Skip to main content

Supported Scan Targets

cnquery can request information from:

TargetProviderExample
AWS accountsawscnspec scan aws
AWS EC2 instancessshcnspec scan ssh user@host
AWS EC2 Instance Connectaws ec2 instance-connectcnspec scan aws ec2 instance-connect ec2-user@INSTANCEID
AWS EC2 EBS snapshotaws ec2 ebs snapshotcnspec scan aws ec2 ebs snapshot SNAPSHOTID
AWS EC2 EBS volumeaws ec2 ebs volumecnspec scan aws ec2 ebs volume VOLUMEID
Container imagescontainer, dockercnspec scan container ubuntu:latest
Container registriescontainer registrycnspec scan container registry index.docker.io/library/rockylinux:8
DNS recordshostcnspec scan host mondoo.com
GitHub organizationsgithub orgcnspec scan github org mondoohq
GitHub repositoriesgithub repocnspec scan github repo mondoohq/cnspec
GitLab groupsgitlabcnspec scan gitlab --group mondoohq
Google Cloud projectsgcpcnspec scan gcp
Kubernetes cluster nodeslocal, sshcnspec scan ssh user@host
Kubernetes clustersk8scnspec scan k8s
Kubernetes manifestsk8scnspec scan k8s manifest.yaml
Kubernetes workloadsk8scnspec scan k8s --discover pods,deployments
Linux hostslocal, sshcnspec scan local or
cnspec scan ssh user@host
macOS hostslocal, sshcnspec scan local or
cnspec scan ssh user@IP_ADDRESS
Microsoft 365 accountsms365cnspec scan ms365 --tenant-id TENANT_ID --client-id CLIENT_ID --certificate-path PFX_FILE
Microsoft Azure accountsazurecnspec scan azure --subscription SUBSCRIPTION_ID
Microsoft Azure instancessshcnspec scan ssh user@host
Running containersdockercnspec scan docker CONTAINER_ID
SSL certificates on websiteshostcnspec scan host mondoo.com
Terraform HCLterraformcnspec scan terraform HCL_FILE_OR_PATH
Terraform planterraform plancnspec scan terraform plan plan.json
Terraform stateterraform statecnspec scan terraform state state.json
Vagrant virtual machinesvagrantcnspec scan vagrant HOST
VMware vSpherevspherecnspec scan vsphere user@domain@host --ask-pass
Windows hostslocal, ssh, winrmcnspec scan local,
cnspec scan ssh Administrator@IP_ADDRESS --ask-pass or
cnspec scan winrm Administrator@IP_ADDRESS --ask-pass