{"id":13612106,"url":"https://github.com/nccgroup/sadcloud","last_synced_at":"2026-01-25T08:31:00.804Z","repository":{"id":48831382,"uuid":"214713418","full_name":"nccgroup/sadcloud","owner":"nccgroup","description":"A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure","archived":false,"fork":false,"pushed_at":"2023-10-14T19:09:38.000Z","size":97,"stargazers_count":617,"open_issues_count":9,"forks_count":95,"subscribers_count":15,"default_branch":"master","last_synced_at":"2024-05-09T11:00:04.144Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/october/sadcloud-templating-cloud-misconfigurations/","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nccgroup.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-10-12T20:49:45.000Z","updated_at":"2024-05-06T02:43:39.000Z","dependencies_parsed_at":"2024-01-13T10:12:09.312Z","dependency_job_id":"37d1d6cb-2248-4d4d-abeb-724ea722f476","html_url":"https://github.com/nccgroup/sadcloud","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/nccgroup/sadcloud","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Fsadcloud","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Fsadcloud/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Fsadcloud/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Fsadcloud/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nccgroup","download_url":"https://codeload.github.com/nccgroup/sadcloud/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Fsadcloud/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28749284,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-25T07:58:02.558Z","status":"ssl_error","status_checked_at":"2026-01-25T07:57:57.153Z","response_time":113,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T20:00:22.577Z","updated_at":"2026-01-25T08:31:00.784Z","avatar_url":"https://github.com/nccgroup.png","language":"HCL","readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://repository-images.githubusercontent.com/214713418/b5503a80-f973-11e9-9057-4b1351e09242\" width=350/\u003e\n\u003c/p\u003e\n\n# Sadcloud\n\n`sadcloud` is a tool for spinning up insecure AWS infrastructure with Terraform.\n\nIt supports approx. **84** misconfigurations across **22** AWS Services.\nThe inital set of misconfigurations were drawn from [ScoutSuite](https://www.github.com/nccgroup/scoutsuite), NCCGroup's Multi-cloud auditing tool.\n\n`sadcloud` was created to easily allow security researchers to misconfigure AWS for training purposes, or to use to asses AWS security tools - including built-ins and third-party.\n\n# Security Note - must read\n\nThis tool spins up _intentionally vulnerable_ AWS configured resources. **Please do not run it in your production cloud, or anywhere that is meant to be secure.** Consider standing up a new AWS account in which to run this tool. As this tool spins up cloud resources, it will result in charges to your AWS account. Efforts have been made to minimize the costs incurred, but NCC Group and this tool's maintainers are not responsible for any charges or security issues that may result from usage of this tool. Make sure to tear down all - Terraform resources when not using them!\n\n### Costs\n\nA 24 hour test run of `sadcloud` generated a bill of approximately $10. The majority of that cost is from the Redshift module (25c/hour = $6/day) and EKS module (10c/hour = $2.40/day).\n\n## Sample Audits using sadcloud\n\nWe periodically use `sadcloud` to demonstrate various AWS and terraform auditing tooling. All audits are against the full corpus of possible misconfigurations.\n\n\n| Tool  | Sample Report |\n| ------------- | ------------- |\n| [ScoutSuite](https://github.com/nccgroup/ScoutSuite)  | https://ramimac.github.io/sadcloud-reports/scoutsuite-reports/scoutsuite-report_03_2020/aws.html  |\n| [prowler](https://github.com/toniblyx/prowler)  | https://ramimac.github.io/sadcloud-reports/prowler-report/report.html  |\n|[cloudmapper](https://github.com/duo-labs/cloudmapper) |https://ramimac.github.io/sadcloud-reports/cloudmapper-reports/web_03_2020/account-data/report.html |\n|[cloudsploit](https://github.com/cloudsploit/scans) | https://ramimac.github.io/sadcloud-reports/cloudsploit-scans-reports/scans.04_2020.txt |\n| [tfsec](https://github.com/liamg/tfsec) | https://ramimac.github.io/sadcloud-reports/tfsec/tfsec.03_27_2020.txt |\n\n## Setup\n\nRequired software: [Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html)\n\nEnsure that your SSH keys are written to `data/ssh_keys/terraform_rsa{,.pub}`.\n\n```\nssh-keygen -t rsa -b 4096 -f data/ssh_keys/terraform_rsa\n```\n\n1. `git clone https://github.com/nccgroup/sadcloud.git`\n2. `cd sadcloud/sadcloud`\n\n## Environment Setup\n\nSet up the AWS provider (see the \"Using Providers Instead of Environment Variables\" section below for instructions on avoiding this step):\n\n```sh\nexport AWS_ACCESS_KEY_ID=\"accesskey\"\nexport AWS_SECRET_ACCESS_KEY=\"secretkey\"\nexport AWS_DEFAULT_REGION=\"us-east-1\"\n```\n\nGet Terraform ready:\n\n```\nterraform init\n```\n\n## Configure sadcloud\n\nConfigure sadcloud with your desired misconfigurations:  \n\n* To enable all findings (... excluding those that are in conflict with other findings):\n  1. Uncomment all modules in `sadcloud/main.tf`\n  2. Either edit the `all_findings` flag in `sadcloud/terraform.tfvars` to `true`, or call `terraform apply` with the flag `--var=\"all_findings=true\"`\n\n\n* To enable all findings in one or more services:\n  1. Uncomment the relevant service(s) in `sadcloud/main.tf`\n  2. For a single service, either edit the relevant `all_{service}_findings` flag in `sadcloud/terraform.tfvars` to `true`, or call `terraform apply` with the flag `--var=\"all_{service}_findings=true\"`\n  3. For multiple services, either edit the `all_findings` flag in `sadcloud/terraform.tfvars` to `true`, or call `terraform apply` with the flag `--var=\"all_findings=true\"`\n  **NOTE: There is currently a [Terraform bug with the Cloudformation service](https://github.com/terraform-providers/terraform-provider-aws/issues/545). To generate Cloudformation findings, you will need to run `Terraform apply` twice**\n\n* To enable specific findings granularly:\n  1. Uncomment the relevant service in `sadcloud/main.tf`\n  2. Edit the variables of interest directly in `sadcloud/main.tf`, flipping them to `true` where desired.\n  3. For services that require a VPC, make sure you set `needs_network` to `true` in `sadcloud/main.tf`\n\n**Note:** All misconfigurations in sadcloud are disabled by default. All services are disabled by default to prevent spinning up unnecessary resources. Setting the variable for a misconfiguration to `true` always results in misconfiguration. Running `all_findings` can take 10-15 minutes.\n\nCheck it:\n\n```\nterraform plan\n```\n\nDeploy it:\n\n```\nterraform apply\n```\n\nTear it down:\n\n```\nterraform destroy\n```\n\n**Note:** `terraform apply` will spin up services in AWS. These cost money. Don't forget to `terraform destroy` after you're done. Make sure you `terraform plan` before running `all_findings` so you understand what you're getting yourself into!\n\n## Extras\n\n### Using Providers Instead of Environment Variables\n\nIt's possible to set up an AWS provider so you won't have to set environment variables each time.\n\nCreate a file called `sadcloud/providers.tf` with the following contents:\n\n```hcl\nprovider \"aws\" {\n  access_key = \"YOUR_AWS_ACCESS_KEY\"\n  secret_key = \"YOUR_AWS_SECRET_KEY\"\n  region     = \"us-east-1\"\n}\n```\n","funding_links":[],"categories":["Resources","Sorted by Technology and Category","HCL","Cloud Security","Penetration testing/learning","Mobile"],"sub_categories":["Challenges","AWS"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnccgroup%2Fsadcloud","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnccgroup%2Fsadcloud","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnccgroup%2Fsadcloud/lists"}