Skip to main content

Supported Scan Targets

cnquery can request information from:

TargetProviderExample
AWS accountsawscnspec scan aws
AWS EC2 instancessshcnspec scan ssh user@host
AWS EC2 Instance Connectaws ec2 instance-connectcnspec scan aws ec2 instance-connect ec2-user@INSTANCEID
AWS EC2 EBS snapshotaws ec2 ebs snapshotcnspec scan aws ec2 ebs snapshot SNAPSHOTID
AWS EC2 EBS volumeaws ec2 ebs volumecnspec scan aws ec2 ebs volume VOLUMEID
Container imagescontainer, dockercnspec scan container ubuntu:latest
Container registriescontainer registrycnspec scan container registry index.docker.io/library/rockylinux:8
DNS recordshostcnspec scan host mondoo.com
GitHub organizationsgithub orgcnspec scan github org mondoohq
GitHub repositoriesgithub repocnspec scan github repo mondoohq/cnspec
GitLab groupsgitlabcnspec scan gitlab --group mondoohq
Google Cloud projectsgcpcnspec scan gcp
Google Workspacegoogle-workspacecnspec shell google-workspace --customer-id CUSTOMER_ID --impersonated-user-email EMAIL --credentials-path JSON_FILE
Kubernetes cluster nodeslocal, sshcnspec scan ssh user@host
Kubernetes clustersk8scnspec scan k8s
Kubernetes manifestsk8scnspec scan k8s manifest.yaml
Kubernetes workloadsk8scnspec scan k8s --discover pods,deployments
Linux hostslocal, sshcnspec scan local or
cnspec scan ssh user@host
macOS hostslocal, sshcnspec scan local or
cnspec scan ssh user@IP_ADDRESS
Microsoft 365 accountsms365cnspec scan ms365 --tenant-id TENANT_ID --client-id CLIENT_ID --certificate-path PFX_FILE
Microsoft Azure accountsazurecnspec scan azure --subscription SUBSCRIPTION_ID
Microsoft Azure instancessshcnspec scan ssh user@host

| Okta | okta | cnspec shell okta --token TOKEN --organization ORGANIZATION | | Running containers | docker | cnspec scan docker CONTAINER_ID |

| Slack | slack | cnspec shell slack --token TOKEN | | SSL certificates on websites | host | cnspec scan host mondoo.com | | Terraform HCL | terraform | cnspec scan terraform HCL_FILE_OR_PATH | | Terraform plan | terraform plan | cnspec scan terraform plan plan.json | | Terraform state | terraform state | cnspec scan terraform state state.json | | Vagrant virtual machines | vagrant | cnspec scan vagrant HOST | | VMware vSphere | vsphere | cnspec scan vsphere user@domain@host --ask-pass | | Windows hosts | local, ssh, winrm | cnspec scan local,
cnspec scan ssh Administrator@IP_ADDRESS --ask-pass or
cnspec scan winrm Administrator@IP_ADDRESS --ask-pass |