PMapper
AirIAM
Our great sponsors
PMapper | AirIAM | |
---|---|---|
7 | 3 | |
1,323 | 752 | |
1.1% | 0.4% | |
0.0 | 0.0 | |
6 months ago | about 2 months ago | |
Python | Python | |
GNU Affero General Public License v3.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PMapper
-
How to conduct security assesment of AWS?
In addition to ScoutSuite, I recommend PMapper. https://github.com/nccgroup/PMapper
-
Anyone tried to create a halfway decent least privilege policy for a CDK deployment?
There are tons of other escape hatches, so it's a pretty big moving target. If you'd like to get a hint about your setup, I'd suggest trying: https://github.com/nccgroup/PMapper
- Do you know a way to visulize access flow between users and resources?
-
Graphviz: Open-source graph visualization software
I maintain an open-source project [1] that uses graphs to model data. I wanted to make my project as accessible as possible, so Graphviz was perfect since it's dead-simple to install and use on all major OS platforms.
[1] https://github.com/nccgroup/PMapper
- Principal Mapper v1.1.0 - AWS IAM Security Analysis
-
Show HN: Principal Mapper v1.1.0 – AWS IAM Security Analysis
Hi HN!
Principal Mapper is a tool + library for analyzing and securing your AWS IAM configuration. It generates a model of your account and/or organization and uses it to give you a better idea of the effective permissions of your IAM Users and Roles. It has privilege escalation detection built-in and is hopefully written in a way that will let you extend it for your use-cases.
This v1.1.0 update covers more types of policies (resource policies, permission boundaries, session policies, SCPs), supports AWS Organizations, enables cross-account checks, and more!
https://github.com/nccgroup/PMapper
Happy to answer any questions you have here!
AirIAM
-
AWS Networking Concepts in a Diagram
ugh access + least privilege on AWS + GCP is really hard
not made easier by the fact that debugging service accounts can sometimes require rebooting boxes or clusters
'cloud traceroute' to discover where exactly the problem is would be amazing
(in fairness there are 'least privilege' tools I haven't tried -- listed below and I recall reading about others)
1. iam access analyzer https://aws.amazon.com/blogs/security/iam-access-analyzer-ma...
2. airiam https://github.com/bridgecrewio/AirIAM
3. policy simulator https://cloud.google.com/policy-intelligence/docs/iam-simula...
- AirIAM
-
My first Hacktoberfest !!✨
View on GitHub
What are some alternatives?
awesome-aws - A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.
consoleme - A Central Control Plane for AWS Permissions and Access
data-science-ipython-notebooks - Data science Python notebooks: Deep learning (TensorFlow, Theano, Caffe, Keras), scikit-learn, Kaggle, big data (Spark, Hadoop MapReduce, HDFS), matplotlib, pandas, NumPy, SciPy, Python essentials, AWS, and various command lines.
cloudsplaining - Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
policy_sentry - IAM Least Privilege Policy Generator
aws-security-workshops - A collection of the latest AWS Security workshops
aws-leastprivilege - Generates an IAM policy for the CloudFormation service role that adheres to least privilege.
learn - Sourcegraph Learn: an educational hub to support all developers
d3-dag - Layout algorithms for visualizing directed acyclic graphs
tfwrapper - Claranet France Terraform & OpenTofu Wrapper
DFB - A mini development environment for developing and troubleshooting the Cypress PSoC Digital Filter Block
black - The uncompromising Python code formatter [Moved to: https://github.com/psf/black]