Framework for Unified Flaw & Fault Auditing
The ultimate AWS Cloud Security Audit Framework that makes security auditing so easy, you can do it even when you're sleepy! π΄
Key Features β’ How It Works β’ Installation β’ Quick Start β’ Usage Guide β’ Contributing
|
Scan repositories for hardcoded credentials with over 50+ patterns including AWS keys, API tokens, and private keys. Includes Shannon entropy detection. |
Comprehensive checks for S3, EC2, IAM, RDS, Lambda, VPC, and CloudTrail to ensure your cloud infrastructure follows best practices. |
|
Analyze Terraform, CloudFormation, Serverless, and Kubernetes files for security flaws before deployment using the Checkov engine. |
Visualize and analyze IAM permissions to detect privilege escalation paths and overly permissive policies using graph-based mapping. |
FuFuFaFa streamlines your security auditing workflow. Here is the process flow:
graph TD
A[Start Scan] --> B{Select Scan Type}
B -->|Secrets| C[Cloning Repository]
C --> D[Regex & Entropy Analysis]
D --> E[Git History Scan]
B -->|Cloud| F[AWS API Calls]
F --> G[Resource Enumeration]
G --> H[Security Rule Check]
B -->|IaC| I[Parse Infrastructure Code]
I --> J[Checkov Policy Scan]
B -->|IAM| K[Fetch IAM Policies]
K --> L[Neo4j Graph Building]
L --> M[Privilege Path Analysis]
E --> N[Generate Report]
H --> N
J --> N
M --> N
N --> O((End))
style A fill:#4F46E5,stroke:#333,stroke-width:2px,color:#fff
style N fill:#10B981,stroke:#333,stroke-width:2px,color:#fff
style O fill:#EF4444,stroke:#333,stroke-width:2px,color:#fff
- Python 3.9+
- Docker & Docker Compose (for persistent storage)
- AWS CLI configured (for cloud scanning)
# 1. Clone the repository
git clone https://github.com/Masriyan/FuFuFaFa.git
cd FuFuFaFa
# 2. Set up virtual environment
python -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
# 3. Install dependencies
pip install -e ".[dev]"
# 4. Start database services
docker-compose up -d postgres redis neo4j
# 5. Initialize database
fufufafa init-dbGet up and running in seconds!
# 1. Verify installation
fufufafa --version
# 2. Run a secret scan on a local repo
fufufafa secret scan ./your-project
# 3. Scan your default AWS profile
fufufafa cloud scan
# 4. View help for more commands
fufufafa --helpFind hidden secrets in your code, even deep in git history.
fufufafa secret scan ./target-repo --historyOptions:
--history: Scan full git history--entropy 4.5: Set custom entropy threshold--json: Output results in JSON format
Audit your AWS environment for security gaps.
fufufafa cloud scan --profile production --regions us-east-1,us-west-2Options:
--profile: Specify AWS CLI profile--services s3,ec2,iam: Contextual scanning--fix: Attempt auto-remediation (Use with caution!)
Shift left by scanning your infrastructure code.
fufufafa iac scan ./terraform-filesVisualize permission paths and find dangerous roles.
fufufafa iam analyze --graphNote: Requires Neo4j service to be running.
The FuFuFaFa framework is built for modularity and scalability.
C4Context
title System Context Diagram for FuFuFaFa
Person(user, "Security Auditor", "Uses FuFuFaFa to audit cloud security.")
System(fufufafa, "FuFuFaFa Framework", "CLI tool for scanning secrets, cloud config, IaC, and IAM.")
System_Ext(aws, "AWS Cloud", "Target environment for auditing.")
System_Ext(neo4j, "Neo4j Database", "Stores IAM graph relationships.")
System_Ext(postgres, "PostgreSQL", "Stores finding results and reports.")
Rel(user, fufufafa, "Runs CLI commands")
Rel(fufufafa, aws, "Reads configuration via API")
Rel(fufufafa, neo4j, "Queries/Updates Graph")
Rel(fufufafa, postgres, "Persists Audit Data")
We welcome contributions! Please see our Contributing Guide for details.
- Found a bug? Open an Issue
- Security concern? See SECURITY.md
- Code of Conduct? See CODE_OF_CONDUCT.md
Made with β€οΈ and β by the FuFuFaFa Team