{"id":13587899,"url":"https://github.com/SecurityFTW/cs-suite","last_synced_at":"2025-04-08T02:34:20.735Z","repository":{"id":37663472,"uuid":"100479774","full_name":"SecurityFTW/cs-suite","owner":"SecurityFTW","description":"Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.","archived":false,"fork":false,"pushed_at":"2022-12-08T00:45:51.000Z","size":3406,"stargazers_count":1143,"open_issues_count":41,"forks_count":216,"subscribers_count":62,"default_branch":"master","last_synced_at":"2024-10-29T23:23:10.648Z","etag":null,"topics":["aws-audit","aws-security","azure","azure-audit","azure-security","cloud-security","gcp","gcp-audit-report","security","security-audit","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SecurityFTW.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-08-16T10:58:35.000Z","updated_at":"2024-10-16T07:30:37.000Z","dependencies_parsed_at":"2023-01-25T01:45:15.642Z","dependency_job_id":null,"html_url":"https://github.com/SecurityFTW/cs-suite","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecurityFTW%2Fcs-suite","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecurityFTW%2Fcs-suite/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecurityFTW%2Fcs-suite/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecurityFTW%2Fcs-suite/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SecurityFTW","download_url":"https://codeload.github.com/SecurityFTW/cs-suite/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223200779,"owners_count":17105014,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-audit","aws-security","azure","azure-audit","azure-security","cloud-security","gcp","gcp-audit-report","security","security-audit","security-tools"],"created_at":"2024-08-01T15:06:24.913Z","updated_at":"2024-11-06T07:30:35.063Z","avatar_url":"https://github.com/SecurityFTW.png","language":"Shell","readme":"# Cloud Security Suite (cs-suite) - Version 3.0\n\n## Usage\n```\nusage: cs.py [-h] -env {aws,gcp,azure,digitalocean} -aip AUDIT_IP -u USER_NAME -pem\n             PEM_FILE [-p] [-pId PROJECT_ID] [-az_u AZURE_USER]\n             [-az_p AZURE_PASS] [-o OUTPUT] [-w] [-n NUMBER]\n\nthis is to get IP address for lynis audit only\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -env {aws,gcp,azure,digitalocean}, --environment {aws,gcp,azure,digitalocean}\n                        The cloud on which the test-suite is to be run\n  -aip AUDIT_IP, --audit_ip AUDIT_IP\n                        The IP for which lynis Audit needs to be done .... by\n                        default tries root/Administrator if username not\n                        provided\n  -u USER_NAME, --user_name USER_NAME\n                        The username of the user to be logged in,for a\n                        specific user\n  -pem PEM_FILE, --pem_file PEM_FILE\n                        The pem file to access to AWS instance\n  -p, --password        hidden password prompt\n  -pId PROJECT_ID, --project_id PROJECT_ID\n                        Project ID for which GCP Audit needs to be run. Can be\n                        retrivied using `gcloud projects list`\n  -az_u AZURE_USER, --azure_user AZURE_USER\n                        username of azure account, optionally used if you want\n                        to run the azure audit with no user interaction.\n  -az_p AZURE_PASS, --azure_pass AZURE_PASS\n                        username of azure password, optionally used if you\n                        want to run the azure audit with no user interaction.\n  -o OUTPUT, --output OUTPUT\n                        writes a log in JSON of an audit, ideal for\n                        consumptions into SIEMS like ELK and Splunk. Defaults\n                        to cs-audit.log\n  -w, --wipe            rm -rf reports/ folder before executing an audit\n  -n, --number          Retain number of report to store for a particular \n                        environment and user/project.\n```\n## Requirements\n* Operating System **OSX** or **Linux** only\n* python 2.7\n* pip\n* git\n* jq\n* gcc (for sshpass installation (OS Audit). Not a mandatory pre-requisite)\n* AWS Audit - AWS ReadOnly Keys\n* GCP Audit - gcloud setup\n* Azure Audit - Azure user read-only access\n* DigitalOcean Audit - DigitalOcean API key and SPACES access_key and access_secret\n\n## Installation\n(in order to avoid missing with the already installed python libraries)\n\n - get project `git clone https://github.com/SecurityFTW/cs-suite.git \u0026\u0026\ncd cs-suite/`   \n - install [virtualenv](https://virtualenv.pypa.io/en/latest/) `pip install virtualenv`\n - create a python 2.7 local enviroment `virtualenv -p python2.7 venv`  \n - activate the virtual enviroment `source venv/bin/activate` \n - install project dependencies `pip install -r requirements.txt`\n - run the tool via `python cs.py --help`\n\n### AWS Configuration\n- In AWS create a IAM user with at least the following policy `arn:aws:iam::aws:policy/ReadOnlyAccess` \n- In your local [install aws cli](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html) `brew install awscli` _for OSX_  \n- Configure AWS cli `aws configure`\n\n### GCP Configuration\n- create a [project](https://cloud.google.com/resource-manager/docs/creating-managing-projects) in GCP\n- enable the [Cloud resource manager API](https://console.cloud.google.com/apis/api/cloudresourcemanager.googleapis.com/overview)\n- create a [service account](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys), download its key JSON and place it under `cs-suite/tools/G-Scout/keyfile.json`)\n- Install [google cloud sdk](https://cloud.google.com/sdk/install#installation_options)\n- configure google clound sdk `gcloud init`  \n\n### Azure Configuration\n\n- signup and have logged in already to [azure.microsoft.com](https://azure.microsoft.com)\n- install azure CLI `brew install az`\n- authenticate the azure cli `az login`, you should see your subscription type if it was successful, simiarly to the response below:\n\n\n```\n[\n  {\n    \"cloudName\": \"AzureCloud\",\n    \"id\": \"xxxxx-5595-4da5-bc27-xxxeeee\",\n    \"isDefault\": true,\n    \"name\": \"Free Trial\",\n    \"state\": \"Enabled\",\n    \"tenantId\": \"xxxxx-18e9-41a4-961b-xxxxx\",\n    \"user\": {\n      \"name\": \"customer@email.com\",\n      \"type\": \"user\"\n    }\n  }\n]\n```\n\n### DigitalOcean Configuration\n\n- create Personal Access Tokens and Spaces Access keys [cloud.digitalocean.com](https://cloud.digitalocean.com/account/api/tokens)\n- set the credentials by running export\n\nexport DO_KEY=*********************\n\nexport DO_ACCESS_KEY=*******************\n\nexport DO_SECRET_KEY=****************************\n\n\n## Running cs-suite\n\n```\nTo run AWS Audit - python cs.py -env aws\nTo run GCP Audit - python cs.py -env gcp -pId \u003cproject_name\u003e\nTo run Azure Audit - python cs.py -env azure\nTo run DigitalOcean Audit - python cs.py -env digitalocean\n```\n\n- The final report will be available in `reports` directory\n\n- The final AWS Audit report looks like below:\n\n![AWS Audit report](AWS_Audit_Report.png)\n\n- The final GCP Audit report looks like below:\n\n![GCP Audit report](GCP_Audit_Report.png)\n\n\n## Docker Setup\n\n- Create a local directory `aws` with `credentials` and `config` files\n\n- The `config` file looks like below\n\n```\n$ cat aws/config\n\n[default]\noutput = json\nregion = us-east-1\n```\n- The `credentials` file looks like below\n\n```\n$ cat aws/credentials\n\n[default]\naws_access_key_id = XXXXXXXXXXXXXXX\naws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXX\n```\n\n***Note: This tool requires `arn:aws:iam::aws:policy/ReadOnlyAccess` IAM policy***\n\n- Then run the follwing docker command to start (passing your specific enviroment)\n\n```\ndocker run -v `pwd`/aws:/root/.aws -v `pwd`/reports:/app/reports securityftw/cs-suite -env aws\n```\n\n## Documentation\n[https://securityftw.github.io](https://securityftw.github.io)\n\n## Thanks\n* Scout2 - https://github.com/nccgroup/Scout2\n* Prowler - https://github.com/Alfresco/prowler\n* Lunar - https://github.com/lateralblast/lunar\n* Lynis - https://github.com/CISOfy/lynis\n* G-Scout - https://github.com/nccgroup/G-Scout\n* @alanrenouf - https://github.com/alanrenouf/Windows-Workstation-and-Server-Audit\n* Ranjeet Sengar - https://github.com/sengar23\n","funding_links":[],"categories":["Shell","Infrastructure","Shell (473)"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSecurityFTW%2Fcs-suite","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSecurityFTW%2Fcs-suite","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSecurityFTW%2Fcs-suite/lists"}