I’ve been finding myself frequently enumerating all public and elastic IPs on various AWS accounts fairly often in order to audit the set of services exposed to the Internet. This is a tedious process through the AWS console UI, and doing it through the AWS CLI interface involves an impossible to remember incantation.

For the curious, that incantation is:

1
2

aws ec2 describe-instances --query "Reservations[*].Instances[*].PublicIpAddress" --output=text > /tmp/publicips.txt
nmap -il /tmp/publicips.txt -sC -sV

I finally decided to stop spending 30 minutes on Google every time I needed to do this and wrote a quick utility I could actually remember how to use.

1
2

pip install aws-nmap
aws-nmap -sC -sV

Any arguments passed to aws-nmap will simply be forwarded to nmap along with any public IPs in use on your AWS account instances. Great! Now stop putting Redis/MongoDB on public IPs bound to 0.0.0.0!