Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mondoohq/cnquery
open source, cloud-native, graph-based asset inventory
https://github.com/mondoohq/cnquery
aws azure cis cloud-computing cloud-native gcp kubernetes linux macos security security-as-code unix windows
Last synced: about 9 hours ago
JSON representation
open source, cloud-native, graph-based asset inventory
- Host: GitHub
- URL: https://github.com/mondoohq/cnquery
- Owner: mondoohq
- License: other
- Created: 2022-08-16T07:52:45.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-10-29T11:44:09.000Z (21 days ago)
- Last Synced: 2024-10-29T11:48:48.090Z (21 days ago)
- Topics: aws, azure, cis, cloud-computing, cloud-native, gcp, kubernetes, linux, macos, security, security-as-code, unix, windows
- Language: Go
- Homepage: https://cnquery.io
- Size: 38.6 MB
- Stars: 311
- Watchers: 15
- Forks: 20
- Open Issues: 265
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# cnquery
**Open source, cloud-native asset inventory and discovery**
cnquery is a cloud-native tool for querying your entire infrastructure. Built upon Mondoo's security data fabric, it answers thousands of questions about your infrastructure and integrates with over 850 resources across cloud accounts, Kubernetes, containers, services, VMs, APIs, and more.
Here are a few more examples:
```bash
# run a query and print the output
cnquery run -c "ports.listening { port process }"
# execute a query pack on a Docker image and print results as json
cnquery scan docker 14119a -f pack.mql.yaml -j
# open an interactive shell to an aws account
cnquery shell aws
> aws.ec2.instances{*}
```
[:books: To learn more, read the cnquery docs.](https://mondoo.com/docs/cnquery/home/)
## Installation
Install cnquery with our installation script:
**Linux and macOS**
```bash
bash -c "$(curl -sSL https://install.mondoo.com/sh)"
```
**Windows**
```powershell
Set-ExecutionPolicy Unrestricted -Scope Process -Force;
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072;
iex ((New-Object System.Net.WebClient).DownloadString('https://install.mondoo.com/ps1'));
Install-Mondoo;
```
If you prefer manual installation, you can find the cnquery packages in our [GitHub releases](https://github.com/mondoohq/cnquery/releases).
## Interactive shell
The easiest way to explore cnquery is to use our interactive shell, which has auto-complete to guide you:
```bash
cnquery shell
```
Once inside the shell, you can enter MQL queries like this:
```coffeescript
> asset { name title }
```
To learn more, use the `help` command.
To exit, either press CTRL + D or type `exit`.
You can run the shell against local and remote targets like `k8s`, `aws`, `docker`, and many more. Run `--help` to see a full list of supported providers.
## Run simple queries
To run standalone queries in your shell, use the `run` command:
```bash
cnquery run -c
```
For example, this runs a query against your local system:
```bash
cnquery run -c "services { name running }"
```
For automation, it is often helpful to convert the output to JSON. Use `-j` or `--json`:
```bash
cnquery run local -c "services { * }" -j
```
You can then pipe the output to [jq](https://jqlang.github.io/jq/) or other applications.
## Query packs
You can combine multiple queries into query packs, which can run together. cnquery comes with default [query packs](https://github.com/mondoohq/cnquery-packs) out of the box for most systems. You can run:
```bash
cnquery scan
```
Without specifying anything else, cnquery tries to find and run the default query pack for the given system.
You can specify a query pack that you want to run. Use the `--querypack` argument:
```bash
cnquery scan --querypack incident-response
```
Custom query packs let you bundle queries to meet your specific needs. You can find a simple query pack example in `examples/simple.mql.yaml`. To run it:
```bash
cnquery scan -f examples/example-os.mql.yaml
```
Like all other commands, you can specify different providers like `k8s`, `aws`, `docker`, and many more. Run `--help` to see the full list of supported providers.
These files can also contain multiple query packs for many different target systems.
## Explore your infrastructure in Mondoo Platform
To more easily explore your infrastructure, sign up for a Mondoo Platform account. Mondoo's web-based console allows you to navigate, search, and arrange all of your assets.
To get started, [contact us](https://mondoo.com/contact).
To learn about Mondoo Platform, read the [Mondoo Platform docs](https://mondoo.com/docs/platform/home/) or visit [mondoo.com](https://mondoo.com).
## Distribute queries across your infrastructure with private query packs
You can create and share query packs using the Registry in the Mondoo Console. The Registry is a secure, private environment in your account where you store both Mondoo query packs and custom query packs. This lets you use the same query packs for all assets.
To use the Registry:
```bash
cnquery login --token TOKEN
```
Once set up, enable the query packs you want to use to collect your asset's data. For example, you can activate one or more AWS query packs in the Mondoo Console. Then run this command any time to collect the AWS information you need:
```bash
cnquery scan aws
```
To add custom query packs, you can upload them:
```bash
cnquery bundle upload mypack.mql.yaml
```
## Supported targets
| Target | Provider | Example |
|-------------------------------|----------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Ansible playbooks | `ansible` | `cnquery shell ansible YOUR_PLAYBOOK.yml` |
| Arista network devices | `arista` | `cnquery shell arista DEVICE_PUBLIC_IP --ask-pass` |
| Atlassian organizations | `atlassian` | `cnquery shell atlassian --host YOUR_HOST_URL --admin-token YOUR_TOKEN` |
| AWS accounts | `aws` | `cnquery shell aws` |
| AWS CloudFormation templates | `cloudformation` | `cnquery shell cloudformation cloudformation_file.json` |
| AWS EC2 EBS snapshot | `aws ec2 ebs snapshot` | `cnquery shell aws ec2 ebs snapshot SNAPSHOTID` |
| AWS EC2 EBS volume | `aws ec2 ebs volume` | `cnquery shell aws ec2 ebs volume VOLUMEID` |
| AWS EC2 Instance Connect | `aws ec2 instance-connect` | `cnquery shell aws ec2 instance-connect ec2-user@INSTANCEID` |
| AWS EC2 instances | `ssh` | `cnquery shell ssh user@host` |
| Confluence users | `atlassian` | `cnquery shell atlassian --host YOUR_HOST_URL --admin-token YOUR_TOKEN` |
| Container images | `container`, `docker` | `cnquery shell container ubuntu:latest` |
| Container registries | `container registry` | `cnquery shell container registry index.docker.io/library/rockylinux:8 ` |
| Dockerfiles | `docker` | `cnquery shell docker file FILENAME` |
| DNS records | `host` | `cnquery shell host mondoo.com` |
| GitHub organizations | `github org` | `cnquery shell github org mondoohq` |
| GitHub repositories | `github repo` | `cnquery shell github repo mondoohq/cnquery` |
| GitLab groups | `gitlab` | `cnquery shell gitlab --group mondoohq` |
| Google Cloud projects | `gcp` | `cnquery shell gcp` |
| Google Workspace | `google-workspace` | `cnquery shell google-workspace --customer-id CUSTOMER_ID --impersonated-user-email EMAIL --credentials-path JSON_FILE` |
| IoT devices | `opcua` | `cnquery shell opcua` |
| Jira projects | `atlassian` | `cnquery shell atlassian --host YOUR_HOST_URL --admin-token YOUR_TOKEN` |
| Kubernetes cluster nodes | `local`, `ssh` | `cnquery shell ssh user@host` |
| Kubernetes clusters | `k8s` | `cnquery shell k8s` |
| Kubernetes manifests | `k8s` | `cnquery shell k8s manifest.yaml ` |
| Kubernetes workloads | `k8s` | `cnquery shell k8s --discover pods,deployments` |
| Linux hosts | `local`, `ssh` | `cnquery shell local` or
`cnquery shell ssh user@host` |
| macOS hosts | `local`, `ssh` | `cnquery shell local` or
`cnquery shell ssh user@IP_ADDRESS` |
| Microsoft 365 accounts | `ms365` | `cnquery shell ms365 --tenant-id TENANT_ID --client-id CLIENT_ID --certificate-path PFX_FILE` |
| Microsoft Azure instances | `ssh` | `cnquery shell ssh user@host` |
| Microsoft Azure subscriptions | `azure` | `cnquery shell azure --subscription SUBSCRIPTION_ID` |
| Okta org | `okta` | `cnquery shell okta --token TOKEN --organization ORGANIZATION` |
| Oracle Cloud Interface (OCI) | `oci` | `cnquery shell oci` |
| Running containers | `docker` | `cnquery shell docker CONTAINER_ID` |
| Shodan search engine | `shodan` | `cnquery shell shodan` |
| Slack team | `slack` | `cnquery shell slack --token TOKEN` |
| SSL certificates on websites | `host` | `cnquery shell host mondoo.com` |
| Terraform HCL | `terraform` | `cnquery shell terraform HCL_FILE_OR_PATH` |
| Terraform plan | `terraform plan` | `cnquery shell terraform plan plan.json` |
| Terraform state | `terraform state` | `cnquery shell terraform state state.json` |
| Vagrant virtual machines | `vagrant` | `cnquery shell vagrant HOST` |
| VMware Cloud Director | `vcd` | `cnquery shell vcd user@domain@host --ask-pass` |
| VMware vSphere | `vsphere` | `cnquery shell vsphere user@domain@host --ask-pass` |
| Windows hosts | `local`, `ssh`, `winrm` | `cnquery shell local`,
`cnquery shell ssh Administrator@IP_ADDRESS --ask-pass` or
`cnquery shell winrm Administrator@IP_ADDRESS --ask-pass` |
## What's next?
There are so many things cnquery can do! Gather information about your infrastructure, find tool-sprawl across systems, run incident response, and share data with auditors… cnquery is nearly limitless in capabilities.
Explore:
- [cnquery docs](https://mondoo.com/docs/cnquery/home/)
- [Query packs](https://github.com/mondoohq/cnquery-packs)
- [MQL introduction](https://mondoohq.github.io/mql-intro/index.html)
- [MQL language reference](https://mondoo.com/docs/mql/resources/)
- [cnspec](https://github.com/mondoohq/cnspec), our open source, cloud-native security scanner
## Join the community!
Our goal is to become the API for your entire infrastructure. Join our [community](https://github.com/orgs/mondoohq/discussions) today and let's grow it together!
## Development
See our [development documentation](docs/development.md) for information on building and contributing to cnquery.
## Legal
- **Copyright:** 2018-2024, Mondoo, Inc.
- **License:** BUSL 1.1
- **Authors:** Christoph Hartmann, Dominik Richter