Open Source AWS Security Tools

Last Updated: 3 days ago

DevSecOps

git-secrets
awslabs | AWS
A tool that prevents you from committing passwords and other sensitive information to a git repository.
cfripper
github.com/Skyscanner | CloudFormation
CFripper is a Python tool that aims to prevent vulnerabilities from getting to production infrastructure through vulnerable CloudFormation scripts.
TruffleHog
github.com/dxa4481 | CloudFormation
TruffleHog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets (such as AWS Secret Keys) accidentally committed.
cfn-nag
https://github.com/stelligent/ | CloudFormation
The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure. Roughly speaking it will look for: IAM rules that are too permissive (wildcards), Security group rules that are too permissive (wildcards), Access logs that aren't enabled, Encryption that isn't enabled.

Security Assessment

RepoKid
Netflix | IAM
Repokid uses Access Advisor provided by Aardvark to remove permissions granting access to unused services from the inline policies of IAM roles in an AWS account.
PacBot (Policy as Code Bot)
Tmobile | Multi
Policy as Code Bot (PacBot) is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud. In PacBot, security and compliance policies are implemented as code. All resources discovered by PacBot are evaluated against these policies to gauge policy conformance. PacBot auto-fix framework provides the ability to automatically respond to policy violations by taking predefined actions. PacBot packs in powerful visualization features, it gives a simplified view of compliance and makes it easy to analyze and remediate policy violations.
trusted-overlord
github.com/beeva | Multi
Trusted Overlord is a tool aimed to aggregate AWS Trusted Advisor alarms, AWS Health notifications and AWS Support cases from several AWS accounts and build a brief summary with the results.
aws_public_ips
github.com/arkadiyt/ | Multi
A tool to fetch all public IP addresses (both IPv4/IPv6) associated with an AWS account. It can be used as a library and as a CLI, and supports the following AWS services (all with both Classic & VPC flavors): APIGateway, CloudFront, EC2 (and as a result: ECS, EKS, Beanstalk, Fargate, Batch, & NAT Instances), ElasticSearch, ELB (Classic ELB), ELBv2 (ALB/NLB), and more.
Prowler
github.com/toniblyx | Multi
AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and additional checks.
Scout2
NCC Group | Multi
Scout2 is a security tool that lets AWS administrators assess their environment's security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a clear view of the attack surface automatically.
PMapper
NCC Group | IAM
This tool helps identify if the IAM policies in place will accomplish the intents of the account's owners. AWS already has tooling in place to check if policies attached to a resource will permit an action. This tool builds on that functionality to identify other potential paths for a user to get access to a resource. This means checking for access to other users, roles, and services as ways to pivot.
Aardvark
Netflix | IAM
Aardvark is a multi-account AWS IAM Access Advisor API (and caching layer). Aardvark uses PhantomJS to log into the AWS Console and obtain access advisor data. It then presents a RESTful API for other apps to query.

Operations

Packer
Hashicorp | EC2
Packer is a tool for building identical machine images for multiple platforms from a single source configuration. Packer is lightweight, runs on every major operating system, and is highly performant, creating machine images for multiple platforms in parallel.
aminator
Netflix | EC2
Easily create application-specific custom AMIs. This tool currently works for CentOS/RedHat Linux images and is intended to run on an EC2 instance.
cloud-nuke
github.com/gruntwork-io | AWS
A tool for cleaning up your cloud accounts by nuking (deleting) all resources within it.

Management

GuardDuty Multi-Account Manager
Mozilla | GuardDuty
GuardDuty Multi-Account Manager is a series of lambda functions designed to do the following: 1) Enable GuardDuty Masters in all AWS Regions present and future. 2) Empower account owners to decide to enable GuardDuty. 3) Manage the lifecycle of invitations to the member accounts. 4) Aggregate all findings from all detectors in all regions, normalize the data, and send to a single SQS queue.
BLESS - Bastion's Lambda Ephemeral SSH Service
Netflix | EC2
Bless is an SSH Certificate Authority that runs as a AWS Lambda function, and helps provide a way to authorize users to access a particular SSH host for a short-lived period

Offensive Security

TruffleHog
github.com/dxa4481 | CloudFormation
TruffleHog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets (such as AWS Secret Keys) accidentally committed.

Compliance

PacBot (Policy as Code Bot)
Tmobile | Multi
Policy as Code Bot (PacBot) is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud. In PacBot, security and compliance policies are implemented as code. All resources discovered by PacBot are evaluated against these policies to gauge policy conformance. PacBot auto-fix framework provides the ability to automatically respond to policy violations by taking predefined actions. PacBot packs in powerful visualization features, it gives a simplified view of compliance and makes it easy to analyze and remediate policy violations.
Cloud Custodian
Netflix | Multi
Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. Custodian can be used to manage AWS, Azure, and GCP environments by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management.

Visualization

PacBot (Policy as Code Bot)
Tmobile | Multi
Policy as Code Bot (PacBot) is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud. In PacBot, security and compliance policies are implemented as code. All resources discovered by PacBot are evaluated against these policies to gauge policy conformance. PacBot auto-fix framework provides the ability to automatically respond to policy violations by taking predefined actions. PacBot packs in powerful visualization features, it gives a simplified view of compliance and makes it easy to analyze and remediate policy violations.
cloudformation-graph
github.com/trek10inc | CloudFormation
CloudFormation Graph outputs serverless architecture and resources as a Graphviz dot compatible output
cloudmapper
Duo Labs | Multi
CloudMapper helps you analyze your AWS Account by visualizing the environment and network connectivity. The original purpose was to generate network diagrams and display them in your browser. It now contains much more functionality.This blog post shows you how you can analyze AWS WAF logs using Amazon Elasticsearch Service (Amazon ES). It also shows how to find out in near-real time which AWS WAF rules get triggered, why, and by which request. Finally, it shows how to create a historical view of your web applications’ access trends for long-term analysis.
aws-inventory
NCC Group | Multi
This is a tool that tries to discover all AWS resources created in an account and provides a list of all resources in an AWS account and relationships between these resources.
PMapper
NCC Group | IAM
This tool helps identify if the IAM policies in place will accomplish the intents of the account's owners. AWS already has tooling in place to check if policies attached to a resource will permit an action. This tool builds on that functionality to identify other potential paths for a user to get access to a resource. This means checking for access to other users, roles, and services as ways to pivot.
viz-cfn
github.com/jeshan/ | CloudFormation
A tool that helps visualise cloudformation templates in the browser. Supports both YAML and JSON.

Logging & Monitoring

trusted-overlord
github.com/beeva | Multi
Trusted Overlord is a tool aimed to aggregate AWS Trusted Advisor alarms, AWS Health notifications and AWS Support cases from several AWS accounts and build a brief summary with the results.
Cloud Custodian
Netflix | Multi
Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. Custodian can be used to manage AWS, Azure, and GCP environments by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management.
awslog
github.com/jaksi | AWS Config
A tool that shows the history and changes between configuration versions of AWS resources that are monitored by AWS Config.

Troubleshooting

awslog
github.com/jaksi | AWS Config
A tool that shows the history and changes between configuration versions of AWS resources that are monitored by AWS Config.