Nuvola
Nuvola (with the lowercase n) is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax. The general idea behind this project is to create an abstracted digital twin of a cloud platform. For a more concrete example: nuvola reflects the BloodHound traits used for Active Directory analysis but on cloud environments (at the moment only AWS). The usage of a graph database also increases the possibility of finding different and innovative attack paths and can be used as an offline, centralised and lightweight digital twin. Quick Start Requirements: - docker-compose installed - an AWS account configured to be used with awscli with full access to the cloud resources, better if in ReadOnly mode (the policy arn:aws:iam::aws:policy/ReadOnlyAccess is fine) Setup: - Clone the repository: git clone --depth=1 https://github.com/primait/nuvola.git; cd nuvola - Create and edit, if required, the .env file to set your DB username/password/URL: cp .env_example .env; You may need to edit the size of the memory allocated to Neo4j if you run the tool on a low-RAM device.
FEATURES
SIMILAR TOOLS
A cloud security solution that provides agentless application mapping and vulnerability prioritization based on business impact across cloud environments.
Conmachi is a Golang tool for scanning container environments for security issues.
Converts the format of various S3 buckets for bug bounty and security testing.
Create Docker container images for testing and long-term use.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A collection of security workshops and hands-on content for AWS security services and techniques
Gatekeeper is a policy management tool for Kubernetes that provides an extensible, parameterized policy library and native Kubernetes CRDs for instantiating and extending the policy library.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.