CFRipper – CloudFormation Security Scanning & Audit Tool
2022-1-24 01:15:41 Author: www.darknet.org.uk(查看原文) 阅读量:25 收藏

Last updated: January 24, 2022 | 16 views


CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool, it aims to prevent vulnerabilities from getting to production infrastructure through vulnerable CloudFormation scripts.

CFRipper - CloudFormation Security Scanning & Audit Tool

You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks by adding new custom plugins.

CFRipper should be part of your CI/CD pipeline. It runs just before a CloudFormation stack is deployed or updated and if the CloudFormation script fails to pass the security check it fails the deployment and notifies the team that owns the stack. Rules are the heart of CFRipper. When running CFRipper the CloudFormation stack will be checked against each rule and the results combined.

Usage of CFRipper for CloudFormation Security Scanning

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

Usage:  [OPTIONS] [TEMPLATES]...

  Analyse AWS Cloudformation templates passed by parameter. Exit codes:   -

  0 = all templates valid and scanned successfully   - 1 = error / issue in

  scanning at least one template   - 2 = at least one template is not valid

  according to CFRipper (template scanned successfully)   - 3 = unknown /

  unhandled exception in scanning the templates

Options:

  --version                       Show the version and exit.

  --resolve / --no-resolve        Resolves cloudformation variables and

                                  intrinsic functions  [default: False]

  --resolve-parameters FILENAME   JSON/YML file containing key-value pairs

                                  used for resolving CloudFormation files with

                                  templated parameters. For example, {"abc":

                                  "ABC"} will change all occurrences of

                                  {"Ref": "abc"} in the CloudFormation file to

                                  "ABC".

  --format [json|txt]             Output format  [default: txt]

  --output-folder DIRECTORY       If not present, result will be sent to

                                  stdout

  --logging [ERROR|WARNING|INFO|DEBUG]

                                  Logging level  [default: INFO]

  --rules-config-file FILENAME    Loads rules configuration file (type: [.py,

                                  .pyc])

  --rules-filters-folder DIRECTORY

                                  All files in the folder must be of type:

                                  [.py, .pyc]

  --aws-account-id TEXT           A 12-digit AWS account number eg.

                                  123456789012

  --aws-principals TEXT           A comma-separated list of AWS principals eg.

                                  arn:aws:iam::123456789012:root,234567890123,

                                  arn:aws:iam::111222333444:user/user-name

  --help                          Show this message and exit.

You can download CFRipper here:

cfripper-1.3.1.zip

Or read more here.

Posted in: Security Software

Latest Posts:


CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool

January 24, 2022 - 0 Shares

CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.

January 5, 2022 - 11 Shares

assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.

December 30, 2021 - 15 Shares

Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.

August 31, 2021 - 289 Shares

Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

July 7, 2021 - 200 Shares

Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.

May 27, 2021 - 318 Shares



文章来源: https://www.darknet.org.uk/2022/01/cfripper-cloudformation-security-scanning-audit-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
如有侵权请联系:admin#unsafe.sh