Tools To Assess Amazon AWS services Arrow to Content

If you have ever had to test Amazon’s AWS services from a blackbox perspective, you will quickly find out how difficult it can be to assess configurations and policies. Luckily, there are several tools that aid in this process and are listed below.

  1. prowler – Tool based on AWS-CLI commands for AWS account hardening, following guidelines of the CISAmazon Web Services Foundations Benchmark (https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf)
  2. nccgroup/Scout2 – Security auditing tool for AWS environments
  3. cloudsploit/scans – AWS security scanning checks
  4. The amazon inspector‍ – The default tool Amazon provides.  https://aws.amazon.com/inspector/
  5. Netflix/security_monkey – Security Monkey monitors your AWS and GCP accounts for policy changes and alertson insecure configurations
  6. Aardvark – Aardvark is a multi-account AWS IAM Access Advisor API
  7. Repokid – AWS Least Privilege for Distributed, High-Velocity Deployment
  8. DenizParlak/Zeus – AWS Auditing & Hardening Tool that aligns with CIS AWS benchmarks  http://www.denizparlak.com/?p=386
  9. Nimbostratus – Tools for fingerprinting and exploiting Amazon cloud infrastructures + video presentation and intro blog post
  10. Bucket finder – This is a fairly simple tool to run, all it requires is a wordlist and it will go off and check each word to see if that bucket name exists in the Amazon’s S3 system. Any that it finds it will check to see if the bucket is public, private or a redirect.
  11. Cloud Security Suite – One stop tool for auditing the security posture of AWS infrastructure. This tool includes Scout2, Prowler, and Lynis for assessing host configurations.
  12. Macie – Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Amazon Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved.  Currently on available for S3 but support for other data stores will come.

If there are any Cloud Security tools you know about or have experience using, feel free to reach out to our CSA-LA board and we will happily help create another blog post.

Thanks to the Peerlyst post who put this initial list together.

Page Dividing Line