CLI command getting hung up when trying to visualize graph data

nccgroup / PMapper

A tool for quickly evaluating IAM permissions in AWS.

GNU Affero General Public License v3.0

1.41k stars 169 forks source link

CLI command getting hung up when trying to visualize graph data #81

Closed dibyadhar closed 2 years ago

dibyadhar commented 3 years ago

Describe the bug

As shown in the CLI reference after creating a graph for a given was an account we are trying to visualize the relationship between different objects but seems the tool just get paused when running:

pmapper --account 123456789 --debug visualize --only-privesc

pmapper-error-edited

although we have seen different graph object is present at the desired directory

pmapper-graph-objects

pmapper-graph-folder

Expected behavior

Output a visualization of IAM users and roles vs service (eg EC2, S3)

ncc-erik-steringer commented 3 years ago

Just need to confirm a few things:

Are you running from master, v1.1.2-dev, or principalmapper from PyPI?
Does regular visualization work?
Can you render a dot file (see the --help output for details) and then use GraphViz to render it?

dibyadhar commented 3 years ago

Just need to confirm a few things:

Are you running from master, v1.1.2-dev, or principalmapper from PyPI?

Does regular visualization work?

Can you render a dot file (see the --help output for details) and then use GraphViz to render it?

I am running from PyPI due to whitelisting challenges from proxy Sorry I didn't understand what do you meant by regular visualization?

dibyadhar commented 3 years ago

pmapper-error-2

ncc-erik-steringer commented 3 years ago

One more question, can you share the scale of the number of edges the number of nodes in the account? 10s, 100s, 1000s, etc.

dibyadhar commented 3 years ago

Am new to the tool is there any command to display the no of nodes?

Roughly it should be around 100

ncc-erik-steringer commented 3 years ago

No worries! You'll want the graph display command.

dibyadhar commented 3 years ago

Sorry my assumption was wrong @ncc-erik-steringer

pmapper-display

ncc-erik-steringer commented 3 years ago

That's a big graph! It's possible that the default visualization mechanism (create and send a file to graphviz) just can't handle that scale. Can you try calling visualize but setting the filetype arg to graphml ? Then use a tool like Gephi (https://gephi.org/) and load the .graphml file?

dibyadhar commented 3 years ago

Okay, let me try that, but its just our test account, the actually account where we wanted to utilize this tool contains more no of principal, user etc

dibyadhar commented 3 years ago

Hi @ncc-erik-steringer

I am able to get a graphml output file , is there any opensource tool or online tool to plot it, am blocked to download gephi.

Thanks in advance

ncc-erik-steringer commented 3 years ago

Their source is hosted on GitHub, maybe try https://github.com/gephi/gephi/releases ?