Red-Detector : Scan Your EC2 Instance To Find Its Vulnerabilities Using Vuls.io

Red-Detector is a tool to Scan your EC2 instance to find its vulnerabilities using Vuls (https://vuls.io/en/).

Audit your EC2 instance to find security misconfigurations using Lynis (https://cisofy.com/solutions/#lynis).

Scan your EC2 instance for signs of a rootkit using Chkrootkit (http://www.chkrootkit.org/).

Requirements

  • Configured AWS account with the EC2 actions mentioned below. The policy containing these requirements can be found in red-detector-policy.json.

Actions details:

Required action premissionWhy it is required
“AttachVolume”Enables attaching the volume with the taken snapshot to the EC2 instance that is being used for the vulnerabilities scan.
“AuthorizeSecurityGroupIngress”Enables attaching security group to the EC2 instance. Contains IP premmisions to ssh port and a random port generated for the scan UI access.
“DescribeInstances”Enables access to the clients EC2 instances details.
“CreateKeyPair”Enables the creation of a key pair that is being used as the key of the EC2 instance.
“CreateTags”Enabled the creation of Tags on the Volume and Snapshot.
“DescribeRegions”Enables access to the clients active regions to enable the user select the relevant one for the scan.
“RunInstances”Enables the creation of an EC2 instance under the users client.
“ReportInstanceStatus”Enables getting the current status of the created EC2 instance to make sure it is running.
“DescribeSnapshots”Enables getting the current status of the taken snapshot to make sure it is available.
“DescribeImages”Enables querying AMI’s to get the latest Ubuntu AMI.
“DescribeVolumeStatus”Enables getting the current status of the volume being created.
“DescribeVolumes”Enables getting details about a volume.
“CreateVolume”Enables the creation of a volume, in order to attach it the taken snapshot and attach it to the EC2 instance used for the vulnerabilities scan.
“DescribeAvailabilityZones”Enables access to the clients active availability zones to select one for the created volume that is being attach to the EC2 instance.
“DescribeVpcs”Enables getting the clients default vpc. Used for the EC2s security group generation.
“CreateSecurityGroup”Enables the creation of a security group that is being attached to the EC2 instance.
“CreateSnapshot”Enables taking a snapshot. Used to take a snapshot of the chosen EC2 instance.
“DeleteSnapshot”Enables deleting the stale snapshot was created during the process
  • Running EC2 instance – Make sure you know the region and instance id of the EC2 instance you would like to scan. Supported versions:
    • Ubuntu: 14, 16, 18, 19, 20
    • Debian: 6, 8, 9
    • Redhat: 7, 8
    • Suse: 12
    • Amazon: 2
    • Oracle: 8

Installation

sudo git clone https://github.com/lightspin-tech/red-detector.git
pip3 install -r requirements.txt

Usage

Interactive

python3 main.py

Command arguments

usage: main.py [-h] [–region REGION] [–instance-id INSTANCE_ID] [–keypair KEYPAIR] [–log-level LOG_LEVEL]
optional arguments:
-h, –help show this help message and exit
–region REGION region name
–instance-id INSTANCE_ID EC2 instance id
–keypair KEYPAIR existing key pair name
–log-level LOG_LEVEL log level

Flow

  • Run main.py.
  • Region selection: use default region (us-east-1) or select a region. Notice that if the selected region does not contain any EC2 instances you will be asked to choose another region.
  • EC2 inatance-id selection: you will get a list of all EC2 instances ids under your selected region and you will be asked to choose the inatance you would like to scan. Make sure to choose a valide answer (the number left to the desired id).
  • Track the process progress… It takes about 30 minutes.
  • Get a link to your report!

Troubleshooting

verbouse logging

python3 main.py –log-level DEBUG

scanners databases update process

  • connect to the EC2 instance created ssh ubuntu@PUBLICIP -i KEYPAIR.pem
  • watch the progress tail /var/log/user-data.log
R K

Recent Posts

Pingora : Cloudflare’s Rust-Powered Framework For Next-Gen Proxies

Pingora is a cutting-edge Rust framework designed to build fast, reliable, and programmable networked systems.…

11 hours ago

DockerSpy : Hidden Secrets In Docker Images For Enhanced Security

DockerSpy is a powerful tool designed to perform Open Source Intelligence (OSINT) on Docker Hub,…

11 hours ago

Anki : The Smart Way To Memorize And Master New Information

Anki is a powerful, open-source flashcard software designed to enhance learning and memory retention through…

11 hours ago

Rolldown : A Next-Generation JavaScript Bundler

Rolldown is an innovative JavaScript/TypeScript bundler written in Rust, designed to revolutionize the development workflow…

11 hours ago

Invoke-ArgFuscator : A Tool For Command-Line Obfuscation

Invoke-ArgFuscator is an open-source, cross-platform PowerShell module designed to obfuscate command-line arguments for system-native executables.…

11 hours ago

Morgan : Advanced JavaScript Security Analyzer

Morgan is an advanced JavaScript security analyzer designed to detect and mitigate sensitive data exposure…

12 hours ago