ThreatWatch Information Gathering Script
Project description
twigs
ThreatWatch Information Gathering Script
Free software: GNU General Public License v3
Documentation: https://twigs.readthedocs.io.
Features
twigs.py - A python script to discover various types of assets (cloud-based, Linux hosts, containers, open source and more).
Note - twigs requires python 2.7 It is recommended to use virtual environments to create isolated Python environments and reduce dependency conflicts. Please use the following command: python -m virtualenv –python=/usr/bin/python2.7 twigs_env_2_7
$ python twigs.py –help usage: twigs.py [-h] –handle HANDLE [–token TOKEN] [–instance INSTANCE] [–csv_file CSV_FILE] {aws,azure,opensource,host,docker} …
ThreatWatch Information Gathering Script (twigs) to discover assets like hosts, cloud instances, containers and opensource projects
- optional arguments:
- -h, --help
show this help message and exit
- --handle HANDLE
The ThreatWatch registered email id/handle of the user
- --token TOKEN
The ThreatWatch API token of the user
- --instance INSTANCE
The ThreatWatch instance. Defaults to ThreatWatch Cloud SaaS.
- --csv_file CSV_FILE
Specify name of the CSV file to hold the exported asset information. Defaults to out.csv
- modes:
Discovery modes supported
- {aws,azure,opensource,host,docker}
aws Discover AWS instances azure Discover Azure instances opensource Discover open source assets host Discover linux host assets docker Discover docker instances
Mode: aws $ python twigs.py aws –help usage: twigs.py aws [-h] –aws_account AWS_ACCOUNT –aws_access_key AWS_ACCESS_KEY –aws_secret_key AWS_SECRET_KEY –aws_region AWS_REGION –aws_s3_bucket AWS_S3_BUCKET
- optional arguments:
- -h, --help
show this help message and exit
- --aws_account AWS_ACCOUNT
AWS account ID
- --aws_access_key AWS_ACCESS_KEY
AWS access key
- --aws_secret_key AWS_SECRET_KEY
AWS secret key
- --aws_region AWS_REGION
AWS region
- --aws_s3_bucket AWS_S3_BUCKET
AWS S3 inventory bucket
Mode: azure $ python twigs.py azure –help usage: twigs.py azure [-h] –azure_tenant_id AZURE_TENANT_ID –azure_application_id AZURE_APPLICATION_ID –azure_application_key AZURE_APPLICATION_KEY [–azure_subscription AZURE_SUBSCRIPTION] [–azure_resource_group AZURE_RESOURCE_GROUP] [–azure_workspace AZURE_WORKSPACE]
- optional arguments:
- -h, --help
show this help message and exit
- --azure_tenant_id AZURE_TENANT_ID
Azure Tenant ID
- --azure_application_id AZURE_APPLICATION_ID
Azure Application ID
- --azure_application_key AZURE_APPLICATION_KEY
Azure Application Key
- --azure_subscription AZURE_SUBSCRIPTION
Azure Subscription. If not specified, then available values will be displayed
- --azure_resource_group AZURE_RESOURCE_GROUP
Azure Resource Group. If not specified, then available values will be displayed
- --azure_workspace AZURE_WORKSPACE
Azure Workspace. If not specified, then available values will be displayed
Mode: opensource $ python twigs.py opensource –help usage: twigs.py opensource [-h] –repo REPO [–type {python,ruby,nodejs,dotnet,yarn}] [–assetid ASSETID] [–assetname ASSETNAME] [–impact_refresh_days IMPACT_REFRESH_DAYS]
- optional arguments:
- -h, --help
show this help message and exit
- --repo REPO
Local path or git repo url for project
- --type TYPE
Type of open source component to scan for {python,ruby,nodejs,dotnet,yarn}. Defaults to all supported types if not specified
- --assetid ASSETID
A unique ID to be assigned to the discovered asset
- --assetname ASSETNAME
A name to be assigned to the discovered asset
- --impact_refresh_days IMPACT_REFRESH_DAYS
Request impact refresh for this asset for number of days (range 1 - 365 days)
Mode: host $ python twigs.py host –help usage: twigs.py host [-h] [–remote_hosts_csv REMOTE_HOSTS_CSV] [–assetid ASSETID] [–assetname ASSETNAME] [–impact_refresh_days IMPACT_REFRESH_DAYS]
- optional arguments:
- -h, --help
show this help message and exit
- --remote_hosts_csv REMOTE_HOSTS_CSV
CSV file containing details of remote hosts. CSV file column header [1st row] should be: hostname,userlogin, userpwd,privatekey,assetid,assetname. Note “hostname” column can contain hostname, IP address, CIDR range.
- --assetid ASSETID
A unique ID to be assigned to the discovered asset
- --assetname ASSETNAME
A name/label to be assigned to the discovered asset
- --impact_refresh_days IMPACT_REFRESH_DAYS
Request impact refresh for this asset for number of days (range 1 - 365 days)
Mode: docker $ python twigs.py docker –help usage: twigs.py docker [-h] –image IMAGE [–assetid ASSETID] [–assetname ASSETNAME] [–impact_refresh_days IMPACT_REFRESH_DAYS]
- optional arguments:
- -h, --help
show this help message and exit
- --image IMAGE
The docker image (repo:tag) which needs to be inspected. If tag is not given, “latest” will be assumed.
- --assetid ASSETID
A unique ID to be assigned to the discovered asset
- --assetname ASSETNAME
A name/label to be assigned to the discovered asset
- --impact_refresh_days IMPACT_REFRESH_DAYS
Request impact refresh for this asset for number of days (range 1 - 365 days)
Note: For Windows hosts, you can use provided PowerShell script (windows_discovery.ps1) for discovery. It requires PowerShell 3.0 or higher.
usage: .\windows_discovery.ps1 -?
windows_discovery.ps1 [-tw_handle] <string> [-tw_api_key] <string> [[-tw_instance] <string>] [-asset_id] <string> [<CommonParameters>]
Credits
This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.
History
0.1.0 (2019-03-18)
First release on PyPI.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for twigs-1.0.11-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8ca9f3d115021512c595b36f64f01cd0647c8d88dfadc76a901ff9d04c00c5c8 |
|
MD5 | f3e65d0b901e3afa268d826667840103 |
|
BLAKE2b-256 | c10d10c9007b7c8a6a45869a68ee12d56f5a9c8f2d88074cfe6eae919aabe5bf |