# Install trailscraper with Homebrew

Tool to get valuable information out of AWS CloudTrail. Version 0.10.0 via Homebrew; verified 2026-05-15.

## Install

```sh
sudo av install brew:trailscraper
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install trailscraper
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:trailscraper
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/trailscraper>
- **Version:** 0.10.0
- **Source summary:** Tool to get valuable information out of AWS CloudTrail
- **Homepage:** <https://github.com/flosell/trailscraper>
- **Repository:** <https://github.com/flosell/trailscraper>
- **Upstream docs:** <https://github.com/flosell/trailscraper#readme>
- **License:** Apache-2.0
- **Source archive:** <https://files.pythonhosted.org/packages/43/82/74344dd629ac17dc4b3906eb07a53a731c3ccc80913abdbbe378c658498f/trailscraper-0.10.0.tar.gz>
- **Last updated:** 2026-05-15T13:33:37Z
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- trailscraper (cli)
- trailscraper (alias)

## Dependencies

- python@3.14

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sequoia, sonoma, tahoe, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.10.0
- Package-manager updated: 2026-05-15
- Local data: ok
- Upstream repository: https://github.com/flosell/trailscraper
- info: No cached GitHub release or tag data was available.
## Project history and usage

TrailScraper is a small security-oriented command-line tool for extracting useful information from AWS CloudTrail and working with IAM policies. Its documented workflow centers on selecting or downloading CloudTrail records, then generating or extending IAM policy statements from the observed API activity.

### Project history

The project presents itself as both a CloudTrail analysis tool and a general-purpose IAM policy toolbox. Its README documents Homebrew, pip, and container installation paths, and notes that container images from version 0.7.0 onward moved to GitHub Container Registry while older images remained on DockerHub.

Official release metadata shows TrailScraper continuing as a low-volume but maintained utility through the 2020s, with releases from the 0.5 series in 2018 through 0.10.0 at the end of 2025.

### Adoption history

TrailScraper's adoption appears concentrated in AWS security and infrastructure workflows rather than broad developer use. The official README leads with `brew install trailscraper`, `pip install trailscraper`, and Docker examples, indicating that its audience is operators who want the tool available in local shells, CI jobs, or short-lived containers.

### How it is used

The CLI is used to query CloudTrail directly, download CloudTrail logs from S3, filter downloaded records, and pipe selected records into policy generation. Its examples include account, region, organization-trail, time-window, and assumed-role filters, then show JSON IAM policy output.

### Why package nerds care

For package-manager users, TrailScraper is notable as a focused AWS least-privilege helper that can be installed without cloning a security toolkit. Its Homebrew and container install paths make it convenient for ephemeral audits, Terraform-permission discovery, and shell pipelines around AWS credentials.

### Timeline

- 2018: Official GitHub releases include the 0.5 series.
- 2021: The README notes that current container images starting with 0.7.0 are published on GitHub Container Registry.
- 2025: Official GitHub releases list version 0.10.0.

### Related projects

- TrailScraper operates in the same AWS security niche as IAM policy generation, CloudTrail log analysis, and infrastructure-as-code permission discovery tools. Its README also points users to cfn-flip when they want generated policies converted from JSON to CloudFormation YAML.

### Sources

- <https://api.github.com/repos/flosell/trailscraper/releases>
- <https://github.com/flosell/trailscraper#readme>


## Security Notes

infrastructure mutation or orchestration signal.

- **Geiger risk:** orange / medium
- infrastructure mutation or orchestration signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Credential files

- Unix: ~/.aws
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** trailscraper
- **Version Scheme:** 0
- **Revision:** 2
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable


## Related links

- [Cloud CLI packages](https://www.automicvault.com/pkg/cloud-clis/) - Belongs to a cloud or infrastructure command family.
- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [python@3.14](https://www.automicvault.com/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [parliament](https://www.automicvault.com/pkg/brew/parliament/) - Shares av.db curated category or tags: aws, cli, cloud-security, iam, security.
- [terraform-iam-policy-validator](https://www.automicvault.com/pkg/brew/terraform-iam-policy-validator/) - Shares av.db curated category or tags: aws, cli, cloud-security, iam, security.
- [cfripper](https://www.automicvault.com/pkg/brew/cfripper/) - Shares av.db curated category or tags: aws, cli, cloud-security, security.
- [cliam](https://www.automicvault.com/pkg/brew/cliam/) - Shares av.db curated category or tags: aws, cli, cloud-security, iam, security.
- [cloudsplaining](https://www.automicvault.com/pkg/brew/cloudsplaining/) - Shares av.db curated category or tags: aws, cli, cloud-security, iam, security.
- [principalmapper](https://www.automicvault.com/pkg/brew/principalmapper/) - Shares av.db curated category or tags: aws, cli, cloud-security, iam, security.
- [cloudfox](https://www.automicvault.com/pkg/brew/cloudfox/) - Shares av.db curated category or tags: aws, cli, cloud-security, security.
- [lacework-cli](https://www.automicvault.com/pkg/brew/lacework-cli/) - Shares av.db curated category or tags: cli, cloud-security, security.

## Combined YAML source

View the package source record on GitHub. [combined/trailscraper.yml](https://github.com/automic-vault/db/blob/main/combined/trailscraper.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
