HackMD - Collaborative Markdown Knowledge Base

## Agenda: 22-Oct-2022 #### R&D: - https://www.cloudquery.io/docs #### Agenda: - List: Top security tooling - CSPM | Cloud Infra | Automated Pentesting - Delivers immediate value - Target: Crypto Mining #### PRD - Attribute based access --- ## Action Item: ### List of CSPM | Cloud Infra | Automated Pentesting that delivers immediate value | Name | Description | Popularity | Comment | | ---------- | :----------: | :----------: | :----------: | | **[Prowler](https://github.com/toniblyx/prowler)** | CIS benchmarks and additional checks for security best practices in AWS (bash and python components) | [![stars](https://badgen.net/github/stars/toniblyx/prowler)](https://badgen.net/github/stars/toniblyx/prowler) | Best for AWS | | **[Wazuh](https://github.com/wazuh/wazuh)** | Unified XDR and SIEM protection for endpoints and cloud workloads | [![stars](https://badgen.net/github/stars/wazuh/wazuh)](https://badgen.net/github/stars/wazuh/wazuh) | Good: Workloads protection across on-premises, virtualized, containerized, and cloud-based environments | | **[HummerRisk](https://github.com/hummerrisk/hummerrisk/blob/master/README_EN.md)** | HummerRisk is an opensource cloud-native security platform |[![stars](https://badgen.net/github/stars/HummerRisk/HummerRisk/)](https://badgen.net/github/stars/HummerRisk/HummerRisk/)| Good: It resolve the cloud-native security and governance issues in agentless way. Core capabilities include hybrid-cloud security and K8S container cloud detection. | | **[CloudQuery](https://github.com/cloudquery/cloudquery/)** | Cloudquery exposes your cloud configuration and metadata as sql tables, providing powerful analysis and monitoring for compliance and security |[![stars](https://badgen.net/github/stars/cloudquery/cloudquery/)](https://badgen.net/github/stars/cloudquery/cloudquery/)| Getting lot of attention, [plugins supported](https://www.cloudquery.io/docs/plugins/sources) | | **[Komiser](https://github.com/mlabouardy/komiser)** | Cloud Environment Inspector analyze and manage cloud cost usage security and governance in one place. |[![stars](https://badgen.net/github/stars/mlabouardy/komiser)](https://badgen.net/github/stars/mlabouardy/komiser)| AWS, Azure, GCP, DigitalOcean & OVHcloud supported | | **[CloudMapper](https://github.com/duo-labs/cloudmapper)** | helps you analyze your AWS environments (Python) |[![stars](https://badgen.net/github/stars/duo-labs/cloudmapper)](https://badgen.net/github/stars/duo-labs/cloudmapper)| Graph view can be of good use case | | **[CloudSploit](https://github.com/cloudsploit/scans)** | Cloud Security Posture Management (CSPM) by Aqua - Cloud Security Scans |[![stars](https://badgen.net/github/stars/cloudsploit/scans)](https://badgen.net/github/stars/cloudsploit/scans)| Good: Based on NodeJS | | **[Pacbot](https://github.com/tmobile/pacbot)** | Platform for continuous compliance monitoring compliance reporting and security automation for the cloud |[![stars](https://badgen.net/github/stars/tmobile/pacbot)](https://badgen.net/github/stars/tmobile/pacbot)| Good: UI Seems promising, Asset, Policy & Compliance | | **[cs-suite](https://github.com/SecurityFTW/cs-suite)** | Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure. |[![stars](https://badgen.net/github/stars/SecurityFTW/cs-suite)](https://badgen.net/github/stars/SecurityFTW/cs-suite)| Wrapper around Scout2, Prowler, Lunar etc | | **[Cloud-reports](https://github.com/tensult/cloud-reports)** | Scans your AWS cloud resources and generates reports |[![stars](https://badgen.net/github/stars/tensult/cloud-reports)](https://badgen.net/github/stars/tensult/cloud-reports)| Nice to [look](https://github.com/tensult/cloud-reports/blob/master/sample-reports/account1/scan_report_sample.pdf) once, but project is now archieved now. | | **[Steampipe](https://github.com/turbot/steampipe)** | Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required. (SQL) |[![stars](https://badgen.net/github/stars/turbot/steampipe)](https://badgen.net/github/stars/turbot/steampipe)| [Overview](https://steampipe.io/docs/dashboard/overview) | --- ### Auditing Tools | Name | Description | Popularity | Comment | | ---------- | :---------- | :----------: | :----------: | | **[ScoutSuite](https://github.com/nccgroup/ScoutSuite)** | Multi-Cloud Security auditing tool for AWS Google Cloud and Azure environments (python) |[![stars](https://badgen.net/github/stars/nccgroup/ScoutSuite)](https://badgen.net/github/stars/nccgroup/ScoutSuite)| Good for Auditing --- ### Assets | Name | Description | Popularity | Comment | | ---------- | :---------- | :----------: | :----------: | | **[Cartography](https://github.com/lyft/cartography)** | Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database. |[![stars](https://badgen.net/github/stars/lyft/cartography)](https://badgen.net/github/stars/lyft/cartography)| Hearing a lot [Docs](https://lyft.github.io/cartography/) | --- ### AWS Cloud Specific | Name | Description | Popularity | Comment | | ---------- | :---------- | :----------: | :----------: | | **[ICE](https://github.com/Teevity/ice)** | Ice provides insights from a usage and cost perspective with high detail dashboards. |[![stars](https://badgen.net/github/stars/Teevity/ice)](https://badgen.net/github/stars/Teevity/ice)| [AWS] Usage Monitoring Tool | **[awspx](https://github.com/fsecurelabs/awspx)** | A graph-based tool for visualizing effective access and resource relationships in AWS environments |[![stars](https://badgen.net/github/stars/fsecurelabs/awspx)](https://badgen.net/github/stars/fsecurelabs/awspx)| [AWS] Visually promising | | **[aws-key-disabler](https://github.com/te-papa/aws-key-disabler)** | A small lambda script that will disable access keys older than a given amount of days |[![stars](https://badgen.net/github/stars/te-papa/aws-key-disabler)](https://badgen.net/github/stars/te-papa/aws-key-disabler)| [AWS] Access Keys: Good use case | | **[CloudTracker](https://github.com/duo-labs/cloudtracker)** | helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies (Python) |[![stars](https://badgen.net/github/stars/duo-labs/cloudtracker)](https://badgen.net/github/stars/duo-labs/cloudtracker)| [AWS] IAM: Good use case | | **[Cloudsplaining](https://github.com/salesforce/cloudsplaining)** | AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report. |[![stars](https://badgen.net/github/stars/salesforce/cloudsplaining)](https://badgen.net/github/stars/salesforce/cloudsplaining)| [AWS] IAM: [Good](https://cloudsplaining.readthedocs.io/en/latest/) use case | | **[PMapper](https://github.com/nccgroup/PMapper)** | Advanced and Automated AWS IAM Evaluation (Python) |[![stars](https://badgen.net/github/stars/nccgroup/PMapper)](https://badgen.net/github/stars/nccgroup/PMapper)| [AWS] IAM Use case | | **[AWS Public IPs](https://github.com/arkadiyt/aws_public_ips)** | Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6 Classic/VPC networking and across all AWS services (Ruby) |[![stars](https://badgen.net/github/stars/arkadiyt/aws_public_ips)](https://badgen.net/github/stars/arkadiyt/aws_public_ips)| [AWS] Public IP: Useful if interested in finding external network attack vector (Visual) | | **[AWS-Inventory](https://github.com/nccgroup/aws-inventory)** | Make a inventory of all your resources across regions (Python) |[![stars](https://badgen.net/github/stars/nccgroup/aws-inventory)](https://badgen.net/github/stars/nccgroup/aws-inventory)| [AWS] Resource discovery | | **[Resource Counter](https://github.com/disruptops/resource-counter)** | Counts number of resources in categories across regions |[![stars](https://badgen.net/github/stars/disruptops/resource-counter)](https://badgen.net/github/stars/disruptops/resource-counter)| [AWS] Resource discovery, output format could be better| --- ### Sample report: - Must have look to understand output from above tools - https://github.com/nccgroup/sadcloud#sample-audits-using-sadcloud --- ### Malware Support | Name | Description | Popularity | LicenseInUse | Commits | CommitCount| Comment | | ---------- | :---------- | :----------: | :----------: | :----------: |:----------: | :----------: | | **[Clamscan](https://github.com/kylefarris/clamscan)** | Scanning library supporting scanning files, directories, and streams with local sockets, local/remote TCP, and local clamscan/clamdscan binaries (with failover) | ![stars](https://badgen.net/github/stars/kylefarris/clamscan) | ![license](https://badgen.net/github/license/kylefarris/clamscan) | ![commits](https://badgen.net/github/commits/kylefarris/clamscan) | ![last-commit](https://badgen.net/github/last-commit/kylefarris/clamscan) | Use Node JS to scan files on your server with ClamAV's clamscan/clamdscan binary or via TCP to a remote server or local UNIX Domain socket. | **[Flan Scan](https://github.com/cloudflare/flan)** | Flan Scan is a wrapper over Nmap and the vulners script which turns Nmap into a full-fledged network vulnerability scanner| ![stars](https://badgen.net/github/stars/cloudflare/flan) | ![license](https://badgen.net/github/license/cloudflare/flan) | ![commits](https://badgen.net/github/commits/cloudflare/flan) | ![last-commit](https://badgen.net/github/last-commit/cloudflare/flan) | Network vulnerability scanner | **[ClamAV](https://github.com/Cisco-Talos/clamav)** | Antivirus engine for detecting trojans, viruses, malware & other malicious threats. | ![stars](https://badgen.net/github/stars/Cisco-Talos/clamav) | ![license](https://badgen.net/github/license/Cisco-Talos/clamav) | ![commits](https://badgen.net/github/commits/Cisco-Talos/clamav) | ![last-commit](https://badgen.net/github/last-commit/Cisco-Talos/clamav) | This is from Cisco Systems, Inc. Mail gateway-scanning software | **[ClamFS](https://github.com/burghardt/clamfs)** | FUSE-based user-space file system for Linux and BSD with on-access anti-virus file scanning | ![stars](https://badgen.net/github/stars/burghardt/clamfs) | ![license](https://badgen.net/github/license/burghardt/clamfs) | ![commits](https://badgen.net/github/commits/burghardt/clamfs) | ![last-commit](https://badgen.net/github/last-commit/burghardt/clamfs) | Scans files using ClamAV | **[Qu1cksc0pe](https://github.com/CYB3RMX/Qu1cksc0pe)** | All-in-One malware analysis tool for analyze many file types, from Windows binaries to E-Mail files. | ![stars](https://badgen.net/github/stars/CYB3RMX/Qu1cksc0pe) | ![license](https://badgen.net/github/license/CYB3RMX/Qu1cksc0pe) | ![commits](https://badgen.net/github/commits/CYB3RMX/Qu1cksc0pe) | ![last-commit](https://badgen.net/github/last-commit/CYB3RMX/Qu1cksc0pe) | Scans files using ClamAV | **[MultiScanner](https://github.com/mitre/multiscanner)** | Modular file scanning/analysis framework | ![stars](https://badgen.net/github/stars/mitre/multiscanner) | ![license](https://badgen.net/github/license/mitre/multiscanner) | ![commits](https://badgen.net/github/commits/mitre/multiscanner) | ![last-commit](https://badgen.net/github/last-commit/mitre/multiscanner) | This can be helpful we've good inventory for [modules](https://github.com/mitre/multiscanner/tree/master/multiscanner/modules) | **[Malware Scanner](https://github.com/JeromeHadorn/scanner)** | A malware scanner for YARA rules for Windows, Linux and MacOS written in Golang | ![stars](https://badgen.net/github/stars/JeromeHadorn/scanner) | ![license](https://badgen.net/github/license/JeromeHadorn/scanner) | ![commits](https://badgen.net/github/commits/JeromeHadorn/scanner) | ![last-commit](https://badgen.net/github/last-commit/JeromeHadorn/scanner) | Scan files/directories/drives against YARA rules. Pre-req: at least yara 4.2.0 installed & libcrypto library. | **[VirusTotal CLI](https://github.com/VirusTotal/vt-cli)** | A command-line tool for interacting with VirusTotal| ![stars](https://badgen.net/github/stars/VirusTotal/vt-cli) | ![license](https://badgen.net/github/license/VirusTotal/vt-cli) | ![commits](https://badgen.net/github/commits/VirusTotal/vt-cli) | ![last-commit](https://badgen.net/github/last-commit/VirusTotal/vt-cli) | Retrieve information about a file, URL, domain name, IP address, etc. Search for files and URLs using VirusTotal Intelligence query syntax. Download files. Manage your LiveHunt YARA rules. Launch Retrohunt jobs and get their results.