2

CFRipper – CloudFormation Security Scanning & Audit Tool

 2 years ago
source link: https://www.darknet.org.uk/2022/01/cfripper-cloudformation-security-scanning-audit-tool/?amp%3Butm_medium=social&%3Butm_campaign=darknetfeed
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

CFRipper – CloudFormation Security Scanning & Audit Tool

Last updated: January 24, 2022 | 1,212 views 0

CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool, it aims to prevent vulnerabilities from getting to production infrastructure through vulnerable CloudFormation scripts.

CFRipper - CloudFormation Security Scanning & Audit Tool

You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks by adding new custom plugins.

CFRipper should be part of your CI/CD pipeline. It runs just before a CloudFormation stack is deployed or updated and if the CloudFormation script fails to pass the security check it fails the deployment and notifies the team that owns the stack. Rules are the heart of CFRipper. When running CFRipper the CloudFormation stack will be checked against each rule and the results combined.

Usage of CFRipper for CloudFormation Security Scanning

Usage:  [OPTIONS] [TEMPLATES]...
  Analyse AWS Cloudformation templates passed by parameter. Exit codes:   -
  0 = all templates valid and scanned successfully   - 1 = error / issue in
  scanning at least one template   - 2 = at least one template is not valid
  according to CFRipper (template scanned successfully)   - 3 = unknown /
  unhandled exception in scanning the templates
Options:
  --version                       Show the version and exit.
  --resolve / --no-resolve        Resolves cloudformation variables and
                                  intrinsic functions  [default: False]
  --resolve-parameters FILENAME   JSON/YML file containing key-value pairs
                                  used for resolving CloudFormation files with
                                  templated parameters. For example, {"abc":
                                  "ABC"} will change all occurrences of
                                  {"Ref": "abc"} in the CloudFormation file to
                                  "ABC".
  --format [json|txt]             Output format  [default: txt]
  --output-folder DIRECTORY       If not present, result will be sent to
                                  stdout
  --logging [ERROR|WARNING|INFO|DEBUG]
                                  Logging level  [default: INFO]
  --rules-config-file FILENAME    Loads rules configuration file (type: [.py,
                                  .pyc])
  --rules-filters-folder DIRECTORY
                                  All files in the folder must be of type:
                                  [.py, .pyc]
  --aws-account-id TEXT           A 12-digit AWS account number eg.
                                  123456789012
  --aws-principals TEXT           A comma-separated list of AWS principals eg.
                                  arn:aws:iam::123456789012:root,234567890123,
                                  arn:aws:iam::111222333444:user/user-name
  --help                          Show this message and exit.

You can download CFRipper here:

cfripper-1.3.1.zip

Or read more here.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK