cnquery
Open source, cloud-native asset inventory and discovery
cnquery is a cloud-native tool for querying your entire infrastructure. Built upon Mondoo's security data fabric, it answers thousands of questions about your infrastructure and integrates with over 850 resources across cloud accounts, Kubernetes, containers, services, VMs, APIs, and more.
Here are a few more examples:
# run a query and print the output
cnquery run -c "ports.listening { port process }"
# execute a query pack on a Docker image and print results as json
cnquery scan docker 14119a -f pack.mql.yaml -j
# open an interactive shell to an aws account
cnquery shell aws
> aws.ec2.instances{*}
📚 To learn more, read the cnquery docs.
Installation
Install cnquery with our installation script:
Linux and macOS
bash -c "$(curl -sSL https://install.mondoo.com/sh)"
Windows
Set-ExecutionPolicy Unrestricted -Scope Process -Force;
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072;
iex ((New-Object System.Net.WebClient).DownloadString('https://install.mondoo.com/ps1'));
Install-Mondoo;
If you prefer manual installation, you can find the cnquery packages in our GitHub releases.
Interactive shell
The easiest way to explore cnquery is to use our interactive shell, which has auto-complete to guide you:
cnquery shell
Once inside the shell, you can enter MQL queries like this:
> asset { name title }
To learn more, use the help
command.
To exit, either press CTRL + D or type exit
.
You can run the shell against local and remote targets like k8s
, aws
, docker
, and many more. Run --help
to see a full list of supported providers.
Run simple queries
To run standalone queries in your shell, use the run
command:
cnquery run <TARGET> -c <QUERY>
For example, this runs a query against your local system:
cnquery run -c "services { name running }"
For automation, it is often helpful to convert the output to JSON. Use -j
or --json
:
cnquery run local -c "services { * }" -j
You can then pipe the output to jq or other applications.
Query packs
You can combine multiple queries into query packs, which can run together. cnquery comes with default query packs out of the box for most systems. You can run:
cnquery scan
Without specifying anything else, cnquery tries to find and run the default query pack for the given system.
You can specify a query pack that you want to run. Use the --querypack
argument:
cnquery scan --querypack incident-response
Custom query packs let you bundle queries to meet your specific needs. You can find a simple query pack example in examples/simple.mql.yaml
. To run it:
cnquery scan -f examples/example-os.mql.yaml
Like all other commands, you can specify different providers like k8s
, aws
, docker
, and many more. Run --help
to see the full list of supported providers.
These files can also contain multiple query packs for many different target systems.
These files can also contain multiple query packs for many different target systems.
Explore your infrastructure in Mondoo Platform
To more easily explore your infrastructure, sign up for a Mondoo Platform account. Mondoo's web-based console allows you to navigate, search, and arrange all of your assets.
To get started, contact us.
To learn about Mondoo Platform, read the Mondoo Platform docs or visit mondoo.com.
Distribute queries across your infrastructure with private query packs
You can create and share query packs using the Registry in the Mondoo Console. The Registry is a secure, private environment in your account where you store both Mondoo query packs and custom query packs. This lets you use the same query packs for all assets.
To use the Registry:
cnquery login --token TOKEN
Once set up, enable the query packs you want to use to collect your asset's data. For example, you can activate one or more AWS query packs in the Mondoo Console. Then run this command any time to collect the AWS information you need:
cnquery scan aws
To add custom query packs, you can upload them:
cnquery bundle upload mypack.mql.yaml
Supported targets
Target | Provider | Example |
Ansible playbooks | ansible | cnquery shell ansible YOUR_PLAYBOOK.yml |
Arista network devices | arista | cnquery shell arista DEVICE_PUBLIC_IP --ask-pass |
Atlassian organizations | atlassian | cnquery shell atlassian --host YOUR_HOST_URL --admin-token YOUR_TOKEN |
AWS accounts | aws | cnquery shell aws |
AWS CloudFormation templates | cloudformation | cnquery shell cloudformation cloudformation_file.json |
AWS EC2 EBS snapshot | aws ec2 ebs snapshot | cnquery shell aws ec2 ebs snapshot SNAPSHOTID |
AWS EC2 EBS volume | aws ec2 ebs volume | cnquery shell aws ec2 ebs volume VOLUMEID |
AWS EC2 Instance Connect | aws ec2 instance-connect | cnquery shell aws ec2 instance-connect ec2-user@INSTANCEID |
AWS EC2 instances | ssh | cnquery shell ssh user@host |
Confluence users | atlassian | cnquery shell atlassian --host YOUR_HOST_URL --admin-token YOUR_TOKEN |
Container images | container , docker | cnquery shell container ubuntu:latest |
Container registries | container registry | cnquery shell container registry index.docker.io/library/rockylinux:8 |
Dockerfiles | docker | cnquery shell docker file FILENAME |
DNS records | host | cnquery shell host mondoo.com |
GitHub organizations | github org | cnquery shell github org mondoohq |
GitHub repositories | github repo | cnquery shell github repo mondoohq/cnquery |
GitLab groups | gitlab | cnquery shell gitlab --group mondoohq |
Google Cloud projects | gcp | cnquery shell gcp |
Google Workspace | google-workspace | cnquery shell google-workspace --customer-id CUSTOMER_ID --impersonated-user-email EMAIL --credentials-path JSON_FILE |
IoT devices | opcua | cnquery shell opcua |
Jira projects | atlassian | cnquery shell atlassian --host YOUR_HOST_URL --admin-token YOUR_TOKEN |
Kubernetes cluster nodes | local , ssh | cnquery shell ssh user@host |
Kubernetes clusters | k8s | cnquery shell k8s |
Kubernetes manifests | k8s | cnquery shell k8s manifest.yaml |
Kubernetes workloads | k8s | cnquery shell k8s --discover pods,deployments |
Linux hosts | local , ssh | cnquery shell local orcnquery shell ssh user@host |
macOS hosts | local , ssh | cnquery shell local orcnquery shell ssh user@IP_ADDRESS |
Microsoft 365 accounts | ms365 | cnquery shell ms365 --tenant-id TENANT_ID --client-id CLIENT_ID --certificate-path PFX_FILE |
Microsoft Azure instances | ssh | cnquery shell ssh user@host |
Microsoft Azure subscriptions | azure | cnquery shell azure --subscription SUBSCRIPTION_ID |
Okta org | okta | cnquery shell okta --token TOKEN --organization ORGANIZATION |
Oracle Cloud Interface (OCI) | oci | cnquery shell oci |
Running containers | docker | cnquery shell docker CONTAINER_ID |
Shodan search engine | shodan | cnquery shell shodan |
Slack team | slack | cnquery shell slack --token TOKEN |
SSL certificates on websites | host | cnquery shell host mondoo.com |
Terraform HCL | terraform | cnquery shell terraform HCL_FILE_OR_PATH |
Terraform plan | terraform plan | cnquery shell terraform plan plan.json |
Terraform state | terraform state | cnquery shell terraform state state.json |
Vagrant virtual machines | vagrant | cnquery shell vagrant HOST |
VMware Cloud Director | vcd | cnquery shell vcd user@domain@host --ask-pass |
VMware vSphere | vsphere | cnquery shell vsphere user@domain@host --ask-pass |
Windows hosts | local , ssh , winrm | cnquery shell local cnquery shell ssh Administrator@IP_ADDRESS --ask-pass orcnquery shell winrm Administrator@IP_ADDRESS --ask-pass |
What's next?
There are so many things cnquery can do! Gather information about your infrastructure, find tool-sprawl across systems, run incident response, and share data with auditors… cnquery is nearly limitless in capabilities.
Explore:
- cnquery docs
- Query packs
- MQL introduction
- MQL language reference
- cnspec, our open source, cloud-native security scanner
Join the community!
Our goal is to become the API for your entire infrastructure. Join our community today and let's grow it together!
Development
See our development documentation for information on building and contributing to cnquery.
Legal
- Copyright: 2018-2024, Mondoo, Inc.
- License: BUSL 1.1
- Authors: Christoph Hartmann, Dominik Richter