49 lines
1.8 KiB
Bash
49 lines
1.8 KiB
Bash
#!/bin/bash
|
|
|
|
# Load environment variables from .env file
|
|
if [ -f .env ]; then
|
|
source .env
|
|
else
|
|
echo "Error: .env file not found. create one with your API keys."
|
|
exit 1
|
|
fi
|
|
|
|
# AWS CLI Configuration (ensure you have AWS CLI configured)
|
|
AWS_PROFILE="$AWS_PROFILE"
|
|
|
|
# J1 API Configuration (read from .env)
|
|
J1_API_KEY="$J1_API_KEY"
|
|
J1_ACCOUNT="$J1_ACCOUNT"
|
|
|
|
# Get all hosted zones
|
|
hosted_zones=$(aws route53 list-hosted-zones --profile $AWS_PROFILE --output text | cut -f 3)
|
|
|
|
for zone_id in $hosted_zones; do
|
|
# Get all resource record sets for each zone
|
|
record_sets=$(aws route53 list-resource-record-sets --hosted-zone-id $zone_id --profile $AWS_PROFILE --output text)
|
|
|
|
while read -r line; do
|
|
# Extract relevant information from each record set
|
|
name=$(echo $line | cut -f 2)
|
|
type=$(echo $line | cut -f 3)
|
|
values=$(echo $line | cut -f 5-)
|
|
|
|
# Handle different record types (you might need to add more types)
|
|
if [ "$type" == "A" ] || [ "$type" == "CNAME" ]; then
|
|
for value in $values; do
|
|
# Query JupiterOne to check asset ownership
|
|
# (This part needs to be implemented using JupiterOne's API)
|
|
j1_query="Find asset where properties.value = '$value'"
|
|
j1_result=$(curl -s -H "Authorization: Bearer $J1_API_KEY" "https://api.us.jupiterone.io/graphql/$J1_ACCOUNT" -d '{"query": "'"$j1_query"'"}')
|
|
|
|
# Process JupiterOne result and output information
|
|
if [[ $j1_result == *"\"totalCount\":0"* ]]; then
|
|
echo "$name ($type) points to $value (Asset not found in JupiterOne)"
|
|
else
|
|
echo "$name ($type) points to $value (Asset found in JupiterOne)"
|
|
fi
|
|
done
|
|
fi
|
|
done <<< "$record_sets"
|
|
done
|