{"id":16584890,"url":"https://github.com/mikaelvesavuori/multi-cloud-security-tooling","last_synced_at":"2026-04-10T01:47:19.570Z","repository":{"id":101082091,"uuid":"245135511","full_name":"mikaelvesavuori/multi-cloud-security-tooling","owner":"mikaelvesavuori","description":"Scripts and resources for multi-cloud (AWS, Azure, GCP + Mac) security tooling running on Linux.","archived":false,"fork":false,"pushed_at":"2020-03-05T11:33:01.000Z","size":14,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-16T16:22:28.676Z","etag":null,"topics":["amazon-web-services","aws","azure","cloud-security","gcp","google-cloud","google-cloud-platform","linux","multi-cloud","security"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mikaelvesavuori.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-03-05T10:39:50.000Z","updated_at":"2024-08-21T19:16:25.000Z","dependencies_parsed_at":null,"dependency_job_id":"5c74ae8b-7eb9-44f4-96c3-e851d8daede5","html_url":"https://github.com/mikaelvesavuori/multi-cloud-security-tooling","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikaelvesavuori%2Fmulti-cloud-security-tooling","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikaelvesavuori%2Fmulti-cloud-security-tooling/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikaelvesavuori%2Fmulti-cloud-security-tooling/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikaelvesavuori%2Fmulti-cloud-security-tooling/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mikaelvesavuori","download_url":"https://codeload.github.com/mikaelvesavuori/multi-cloud-security-tooling/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242150810,"owners_count":20080007,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["amazon-web-services","aws","azure","cloud-security","gcp","google-cloud","google-cloud-platform","linux","multi-cloud","security"],"created_at":"2024-10-11T22:46:08.556Z","updated_at":"2025-12-31T00:51:53.366Z","avatar_url":"https://github.com/mikaelvesavuori.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Multi-cloud security tooling (Linux)\n\nScripts and resources for multi-cloud (AWS, Azure, GCP) security tooling running on Linux. There's also a script for getting similar results on a Mac.\n\nThis repository contains:\n\n- Scripts for various environments to setup a multi-cloud security Linux testing machine with tooling\n- Example snippets to demonstrate how to run most of the services\n- An example of a recommended networking setup\n- Scripts to generate a virtual machine and network\n- Scripts to tear down cloud resources\n- Some external resources that might be of interest when working with security and pentesting\n\nYou should create and use a relevant pentesting IAM profile when using these tools so results are realistic.\n\n## Scripts support the following environments\n\n- **Amazon Web Services** EC2 (RHEL Linux 2)\n- **Azure** VM (Ubuntu 18.04)\n- **Google Cloud Platform** Compute Engine (Debian GNU 9)\n- **Mac OS X**\n\n## Tooling\n\nThe script installs:\n\n- **Utilities**: [jq](https://stedolan.github.io/jq/), [Docker](https://docs.docker.com/)\n- [Brew](https://brew.sh) (Only for Mac)\n- [Python 3](https://www.python.org/downloads/)\n- [wafw00f](https://github.com/EnableSecurity/wafw00f)\n- [Nikto](https://github.com/sullo/nikto)\n- [ScoutSuite](https://github.com/nccgroup/ScoutSuite)\n- [Metasploit](https://www.metasploit.com)\n- [Photon](https://github.com/s0md3v/Photon)\n\n### AWS-specific tooling\n\n- **Utilities**: [AWS CLI v2](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html), [Awsume](https://github.com/trek10inc/awsume)\n- [Prowler](https://github.com/toniblyx/prowler)\n- [S3Scanner](https://github.com/sa7mon/S3Scanner)\n- [pacu](https://github.com/RhinoSecurityLabs/pacu)\n- [LambdaGuard](https://github.com/Skyscanner/LambdaGuard)\n\n#### Prowler IAM role (AWS-only)\n\nFor Prowler to work, you should ideally create (and use) an IAM user based on the SecurityAuditor managed role. Read more at [Prowler: IAM policy](https://github.com/toniblyx/prowler#custom-iam-policy) or [Prowler: Bootstrap script](https://github.com/toniblyx/prowler#bootstrap-script).\n\n## Another solution: Kali Linux\n\nIf you want to run an extra setup (or just don't like CLIs) here's how you can get Kali Linux going on VirtualBox:\n\n- [VirtualBox](https://www.virtualbox.org/wiki/Downloads)\n- [Kali Linux images for VMware, VirtualBox and Hyper-V](https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/)\n- [How to install Kali Linux on VirtualBox](https://itsfoss.com/install-kali-linux-virtualbox/)\n\n## Cloud pentesting compliance\n\nMake sure to check how and when you need to make a pentesting request with any of the clouds. Usually you don't need to do that anymore, since at least the multi-cloud tools should just use the respective API to pull data and then analyze it.\n\nAlways ensure that you only attempt to affect your own projects, resources and infrastructure. Also make sure that people in your organization that need to be informed of these activities know about the pentesting.\n\n### AWS\n\nExcerpt of the linked resources:\n\n_AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 services [...] Customers are not permitted to conduct any security assessments of AWS infrastructure, or the AWS services themselves._\n\nThose eight permitted services are:\n\n- Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers\n- Amazon RDS\n- Amazon CloudFront\n- Amazon Aurora\n- Amazon API Gateways\n- AWS Lambda and Lambda Edge functions\n- Amazon Lightsail resources\n- Amazon Elastic Beanstalk environments\n\nProhibited activities are:\n\n- DNS zone walking via Amazon Route 53 Hosted Zones\n- Denial of Service (DoS), Distributed Denial of Service (DDoS), Simulated DoS, Simulated DDoS\n- Port flooding\n- Protocol flooding\n- Request flooding (login request flooding, API request flooding)\n\nIn case of \"Other Simulated Events\" should be emailed to an email address viewable in the below resources.\n\n#### Resources\n\n- [https://aws.amazon.com/security/penetration-testing/](https://aws.amazon.com/security/penetration-testing/)\n- [https://aws.amazon.com/premiumsupport/knowledge-center/penetration-testing/](https://aws.amazon.com/premiumsupport/knowledge-center/penetration-testing/)\n\n### Azure\n\nExcerpt of the linked resources:\n\n**Acceptable testing includes**\n\n- _Tests on your endpoints to uncover the Open Web Application Security Project (OWASP) top 10 vulnerabilities_\n- _Fuzz testing of your endpoints_\n- _Port scanning of your endpoints_\n\n_One type of test that you can’t perform is any kind of Denial of Service (DoS) attack. This includes initiating a DoS attack itself, or performing related tests that might determine, demonstrate or simulate any type of DoS attack._\n\n#### References\n\n- [https://docs.microsoft.com/en-us/azure/security/azure-security-pen-testing](https://docs.microsoft.com/en-us/azure/security/azure-security-pen-testing)\n- [https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement)](https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement)\n\n### Google Cloud Platform\n\n#### References\n\n- [https://cloud.google.com/terms/aup](https://cloud.google.com/terms/aup)\n- [https://cloud.google.com/terms/](https://cloud.google.com/terms/)\n\n## Suggested network configuration\n\nI will use an example for how to set up the suggested networking for AWS. The settings and concepts are essentially the same for GCP and Azure.\n\n### AWS example\n\n#### VPC\n\nCreate or host the machine in its own secure VPC.\n\nSuggested name: `PentestingMachines-VPC`\nSuggested CIDR: `192.168.0.0/24`\n\n#### Subnets\n\nCreate one subnet per Availability Zone in your new VPC.\n\nSuggested name: `PentestingMachines-Subnet1a`\nSuggested CIDR: `192.168.100.0/27`\n\nSuggested name: `PentestingMachines-Subnet1b`\nSuggested CIDR: `192.168.100.32/27`\n\nSuggested name: `PentestingMachines-Subnet1c`\nSuggested CIDR: `192.168.100.64/27`\n\n#### Security Groups\n\nCreate a Security Group. Get your IP from [http://whatismyip.host](http://whatismyip.host) or a similar service.\n\nSuggested name: `PentestingMachines-SG`\n\nInbound Rules:\n\n- HTTP, Protocol: TCP, Port Range: 80, Source: `0.0.0.0/0`\n- HTTP, Protocol: TCP, Port Range: 80, Source: `::/0`\n- SSH, Protocol: TCP, Port Range: 22, Source: `XXX.XXX.XXX.XXX/32`\n- HTTPS, Protocol: TCP, Port Range: 443, Source: `0.0.0.0/0`\n- HTTPS, Protocol: TCP, Port Range: 443, Source: `::/0`\n\nOutbound Rules:\n\n- All Traffic, Protocol: All, Port Range: All, `0.0.0.0/0`\n\n#### Network Access Control List (NACL)\n\nCreate a new Network Access Control List. Associate your NACL explicitly with your subnets. Get your IP from [http://whatismyip.host](http://whatismyip.host) or a similar service.\n\nSuggested name: `PentestingMachines-NACL`\n\nInbound rules:\n\n- **Rule #100**: SSH (22), Port Range: 22, Source: `XXX.XXX.XXX.XXX/32`, ALLOW\n- **Rule #200**: All ICMP - IPv4, Port Range: ALL, Source: `0.0.0.0/0`, ALLOW\n- **Rule #300**: All TCP, Port Range: 0-65535, Source: `0.0.0.0/0`, ALLOW\n- **Rule \\***: All Traffic, Port Range: ALL, Source: `0.0.0.0/0`, DENY\n\nOutbound rules:\n\n- **Rule \\***: All Traffic, Port Range: ALL, Source: `0.0.0.0/0`, DENY\n\n#### Internet Gateway\n\nCreate a new Internet Gateway.\n\nSuggested name: `PentestingMachines-IGW`\n\n#### Route Table\n\nIf you need a new route table, then create one. Associate your new (above) subnets explicitly with this route table.\n\nAdd a new route for `0.0.0.0/0` to point to your new Internet Gateway, so regular internet traffic can work correctly.\n\nSuggested name: `PenPentestingMachines-RT`\n\n#### Elastic IP\n\nAllocate a new Elastic IP. Allow it to be reassociated. Associate your instance with this IP.\n\n#### Launch the machine\n\nEnsure that it uses your new security group and VPC!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmikaelvesavuori%2Fmulti-cloud-security-tooling","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmikaelvesavuori%2Fmulti-cloud-security-tooling","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmikaelvesavuori%2Fmulti-cloud-security-tooling/lists"}