CFRipper Logo

CFRipper

0
Free
Visit Website

CFRipper is a Library and CLI security analyzer for AWS CloudFormation templates. You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks by adding new custom plugins. Docs and more details available in [CFRipper Documentation](https://cfripper.readthedocs.io/) CLI Usage: Normal execution: $ cfripper /tmp/root.yaml /tmp/root_bypass.json --format txt Analysing /tmp/root.yaml... Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config. Valid: False Issues found: - FullWildcardPrincipalRule: rootRole should not allow full wildcard '*', or wildcard in account ID like 'arn:aws:iam::*:12345' at '*' - IAMRolesOverprivilegedRule: Role 'rootRole' contains an insecure permission '*' in policy 'root' Analysing /tmp/root_bypass.json... Valid: True Using the 'resolve' flag: $ cfripper /tmp/root.yaml /tmp/root_bypass.json --format txt --resolve Analysing /tmp/root.yaml... Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config. Valid: False Issues found: - FullWildcardPrincipalRule: rootRole should not allow full wildcard '*', or wildcard in acco

FEATURES

ALTERNATIVES

IronBee is an open source project building a universal web application security sensor.

Yara Based Detection for web browsers

A cloud-based DAST solution that discovers, inventories, and tests web applications and APIs for security vulnerabilities across diverse environments.

ESLint plugin to prevent Trojan Source attacks.

AWS Web Application Firewall (WAF) for protecting web applications from common exploits.

An ASPM platform that provides software supply chain security through risk assessment, prioritization, and protection mechanisms.

A script that implements Cognito attacks such as Account Oracle or Priviledge Escalation

OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.