Red-Detector is a tool to Scan your EC2 instance to find its vulnerabilities using Vuls (https://vuls.io/en/).
Audit your EC2 instance to find security misconfigurations using Lynis (https://cisofy.com/solutions/#lynis).
Scan your EC2 instance for signs of a rootkit using Chkrootkit (http://www.chkrootkit.org/).
Requirements
Actions details:
Required action premission | Why it is required |
---|---|
“AttachVolume” | Enables attaching the volume with the taken snapshot to the EC2 instance that is being used for the vulnerabilities scan. |
“AuthorizeSecurityGroupIngress” | Enables attaching security group to the EC2 instance. Contains IP premmisions to ssh port and a random port generated for the scan UI access. |
“DescribeInstances” | Enables access to the clients EC2 instances details. |
“CreateKeyPair” | Enables the creation of a key pair that is being used as the key of the EC2 instance. |
“CreateTags” | Enabled the creation of Tags on the Volume and Snapshot. |
“DescribeRegions” | Enables access to the clients active regions to enable the user select the relevant one for the scan. |
“RunInstances” | Enables the creation of an EC2 instance under the users client. |
“ReportInstanceStatus” | Enables getting the current status of the created EC2 instance to make sure it is running. |
“DescribeSnapshots” | Enables getting the current status of the taken snapshot to make sure it is available. |
“DescribeImages” | Enables querying AMI’s to get the latest Ubuntu AMI. |
“DescribeVolumeStatus” | Enables getting the current status of the volume being created. |
“DescribeVolumes” | Enables getting details about a volume. |
“CreateVolume” | Enables the creation of a volume, in order to attach it the taken snapshot and attach it to the EC2 instance used for the vulnerabilities scan. |
“DescribeAvailabilityZones” | Enables access to the clients active availability zones to select one for the created volume that is being attach to the EC2 instance. |
“DescribeVpcs” | Enables getting the clients default vpc. Used for the EC2s security group generation. |
“CreateSecurityGroup” | Enables the creation of a security group that is being attached to the EC2 instance. |
“CreateSnapshot” | Enables taking a snapshot. Used to take a snapshot of the chosen EC2 instance. |
“DeleteSnapshot” | Enables deleting the stale snapshot was created during the process |
Installation
sudo git clone https://github.com/lightspin-tech/red-detector.git
pip3 install -r requirements.txt
Usage
Interactive
python3 main.py
Command arguments
usage: main.py [-h] [–region REGION] [–instance-id INSTANCE_ID] [–keypair KEYPAIR] [–log-level LOG_LEVEL]
optional arguments:
-h, –help show this help message and exit
–region REGION region name
–instance-id INSTANCE_ID EC2 instance id
–keypair KEYPAIR existing key pair name
–log-level LOG_LEVEL log level
Flow
Troubleshooting
verbouse logging
python3 main.py –log-level DEBUG
scanners databases update process
ssh ubuntu@PUBLICIP -i KEYPAIR.pem
tail /var/log/user-data.log
Pingora is a cutting-edge Rust framework designed to build fast, reliable, and programmable networked systems.…
DockerSpy is a powerful tool designed to perform Open Source Intelligence (OSINT) on Docker Hub,…
Anki is a powerful, open-source flashcard software designed to enhance learning and memory retention through…
Rolldown is an innovative JavaScript/TypeScript bundler written in Rust, designed to revolutionize the development workflow…
Invoke-ArgFuscator is an open-source, cross-platform PowerShell module designed to obfuscate command-line arguments for system-native executables.…
Morgan is an advanced JavaScript security analyzer designed to detect and mitigate sensitive data exposure…