New POC scoring and extra741 key finder userdata

2026-02-10 14:55:00 +00:00 · 2019-02-08 16:39:05 +00:00
parent 6600df9be9
commit 170557a422
4 changed files with 21 additions and 9 deletions
--- a/checks/check111
+++ b/checks/check111
@@ -17,7 +17,7 @@ CHECK_ALTERNATE_check111="check111"
 check111(){
  # "Ensure IAM password policy expires passwords within 90 days or less (Scored)"
  COMMAND111=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --query PasswordPolicy.MaxPasswordAge --output text 2> /dev/null)
-  if [[ $COMMAND111 ]];then
+  if [[ $COMMAND111 == [0-9]* ]];then
    if [[ "$COMMAND111" -le "90" ]];then
      textPass "Password Policy includes expiration (Value: $COMMAND111)"
    else
--- a/checks/check_extra741
+++ b/checks/check_extra741
@@ -26,20 +26,22 @@ extra741(){
        USERDATA=$($AWSCLI ec2 describe-instance-attribute --attribute userData --query UserData.Value $PROFILE_OPT --region $regx --instance-id $instance --output text | decode_report > $USERDATA_FILE)
        if [ -s $USERDATA_FILE ];then
          FILE_FORMAT_ASCII=$(file -b $USERDATA_FILE|grep ASCII)
+          FINDINGS=$(grep '[A-Za-z0-9]\{20,40\}' $USERDATA_FILE|wc -l|tr -d '\ ')
          if [[ $FILE_FORMAT_ASCII ]]; then
-            FINDINGS=$(grep '[A-Za-z0-9]\{20,40\}' $USERDATA_FILE|wc -l)
            if [[ $FINDINGS -eq 0 ]]; then
-              textPass "$regx: $instance nothing found" "$regx"
+              textPass "$regx: Nothing found in $instance" "$regx"
+              # delete file if nothing interesting is there
+              rm -f $USERDATA_FILE
            else
-              textFail "$regx: $instance FOUND! $FINDINGS" "$regx"
+              textFail "$regx: Found $FINDINGS keys in $instance! Check file $USERDATA_FILE" "$regx"
            fi
          else
            mv $USERDATA_FILE $USERDATA_FILE.gz ; gunzip $USERDATA_FILE.gz
-            FINDINGS=$(grep '[A-Za-z0-9]\{20,40\}' $USERDATA_FILE|wc -l)
            if [[ $FINDINGS -eq 0 ]]; then
-              textPass "$regx: $instance nothing found" "$regx"
+              textPass "$regx: Nothing found in $instance" "$regx"
+              rm -f $USERDATA_FILE.gz
            else
-              textFail "$regx: $instance FOUND! $FINDINGS" "$regx"
+              textFail "$regx: Found $FINDINGS keys in $instance! Check file $USERDATA_FILE" "$regx"
            fi
          fi
        else
--- a/include/outputs
+++ b/include/outputs
@@ -13,6 +13,7 @@

 # Output formatting functions
 textPass(){
+  PASS_COUNTER=$((PASS_COUNTER+1))
  if [[ "$MODE" == "csv" ]]; then
    if [[ $2 ]]; then
      REPREGION=$2
@@ -95,6 +96,7 @@ textInfo(){
 }

 textFail(){
+  FAIL_COUNTER=$((FAIL_COUNTER+1))
  EXITCODE=3
  if [[ "$MODE" == "csv" ]]; then
    if [[ $2 ]]; then
@@ -137,6 +139,7 @@ textFail(){
 }

 textTitle(){
+  CHECKS_COUNTER=$((CHECKS_COUNTER+1))
  TITLE_ID=$1
  if [[ $NUMERAL ]]; then
    TITLE_ID=$(echo $TITLE_ID | cut -d, -f2)
--- a/11
+++ b/11
@@ -32,7 +32,7 @@ OPTRED="[1;31m"
 OPTNORMAL="[0;39m"

 # Set the defaults variables
-PROWLER_VERSION=2.0
+PROWLER_VERSION=2.0.1-devel
 PROWLER_DIR=$(dirname "$0")

 REGION=""
@@ -73,12 +73,13 @@ USAGE:
      -E                  execute all tests except a list of specified checks separated by comma (i.e. check21,check31)
      -b                  do not print Prowler banner
      -V                  show version number & exit
+      -s                  show scoring report
      -h                  this help
  "
  exit
 }

-while getopts ":hlLkp:r:c:g:f:m:M:E:enbV" OPTION; do
+while getopts ":hlLkp:r:c:g:f:m:M:E:enbVs" OPTION; do
   case $OPTION in
     h )
        usage
@@ -132,6 +133,9 @@ while getopts ":hlLkp:r:c:g:f:m:M:E:enbV" OPTION; do
        EXITCODE=0
        exit $EXITCODE
        ;;
+     s )
+        SCORING=1
+        ;;
     : )
        echo ""
        echo "$OPTRED ERROR!$OPTNORMAL  -$OPTARG requires an argument"
@@ -158,6 +162,7 @@ done
 . $PROWLER_DIR/include/banner
 . $PROWLER_DIR/include/whoami
 . $PROWLER_DIR/include/credentials_report
+. $PROWLER_DIR/include/scoring

 # Get a list of all available AWS Regions
 REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' \
@@ -369,6 +374,7 @@ if [[ $GROUP_ID_READ ]];then
    fi
    execute_group_by_id $GROUP_ID_READ
    cleanTemp
+    scoring
    exit $EXITCODE
  else
    textFail "Use a valid check group ID i.e.: group1, extras, forensics-ready, etc."
@@ -378,5 +384,6 @@ if [[ $GROUP_ID_READ ]];then
 fi

 execute_all
+scoring
 cleanTemp
 exit $EXITCODE