Two rather awesome tools have come to my attention this week...
Aws Security Viz: Drawing big beautiful graphs from your AWS Security Groups: https://github.com/anaynayak/aws-security-viz
NCC group's PMapper: https://github.com/nccgroup/PMapper
Both tools offer graphical output of your most trusted AWS Security controls, with Security Viz's being an interactive GraphViz session which you can pull around and explore to highlight those groups which might need some more attention:
PMapper has a neat feature incorporating REPL, which allows you to ask questions of your newly formed graph to understand what IAM role can do what:
Screenshots and snippets taken directly from their respective repos.
Oh, you should probably check out GoDaddy's Okta processor too..! https://github.com/godaddy/aws-okta-processor
Aws Security Viz: Drawing big beautiful graphs from your AWS Security Groups: https://github.com/anaynayak/aws-security-viz
NCC group's PMapper: https://github.com/nccgroup/PMapper
Both tools offer graphical output of your most trusted AWS Security controls, with Security Viz's being an interactive GraphViz session which you can pull around and explore to highlight those groups which might need some more attention:
PMapper has a neat feature incorporating REPL, which allows you to ask questions of your newly formed graph to understand what IAM role can do what:
repl> query "who can do s3:GetObject with *"
...
repl> argquery --principal "*" --preset privesc
Check them both out, and have fun finding scary things in your AWS config ;)Screenshots and snippets taken directly from their respective repos.
Oh, you should probably check out GoDaddy's Okta processor too..! https://github.com/godaddy/aws-okta-processor
Comments
Post a Comment