Fetch the details of assets hosted on AWS.

Last update: Dec 29, 2022

Overview

onaws

onaws is a simple tool to check if an IP/hostname belongs to the AWS IP space or not. It uses the AWS IP address ranges data published by AWS to perform the search.

The tool could be used for:

Continuous recon of assets
Gathering assets using a specific service (e.g. EC2)
Finding region information for S3 buckets
... etc.

Install

pip install onaws

Usage

Given an IP:

onaws 52.219.47.34

Given a hostname:

A domain or subdomain can be passed as input:

onaws example.com

You may also supply an S3 bucket hostname as input:

onaws dropbox.s3.amazonaws.com

List of hostnames

onaws accepts line-delimited hosts on STDIN. This is helpful if you want to pipe the output of other tools to onaws:

$ cat hosts.txt
uber.s3.amazonaws.com
aws.com
google.com


$ cat hosts.txt | onaws
{
    "uber.s3.amazonaws.com": {
        "is_aws_ip": true,
        "ip_address": "52.218.46.121",
        "service": "S3",
        "region": "eu-west-1",
        "matched_subnet": "52.218.0.0/17",
        "hostname": "uber.s3.amazonaws.com"
    },
    "aws.com": {
        "is_aws_ip": true,
        "ip_address": "52.84.13.117",
        "service": "CLOUDFRONT",
        "region": "GLOBAL",
        "matched_subnet": "52.84.0.0/15",
        "hostname": "aws.com"
    },
    "google.com": {
        "is_aws_ip": false
    }
}

Output

If the IP/hostname falls in the AWS IP range, onaws will return the service, region and other details in the output:

{
    "is_aws_ip": true,
    "ip_address": "52.218.196.155",
    "service": "S3",
    "region": "us-west-2",
    "matched_subnet": "52.218.128.0/17",
    "hostname": "flaws.cloud"
}

Contribution

I welcome contributions from the public. If you find something that could be improved, please file an Issue or send a PR :)

Credits

Thanks to @TomNomNom for suggesting the name.

Comments

Code refactor; input + output streaming (#1 and #2); better output

I refactor the code and introduce input + output streaming (closes #1 and closes #2), with the output being in JSONL format. The input streaming approach was taken from the PR by @havefish (#3)—good stuff!

Furthermore, I improve the output and make it list-input-friendly by showing the specified input. It now looks as follows:

opened by KarimPwnz 1
Cache ip ranges

Given the size of the AWS IP ranges file, this PR makes onaws cache it. The cache is updated when the etag header, which represents the MD5 checksum of the remote data, does not match the local data checksum.

The local cache is located at ~/.onaws/ip-ranges.json, and all functionality related to fetching the IP ranges has been moved to ipranges.py.

opened by KarimPwnz 0
ISSUE #1, ISSUE #2: streaming input and output
current changes stream the input, hence the processing should occur at constant memory

However, as the output is still being gathered in-memory, the memory consumption on large input still remains; to be solved in issue #2.

a optional parameter has been added -s that takes two values t: text or j: json

with this change the whole process should run at constant memory

Example Usage: cat file.txt | onaws -sj
opened by havefish 0
Line delimited Output
currently the output is dumped in a single JSON.

this approach won't work for a large input

also streaming the output won't be possible, to use the output the while thing has to be produced first.

the solution is line delimited JSON or plain text
opened by havefish 0
Added -i and -o parameters for input and output files

Quick and dirty solution to add input and output files to work in my pipeline. The changes should not break anything afaik, you can merge it if you like. Thank you for the code!

opened by kz0ltan 0