{"id":43355173,"url":"https://github.com/Su1ph3r/Nubicustos","last_synced_at":"2026-02-13T04:01:07.469Z","repository":{"id":331997701,"uuid":"1088405462","full_name":"Su1ph3r/Nubicustos","owner":"Su1ph3r","description":"Cloud security intelligence platform with cross-tool integration — transform raw security scans into actionable intelligence across AWS, Azure, GCP, and Kubernetes","archived":false,"fork":false,"pushed_at":"2026-02-09T23:24:09.000Z","size":3586,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-10T03:39:31.617Z","etag":null,"topics":["aws-security","azure-security","checkov","cloud-security","compliance","cspm","devsecops","gcp-security","kubernetes-security","multi-cloud","open-source-security","prowler","scoutsuite","security-audit","vulnerability-scanner"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Su1ph3r.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-02T22:34:48.000Z","updated_at":"2026-02-09T23:24:21.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Su1ph3r/Nubicustos","commit_stats":null,"previous_names":["su1ph3r/nubicustos"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/Su1ph3r/Nubicustos","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Su1ph3r%2FNubicustos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Su1ph3r%2FNubicustos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Su1ph3r%2FNubicustos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Su1ph3r%2FNubicustos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Su1ph3r","download_url":"https://codeload.github.com/Su1ph3r/Nubicustos/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Su1ph3r%2FNubicustos/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29395880,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-13T00:53:09.511Z","status":"online","status_checked_at":"2026-02-13T02:00:10.076Z","response_time":78,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-security","azure-security","checkov","cloud-security","compliance","cspm","devsecops","gcp-security","kubernetes-security","multi-cloud","open-source-security","prowler","scoutsuite","security-audit","vulnerability-scanner"],"created_at":"2026-02-02T03:00:36.060Z","updated_at":"2026-02-13T04:01:07.462Z","avatar_url":"https://github.com/Su1ph3r.png","language":"Python","funding_links":[],"categories":["Tools of Trade","Multi-Cloud Security"],"sub_categories":[],"readme":"# Nubicustos\n\n\u003e **Cloud Security Intelligence Platform** - Transform raw security scans into actionable intelligence with attack path analysis, compliance mapping, and proof-of-concept verification across AWS, Azure, GCP, and Kubernetes.\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)\n[![Python 3.11+](https://img.shields.io/badge/Python-3.11+-3776AB?logo=python\u0026logoColor=white)](https://python.org)\n[![Docker](https://img.shields.io/badge/Docker-Required-2496ED?logo=docker\u0026logoColor=white)](https://docker.com)\n[![Version](https://img.shields.io/badge/Version-1.0.4-green.svg)](CHANGELOG.md)\n[![GitHub stars](https://img.shields.io/github/stars/Su1ph3r/Nubicustos?style=social)](https://github.com/Su1ph3r/Nubicustos/stargazers)\n[![GitHub last commit](https://img.shields.io/github/last-commit/Su1ph3r/Nubicustos)](https://github.com/Su1ph3r/Nubicustos/commits/main)\n[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](CONTRIBUTING.md)\n[![Cloud Support](https://img.shields.io/badge/Cloud-AWS%20%7C%20Azure%20%7C%20GCP%20%7C%20K8s-orange.svg)](#multi-cloud-support)\n\n*Named from Latin: nubes (cloud) + custos (guardian)*\n\n---\n\n## Why Nubicustos?\n\nRunning security scanners is easy. **Understanding what the results mean is hard.**\n\nNubicustos doesn't just run tools - it transforms raw scanner output into **actionable security intelligence**:\n\n| Challenge | How Nubicustos Solves It |\n|-----------|--------------------------|\n| **24+ tools, 24+ report formats** | Unified findings database with normalized severity, status, and resource mapping |\n| **Thousands of findings, no context** | Attack path analysis correlates findings into exploitable chains |\n| **\"Is this actually exploitable?\"** | Proof-of-concept commands to verify findings in your environment |\n| **\"Are we compliant?\"** | Automatic mapping to 29+ compliance frameworks (CIS, SOC2, PCI-DSS, HIPAA, NIST, etc.) |\n| **\"What changed since last scan?\"** | Historical tracking with MTTR metrics and trend analysis |\n| **\"How do I fix this?\"** | Remediation knowledge base with AWS CLI commands and step-by-step guidance |\n\n---\n\n## Key Capabilities\n\n### Unified Security Intelligence\n\nNubicustos normalizes output from 24+ security tools into a single, queryable database:\n\n- **One view for all findings** - No more switching between tool-specific dashboards\n- **Consistent severity mapping** - Critical/High/Medium/Low regardless of source tool\n- **Resource correlation** - See all findings for a specific resource across all tools\n- **Deduplication** - Identify when multiple tools flag the same issue\n\n### Attack Path Discovery\n\nGo beyond individual findings to understand **how attackers could chain vulnerabilities**:\n\n- **Graph-based analysis** - Identifies multi-step attack chains through your infrastructure\n- **Entry point mapping** - Shows where attackers could gain initial access\n- **MITRE ATT\u0026CK integration** - Maps attack paths to tactics and techniques\n- **Risk scoring (0-100)** - Prioritize paths by exploitability and impact\n- **PoC generation** - AWS CLI commands to verify each step is exploitable\n\n### Compliance Mapping\n\nAutomatically map findings to **29+ compliance frameworks**:\n\n- AWS CIS Benchmarks (1.4, 1.5, 2.0, 2.1, 3.0)\n- SOC 2, PCI-DSS 3.2.1, HIPAA\n- NIST 800-53 (Rev 4 \u0026 5), NIST 800-171, NIST CSF\n- FedRAMP (Low \u0026 Moderate), CISA\n- GDPR, ISO 27001, MITRE ATT\u0026CK\n- AWS Well-Architected Framework (Security \u0026 Reliability Pillars)\n- And more...\n\n### Proof of Concept Verification\n\nDon't just report findings - **prove they're exploitable**:\n\n- **PoC commands** - Generated AWS CLI commands to verify findings\n- **Secret verification** - TruffleHog validates credentials are actually active\n- **Privilege escalation paths** - PMapper shows exactly how to escalate privileges\n- **Exploitability scoring** - Rate findings by real-world exploitability\n\n### IAM Deep Analysis\n\nUnderstand your IAM attack surface with specialized analysis:\n\n- **Privilege escalation paths** - PMapper graph analysis showing all paths to admin\n- **Policy risk analysis** - Cloudsplaining identifies overly permissive policies\n- **Assumed role chains** - Track role assumption paths across accounts\n- **Lambda execution roles** - Identify functions with dangerous permissions\n- **IMDS vulnerabilities** - Find EC2 instances vulnerable to metadata attacks\n\n### Historical Tracking \u0026 Trends\n\nSecurity posture over time, not just point-in-time snapshots:\n\n- **Scan comparison** - See what's new, fixed, or unchanged between scans\n- **MTTR metrics** - Mean Time To Remediation tracking\n- **Trend analysis** - Track finding counts over time by severity\n- **Remediation velocity** - Measure your security team's effectiveness\n\n---\n\n## Quick Start\n\n```bash\n# 1. Clone the repository\ngit clone https://github.com/Su1ph3r/Nubicustos.git\ncd Nubicustos\n\n# 2. Launch the stack\ndocker compose up -d\n\n# 3. Access the web interface\nopen http://localhost:8080\n\n# 4. Add credentials (via UI or mount)\nmkdir -p credentials/aws\ncp ~/.aws/credentials credentials/aws/\ncp ~/.aws/config credentials/aws/\n\n# 5. Run your first scan\ncurl -X POST http://localhost:8000/api/scans \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"profile\": \"quick\", \"aws_profile\": \"default\"}'\n```\n\n\u003e **Note:** Security tools run on-demand via Docker SDK - no need to pull 24+ images at startup.\n\n---\n\n## Architecture Overview\n\n```\n┌─────────────────────────────────────────────────────────────────────────────┐\n│                              NUBICUSTOS                                      │\n│                    Cloud Security Intelligence Platform                       │\n├─────────────────────────────────────────────────────────────────────────────┤\n│                                                                              │\n│  ┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐         │\n│  │  SCAN ENGINE    │    │   ANALYSIS      │    │   PRESENTATION  │         │\n│  │                 │    │                 │    │                 │         │\n│  │ • 24+ Tools     │───▶│ • Normalization │───▶│ • Vue.js UI     │         │\n│  │ • On-demand     │    │ • Attack Paths  │    │ • REST API      │         │\n│  │ • Parallel Exec │    │ • Compliance    │    │ • MCP Server    │         │\n│  │ • Error Track   │    │ • PoC Gen       │    │ • Exports       │         │\n│  └─────────────────┘    └─────────────────┘    └─────────────────┘         │\n│           │                      │                      │                   │\n│           └──────────────────────┼──────────────────────┘                   │\n│                                  ▼                                          │\n│                    ┌─────────────────────────┐                              │\n│                    │      DATA LAYER         │                              │\n│                    │                         │                              │\n│                    │ PostgreSQL │ Neo4j      │                              │\n│                    │ (Findings) │ (Graph)    │                              │\n│                    └─────────────────────────┘                              │\n└─────────────────────────────────────────────────────────────────────────────┘\n```\n\n### Integrated Tools\n\n| Category | Tools |\n|----------|-------|\n| **Cloud Security** | Prowler, ScoutSuite, CloudSploit, Pacu, CloudFox, Cloud Custodian |\n| **AWS Deep Dive** | Enumerate-IAM, PMapper, Cloudsplaining, CloudMapper |\n| **Kubernetes** | kube-bench, Kubescape, kube-hunter, Trivy, Grype, Polaris, Falco |\n| **Secrets** | TruffleHog (700+ detectors), Gitleaks |\n| **IaC Scanning** | Checkov, Terrascan, tfsec |\n| **Asset Mapping** | Cartography (Neo4j graph) |\n\n---\n\n## Multi-Cloud Support\n\n### AWS\n- **Prowler** - AWS security best practices and CIS benchmarks\n- **ScoutSuite** - Multi-service security auditing\n- **Pacu** - AWS exploitation framework for testing\n- **CloudFox** - AWS attack surface enumeration\n- **Enumerate-IAM** - Comprehensive IAM permission mapping\n- **CloudSploit** - Configuration security scanning\n- **Cloud Custodian** - Policy-based governance\n- **CloudMapper** - AWS account visualization\n\n### Azure\n- **ScoutSuite** - Azure security configuration review\n- **CloudSploit** - Azure resource scanning\n- **Cloud Custodian** - Azure policy enforcement\n\n### GCP\n- **Prowler** - GCP security posture assessment\n- **ScoutSuite** - GCP multi-service auditing\n- **CloudSploit** - GCP configuration scanning\n\n### Kubernetes\n- **kube-bench** - CIS Kubernetes Benchmark\n- **Kubescape** - NSA, MITRE ATT\u0026CK frameworks\n- **kube-hunter** - Penetration testing\n- **Trivy** - Container vulnerability scanning\n- **Falco** - Runtime threat detection\n- **Polaris** - Best practices validation\n\n### Infrastructure-as-Code\n- **Checkov** - Terraform, CloudFormation, Kubernetes, Helm\n- **Terrascan** - Policy-as-code engine\n- **tfsec** - Terraform security scanner\n\n### Secrets Scanning\n- **TruffleHog** - 700+ secret detectors with API verification\n- **Gitleaks** - Fast git secrets scanner with extensive rule set\n\n### IAM Deep Analysis\n- **PMapper** - IAM privilege escalation path analysis\n- **Cloudsplaining** - AWS managed policy analysis and least privilege violations\n\n---\n\n## Web Frontend\n\nNubicustos includes a modern Vue.js 3 web interface with 22+ specialized views:\n\n| View | Description |\n|------|-------------|\n| **Dashboard** | Security posture overview with critical metrics |\n| **Findings** | Searchable list with severity filtering and export |\n| **Attack Paths** | Graph visualization of discovered attack chains |\n| **Compliance** | Framework compliance status (CIS, SOC2, PCI-DSS) |\n| **Compliance Detail** | Framework-specific control breakdown |\n| **Scans** | Scan history, orchestration, bulk operations, and monitoring |\n| **Public Exposures** | Exposed resources and attack surface |\n| **Exposed Credentials** | Leaked credential detection |\n| **Privilege Escalation** | IAM lateral movement paths |\n| **Privesc Paths** | Detailed privilege escalation path explorer |\n| **Assumed Roles** | IAM role assumption analysis |\n| **IMDS Checks** | EC2 metadata service vulnerabilities |\n| **Lambda Analysis** | Serverless security assessment |\n| **CloudFox** | AWS enumeration results |\n| **Pacu** | AWS exploitation findings |\n| **Enumerate IAM** | IAM permission mapping |\n| **Credentials** | Cloud credential profile management |\n| **Settings** | Configuration management |\n\nAccess the frontend at `http://localhost:8080` after starting the stack.\n\n---\n\n## Scan Profiles\n\n| Profile | Duration | Description |\n|---------|----------|-------------|\n| `quick` | 5-10 min | Fast security assessment - Prowler only |\n| `comprehensive` | 30-60 min | Full audit with all applicable tools |\n| `compliance-only` | 15-20 min | Compliance-focused checks (Prowler + ScoutSuite) |\n| `secrets` | 2-5 min | TruffleHog + Gitleaks secrets scanning |\n| `iam-analysis` | 10-15 min | PMapper + Cloudsplaining IAM deep dive |\n| `iac` | 2-5 min | Infrastructure-as-Code scanning |\n\n```bash\n# Via API\ncurl -X POST http://localhost:8000/api/scans \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"profile\": \"comprehensive\", \"aws_profile\": \"prod-audit\"}'\n\n# Via UI\n# Navigate to Scans page → Quick Actions → Select profile → Start\n```\n\n---\n\n## Usage Examples\n\n### Running Scans\n\n```bash\n# Full audit with all tools\n./scripts/run-all-audits.sh\n\n# Quick scan (5-10 minutes)\n./scripts/run-all-audits.sh --profile quick\n\n# Comprehensive scan (30-60 minutes)\n./scripts/run-all-audits.sh --profile comprehensive\n\n# Compliance-focused scan\n./scripts/run-all-audits.sh --profile compliance-only\n\n# Filter by severity\n./scripts/run-all-audits.sh --severity critical,high\n\n# Preview without execution\n./scripts/run-all-audits.sh --dry-run\n```\n\n### Secrets Scanning\n\n```bash\n# Scan for exposed secrets with TruffleHog and Gitleaks\ncurl -X POST http://localhost:8000/api/scans \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"profile\": \"secrets\", \"target_path\": \"/path/to/code\"}'\n\n# Query secrets findings\ncurl \"http://localhost:8000/api/findings?tool=trufflehog\"\ncurl \"http://localhost:8000/api/findings?tool=gitleaks\"\n```\n\n**Secrets Scanning Features:**\n- **TruffleHog** - 700+ secret detectors with API verification for active credentials\n- **Gitleaks** - Fast pattern-based detection with extensive rule coverage\n- Automatic secret redaction in findings (only first 4 chars shown)\n- Severity mapping: Verified secrets = Critical, Cloud provider keys = High\n\n### IAM Deep Analysis\n\n```bash\n# Analyze IAM privilege escalation paths and policy risks\ncurl -X POST http://localhost:8000/api/scans \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"profile\": \"iam-analysis\", \"aws_profile\": \"your-profile\"}'\n\n# Query IAM findings\ncurl \"http://localhost:8000/api/findings?tool=pmapper\"\ncurl \"http://localhost:8000/api/findings?tool=cloudsplaining\"\n```\n\n**IAM Analysis Features:**\n- **PMapper** - Graph-based IAM privilege escalation path discovery\n- **Cloudsplaining** - Identifies least privilege violations in IAM policies\n- Risk categories: Privilege Escalation, Resource Exposure, Data Exfiltration, Infrastructure Modification\n\n### Pre-Flight Permission Validation\n\n```bash\n# Check all cloud provider permissions\npython scripts/check-permissions.py\n\n# Check specific provider\npython scripts/check-permissions.py --provider aws\n\n# Export with remediation instructions\npython scripts/check-permissions.py --output report.md --remediation\n```\n\n### Compare Scans\n\n```bash\n# Compare two scans with MTTR metrics\npython3 report-processor/compare_scans.py \\\n  --baseline-id abc123 \\\n  --current-id def456 \\\n  --include-mttr\n```\n\n### Bulk Operations\n\n```bash\n# Delete multiple scans\ncurl -X DELETE http://localhost:8000/api/scans/bulk \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"scan_ids\": [\"id1\", \"id2\", \"id3\"]}'\n\n# Archive scans to downloadable ZIP\ncurl -X POST http://localhost:8000/api/scans/bulk/archive \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"scan_ids\": [\"id1\", \"id2\"]}'\n\n# List available archives\ncurl http://localhost:8000/api/scans/archives\n\n# Get per-tool error breakdown for a scan\ncurl http://localhost:8000/api/scans/{scan_id}/errors\n```\n\n### Dynamic AWS Profiles\n\n```bash\n# Scan with specific AWS credential profile\ncurl -X POST http://localhost:8000/api/scans \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"profile\": \"comprehensive\", \"aws_profile\": \"prod-audit\"}'\n\n# List available AWS profiles\ncurl http://localhost:8000/api/credentials/aws/profiles\n```\n\n---\n\n## API Highlights\n\n```bash\n# Get unified findings from all tools\ncurl \"http://localhost:8000/api/findings?severity=critical,high\"\n\n# View attack paths with risk scores\ncurl http://localhost:8000/api/attack-paths\n\n# Check compliance status\ncurl http://localhost:8000/api/compliance\n\n# Export findings with remediation guidance\ncurl http://localhost:8000/api/exports/csv -o findings.csv\n\n# Compare scans with MTTR metrics\ncurl \"http://localhost:8000/api/scans/compare?baseline=abc123\u0026current=def456\"\n\n# Get privilege escalation paths\ncurl http://localhost:8000/api/privesc-paths\n```\n\nFull API documentation available at `http://localhost:8000/docs` (Swagger UI).\n\n---\n\n## MCP Server for LLM Integration\n\nIntegrate Nubicustos with Claude, GPT, or other LLMs via the Model Context Protocol:\n\n```json\n{\n  \"mcpServers\": {\n    \"nubicustos\": {\n      \"command\": \"python\",\n      \"args\": [\"-m\", \"nubicustos_mcp.server\"],\n      \"env\": {\n        \"NUBICUSTOS_MCP_API_URL\": \"http://localhost:8000\"\n      }\n    }\n  }\n}\n```\n\nAsk natural language questions about your security posture:\n- *\"What are the most critical findings in my AWS account?\"*\n- *\"Show me all privilege escalation paths to admin\"*\n- *\"Are we compliant with CIS 2.0?\"*\n- *\"What attack paths exist from public-facing resources?\"*\n\n### Available MCP Tools\n\n| Category | Tools |\n|----------|-------|\n| **Scan Management** | list_scans, trigger_scan, get_scan_status, cancel_scan |\n| **Finding Queries** | search_findings, get_findings_summary, get_finding_details |\n| **Attack Paths** | list_attack_paths, analyze_attack_paths, list_privesc_paths |\n| **AWS Security** | get_imds_checks, get_lambda_analysis, run_cloudfox |\n| **Exports** | export_findings, get_export_summary |\n| **Bulk Operations** | bulk_delete_scans, bulk_archive_scans |\n| **Error Analysis** | get_scan_errors, get_tool_status |\n| **Archives** | list_archives, download_archive |\n| **Assumed Roles** | analyze_assumed_roles, list_role_chains |\n\nSee [MCP Server Guide](nubicustos-mcp/README.md) for setup instructions.\n\n---\n\n## Documentation\n\n| Document | Description |\n|----------|-------------|\n| [Installation Guide](INSTALL.md) | Detailed setup instructions |\n| [Cheatsheet](CHEATSHEET.md) | Quick reference for common commands |\n| [MCP Server Guide](nubicustos-mcp/README.md) | LLM integration via Model Context Protocol |\n| [Architecture](STRUCTURE.md) | Detailed architecture documentation |\n| [Contributing](CONTRIBUTING.md) | How to contribute to the project |\n| [Changelog](CHANGELOG.md) | Version history and release notes |\n\n---\n\n## System Requirements\n\n| Requirement | Minimum | Recommended |\n|-------------|---------|-------------|\n| Docker Engine | 20.10+ | Latest |\n| Docker Compose | 2.0+ | Latest |\n| RAM | 16GB | 32GB |\n| Disk Space | 50GB | 100GB |\n\n---\n\n## Ports\n\n| Port | Service | Description |\n|------|---------|-------------|\n| 8080 | Nginx | Web frontend |\n| 8000 | FastAPI | REST API |\n| 5432 | PostgreSQL | Findings database |\n| 7474 | Neo4j HTTP | Graph browser |\n| 7687 | Neo4j Bolt | Graph queries |\n\n---\n\n## Cross-Tool Integration\n\nNubicustos participates in a cross-tool security pipeline:\n\n```\nNubicustos (cloud) ──containers──\u003e Cepheus (container escape)\nReticustos (network) ──endpoints──\u003e Indago (API fuzzing)\nIndago (API fuzzing) ──WAF-blocked──\u003e BypassBurrito (WAF bypass)\nAriadne (attack paths) ──endpoints──\u003e Indago (API fuzzing)\nAll tools ──findings──\u003e Vinculum (correlation) ──export──\u003e Ariadne (attack paths)\n```\n\n### Exporting Containers\n\nExport container inventory for Cepheus container escape analysis:\n\n```bash\ncurl -o containers.json \"http://localhost:8000/api/exports/containers\"\ncepheus analyze containers.json --from-nubicustos\n```\n\n### Exporting Findings\n\nExport findings for Vinculum correlation:\n\n```bash\ncurl -o findings.json \"http://localhost:8000/api/exports/findings/json?scan_id=SCAN_ID\"\nvinculum ingest findings.json --format ariadne --output correlated.json\n```\n\nSee also: [Vinculum](https://github.com/Su1ph3r/vinculum) | [Reticustos](https://github.com/Su1ph3r/Reticustos) | [Indago](https://github.com/Su1ph3r/indago) | [BypassBurrito](https://github.com/Su1ph3r/bypassburrito) | [Cepheus](https://github.com/Su1ph3r/Cepheus) | [Ariadne](https://github.com/Su1ph3r/ariadne)\n\n---\n\n## Contributing\n\nWe welcome contributions! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n---\n\n## Security\n\nFound a vulnerability? Please use GitHub's private vulnerability reporting or email maintainers directly. Do not open public issues for security concerns.\n\n### Security Features\n\n- **Path Traversal Protection** - All file operations validated with `os.path.realpath()` to prevent directory escape\n- **Zip Slip Prevention** - Archive extraction secured against path manipulation attacks\n- **ReDoS Mitigation** - Input length limits on regex patterns to prevent denial of service\n- **Log Sanitization** - Credentials, tokens, and IP addresses automatically redacted from logs\n- **Error Information Control** - Limited validation error details to prevent schema disclosure\n- **SQLAlchemy Error Handling** - Specific exception handling to prevent information leakage\n\n---\n\n## License\n\nMIT License - see [LICENSE](LICENSE) for details.\n\n---\n\n## Acknowledgments\n\nNubicustos builds on these excellent open-source security tools:\n\n| Tool | Purpose | License |\n|------|---------|---------|\n| [Prowler](https://github.com/prowler-cloud/prowler) | Cloud Security Posture Management | Apache-2.0 |\n| [ScoutSuite](https://github.com/nccgroup/ScoutSuite) | Multi-cloud security auditing | GPL-2.0 |\n| [Kubescape](https://github.com/kubescape/kubescape) | Kubernetes security platform | Apache-2.0 |\n| [kube-bench](https://github.com/aquasecurity/kube-bench) | CIS Kubernetes Benchmark | Apache-2.0 |\n| [Trivy](https://github.com/aquasecurity/trivy) | Container vulnerability scanner | Apache-2.0 |\n| [Checkov](https://github.com/bridgecrewio/checkov) | IaC security scanner | Apache-2.0 |\n| [Falco](https://github.com/falcosecurity/falco) | Runtime threat detection | Apache-2.0 |\n| [Cartography](https://github.com/lyft/cartography) | Asset inventory mapping | Apache-2.0 |\n| [TruffleHog](https://github.com/trufflesecurity/trufflehog) | Secrets detection with verification | AGPL-3.0 |\n| [Gitleaks](https://github.com/gitleaks/gitleaks) | Git secrets scanner | MIT |\n| [PMapper](https://github.com/nccgroup/PMapper) | IAM privilege escalation analysis | AGPL-3.0 |\n| [Cloudsplaining](https://github.com/salesforce/cloudsplaining) | AWS IAM policy analysis | BSD-3-Clause |\n\nSee [NOTICE](NOTICE) for full attribution.\n\n---\n\n## Roadmap\n\n- [ ] IBM Cloud support\n- [ ] SIEM platform integration\n- [ ] Slack/Teams notifications\n- [ ] Automated scheduled scanning\n- [ ] Multi-tenancy support\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003eTurn security scanner noise into actionable intelligence.\u003c/strong\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSu1ph3r%2FNubicustos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSu1ph3r%2FNubicustos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSu1ph3r%2FNubicustos/lists"}