gcp-storage-emulator
prowler
Our great sponsors
gcp-storage-emulator | prowler | |
---|---|---|
1 | 24 | |
130 | 9,486 | |
- | 2.8% | |
4.4 | 9.9 | |
3 months ago | 6 days ago | |
Python | Python | |
BSD 3-clause "New" or "Revised" License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gcp-storage-emulator
-
Year old indie mobile app: what worked for the long haul
What do you mean with running App Engine locally? There used to be a local development server, but that did not survive the 2to3 transition. GCP does ship a datastore and a pubsub emulator, but no Cloud Storage for example (someone wrote this one [1], which sort-of works but it does not behave 1:1 like GCS, so ironically my tests have to work around bugs in the emulator...).
prowler
-
Azure and M365 Secure Config Review
Prowler and ScoutSuite are a good start for cloud stuff.
-
Open source alternative cloud security tool that works like Wiz/Lacework/Aqua
Im using prowler for aws and recently they added support for Azure, which ia great. Prowler Its not exactly a 100% cspm, but with some tweaking and integrations, it might be. Im usually running this is a 1 time assessment to see the current status of the environment.
Yes! There are open source cloud security tools! Here are some open source tools out there: steampipe, prowler, cloudquery, and ZeusCloud.
-
CSPM opensource suggestions
If AWS is in use then i would add prowler to the list - https://github.com/prowler-cloud/prowler This is the best open source cspm for aws.
-
Automated penetration testing for a cloud infrastructure
Here is a good open source option to get started: https://github.com/prowler-cloud/prowler
-
Pentesting
To add onto what /u/mekkr_ has said; you can also use tools like Prowler to ensure your environment is compliant. Prowler also has conmon and forensic capabilities.
-
Using Prowler to Audit your AWS account for vulnerabilities.
Few days ago I came across this repository and I found Prowler(Go Star the repo).
-
About Optimizing for Speed: How to do complete AWS Security&Compliance Scans in 5 minutes
Prowler
-
Automating Prowler for Compliance Checking in AWS
AWSTemplateFormatVersion: "2010-09-09" Description: "Create EC2 instanace with Prowler pre-configured and tied to roles to run" # Template Parameters # ImageId : Default is AWS Linux 2 ami-0e1d30f2c40c4c701 # InstanceType : Default is t3.micro # VpcId : VPC to launch in # SubnetId : Subnet to connect # KeyName : Keypair to use # CidrIp : CIDR range for SSH x.x.x.x/x Resources: # Create Prowler Instance - Parameters for ImageId, InstanceType, SubnetId, SecurityGroupIds, and KeyName ProwlerInstance: Type: 'AWS::EC2::Instance' Properties: ImageId: !Ref ImageId InstanceType: !Ref InstanceType SubnetId: !Ref SubnetId SecurityGroupIds: - !Ref InstanceSecurityGroup KeyName: !Ref KeyName IamInstanceProfile: !Ref ProwlerInstanceProfile Tags: - Key: Name Value: Prowler BlockDeviceMappings: - DeviceName: /dev/xvda Ebs: VolumeSize: 8 Encrypted: true # Run bash to install and configure Prowler UserData: Fn::Base64: !Sub | #!/bin/bash -xe sudo yum update -y sudo yum remove -y awscli cd /home/ec2-user curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/home/ec2-user/awscliv2.zip" unzip /home/ec2-user/awscliv2.zip sudo /home/ec2-user/aws/install sudo yum install -y python3 jq git sudo pip3 install detect-secrets==1.0.3 git clone https://github.com/prowler-cloud/prowler /home/ec2-user/prowler chown -R ec2-user:ec2-user /home/ec2-user/prowler ProwlerInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: InstanceProfileName: prowler-ec2-instance-profile Path: / Roles: - !Ref ProwlerEc2InstanceRole # Create Security Group InstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow ssh from specific host GroupName: ProwlerSecurityGroup VpcId: !Ref VpcId SecurityGroupIngress: - IpProtocol: 'tcp' FromPort: '22' ToPort: '22' CidrIp: !Ref CidrIp # Create EC2 Instance Role to run security checks and attach to instance ProwlerEc2InstanceRole: Type: AWS::IAM::Role Properties: RoleName: prowler-ec2-instance-role AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/SecurityAudit - arn:aws:iam::aws:policy/job-function/ViewOnlyAccess Path: / # Parameters for cloudformation template with some defaults Parameters: ImageId: Type: String Description: AMI - Linux 2 Default: 'ami-0e1d30f2c40c4c701' InstanceType: Type: String Description: Instance type to be used - t3.micro default Default: t3.micro VpcId: Type: AWS::EC2::VPC::Id Description: VPC to be used SubnetId: Type: AWS::EC2::Subnet::Id Description: Subnet to be used KeyName: Type: AWS::EC2::KeyPair::KeyName Description: Keyname CidrIp: Type: String Description: CidrIp to be used to connect from x.x.x.x/x Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: "Network Configuration" Parameters: - ImageId - InstanceType - VpcId - SubnetId - KeyName - CidrIp Conditions: {}
-
Starting to use AWS CLI at work. Need beginner tips.
For SecOps often a wrapper library like https://github.com/toniblyx/prowler will provide you the results you need for audits. If they don't exist natively then you can extend the library to add them for future use.
What are some alternatives?
ScoutSuite - Multi-Cloud Security Auditing Tool
cloudmapper - CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
steampipe-mod-aws-compliance - Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.
terraform-aws-secure-baseline - Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
opencspm - Open Cloud Security Posture Management Engine
CIS-Ubuntu-20.04-Ansible - Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
terraform-security-scan - Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec
Android-PIN-Bruteforce - Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
steampipe-mod-zoom-compliance - Run individual configuration, compliance and security controls or full compliance benchmarks for CIS for Zoom using Powerpipe and Steampipe.
aws-wsl2-environment - Bash script to setup development environment for AWS under WSL2 for Windows 10 using Ubuntu 20-04. aws-cli, aws-cdk, SSH for git, AWS utilities cfn-diagram and cfn-lint, jq JSON parser and associated dependencies.
my-arsenal-of-aws-security-tools - List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.