cloudmapper

by duo-labs

6.2Kstars

832forks

129watchers

Updated 8 months ago

About

CloudMapper is a comprehensive AWS environment analysis tool that audits security configurations, identifies risks, and generates detailed reports to enhance cloud security posture.

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

Primary Use Case

CloudMapper is primarily used by cloud security engineers and AWS administrators to audit AWS accounts for misconfigurations, identify unused resources, and assess security risks. It helps organizations maintain compliance and improve their cloud security by providing detailed reports and insights into IAM policies, network exposure, and resource usage.

Key Features

Audits AWS accounts for potential security misconfigurations
Identifies admin users, roles, and principals with elevated privileges
Detects unused AWS resources such as Security Groups, Elastic IPs, and volumes
Finds publicly accessible hosts and open port ranges
Generates comprehensive HTML reports summarizing account resources and audit findings
Collects detailed metadata about AWS accounts
Provides geoip information on CIDRs trusted in Security Groups
Supports custom private commands extension

Installation

Clone the repository: git clone https://github.com/duo-labs/cloudmapper.git
Install prerequisites for pyjq (on macOS): brew install autoconf automake awscli freetype jq libtool python3
Navigate to the cloned directory: cd cloudmapper/
Create and activate a Python virtual environment: python3 -m venv ./venv && source ./venv/bin/activate
Install Python dependencies using pip (implied but not explicitly stated)
Ensure jq is installed (https://stedolan.github.io/jq/)
Install pyjq Python library (https://github.com/doloopwhile/pyjq)

Usage

>_ audit

Check for potential misconfigurations in the AWS account.

>_ collect

Collect metadata about an AWS account.

>_ find_admins

Identify admin users, roles, or principals with specific privileges based on IAM policies.

>_ find_unused

Detect unused AWS resources such as Security Groups, Elastic IPs, network interfaces, volumes, and load balancers.

>_ prepare / webserver

Generate network visualizations (note: network visualization is no longer maintained).

>_ public

Find public hosts and open port ranges in the AWS environment.

>_ sg_ips

Retrieve geoip information on CIDRs trusted in Security Groups.

>_ stats

Display counts of various AWS resources in the account.

>_ weboftrust

Show Web Of Trust information.

>_ report

Generate an HTML report summarizing account resources and audit findings.

>_ iam_report

Generate an HTML report focused on IAM information of the AWS account.

Security Frameworks

Reconnaissance

Discovery

Credential Access

Defense Evasion

Collection

Usage Insights

Integrate CloudMapper reports into continuous integration pipelines for automated cloud security posture monitoring.
Use findings from CloudMapper to prioritize remediation of high-risk IAM privileges and exposed network resources.
Extend CloudMapper with custom private commands to tailor audits to organization-specific compliance requirements.
Leverage geoip data on trusted CIDRs to detect anomalous network access patterns and potential lateral movement.
Combine CloudMapper with cloud SIEM tools to enrich detection capabilities and accelerate incident response.