This is the necessary scripts to build and run a Ubuntu virtual machine that has a number of common cloud assessment tools pre-installed. It uses a combination of Vagrant and Ansible to deploy the VM and configure it if running locally. You can also build a version as an AWS AMI.

Tools

A wide range of tools are installed in the VM by default, including:

ToolDescriptionURL
awsAWS CLI
azAzure CLI
gcloudGoogle Cloud Platform CLI
kubectlCLI for interacting with Kubernetes clusters
amicontainedContainer introspection and runtime enumerationhttps://github.com/genuinetools/amicontained
am-i-isolatedContainer introspection and runtime enumerationhttps://github.com/edera-dev/am-i-isolated
augerTool for accessing objects stored in etcd directlyhttps://github.com/jpbetz/auger
aws-vaultSecure storage of AWS credentialshttps://github.com/99designs/aws-vault
azurehoundAzure collector for Bloodhound CEhttps://github.com/BloodHoundAD/AzureHound
bloodhoundEntra ID, Azure and Active Directory permission mapping*https://github.com/SpecterOps/BloodHound/
cartographyResource relationship mapperhttps://github.com/lyft/cartography
checkovTerraform static analysis and security auditinghttps://github.com/bridgecrewio/checkov
cloudfoxAWS Exploitation toolkithttps://github.com/BishopFox/cloudfox
cloudsplainingIdentify risks in IAM policieshttps://github.com/salesforce/cloudsplaining
detect-secretsScan for secrets in code repositories (docker image)https://github.com/Yelp/detect-secrets
enumerate-iamFind permissions for a given set of AWS IAM credentialshttps://github.com/skybound1/enumerate-iam
etcdctlCLI client for etcdhttps://github.com/etcd-io/etcd/
freezerDownload tool for IceKubehttps://github.com/withsecurelabs/freezer
iamgraphGraph out role assumption through an AWS organizationhttps://github.com/withsecurelabs/iamgraph
iamspyIAM policy evaluator using formal methodshttps://github.com/withsecurelabs/iamspy
icekubeKubernetes attack path graph generationhttps://github.com/withsecurelabs/icekube
jqJSON parser and processorhttps://github.com/jqlang/jq
kicsInfrastructure as code vulnerability scanner (docker image)https://github.com/Checkmarx/kics
kubectl-who-canQuery and enumerate permissions in a Kubernetes clusterhttps://github.com/aquasecurity/kubectl-who-can/
kubehoundKubernetes identity and permission graphinghttps://github.com/DataDog/KubeHound
pacuAWS exploitation frameworkhttps://github.com/RhinoSecurityLabs/pacu
pmapperAWS IAM evaluatorhttps://github.com/nccgroup/PMapper
prowlerAWS security auditing toolinghttps://github.com/toniblyx/prowler
roadtoolsEntra ID reconnaissance frameworkhttps://github.com/dirkjanm/ROADtools
rbac-lookupTool for looking up Kubernetes roles and cluster roleshttps://github.com/FairwindsOps/rbac-lookup
scoutsuiteMulti-cloud audit toolhttps://github.com/nccgroup/ScoutSuite
stratus-red-teamMulti-cloud TTP simulation toolhttps://github.com/DataDog/stratus-red-team/
terrascanTerraform code scanning tool (docker image)https://github.com/tenable/terrascan
tfsecTerraform code scanning tool (docker image)https://github.com/aquasecurity/tfsec
trivyContainer CVE & security issue scanner (docker container)https://github.com/aquasecurity/trivy
yqYAML parser and processorhttps://github.com/mikefarah/yq

*Bloodhound is the Bloodhound CE version, included as a docker-compose file in ~/bloodhound/. Follow instructions in their repo to use it.

Local Use

Prerequisites

  • Vagrant https://www.vagrantup.com/
  • Virtualbox
  • The vagrant-vbguest Vagrant plugin (once vagrant is installed, run vagrant plugin install vagrant-vbguest)

Setup

  • Run vagrant up to build the VM
  • Run vagrant ssh to get a terminal inside the VM
  • Tools are on the path.

AWS AMI Building

  • packer init aws-ubuntu.pkr.hcl
  • packer build aws-ubuntu.pkr.hcl while configured with the right AWS profile