security-tools.md

Security tools

{% embed url="https://github.com/aws-quickstart/quickstart-compliance-cis-benchmark" %}

{% embed url="https://aws-quickstart.github.io/" %}

{% embed url="https://github.github.com/training-kit/downloads/github-git-cheat-sheet.pdf" %}

{% embed url="https://github.com/SecurityFTW/cs-suite" %}

{% embed url="https://www.marcolancini.it/2018/blog-arsenal-cloud-native-security-tools/" %}

{% embed url="https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/" %}

Docker

Auditing Tools

Name	Description
Docker Bench	Checks for common best-practices around deploying Docker containers in production. Based on the CIS Docker Community Edition Benchmark v1.1.0.
Clair	Scan Docker images for security vulnerabilities (static analysis). I personally found it not straightforward to setup, so I ended up creating my own docker-compose to spin up Clair, alongside Postgres and Klar. For usage, see my docker_compose_clair repo.
Dockscan	Scan Docker installations for security issues and vulnerabilities.
dive	A tool for exploring each layer in a docker image.

Privilege Escalation

Name	Description
dockerrootplease	Gives you root on the host OS, if you're a member of the "docker" group
docker-rootshell	Abuses membership in the "docker" group to drop a root shell in the current working directory.
docker-escalate	Same concept as above.
Manual

Kubernetes

Auditing Tools

Name	Description
kube-bench	Checks whether Kubernetes is deployed according to security best practices. Based on the CIS Kubernetes Benchmark.
kube-hunter	Hunt for security weaknesses in Kubernetes clusters (even remote).
KubiScan	Scan for risky permissions and users in Kubernetes Role-Based Access Control (RBAC) authorization model. It can detect accounts which will expose the whole cluster if their identification (JWT token, certificate, etc.) is compromised by an attacker.
kubeaudit	Audit clusters against common security controls.
kubesec	Quantify risk for Kubernetes resources.
kube-auto-analyzer	Configuration analyzer to automate the process of reviewing Kubernetes installations against the CIS Kubernetes Benchmark.

AWS

Basic Tools

Name	Description
aws-cli	Universal Command Line Interface for AWS, used by basically any other tool.
aws-shell	Interactive shell for AWS (with autocompletion, etc.).

Inventory Tools

Name	Description
aws-inventory	Make an inventory of all your resources across regions.
Resource Counter	Counts number of resources in categories across regions.
aws_public_ips	Fetch all public IP addresses tied to your AWS account.

Auditing Tools

Name	Description
CS-Suite	Auditing the security posture of AWS/GCP/Azure infrastructure. Includes Scout2, Prowler, AWS Trusted Advisor, etc. Permissions required: SecurityAudit
CloudSploit	Returns a series of potential misconfigurations and security risks. Permissions required: SecurityAudit
AWS Security Benchmark	Script to evaluate your AWS account against the full CIS Amazon Web Services Foundations Benchmark 1.1.
S3Scan	Generate a report of all S3 buckets and their permissions (authenticated).
CloudMapper	Analyze AWS environments by creating network diagrams (and more). Permissions required: ReadOnlyAccess, SecurityAudit
PMapper	Advanced and Automated AWS IAM Evaluation. Permissions required: ReadOnlyAccess
Scout2	Security auditing. Already included in CS-Suite. Permissions required: ReadOnlyAccess, SecurityAudit
Prowler	CIS benchmarks and additional checks for security best practices in AWS. Already included in CS-Suite. Permissions required: SecurityAudit

Offensive Tools

Name	Description
Pacu	AWS penetration testing toolkit, designed for offensive security testing against cloud environments. Current modules enable a range of attacks, including user privilege escalation, backdooring of IAM users, attacking vulnerable Lambda functions, etc.
Nimbostratus	Tools for fingerprinting and exploiting Amazon cloud infrastructures.
weirdALL	AWS Attack Library.
S3Scanner	Scan for open AWS S3 buckets and dump the contents.
Cloudjack	CloudJack assesses AWS accounts for subdomain hijacking vulnerabilities as a result of decoupled Route53 and CloudFront configurations.
AWS PWN	A collection of AWS penetration testing scripts: Reconnaissance Exploration Elevation Persistence

#### Training Apps

Name	Description
flAWS	Challenge that, through a series of levels, teaches common mistakes and gotchas when using AWS. It also has some "public" credentials you can use to try your tools against:
Cloudgoat	Vulnerable by Design AWS infrastructure setup tool. There are also some writeups available.
DVCA	Damn Vulnerable Cloud Application.
nimbostratus-target	This repository holds a target infrastructure you can use for testing nimbostratus.

GCP

Basic Tools

Name	Description
gcloud	Command Line Interface for GCP.

Auditing Tools

Name	Description
G-Scout	Auditing GCP configurations. Permissions required on the projects: Viewer, Security Reviewer, Stackdriver Account Viewer
ScoutSuite	Multi-cloud security auditing tool. Permissions required on the projects: Viewer, Security Reviewer, Stackdriver Account Viewer
gcp-audit	Takes a set of projects and audits them for common issues as defined by its ruleset.
gcp-iam-collector	Python script for collecting and visualising Google Cloud Platform IAM permissions.
CS-Suite	Auditing the security posture of AWS/GCP/Azure infrastructure. Can be overlooked as it relies on G-Scout. Permissions required on the projects: Viewer, Security Reviewer, Stackdriver Account Viewer

Offensive Tools

Name	Description
GCPBucketBrute	Enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.

GIT

Name	Description
git-secrets	Prevents you from committing secrets and credentials into git repositories.
Gitrob	Reconnaissance tool for GitHub organizations.
Gitleaks	Searches full repo history for secrets and keys.
TruffleHog	Searches through git repositories for high entropy strings and secrets.

About the Author