Feature: CloudEploit 2.0.1

.github/CODE_OF_CONDUCT.md

@@ -1,4 +1,4 @@
-# CloudSploit Code of Conduct
+# CloudExploit Code of Conduct
 
 ## Our Pledge
 

.github/CONTRIBUTING.md

@@ -1,14 +1,14 @@
-# Contributing to CloudSploit
-Thank you for your interest in contributing to CloudSploit! We welcome your PRs, issues, feedback, and other contributions to this open source repository. To keep things moving smoothly, please use the following guidelines when working with the CloudSploit source code.
+# Contributing to CloudExploit
+Thank you for your interest in contributing to CloudExploit! We welcome your PRs, issues, feedback, and other contributions to this open source repository. To keep things moving smoothly, please use the following guidelines when working with the CloudExploit source code.
 
 ## Code of Conduct
-The CloudSploit project, maintainers, and contributors are governed by the [CloudSploit Code of Conduct](CODE_OF_CONDUCT.md). By contributing, you are agreeing to uphold this code in your interactions with the CloudSploit community.
+The CloudExploit project, maintainers, and contributors are governed by the [CloudExploit Code of Conduct](CODE_OF_CONDUCT.md). By contributing, you are agreeing to uphold this code in your interactions with the CloudExploit community.
 
 ## License
-By contributing code to CloudSploit, you attest that you have the rights to all code and that you are assigning these rights to Khulnasoft Security, Ltd. for use within its projects.
+By contributing code to CloudExploit, you attest that you have the rights to all code and that you are assigning these rights to Khulnasoft Security, Ltd. for use within its projects.
 
 ## Getting Started
-Please read our [README](../README.md#installation) for information on getting setup to use and develop CloudSploit scans locally. We also have a [guide for writing new plugins](../docs/writing-plugins.md).
+Please read our [README](../README.md#installation) for information on getting setup to use and develop CloudExploit scans locally. We also have a [guide for writing new plugins](../docs/writing-plugins.md).
 
 ## Proposing Large Changes
 While we welcome all contributions, large pull requests that make significant changes to the codebase are difficult to review are merge without prior discussion. Please open an issue to discuss these changes before beginning work on them.

.github/workflows/scans_ci.yml

@@ -10,7 +10,7 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@v1
         with:
-          node-version: '18.x'
+          node-version: '12.x'
       - uses: codespell-project/actions-codespell@master
         with:
           check_filenames: true

README.md

@@ -1,13 +1,16 @@
-[![Build Status](https://travis-ci.org/khulnasoft/cloudexploit.svg?branch=master)](https://travis-ci.org/khulnasoft/cloudexploit)
+[<img src="https://cloudexploit.com/images/logos/cloudexploit_by_khulnasoft_2021.png" height="130">](https://cloud.khulnasoft.com/signup)
 
-CloudSploit by Khulnasoft - Cloud Security Scans
+[![Build Status](https://travis-ci.com/khulnasoft/cloudexploit.svg?branch=master)](https://travis-ci.com/khulnasoft/cloudexploit)
+
+CloudExploit by Khulnasoft - Cloud Security Scans
 =================
 
 [<img src="docs/console.png">](https://cloud.khulnasoft.com/signup)
 
 ## Quick Start
+### Generic
 ```
-$ git clone git@github.com:khulnasoft/cloudexploit.git
+$ git clone https://github.com/khulnasoft/cloudexploit.git
 $ cd cloudexploit
 $ npm install
 $ ./index.js -h
@@ -33,7 +36,7 @@ $ docker run -e AWS_ACCESS_KEY_ID=XX -e AWS_SECRET_ACCESS_KEY=YY cloudexploit:0.
   + [Microsoft Azure](docs/azure.md#cloud-provider-configuration)
   + [Google Cloud Platform](docs/gcp.md#cloud-provider-configuration)
   + [Oracle Cloud Infrastructure](docs/oracle.md#cloud-provider-configuration)
-  + [CloudSploit Config File](#cloudexploit-config-file)
+  + [CloudExploit Config File](#cloudexploit-config-file)
   + [Credential Files](#credential-files)
     + [AWS](#aws)
     + [Azure](#azure)
@@ -60,37 +63,37 @@ $ docker run -e AWS_ACCESS_KEY_ID=XX -e AWS_SECRET_ACCESS_KEY=YY cloudexploit:0.
 * [Other Notes](#other-notes)
 
 ## Background
-CloudSploit by Khulnasoft is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.
+CloudExploit by Khulnasoft is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.
 
 ## Deployment Options
-CloudSploit is available in two deployment options:
+CloudExploit is available in two deployment options:
 
 ### Self-Hosted
-Follow the instructions below to deploy the open-source version of CloudSploit on your machine in just a few simple steps.
+Follow the instructions below to deploy the open-source version of CloudExploit on your machine in just a few simple steps.
 
 ### Hosted at Khulnasoft Wave
-A commercial version of CloudSploit hosted at Khulnasoft Wave. Try [Khulnasoft Wave](https://cloud.khulnasoft.com/signup) today!
+A commercial version of CloudExploit hosted at Khulnasoft Wave. Try [Khulnasoft Wave](https://cloud.khulnasoft.com/signup) today!
 
 ## Installation
 Ensure that NodeJS is installed. If not, install it from [here](https://nodejs.org/download/).
 
 ```
-$ git clone [email protected]:khulnasoft/cloudexploit.git
+$ git clone [email protected]:cloudexploit/scans.git
 $ npm install
 ```
 
 ## Configuration
-CloudSploit requires read-only permission to your cloud account. Follow the guides below to provision this access:
+CloudExploit requires read-only permission to your cloud account. Follow the guides below to provision this access:
 
 * [Amazon Web Services](docs/aws.md#cloud-provider-configuration)
 * [Microsoft Azure](docs/azure.md#cloud-provider-configuration)
 * [Google Cloud Platform](docs/gcp.md#cloud-provider-configuration)
 * [Oracle Cloud Infrastructure](docs/oracle.md#cloud-provider-configuration)
 
-For AWS, you can run CloudSploit directly and it will detect credentials using the default [AWS credential chain](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CredentialProviderChain.html).
+For AWS, you can run CloudExploit directly and it will detect credentials using the default [AWS credential chain](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CredentialProviderChain.html).
 
-### CloudSploit Config File
-The CloudSploit config file allows you to pass cloud provider credentials by:
+### CloudExploit Config File
+The CloudExploit config file allows you to pass cloud provider credentials by:
 1. A JSON file on your file system
 1. Environment variables
 1. Hard-coding (not recommended)
@@ -157,7 +160,7 @@ Note: For GCP, you [generate a JSON file](docs/gcp.md) directly from the GCP con
 ```
 
 ### Environment Variables
-CloudSploit supports passing environment variables, but you must first uncomment the section of your `config.js` file relevant to the cloud provider being scanned.
+CloudExploit supports passing environment variables, but you must first uncomment the section of your `config.js` file relevant to the cloud provider being scanned.
 
 You can then pass the variables listed in each section. For example, for AWS:
 ```
@@ -175,7 +178,7 @@ $ ./index.js
 ```
 
 ## CLI Options
-CloudSploit supports many options to customize the run time. Some popular options include:
+CloudExploit supports many options to customize the run time. Some popular options include:
 * AWS GovCloud support: `--govcloud`
 * AWS China support: `--china`
 * Save the raw cloud provider response data: `--collection=file.json`
@@ -192,16 +195,16 @@ See [Output Formats](#output-formates) below for more output options.
   ```
   $ ./index.js -h
 
-  _____ _                 _ ______            _       _ _   
- / ____| |               | |  ____|          | |     (_) |  
-| |    | | ___  _   _  __| | |__  __  ___ __ | | ___  _| |_ 
-| |    | |/ _ \| | | |/ _` |  __| \ \/ / '_ \| |/ _ \| | __|
-| |____| | (_) | |_| | (_| | |____ >  <| |_) | | (_) | | |_ 
- \_____|_|\___/ \__,_|\__,_|______/_/\_\ .__/|_|\___/|_|\__|
-                                       | |                  
-                                       |_|    
+    _____ _                 _  _____       _       _ _
+    / ____| |               | |/ ____|     | |     (_) |
+  | |    | | ___  _   _  __| | (___  _ __ | | ___  _| |_
+  | |    | |/ _ \| | | |/ _` |\___ \| '_ \| |/ _ \| | __|
+  | |____| | (_) | |_| | (_| |____) | |_) | | (_) | | |_
+    \_____|_|\___/ \__,_|\__,_|_____/| .__/|_|\___/|_|\__|
+                                    | |
+                                    |_|
 
-    CloudSploit by Khulnasoft Security, Ltd.
+    CloudExploit by Khulnasoft Security, Ltd.
     Cloud security auditing for AWS, Azure, GCP, Oracle, and GitHub
 
   usage: index.js [-h] --config CONFIG [--compliance {hipaa,cis,cis1,cis2,pci}] [--plugin PLUGIN] [--govcloud] [--china] [--csv CSV] [--json JSON] [--junit JUNIT]
@@ -233,7 +236,7 @@ See [Output Formats](#output-formates) below for more output options.
 
 ## Compliance
 
-CloudSploit supports mapping of its plugins to particular compliance policies. To run the compliance scan, use the `--compliance` flag. For example:
+CloudExploit supports mapping of its plugins to particular compliance policies. To run the compliance scan, use the `--compliance` flag. For example:
 ```
 $ ./index.js --compliance=hipaa
 $ ./index.js --compliance=pci
@@ -244,19 +247,19 @@ Multiple compliance modes can be run at the same time:
 $ ./index.js --compliance=cis1 --compliance=cis2
 ```
 
-CloudSploit currently supports the following compliance mappings:
+CloudExploit currently supports the following compliance mappings:
 
 ### HIPAA
 ```
 $ ./index.js --compliance=hipaa
 ```
-HIPAA scans map CloudSploit plugins to the Health Insurance Portability and Accountability Act of 1996.
+HIPAA scans map CloudExploit plugins to the Health Insurance Portability and Accountability Act of 1996.
 
 ### PCI
 ```
 $ ./index.js --compliance=pci
 ```
-PCI scans map CloudSploit plugins to the Payment Card Industry Data Security Standard.
+PCI scans map CloudExploit plugins to the Payment Card Industry Data Security Standard.
 
 ### CIS Benchmarks
 ```
@@ -268,7 +271,7 @@ $ ./index.js --compliance=cis2
 CIS Benchmarks are supported, both for Level 1 and Level 2 controls. Passing `--compliance=cis` will run both level 1 and level 2 controls.
 
 ## Output Formats
-CloudSploit supports output in several formats for consumption by other tools. If you do not specify otherwise, CloudSploit writes output to standard output (the console) as a table.
+CloudExploit supports output in several formats for consumption by other tools. If you do not specify otherwise, CloudExploit writes output to standard output (the console) as a table.
 
 Note: You can pass multiple output formats and combine options for further customization. For example:
 ```
@@ -280,7 +283,7 @@ $ ./index.js --json=file.json --junit=file.xml --console=text --ignore-ok
 ```
 
 ### Console Output
-By default, CloudSploit results are printed to the console in a table format (with colors). You can override this and use plain text instead, by running:
+By default, CloudExploit results are printed to the console in a table format (with colors). You can override this and use plain text instead, by running:
 ```
 $ ./index.js --console=text
 ```
@@ -309,7 +312,7 @@ $ ./index.js --junit=file.xml
 ```
 
 ### Collection Output
-CloudSploit saves the data queried from the cloud provider APIs in JSON format, which can be saved alongside other files for debugging or historical purposes.
+CloudExploit saves the data queried from the cloud provider APIs in JSON format, which can be saved alongside other files for debugging or historical purposes.
 ```
 $ ./index.js --collection=file.json
 ```
@@ -339,10 +342,10 @@ $ ./index.js --plugin acmValidation
 ```
 
 ## Architecture
-CloudSploit works in two phases. First, it queries the cloud infrastructure APIs for various metadata about your account, namely the "collection" phase. Once all the necessary data is collected, the result is passed to the "scanning" phase. The scan uses the collected data to search for potential misconfigurations, risks, and other security issues, which are the resulting output.
+CloudExploit works in two phases. First, it queries the cloud infrastructure APIs for various metadata about your account, namely the "collection" phase. Once all the necessary data is collected, the result is passed to the "scanning" phase. The scan uses the collected data to search for potential misconfigurations, risks, and other security issues, which are the resulting output.
 
 ## Writing a Plugin
-Please see our [contribution guidelines](.github/CONTRIBUTING.md) and [complete guide](docs/writing-plugins.md) to writing CloudSploit plugins.
+Please see our [contribution guidelines](.github/CONTRIBUTING.md) and [complete guide](docs/writing-plugins.md) to writing CloudExploit plugins.
 
 ## Writing a remediation
 The `--remediate` flag can be used if you want to run remediation for the plugins mentioned as part of this argument. This takes a list of plugin names.

collectors/alibaba/collector.js

@@ -1,6 +1,6 @@
 /*********************
 Collector - The collector will query Alibaba APIs for the information required
-to run the CloudSploit scans. This data will be returned in the callback
+to run the CloudExploit scans. This data will be returned in the callback
 as a JSON object.
 
 Arguments:

collectors/aws/apigateway/getClientCertificate.js

@@ -26,7 +26,8 @@ module.exports = function(AWSConfig, collection, retries, callback) {
                     collection.apigateway.getClientCertificate[AWSConfig.region][stage.clientCertificateId].err = err;
                     return pCb();
                 }
-                collection.apigateway.getClientCertificate[AWSConfig.region][stage.clientCertificateId].data = data;
+                if (data) collection.apigateway.getClientCertificate[AWSConfig.region][stage.clientCertificateId].data = data;
+
                 pCb();
             });
 

collectors/aws/apigateway/getIntegration.js

@@ -35,7 +35,7 @@ module.exports = function(AWSConfig, collection, retries, callback) {
                         return mCb();
                     }
 
-                    collection.apigateway.getIntegration[AWSConfig.region][api.id][resource.id][methodKey].data = data;
+                    if (data) collection.apigateway.getIntegration[AWSConfig.region][api.id][resource.id][methodKey].data = data;
                     mCb();
                 });
             }, function(){

collectors/aws/appmesh/describeVirtualGateway.js

@@ -29,7 +29,7 @@ module.exports = function(AWSConfig, collection, retries, callback) {
                     collection.appmesh.describeVirtualGateway[AWSConfig.region][gateway.virtualGatewayName].err = err;
                 }
 
-                collection.appmesh.describeVirtualGateway[AWSConfig.region][gateway.virtualGatewayName].data = data;
+                if (data) collection.appmesh.describeVirtualGateway[AWSConfig.region][gateway.virtualGatewayName].data = data;
                 pCb();
             });
 

collectors/aws/autoscaling/describeLaunchConfigurations.js

@@ -15,7 +15,7 @@ module.exports = function(AWSConfig, collection, retries, callback) {
             if (err) {
                 collection.autoscaling.describeLaunchConfigurations[AWSConfig.region][asg.AutoScalingGroupARN].err = err;
             }
-            collection.autoscaling.describeLaunchConfigurations[AWSConfig.region][asg.AutoScalingGroupARN].data = data;
+            if (data) collection.autoscaling.describeLaunchConfigurations[AWSConfig.region][asg.AutoScalingGroupARN].data = data;
 
             cb();
         });

collectors/aws/cloudfront/getDistribution.js

@@ -15,7 +15,7 @@ module.exports = function(AWSConfig, collection, retries, callback) {
             if (err) {
                 collection.cloudfront.getDistribution[AWSConfig.region][distribution.Id].err = err;
             }
-            collection.cloudfront.getDistribution[AWSConfig.region][distribution.Id].data = data;
+            if (data) collection.cloudfront.getDistribution[AWSConfig.region][distribution.Id].data = data;
             cb();
         });