Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/FSecureLABS/awspx
A graph-based tool for visualizing effective access and resource relationships in AWS environments.
https://github.com/FSecureLABS/awspx
aws aws-security graph-theory pentesting
Last synced: 4 days ago
JSON representation
A graph-based tool for visualizing effective access and resource relationships in AWS environments.
- Host: GitHub
- URL: https://github.com/FSecureLABS/awspx
- Owner: WithSecureLabs
- License: gpl-3.0
- Created: 2019-12-04T15:15:44.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2022-10-04T10:27:47.000Z (about 2 years ago)
- Last Synced: 2024-12-07T19:03:00.062Z (5 days ago)
- Topics: aws, aws-security, graph-theory, pentesting
- Language: Python
- Size: 5.59 MB
- Stars: 924
- Watchers: 27
- Forks: 102
- Open Issues: 10
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
- awesome-cloud-security - awspx - based tool for visualizing effective access and resource relationships within AWS. (Infrastructure)
- awesome-cloud-sec - awspx - - Graph-based tool for visualizing effective access and resource relationships. (Other Awesome Lists / General Utilities)
README
> auspex [ˈau̯s.pɛks] noun: An augur of ancient Rome, especially one who interpreted omens derived from the observation of birds.
![](https://img.shields.io/github/license/FSecureLABS/awspx)
![](https://img.shields.io/github/v/release/FSecureLABS/awspx)
![](https://img.shields.io/github/contributors/FSecureLABS/awspx)# Overview
**awspx** is a graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine *what* actions affect *which* resources, while taking into account how these actions may be combined to produce attack paths. Unlike tools like [Bloodhound](https://github.com/BloodHoundAD/BloodHound), awspx requires permissions to function — it is not expected to be useful in cases where these privileges have not been granted.
### Table of contents
- [Getting Started](#getting-started)
- [Installation](#installation)
- [Usage](#usage)
- [Contributing](#contributing)
- [License](#license)*For more information, checkout the [awspx Wiki](https://github.com/FSecureLABS/awspx/wiki)*
# Getting Started
*For detailed installation instructions, usage, and answers to frequently asked questions, see sections: [Setup](https://github.com/FSecureLABS/awspx/wiki/Setup); [Data Collection](https://github.com/FSecureLABS/awspx/wiki/Data-Collection) and [Exploration](https://github.com/FSecureLABS/awspx/wiki/Data-Exploration); and [FAQs](https://github.com/FSecureLABS/awspx/wiki/FAQs), respectively.*
## Installation
**awspx** can be [installed](https://github.com/FSecureLABS/awspx/wiki/Setup) on either Linux or macOS. *In each case [Docker](https://docs.docker.com/get-docker/) is required.*
1. Clone this repo
```bash
git clone https://github.com/FSecureLABS/awspx.git
```
2. Run the `INSTALL` script
```bash
cd awspx && ./INSTALL
```## Usage
**awspx** consists of two main components: the [**ingestor**](https://github.com/FSecureLABS/awspx/wiki/Data-Collection#ingestion), *which collects AWS account data*; and the [**web interface**](https://github.com/FSecureLABS/awspx/wiki/Data-Exploration#overview), *which allows you to explore it*.
1. [Run the **ingestor**](https://github.com/FSecureLABS/awspx/wiki/Data-Collection#ingestion) against an account of your choosing. _You will be prompted for [credentials](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html#cli-quick-configuration)._
```bash
awspx ingest
```
_**OR** optionally forgo this step and [load the sample dataset](https://github.com/FSecureLABS/awspx/wiki/Data-Collection#zip-files) instead._
```bash
awspx db --load-zip sample.zip
awspx attacks
```2. Browse to the **web interface** — * by default* — and [explore this environment](https://github.com/FSecureLABS/awspx/wiki/Data-Exploration##usage-examples).
# Contributing
This project is in its early days and there's still plenty that can be done. Whether its submitting a fix, identifying bugs, suggesting enhancements, creating or updating documentation, refactoring smell code, or even extending this list — all contributions help and are more than welcome. Please feel free to use your judgement and do whatever you think would benefit the community most.
*See [Contributing](https://github.com/FSecureLABS/awspx/wiki/Contributing) for more information.*
# License
**awspx** is a graph-based tool for visualizing effective access and resource relationships within AWS. (C) 2018-2020 F-SECURE.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see .