Audit

CIS¶


AWS Sec Benchmark	Script to evaluate your AWS account against the full CIS Amazon Web Services Foundations Benchmark 1.1 Usage: `$ python aws-cis-foundation-benchmark-checklist.py`


cloudfox	Helps gaining situational awareness in unfamiliar cloud environments and finding exploitable attack paths Introducing: CloudFox
ScoutSuite	Multi-cloud security auditing tool Permissions: `SecurityAudit` Usage: `$ python Scout.py --provider aws`
Prowler	CIS benchmarks and additional checks for security best practices in AWS Permissions: `SecurityAudit` Usage: `$ ./prowler -M html` See also aws-security-assessment-solution: an AWS tool to help you create a point in time assessment of your AWS account using Prowler and Scout as well as optional AWS developed ransomware checks
CS-Suite	Auditing the security posture of AWS/GCP/Azure infrastructure Permissions: `SecurityAudit` Usage: `$ python cs.py -env aws`
CloudSploit	Security scanning checks Permissions: `SecurityAudit` Usage: `// Edit the index.js file with your AWS key and secret` `// Run a standard scan` `$ node index.js` `// Run a compliance scan` `$ node index.js --compliance=hipaa`
Cloudsplaining	Scans accounts for violations of Least Privilege and identifies policies that can lead to Privilege Escalation, Data Exfiltration, Resource Exposure, and Infrastructure Modification
cloudlist	Obtain public assets (hostnames, IPs)
Aerides	An implementation of IaC scanning using dynamic tooling: Scout Suite and Principal Mapper with Terraform and LocalStack Uses GitHub Actions to perform automatic tests for pull requests Testing Infrastructure-as-Code Using Dynamic Tooling


LambdaGuard	AWS Serverless Security auditing tool designed to provide asset visibility, illustrate service dependencies, and configuration checks from a security perspective
dufflebag	Searches through public EBS snapshots for secrets that may have been accidentally left in
s3_objects_check	Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files
ghostbuster	Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts You can also refer to the companion blog post
aws-imds-packet-analyzer	A tool that traces TCP interactions with the EC2 Instance Metadata Service (IMDS), assisting in identifying the processes making IMDSv1 calls on a host