GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects â†’ riskprofiler â†’ CloudFrontier

riskprofiler / CloudFrontier

Licence: Apache-2.0 license
Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloud.

Programming Languages

python
139335 projects - #7 most used programming language
Vue
7211 projects
go
31211 projects - #10 most used programming language
CSS
56736 projects
shell
77523 projects
javascript
184084 projects - #8 most used programming language

Labels

awsdigitaloceanserverlessazureapi-gatewaydynamodblambda-functionsgcporaclecybersecurityserverless-frameworkcyber-securityaws-securitycloudsecuritycloud-securityazure-securitygcp-securityshadowriskshadow-risk

Projects that are alternatives of or similar to CloudFrontier

awesome-cloud-security
ðŸ›Ąïļ Awesome Cloud Security Resources ⚔ïļ
Stars: ✭ 1,056 (+935.29%)
Mutual labels:  gcp, cybersecurity, aws-security, cloud-security, azure-security, gcp-security
Terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Stars: ✭ 2,687 (+2534.31%)
Mutual labels:  aws-security, cloudsecurity, cloud-security, azure-security, gcp-security
Checkov
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+3401.96%)
Mutual labels:  gcp, aws-security, azure-security, gcp-security
Serverless Aws Alias
Alias support for Serverless 1.x
Stars: ✭ 171 (+67.65%)
Mutual labels:  api-gateway, lambda-functions, serverless-framework
introspector
A schema and set of tools for using SQL to query cloud infrastructure.
Stars: ✭ 61 (-40.2%)
Mutual labels:  aws-security, cloudsecurity, cloud-security
GDPatrol
A Lambda-powered Security Orchestration framework for AWS GuardDuty
Stars: ✭ 50 (-50.98%)
Mutual labels:  cybersecurity, aws-security, cloudsecurity
Komiser
☁ïļ Cloud Environment Inspector ðŸ‘Ū🔒 💰
Stars: ✭ 2,684 (+2531.37%)
Mutual labels:  digitalocean, dynamodb, gcp
Serverless Express
Run Node.js web applications and APIs using existing application frameworks on AWS #serverless technologies such as Lambda, API Gateway, Lambda@Edge, and ALB.
Stars: ✭ 4,265 (+4081.37%)
Mutual labels:  api-gateway, dynamodb, serverless-framework
pong
🏓 Pong for RESTful APIs (microservices pattern) using Serverless Framework ⚡
Stars: ✭ 27 (-73.53%)
Mutual labels:  api-gateway, lambda-functions, serverless-framework
amazon-ivs-ugc-web-demo
This repository shows how you can build a compelling user-generated content (UGC) live streaming webapp with Amazon IVS.
Stars: ✭ 14 (-86.27%)
Mutual labels:  api-gateway, dynamodb, serverless-framework
Serverless Stack Demo Api
Source for the demo app API in Serverless-Stack.com
Stars: ✭ 486 (+376.47%)
Mutual labels:  api-gateway, dynamodb, serverless-framework
warp
WARP one-click script. Add an IPv4, IPv6 or dual-stack CloudFlare WARP network interface and Socks5 proxy for VPS. äļ€é”Ūč„šæœŽ
Stars: ✭ 950 (+831.37%)
Mutual labels:  digitalocean, gcp, oracle
tryhackme-ctf
TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.
Stars: ✭ 140 (+37.25%)
Mutual labels:  cybersecurity, cyber-security
Serverless Architectures Aws
The code repository for the Serverless Architectures on AWS book
Stars: ✭ 120 (+17.65%)
Mutual labels:  api-gateway, serverless-framework
Serverless Next.js
⚡ Deploy your Next.js apps on AWS Lambda@Edge via Serverless Components
Stars: ✭ 2,977 (+2818.63%)
Mutual labels:  api-gateway, serverless-framework
Aws Cli Cheatsheet
☁ïļ AWS CLI + JQ = Make life easier
Stars: ✭ 94 (-7.84%)
Mutual labels:  api-gateway, dynamodb
Zappa
Serverless Python
Stars: ✭ 11,859 (+11526.47%)
Mutual labels:  api-gateway, serverless-framework
Aws Mobile React Native Starter
AWS Mobile React Native Starter App https://aws.amazon.com/mobile
Stars: ✭ 2,247 (+2102.94%)
Mutual labels:  api-gateway, dynamodb
webping.cloud
Test your network latency to the nearest cloud provider in AWS, Azure, GCP, Alibaba Cloud, IBM Cloud, Oracle Cloud and DigitalOcean directly from your browser.
Stars: ✭ 60 (-41.18%)
Mutual labels:  digitalocean, gcp
cloud-detect
Module that determines a host's cloud provider.
Stars: ✭ 28 (-72.55%)
Mutual labels:  digitalocean, gcp
View All Similar Projects ➔

Cloud Frontier

License Supports AWS Supports GCP Supports Azure Supports DigitalOcean Supports Oracle Cloud

Monitor the internet attack surface of various public cloud environments.

Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloud.

Contents

⚙ïļ Setting up

The project is built using multiple serverless services which are to be deployed to AWS using the Serverless framework. For this, you'll need to configure the credentials of the AWS account to which you want to deploy to.

Once you've done that, you can start setting up the cloud accounts you want to scan.

Cloud accounts

Templates for the credentials are available in the credentials directory and have the suffix .example. To create the actual environment/credential file, you can simply create a copy of the template and remove .example from its name.

AWS

View instructions

Upload the CloudFormation template CloudFrontierAWS.yml to the account whose assets you want to collect. The output of this stack will be an IAM role's ARN that Cloud Frontier will use to collect the assets. Copy the ARN and paste it in credentials/aws.env.

GCP

View instructions

To collect assets from your GCP account, you'll need to create a service account key.

Once you've created the key, add it to credentials/gcp.json, and also add the GCP project ID to credentials/gcp.env.

Azure

View instructions

Obtain or generate the following IDs and secrets from your Azure account and add them to credentials/azure.env.

  • Create application in Azure Active Directory

    1. Select Azure Active directory in the left sidebar
    2. Click on App registrations
    3. Click on Add
    4. Enter the application name, select application type (web app/api) and sign-on URL
    5. Click the create button

  • Get Tenant ID

    1. Select Azure Active directory in the left sidebar
    2. Click properties
    3. Copy the directory ID

  • Get Client ID

    1. Select Azure Active directory in the left sidebar
    2. Click Enterprise applications
    3. Click All applications
    4. Select the application which you have created
    5. Click Properties
    6. Copy the Application ID

  • Get Client secret

    1. Select Azure Active directory in the left sidebar
    2. Click App registrations
    3. Select the application which you have created
    4. Click on All settings
    5. Click on Keys
    6. Type Key description and select the Duration
    7. Click save
    8. Copy and store the key value. You won't be able to retrieve it after you leave this page

  • Get Subscription ID

    1. Select Subscriptions in the left sidebar
    2. Select whichever subscription is needed
    3. Click on overview
    4. Copy the Subscription ID

DigitalOcean

View instructions

To collect assets from your DigitalOcean account, you'll have to create a personal access token and an access key for Spaces.

When you're creating the access token you only need to select the read scope since that's all that we require.

Paste the personal access token and the Spaces access key and secret in the credentials/digitalocean.env file.

Oracle Cloud

View instructions

To access your Oracle Cloud resources and services you need to create a key and get the Orale Cloud Identifiers Required Keys and OCIDs. Paste this API key in credentials/analyzers.env.

Analyzer services

Shodan

View instructions

To be able to get port scan results for IP addresses from Shodan you'll need to have an API key, which you can get for free by registering on Shodan. Once you generate the API key, paste it in credentials/analyzers.env.

VirusTotal

View instructions

In order to get the reputation of an IP address or domain, you must have a VirusTotal account, which can be created for free by registering to VirusTotal Community. Once you generate the API key, paste it in credentials/analyzers.env.

Deployment dependencies

You can setup the deployment environment either locally or using Docker.

Using a local environment

For this you'll need to have the following installed:

  • Python 3.8
  • Node.js 10.x or later
  • Go 1.x (only if you want to modify and/or rebuild the binaries before deployment)
  • pipenv
  • npm

Once you have these installed, you can run:

npm install --save-dev

You are now ready for deployment!

Using Docker

You just need to build the Docker image from the project's root directory:

docker build -t cloud-frontier .

You are now ready for deployment!

🚀 Deployment

As mentioned in the previous section, Cloud Frontier will be deployed to an AWS account that you have configured, and whose profile name you can pass to the deployment script using the --profile option (the default value for which is default).

Using a local environment

To deploy all the stacks, simply run the deployment script:

./deploy.sh

You can pass the same options to this script as you would to the serverless deploy command, such as --profile, --stage, --region etc. For example:

./deploy.sh --profile default --stage dev --region us-east-1

Using Docker

Run the following command to deploy the stacks using the Docker image you built:

docker run -v ~/.aws:/root/.aws cloud-frontier

You can pass the same options here as you would to the serverless deploy command, such as --profile, --stage, --region etc. For example:

docker run -v ~/.aws:/root/.aws cloud-frontier --profile default --stage dev --region us-east-1

Note: the ~/.aws directory is mounted inside the container so that your AWS account profiles can be easily made available to the deployment script that's running inside the container.

🎁 Supported resources and services

AWS

  • API Gateway
  • EC2
  • Elastic Beanstalk
  • Elastic Load Balancers
  • Elasticsearch Service
  • Elasticache
  • RDS
  • S3

GCP

  • Domain Name Service
  • Public IP Address
  • Storage Buckets
  • Forwarding Rules

Azure

  • Content Delivery Network
  • Public IP Addresses
  • Blob

DigitalOcean

  • Domains
  • Floating IPs
  • Spaces
  • Load Balancers

Oracle Cloud

  • DNS Zones
  • Public IP Addresses
  • Storage Buckets

âœĻ Components

Components

ðŸ“ļ Screenshots

Landing page

Landing page

Dashboard

Dashboard

Asset inventory

Asset inventory

Dark mode

Dark mode

ðŸ›Ģïļ Roadmap

  • Add authentication using Cognito
  • Perform port scanning of IPs using nmap?

⭐ Contributors

  • Setu Parimi GitHub LinkedIn Twitter

  • Syed Faheel Ahmad GitHub LinkedIn Twitter

  • Pranay Kumar Paine GitHub LinkedIn Twitter

  • Nikhil Goyal GitHub LinkedIn

  • Roma Negi GitHub LinkedIn

  • Gargi Chakraborty GitHub LinkedIn

  • Shivam Kumar GitHub

  • Prabhakar Upadhyay GitHub LinkedIn

👍 Contributing

We are happy to receive issues and review pull requests. Please make sure to write tests for the code you are introducing and make sure it doesn't break already passing tests.

⚖ïļ License

This project is licensed under the terms of the Apache license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].