This toolbox will bring to you all necessary apps and tooling as a simple portable and preinstalled Docker container for SecOps on AWS, especially for auditing and assessments purpose.
This will reduce the overhead and the headache of installation these tools and dependencies.
- docker macOS or Linux
awscli
installed & configured- create
.env
file before building your Docker image locally (see .env.example) to set yourDEFAULT_AWS_REGION
andPROFILE_NAME
(for aws-vault)
Clone the repository:
$ git clone https://github.com/z0ph/aws-security-toolbox.git
There is two options to use this toolbox,
- Option #1 (Interactive), you are using local
awscli
with~/.aws/credentials
populated. - Option #2 (
aws-vault
), you want to use your localaws-vault
installation.
Info: Working directory within the container: /opt/secops
$ ./ast.sh login
When you are logged into the shell of the container in interactive mode (-it
), you will be able to perform your audit/assessment with confidence thanks to pre-populated tools.
Example:
$ ./opt/secops/prowler/prowler -b | ansi2html -la > /tmp/prowler-report.html
nb: /tmp
is mapped to your own (host machine) /tmp
folder.
$ ./ast.sh exec /opt/secops/prowler/prowler -b -s > report-prod.txt
nb: if you are not using default
aws-vault profile name, please modify options in ast.sh
if you want to build your own container locally to get latest updates from tools maintainers, run the following command.
$ make build
This project is licensed under the MIT License - see the LICENSE file for details
- Victor GRENU - Initial work - zoph.io