Dow Jones Hammer is a multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources, across all regions and accounts. It has near real-time reporting capabilities (e.g. JIRA, Slack) to provide quick feedback to engineers and can perform auto-remediation of some misconfigurations. This helps to protect products deployed on cloud by creating secure guardrails.
Dow Jones Hammer documentation is available via GitHub Pages at https://dowjones.github.io/hammer/.
- Insecure Services
- S3 ACL Public Access
- S3 Policy Public Access
- IAM User Inactive Keys
- IAM User Keys Rotation
- CloudTrail Logging Issues
- EBS Unencrypted Volumes
- EBS Public Snapshots
- RDS Public Snapshots
- SQS Public Policy Access
- S3 Unencrypted Buckets
- RDS Unencrypted Instances
- AMIs Public Access
- Python 3.6
- AWS (Lambda, Dynamodb, EC2, SNS, CloudWatch, CloudFormation)
- Terraform
- JIRA
- Slack
You are welcome to contribute!
You can use GitHub Issues to report issues. Describe what is going on wrong and what you expect to be correct behaviour.
We currently use dev branch for ongoing development. Please open PRs to this branch.
Run tests with this command:
tox
Feel free to create issue report, pull request or just email us at hammer@dowjones.com with any other questions or concerns you have.