Skip to content
This repository has been archived by the owner on Oct 30, 2019. It is now read-only.

Scripts to help reviewing AWS environments as part of a security test

Notifications You must be signed in to change notification settings

alphagov/aws-security-tools

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AWS Security Review Tools

Scripts to assist security testing in AWS environments. Uses a combination of the AWS APIs to gather data and ansible playbooks to orchestrate some simple banner grabbing checks.

inspect_vpc.py

Uses the AWS APIs to gather details about a selected VPC. Produces output which can be used to review security groups and check they allow/deny traffic as expected.

ansible/scan_localhost.yaml

Runs nmap on all hosts, scanning local ports to discover which services are listening.

ansible/scan_for_hosts.yaml

Runs nmap on all hosts scanning a provided list of IP addresses (provided by inspect_vpc.py) attempting to connect to the listening_ports which can be found by running the ansible/scan_localhost.yaml.

ansible/retrieve_package_list.yaml

Runs apt list --installed on all hosts and saves the results locally. This can be used to in conjunction with https://github.com/davbo/active-cve-check/ to identify "active" CVEs against packages.

About

Scripts to help reviewing AWS environments as part of a security test

Resources

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages