macOS
brew install trailscraperlocal Homebrew formula metadata
brew
Tool to get valuable information out of AWS CloudTrail. Version 0.10.0 via Homebrew; verified 2026-05-15.
install
brew install trailscraperlocal Homebrew formula metadata
overview
Tool to get valuable information out of AWS CloudTrail
history
TrailScraper is a small security-oriented command-line tool for extracting useful information from AWS CloudTrail and working with IAM policies. Its documented workflow centers on selecting or downloading CloudTrail records, then generating or extending IAM policy statements from the observed API activity.
The project presents itself as both a CloudTrail analysis tool and a general-purpose IAM policy toolbox. Its README documents Homebrew, pip, and container installation paths, and notes that container images from version 0.7.0 onward moved to GitHub Container Registry while older images remained on DockerHub.
Official release metadata shows TrailScraper continuing as a low-volume but maintained utility through the 2020s, with releases from the 0.5 series in 2018 through 0.10.0 at the end of 2025.
TrailScraper's adoption appears concentrated in AWS security and infrastructure workflows rather than broad developer use. The official README leads with `brew install trailscraper`, `pip install trailscraper`, and Docker examples, indicating that its audience is operators who want the tool available in local shells, CI jobs, or short-lived containers.
The CLI is used to query CloudTrail directly, download CloudTrail logs from S3, filter downloaded records, and pipe selected records into policy generation. Its examples include account, region, organization-trail, time-window, and assumed-role filters, then show JSON IAM policy output.
For package-manager users, TrailScraper is notable as a focused AWS least-privilege helper that can be installed without cloning a security toolkit. Its Homebrew and container install paths make it convenient for ephemeral audits, Terraform-permission discovery, and shell pipelines around AWS credentials.
security posture
infrastructure mutation or orchestration signal.
orange risk · medium confidence · infrastructure
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Credential-bearing paths to review before unattended agent runs.
~/.awsexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
trailscraper | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/flosell/trailscraper
install metadata
| Package key | brew:trailscraper |
|---|---|
| Version | 0.10.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/trailscraper |
| Homepage | https://github.com/flosell/trailscraper |
| Repository | https://github.com/flosell/trailscraper |
| Upstream docs | https://github.com/flosell/trailscraper#readme |
| License | Apache-2.0 |
| Source archive | https://files.pythonhosted.org/packages/43/82/74344dd629ac17dc4b3906eb07a53a731c3ccc80913abdbbe378c658498f/trailscraper-0.10.0.tar.gz |
| Last updated | 2026-05-15T13:33:37Z |
| Pulse | updated |
| Dependencies | python@3.14 |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sequoia, sonoma, tahoe, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | trailscraper |
| Version Scheme | 0 |
| Revision | 2 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.