pip3 install boto3 colorama
Edit ~/.aws/credetnials
[default]
aws_access_key_id = YOUR_KEY
aws_secret_access_key = YOUR_SECRET
Edit ~/.aws/config
[default]
output = text
region = eu-central-1
Run without modificators. It will get all the findings and print it to terminal.
python guardduty.py
--type (-t) Get only EC2-related or IAM-related findings
python guardduty.py --type EC2
python guardduty.py -t IAM
--sort (-s) Sort findings by Severity. Sort in ascending order to show Hign severity last and in descending to show last.
python guardduty.py --sort asc
python guardduty.py -s desc
--list-accounts (-l) List Account IDs discovered in findings
python3 guardduty.py --list-accounts
python3 guardduty.py -l
--account (-a) Show fidnings for particular Account ID
python3 guardduty.py --account 1234567890
python3 guardduty.py -a 1234567890
--interactive (-i) Interactive mode
python3 guardduty.py --interactive
--output (-o) Specify filename to save findings in JSON format
python3 guardduty.py --output findings.json
Show only EC2-types findings for Account ID 1234567890, sort by Severity ascending:
python3 guardduty.py --type EC2 --account 1234567890 --sort asc
Show all findings for Account ID 1234567890, sort by Severity descending and save to file:
python3 guardduty.py --account 1234567890 --sort desc --output findings.json