly (sethsec-bf)

v1.10.2

Commits

• 51f0b65: bugfix 'SQS' and 'SNS' are inspected when 'all-checks' is executed. (motikan2010) #35
• 3652866: moved sns/sqs to another section in all-checks (sethsec-bf)
• 8ef71a6: fixed bug in env-vars where sagaemaker model exists but primarycontainer does not (sethsec-bf)

v1.10.1

Commits

• 07c4ddc: Update README.md (Seth Art)
• cecebb8: updated table file output to respect the wrap argument and the default which is to not wrap (sethsec-bf)
• 77c7edf: fixed an error handling bug on the az storage and whoami commands (carlosvendramini) #33
• 47c1184: attempt to fix a bug within az validatePublicBlobURLs (carlosvendramini) #33
• e6b5604: updated version tag to 1.10.1 (carlosvendramini) #33
• b3620ca: fixed output path in control messages for az inventory (carlosvendramini) #33
• 8550561: fixed bug in filesystems command related to regions (sethsec-bf)
• dc7c8c6: Merge branch 'main' into carlos-dev (Seth Art) #33