duo-labs / cloudmapper

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
BSD 3-Clause "New" or "Revised" License
5.99k stars 809 forks source link

Have private account list for weboftrust #714

Open 0xdabbad00 opened 4 years ago

0xdabbad00 commented 4 years ago

If you're a pentester, you might audit companies regularly. You might come across vendors that aren't known by the weboftrust command, and aren't public. If a vendor doesn't publish their account ID, I've wanted to avoid including it in my public vendor account list. I'm not sure if that decision is necessary (happy to discuss), but assuming that decision stays, then the question is, what do you do for vendors you know about? You don't want to have a private fork of CloudMapper just for that. So we could potentially have a private_vendor_accounts.yaml file.