Merge pull request #2 from RedMapleTech/feature/sc-25982/build-cloud-…

…enum-into-executable [sc-25981] Add support to build into bin
RedMapleTech · Jul 8, 2024 · 3a7dc69 · 3a7dc69
2 parents 783e2cf + 4f36889
commit 3a7dc69
Show file tree

Hide file tree

Showing 6 changed files with 50 additions and 8 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,10 @@
+# Dockerfile for building to single executable file with pyinstaller
+FROM --platform=linux/amd64 python
+
+WORKDIR /usr/src/cloud-enum
+
+COPY . .
+
+RUN pip3 install -r ./requirements.txt
+
+CMD ["pyinstaller", "--onefile", "--add-data=enum_tools/fuzz.txt:enum_tools", "--add-data=enum_tools/ns.txt:enum_tools", "cloud_enum.py"]
diff --git a/README.md b/README.md
@@ -1,5 +1,19 @@
 # cloud_enum
 
+This for changes the following:
+
+- Adds JSON structured logging (with log level flag), findings are logged at INFO. Findings logs have fields:
+  - `platform` - `gcp`/`azure`/`aws`
+  - `access` - `protected`/`public`/`disabled`
+  - `key` - identify type of finding
+  - `target` - URL of asset e.g. `http://storage.googleapis.com/examplestorage`
+  - `message` - Human readable summary of finding
+- Adds `ns.txt` which will be used by default instead of the `-ns` flag.
+- Removes logfile capability (to easily support the above requirement). Can pipe to file if required
+  - Logfile format has additionally been removed
+- Build into a single executable. This will leave a `cloud_enum` bin in the `/dist` directory.
+  - Build bin for deploy (linux/amd64): `task build`
+
 Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
 
 Currently enumerates the following:
@@ -83,7 +97,7 @@ optional arguments:
   -ns NAMESERVER, --nameserver NAMESERVER
                         DNS server to use in brute-force.
   -l LOGFILE, --logfile LOGFILE
-                        REMOVED Will APPEND found items to specified file.
+                        [REMOVED] Will APPEND found items to specified file.
   -f FORMAT, --format FORMAT
                         Format for log file (text,json,csv - defaults to text)
   --disable-aws         Disable Amazon checks.

diff --git a/Taskfile.yaml b/Taskfile.yaml
@@ -0,0 +1,9 @@
+# https://taskfile.dev
+
+version: "3"
+
+tasks:
+  build:
+    cmds:
+      - docker build -t cloud-enum-build .
+      - docker run -it --rm -v ${PWD}:/usr/src/cloud-enum cloud-enum-build
diff --git a/cloud_enum.py b/cloud_enum.py
@@ -18,6 +18,8 @@
 from enum_tools import gcp_checks as gcp
 from logger import logger
 
+log = None
+
 
 def parse_arguments():
     """
@@ -29,6 +31,10 @@ def parse_arguments():
     # Grab the current dir of the script, for setting some defaults below
     script_path = os.path.split(os.path.abspath(sys.argv[0]))[0]
 
+    # If we're running as a frozen binary, we need to adjust the path
+    if getattr(sys, 'frozen', False):
+        script_path = sys._MEIPASS
+
     kw_group = parser.add_mutually_exclusive_group(required=True)
 
     # Keyword can given multiple times
@@ -40,7 +46,7 @@ def parse_arguments():
                           help='Input file with a single keyword per line.')
 
     parser.add_argument('-l', '--log-level', type=str,
-                        action='store', default='info', help='Log level')
+                        action='store', default='INFO', help='Log level')
 
     # Use included mutations file by default, or let the user provide one
     parser.add_argument('-m', '--mutations', type=str, action='store', default=script_path +
@@ -54,9 +60,9 @@ def parse_arguments():
                         default=5, help='Threads for HTTP brute-force. Default = 5')
 
     parser.add_argument('-ns', '--nameserver', type=str, action='store',
-                        default='8.8.8.8', help='DNS server to use in brute-force.')
+                        help='DNS server to use in brute-force.')
 
-    parser.add_argument('-nsf', '--nameserverfile', type=str,
+    parser.add_argument('-nsf', '--nameserverfile', type=str, action='store', default=script_path + '/enum_tools/ns.txt',
                         help='Path to the file containing nameserver IPs')
 
     parser.add_argument('--disable-aws', action='store_true',
@@ -76,6 +82,10 @@ def parse_arguments():
 
     args = parser.parse_args()
 
+    # Set up logging
+    global log
+    log = logger.Logger(args.log_level.upper())
+
     # Ensure mutations file is readable
     if not os.access(args.mutations, os.R_OK):
         log.new().error(f"Cannot access mutations file: {args.mutations}")
@@ -208,10 +218,6 @@ def main():
     """
     args = parse_arguments()
 
-    # Set up logging
-    global log
-    log = logger.Logger(args.log_level.upper())
-
     # Generate a basic status on targets and parameters
     print_status(args)
 

diff --git a/enum_tools/ns.txt b/enum_tools/ns.txt
@@ -0,0 +1,2 @@
+1.1.1.1
+8.8.8.8
diff --git a/requirements.txt b/requirements.txt
@@ -1,3 +1,4 @@
 dnspython
 requests
 requests_futures
+pyinstaller