From e526be5bf30e4133171bce969c45c65e0f8246f5 Mon Sep 17 00:00:00 2001 From: clomic Date: Thu, 29 Jun 2023 18:49:57 +0200 Subject: [PATCH 01/12] Update package_cloud.sh Add cloudsplaining, cloudsploit and prowler --- sources/install/package_cloud.sh | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/sources/install/package_cloud.sh b/sources/install/package_cloud.sh index b0aece586..030b02b49 100644 --- a/sources/install/package_cloud.sh +++ b/sources/install/package_cloud.sh @@ -55,9 +55,38 @@ function install_scout() { add-to-list "scout,https://github.com/nccgroup/ScoutSuite,Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments." } +function install_cloudsplaining() { + colorecho "Installing Cloudsplaining" + python3 -m pipx install cloudsplaining + add-history cloudsplaining + add-test-command "cloudsplaining --help" + add-to-list "cloudsplaining,https://github.com/salesforce/cloudsplaining,AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report." +} + +function install_cloudsploit() { + colorecho "Installing Cloudsploit" + git -C /opt/tools/ clone https://github.com/aquasecurity/cloudsploit + cd /opt/cloudsploit && npm install + add-aliases cloudsploit + add-history cloudsploit + add-test-command "cloudsploit -h" + add-to-list "cloudsploit,https://github.com/aquasecurity/cloudsploit,Cloud Security Posture Management" +} + +function install_prowler() { + colorecho "Installing Prowler" + python3 -m pipx install prowler + add-history prowler + add-test-command "prowler -h" + add-to-list "prowler,https://github.com/prowler-cloud/prowler,Perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness." +} + # Package dedicated to cloud tools function package_cloud() { install_kubectl install_awscli install_scout # Multi-Cloud Security Auditing Tool -} \ No newline at end of file + install_cloudsplaining + install_cloudsploit + install_prowler +} From 2f6d1ba31993a92f084b562bb6bf9db7ff92b16e Mon Sep 17 00:00:00 2001 From: clomic Date: Thu, 29 Jun 2023 18:57:46 +0200 Subject: [PATCH 02/12] Create cloudsplaining history file --- sources/assets/zsh/history.d/cloudsplaining | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 sources/assets/zsh/history.d/cloudsplaining diff --git a/sources/assets/zsh/history.d/cloudsplaining b/sources/assets/zsh/history.d/cloudsplaining new file mode 100644 index 000000000..b06131a70 --- /dev/null +++ b/sources/assets/zsh/history.d/cloudsplaining @@ -0,0 +1,8 @@ +cloudsplaining download +cloudsplaining download --profile someprofile +cloudsplaining scan --input-file default.json +cloudsplaining scan --input-file default.json --exclusions-file exclusions.yml +cloudsplaining scan-policy-file --input-file examples/policies/wildcards.json +cloudsplaining scan-policy-file --input-file examples/policies/wildcards.json --exclusions-file examples/example-exclusions.yml +cloudsplaining create-multi-account-config-file -o accounts.yml +cloudsplaining scan-multi-account -c accounts.yml -r TargetRole --output-directory ./ From c9cbdb2c47023e6c2c717b9b07296ad83ec235fa Mon Sep 17 00:00:00 2001 From: clomic Date: Thu, 29 Jun 2023 19:01:33 +0200 Subject: [PATCH 03/12] Create prowler history file --- sources/assets/zsh/history.d/prowler | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 sources/assets/zsh/history.d/prowler diff --git a/sources/assets/zsh/history.d/prowler b/sources/assets/zsh/history.d/prowler new file mode 100644 index 000000000..1f8ccce4e --- /dev/null +++ b/sources/assets/zsh/history.d/prowler @@ -0,0 +1,9 @@ +prowler +prowler aws --checks s3_bucket_public_access +prowler aws --services s3 ec2 +prowler aws --profile custom-profile -f us-east-1 eu-south-2 +prowler azure --sp-env-auth +prowler azure --az-cli-auth +prowler azure --browser-auth +prowler azure --managed-identity-auth +prowler gcp --credentials-file path From d0b99e549b872ca673595457ec6e0355d24394a1 Mon Sep 17 00:00:00 2001 From: clomic Date: Thu, 29 Jun 2023 19:02:35 +0200 Subject: [PATCH 04/12] Create cloudsploit history file --- sources/assets/zsh/history.d/cloudsploit | 1 + 1 file changed, 1 insertion(+) create mode 100644 sources/assets/zsh/history.d/cloudsploit diff --git a/sources/assets/zsh/history.d/cloudsploit b/sources/assets/zsh/history.d/cloudsploit new file mode 100644 index 000000000..00e10e77f --- /dev/null +++ b/sources/assets/zsh/history.d/cloudsploit @@ -0,0 +1 @@ +cloudsploit From 114d106c6cc562efda731f0633a2f3eac354ba49 Mon Sep 17 00:00:00 2001 From: clomic Date: Thu, 29 Jun 2023 19:03:55 +0200 Subject: [PATCH 05/12] Create cloudsploit alias --- sources/assets/zsh/aliases.d/cloudsploit | 1 + 1 file changed, 1 insertion(+) create mode 100644 sources/assets/zsh/aliases.d/cloudsploit diff --git a/sources/assets/zsh/aliases.d/cloudsploit b/sources/assets/zsh/aliases.d/cloudsploit new file mode 100644 index 000000000..5b8333db6 --- /dev/null +++ b/sources/assets/zsh/aliases.d/cloudsploit @@ -0,0 +1 @@ +alias cloudsploit='/opt/cloudsploit/index.js' From e52d4a3467198cdb8f8532751addca9a08b307a1 Mon Sep 17 00:00:00 2001 From: clomic Date: Sat, 1 Jul 2023 17:36:05 +0200 Subject: [PATCH 06/12] Update package_cloud.sh Added --depth 1 in install_cloudsploit function --- sources/install/package_cloud.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sources/install/package_cloud.sh b/sources/install/package_cloud.sh index 030b02b49..6d41d70d2 100644 --- a/sources/install/package_cloud.sh +++ b/sources/install/package_cloud.sh @@ -65,10 +65,10 @@ function install_cloudsplaining() { function install_cloudsploit() { colorecho "Installing Cloudsploit" - git -C /opt/tools/ clone https://github.com/aquasecurity/cloudsploit - cd /opt/cloudsploit && npm install - add-aliases cloudsploit - add-history cloudsploit + git -C /opt/tools/ clone --depth 1 https://github.com/aquasecurity/cloudsploit + cd /opt/cloudsploit && npm install + add-aliases cloudsploit + add-history cloudsploit add-test-command "cloudsploit -h" add-to-list "cloudsploit,https://github.com/aquasecurity/cloudsploit,Cloud Security Posture Management" } From c60c3819b1d19ba973fa83cd39a9b632aee89e69 Mon Sep 17 00:00:00 2001 From: Mickael Clermont Date: Mon, 17 Jul 2023 11:33:18 +0200 Subject: [PATCH 07/12] chmod +x index.js for Cloudsploit --- sources/install/package_cloud.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/install/package_cloud.sh b/sources/install/package_cloud.sh index 6d41d70d2..02c9b9b3d 100644 --- a/sources/install/package_cloud.sh +++ b/sources/install/package_cloud.sh @@ -66,7 +66,7 @@ function install_cloudsplaining() { function install_cloudsploit() { colorecho "Installing Cloudsploit" git -C /opt/tools/ clone --depth 1 https://github.com/aquasecurity/cloudsploit - cd /opt/cloudsploit && npm install + cd /opt/cloudsploit && npm install && chmod +x index.js add-aliases cloudsploit add-history cloudsploit add-test-command "cloudsploit -h" From 3bd4afe43f187b0f3d9dc99669a139cdd0a00c62 Mon Sep 17 00:00:00 2001 From: clomic Date: Tue, 18 Jul 2023 16:04:42 +0200 Subject: [PATCH 08/12] Update package_cloud.sh Correct cloudsploit directory --- sources/install/package_cloud.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/install/package_cloud.sh b/sources/install/package_cloud.sh index 02c9b9b3d..c71d5ad80 100644 --- a/sources/install/package_cloud.sh +++ b/sources/install/package_cloud.sh @@ -66,7 +66,7 @@ function install_cloudsplaining() { function install_cloudsploit() { colorecho "Installing Cloudsploit" git -C /opt/tools/ clone --depth 1 https://github.com/aquasecurity/cloudsploit - cd /opt/cloudsploit && npm install && chmod +x index.js + cd /opt/tools/cloudsploit && npm install && chmod +x index.js add-aliases cloudsploit add-history cloudsploit add-test-command "cloudsploit -h" From 902ad8ffca1b30cb7c095fa3c625427d54ed66ab Mon Sep 17 00:00:00 2001 From: Mickael Clermont Date: Tue, 18 Jul 2023 16:49:55 +0200 Subject: [PATCH 09/12] Correct clousploit directory --- sources/assets/zsh/aliases.d/cloudsploit | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/assets/zsh/aliases.d/cloudsploit b/sources/assets/zsh/aliases.d/cloudsploit index 5b8333db6..5c01421f3 100644 --- a/sources/assets/zsh/aliases.d/cloudsploit +++ b/sources/assets/zsh/aliases.d/cloudsploit @@ -1 +1 @@ -alias cloudsploit='/opt/cloudsploit/index.js' +alias cloudsploit='/opt/tools/cloudsploit/index.js' From 970391874865b0b3457c6b1f5e4f9523555c883e Mon Sep 17 00:00:00 2001 From: Shutdown <40902872+ShutdownRepo@users.noreply.github.com> Date: Wed, 19 Jul 2023 20:22:17 +0200 Subject: [PATCH 10/12] removing cloudsploit history file content is not relevant --- sources/assets/zsh/history.d/cloudsploit | 1 - 1 file changed, 1 deletion(-) delete mode 100644 sources/assets/zsh/history.d/cloudsploit diff --git a/sources/assets/zsh/history.d/cloudsploit b/sources/assets/zsh/history.d/cloudsploit deleted file mode 100644 index 00e10e77f..000000000 --- a/sources/assets/zsh/history.d/cloudsploit +++ /dev/null @@ -1 +0,0 @@ -cloudsploit From d0ac46f2dd705ce34b694c34c5bb0ffd986329b2 Mon Sep 17 00:00:00 2001 From: Shutdown <40902872+ShutdownRepo@users.noreply.github.com> Date: Wed, 19 Jul 2023 20:22:37 +0200 Subject: [PATCH 11/12] Update prowler history file --- sources/assets/zsh/history.d/prowler | 1 - 1 file changed, 1 deletion(-) diff --git a/sources/assets/zsh/history.d/prowler b/sources/assets/zsh/history.d/prowler index 1f8ccce4e..c4695a690 100644 --- a/sources/assets/zsh/history.d/prowler +++ b/sources/assets/zsh/history.d/prowler @@ -1,4 +1,3 @@ -prowler prowler aws --checks s3_bucket_public_access prowler aws --services s3 ec2 prowler aws --profile custom-profile -f us-east-1 eu-south-2 From 43cef78ab19c02e56e79b856e33026958c9edf45 Mon Sep 17 00:00:00 2001 From: Shutdown <40902872+ShutdownRepo@users.noreply.github.com> Date: Wed, 19 Jul 2023 20:24:43 +0200 Subject: [PATCH 12/12] Update package_cloud.sh removing conflicting commas --- sources/install/package_cloud.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sources/install/package_cloud.sh b/sources/install/package_cloud.sh index c71d5ad80..a505aadcc 100644 --- a/sources/install/package_cloud.sh +++ b/sources/install/package_cloud.sh @@ -52,7 +52,7 @@ function install_scout() { python3 -m pipx install scoutsuite add-history scout add-test-command "scout --help" - add-to-list "scout,https://github.com/nccgroup/ScoutSuite,Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments." + add-to-list "scout,https://github.com/nccgroup/ScoutSuite,Scout Suite is an open source multi-cloud security-auditing tool which enables security posture assessment of cloud environments." } function install_cloudsplaining() { @@ -78,7 +78,7 @@ function install_prowler() { python3 -m pipx install prowler add-history prowler add-test-command "prowler -h" - add-to-list "prowler,https://github.com/prowler-cloud/prowler,Perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness." + add-to-list "prowler,https://github.com/prowler-cloud/prowler,Perform Cloud Security best practices assessments / audits / incident response / compliance / continuous monitoring / hardening and forensics readiness." } # Package dedicated to cloud tools