Final stretch of v1.0.0, added license notifications and updated README

LICENSE

@@ -1,7 +1,7 @@
                     GNU AFFERO GENERAL PUBLIC LICENSE
                        Version 3, 19 November 2007
 
- Copyright (C) 2018 NCC Group PLC. <https://nccgroup.trust/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -633,8 +633,8 @@ the "copyright" line and a pointer to where the full notice is found.
     Copyright (C) <year>  <name of author>
 
     This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published
-    by the Free Software Foundation, either version 3 of the License, or
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
     (at your option) any later version.
 
     This program is distributed in the hope that it will be useful,
@@ -643,7 +643,7 @@ the "copyright" line and a pointer to where the full notice is found.
     GNU Affero General Public License for more details.
 
     You should have received a copy of the GNU Affero General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 Also add information on how to contact you by electronic and paper mail.
 
@@ -658,4 +658,4 @@ specific requirements.
   You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU AGPL, see
-<http://www.gnu.org/licenses/>.
+<https://www.gnu.org/licenses/>.

README.md

@@ -121,7 +121,12 @@ pmapper visualize --filetype svg
 ## Analysis
 
 PMapper provides analysis to identify risks with the configuration in an account. It provides details on the risk, what 
-impact it could have on the account, which principals are affected, and a recommendation on how to mitigate the risk.
+impact it could have on the account, which principals are affected, and a recommendation on how to mitigate the risk. 
+The outputs from `analysis` can be in text or JSON format, and can be created with the following command:
+
+~~~bash
+pmapper analysis --output-type text
+~~~
 
 # Credentials and Global Parameters
 

pmapper.py

@@ -4,6 +4,21 @@
 Wrap around principalmapper/__main__.py
 """
 
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 import sys
 
 from principalmapper.__main__ import main

principalmapper/__init__.py

@@ -1,3 +1,18 @@
 """Module principalmapper: Python code to dissect and analyze an AWS account's use of IAM"""
 
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 __version__ = '1.0.0'

principalmapper/__main__.py

@@ -2,6 +2,21 @@
 Provides a command-line interface to use the principalmapper library
 """
 
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 import argparse
 import os
 import os.path

principalmapper/analysis/__init__.py

@@ -0,0 +1,15 @@
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+

principalmapper/analysis/risks.py

@@ -9,6 +9,21 @@
 }
 """
 
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 import datetime as dt
 import json
 from typing import List

principalmapper/common/__init__.py

@@ -1 +1,16 @@
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 """Module defining classes and functions used commonly across principalmapper"""

principalmapper/common/edges.py

@@ -1,5 +1,20 @@
 """Python code for implementing the edges of a graph"""
 
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 from principalmapper.common.nodes import Node
 from principalmapper.util import arns
 

principalmapper/common/graphs.py

@@ -4,6 +4,21 @@
 create a graph object, you need all the policies, then all the groups, then you can build the lists of nodes and edges.
 """
 
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 import json
 import os
 import os.path

principalmapper/common/groups.py

@@ -1,5 +1,20 @@
 """Python code for handling AWS IAM groups"""
 
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 from typing import List
 from typing import Optional
 

principalmapper/common/nodes.py

@@ -1,5 +1,20 @@
 """Python code for implementing the nodes of a graph"""
 
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 from typing import List, Optional
 
 from principalmapper.common.groups import Group

principalmapper/common/policies.py

@@ -1,6 +1,21 @@
 """Python code for handling AWS IAM policies"""
 
 
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 class Policy(object):
     """A class representing a single IAM policy"""
 

principalmapper/graphing/__init__.py

@@ -1 +1,16 @@
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 """Module for graphing code"""

principalmapper/graphing/cloudformation_edges.py

@@ -1,5 +1,20 @@
 """Code to identify if a principal in an AWS account can use access to CloudFormation to access other principals."""
 
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 import io
 import os
 from typing import List

principalmapper/graphing/ec2_edges.py

@@ -1,5 +1,20 @@
 """Code to identify if a principal in an AWS account can use access to EC2 to access other principals."""
 
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 import io
 import os
 from typing import List

principalmapper/graphing/edge_checker.py

@@ -1,5 +1,20 @@
 """Holds the base object EdgeChecker to be implemented and used in identifying edges"""
 
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 import io
 import os
 from typing import List

principalmapper/graphing/edge_identification.py

@@ -1,5 +1,20 @@
 """Code to coordinate identifying edges between principals in an AWS account"""
 
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 import io
 import os
 from typing import List, Optional

principalmapper/graphing/gathering.py

@@ -1,5 +1,20 @@
 """Python code for gathering IAM-related information from an AWS account"""
 
+#  Copyright NCC Group (c) 2019. This file is part of Principal Mapper.
+#
+#      Principal Mapper is free software: you can redistribute it and/or modify
+#      it under the terms of the GNU Affero General Public License as published by
+#      the Free Software Foundation, either version 3 of the License, or
+#      (at your option) any later version.
+#
+#      Principal Mapper is distributed in the hope that it will be useful,
+#      but WITHOUT ANY WARRANTY; without even the implied warranty of
+#      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#      GNU General Public License for more details.
+#
+#      You should have received a copy of the GNU Affero General Public License
+#      along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
+
 import io
 import os