Open Source AWS Security Tools

Last Updated: a day ago

Security Assessment

PacBot (Policy as Code Bot)
Tmobile | Multi
Policy as Code Bot (PacBot) is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud. In PacBot, security and compliance policies are implemented as code. All resources discovered by PacBot are evaluated against these policies to gauge policy conformance. PacBot auto-fix framework provides the ability to automatically respond to policy violations by taking predefined actions. PacBot packs in powerful visualization features, it gives a simplified view of compliance and makes it easy to analyze and remediate policy violations.
RepoKid
Netflix | IAM
Repokid uses Access Advisor provided by Aardvark to remove permissions granting access to unused services from the inline policies of IAM roles in an AWS account.
aws_public_ips
https://github.com/arkadiyt/ | Multi
A tool to fetch all public IP addresses (both IPv4/IPv6) associated with an AWS account. It can be used as a library and as a CLI, and supports the following AWS services (all with both Classic & VPC flavors): APIGateway, CloudFront, EC2 (and as a result: ECS, EKS, Beanstalk, Fargate, Batch, & NAT Instances), ElasticSearch, ELB (Classic ELB), ELBv2 (ALB/NLB), and more.
Prowler
github.com/toniblyx | Multi
AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and additional checks.
trusted-overlord
github.com/beeva | Multi
Trusted Overlord is a tool aimed to aggregate AWS Trusted Advisor alarms, AWS Health notifications and AWS Support cases from several AWS accounts and build a brief summary with the results.
PMapper
NCC Group | IAM
This tool helps identify if the IAM policies in place will accomplish the intents of the account's owners. AWS already has tooling in place to check if policies attached to a resource will permit an action. This tool builds on that functionality to identify other potential paths for a user to get access to a resource. This means checking for access to other users, roles, and services as ways to pivot.
Aardvark
Netflix | IAM
Aardvark is a multi-account AWS IAM Access Advisor API (and caching layer). Aardvark uses PhantomJS to log into the AWS Console and obtain access advisor data. It then presents a RESTful API for other apps to query.
Scout2
NCC Group | Multi
Scout2 is a security tool that lets AWS administrators assess their environment's security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a clear view of the attack surface automatically.

Compliance

PacBot (Policy as Code Bot)
Tmobile | Multi
Policy as Code Bot (PacBot) is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud. In PacBot, security and compliance policies are implemented as code. All resources discovered by PacBot are evaluated against these policies to gauge policy conformance. PacBot auto-fix framework provides the ability to automatically respond to policy violations by taking predefined actions. PacBot packs in powerful visualization features, it gives a simplified view of compliance and makes it easy to analyze and remediate policy violations.
Cloud Custodian
Netflix | Multi
Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. Custodian can be used to manage AWS, Azure, and GCP environments by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management.

Visualization

PacBot (Policy as Code Bot)
Tmobile | Multi
Policy as Code Bot (PacBot) is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud. In PacBot, security and compliance policies are implemented as code. All resources discovered by PacBot are evaluated against these policies to gauge policy conformance. PacBot auto-fix framework provides the ability to automatically respond to policy violations by taking predefined actions. PacBot packs in powerful visualization features, it gives a simplified view of compliance and makes it easy to analyze and remediate policy violations.
cloudformation-graph
github.com/trek10inc | CloudFormation
CloudFormation Graph outputs serverless architecture and resources as a Graphviz dot compatible output
viz-cfn
https://github.com/jeshan/ | CloudFormation
A tool that helps visualise cloudformation templates in the browser. Supports both YAML and JSON.
cloudmapper
Duo Labs | Multi
CloudMapper helps you analyze your AWS Account by visualizing the environment and network connectivity. The original purpose was to generate network diagrams and display them in your browser. It now contains much more functionality.This blog post shows you how you can analyze AWS WAF logs using Amazon Elasticsearch Service (Amazon ES). It also shows how to find out in near-real time which AWS WAF rules get triggered, why, and by which request. Finally, it shows how to create a historical view of your web applications’ access trends for long-term analysis.
aws-inventory
NCC Group | Multi
This is a tool that tries to discover all AWS resources created in an account and provides a list of all resources in an AWS account and relationships between these resources.
PMapper
NCC Group | IAM
This tool helps identify if the IAM policies in place will accomplish the intents of the account's owners. AWS already has tooling in place to check if policies attached to a resource will permit an action. This tool builds on that functionality to identify other potential paths for a user to get access to a resource. This means checking for access to other users, roles, and services as ways to pivot.

DevSecOps

cfn-nag
https://github.com/stelligent/ | CloudFormation
The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure. Roughly speaking it will look for: IAM rules that are too permissive (wildcards), Security group rules that are too permissive (wildcards), Access logs that aren't enabled, Encryption that isn't enabled.

Logging & Monitoring

trusted-overlord
github.com/beeva | Multi
Trusted Overlord is a tool aimed to aggregate AWS Trusted Advisor alarms, AWS Health notifications and AWS Support cases from several AWS accounts and build a brief summary with the results.
Cloud Custodian
Netflix | Multi
Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. Custodian can be used to manage AWS, Azure, and GCP environments by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management.
awslog
github.com/jaksi | AWS Config
A tool that shows the history and changes between configuration versions of AWS resources that are monitored by AWS Config.

Troubleshooting

awslog
github.com/jaksi | AWS Config
A tool that shows the history and changes between configuration versions of AWS resources that are monitored by AWS Config.