Skip to content

aws vulnerability assessment with security hub ๐Ÿ›ก๏ธ ๐Ÿ”’

License

Notifications You must be signed in to change notification settings

R3DRUN3/aws-secops

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

14 Commits
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 

Repository files navigation

AWS SECOPS

Snyk scan and DockerHub push License: MIT

ABSTRACT

Make use of aws Security Hub service to launch a fast vulnerability assessment against your aws assets.

Requirements

aws account golang version >= 1.16

GitHub Action

This repository has associated a GitHub action that does the following:

  • 1 Check for any software vulnerabilities via Snyk api.
  • 2 If no vuln are found, build the docker image on DockerHub.

Instructions

Clone this folder and run the code:

git clone https://github.com/R3DRUN3/aws-secops.git  \
&& cd aws-secops \
&& go run main.go

You can also build the docker image yourself or download it from this docker hub repo.

To run as a docker container you need to set some mandatory env vars:

docker run -it --rm \
--env AWS_REGION=AWS_REGION_HERE \
--env AWS_ACCESS_KEY_ID=AWS_ACCESS_KEY_HERE \
--env AWS_SECRET_ACCESS_KEY=AWS_ACCESS_SECRET_HERE \
r3drun3/aws-secops:latest

Output Sample:

      ___           ___           ___                   ___           ___           ___           ___           ___           ___
     /\  \         /\__\         /\  \                 /\  \         /\  \         /\  \         /\  \         /\  \         /\  \
    /::\  \       /:/ _/_       /::\  \               /::\  \       /::\  \       /::\  \       /::\  \       /::\  \       /::\  \
   /:/\:\  \     /:/ /\__\     /:/\ \  \             /:/\ \  \     /:/\:\  \     /:/\:\  \     /:/\:\  \     /:/\:\  \     /:/\ \  \
  /::\~\:\  \   /:/ /:/ _/_   _\:\~\ \  \           _\:\~\ \  \   /::\~\:\  \   /:/  \:\  \   /:/  \:\  \   /::\~\:\  \   _\:\~\ \  \
 /:/\:\ \:\__\ /:/_/:/ /\__\ /\ \:\ \ \__\         /\ \:\ \ \__\ /:/\:\ \:\__\ /:/__/ \:\__\ /:/__/ \:\__\ /:/\:\ \:\__\ /\ \:\ \ \__\
 \/__\:\/:/  / \:\/:/ /:/  / \:\ \:\ \/__/         \:\ \:\ \/__/ \:\~\:\ \/__/ \:\  \  \/__/ \:\  \ /:/  / \/__\:\/:/  / \:\ \:\ \/__/
      \::/  /   \::/_/:/  /   \:\ \:\__\            \:\ \:\__\    \:\ \:\__\    \:\  \        \:\  /:/  /       \::/  /   \:\ \:\__\
      /:/  /     \:\/:/  /     \:\/:/  /             \:\/:/  /     \:\ \/__/     \:\  \        \:\/:/  /         \/__/     \:\/:/  /
     /:/  /       \::/  /       \::/  /               \::/  /       \:\__\        \:\__\        \::/  /                     \::/  /
     \/__/         \/__/         \/__/                 \/__/         \/__/         \/__/         \/__/                       \/__/


GRAVITY:  LOW
[1.1 Avoid the use of the root user]
The root user has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this user be avoided.For directions on how to fix this issue, consult the AWS Security Hub CIS documentation. ===> https://docs.aws.amazon.com/console/securityhub/standards-cis-1.1/remediation

GRAVITY:  MEDIUM
[2.5 Ensure AWS Config is enabled]
AWS Config is a web service that performs configuration management of supported AWS resources within your account and delivers log files to you. The recorded information includes the configuration item (AWS resource), relationships between configuration items (AWS resources), and any configuration changes between resources. It is recommended to enable AWS Config in all regions.For directions on how to fix this issue, consult the AWS Security Hub CIS documentation. ===> https://docs.aws.amazon.com/console/securityhub/standards-cis-2.5/remediation

......................CENSORED...........................
......................CENSORED...........................
......................CENSORED...........................
......................CENSORED...........................
......................CENSORED...........................


VULNERABILITY RECAP: FOUND 15 LOW, 2 MEDIUM AND 0 HIGH

About

aws vulnerability assessment with security hub ๐Ÿ›ก๏ธ ๐Ÿ”’

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published