GithubHelp home page GithubHelp logo

mil1i / aws-sg-audit Goto Github PK

View Code? Open in Web Editor NEW
2.0 2.0 3.0 79 KB

Python tool for searching an AWS account for unused security groups, and groups with "secure" ports opened to the public.

License: MIT License

Python 100.00%

aws-sg-audit's Introduction

AWS Security Group Auditing

This script tool will use the AWS boto3 library to scan all security groups in a given account/region. It will check all resources that may be using each security group, and find any unused groups that can be deleted.

You can tell it to mark a security group for deletion, and to do so, you must also specify a directory to dump the json files for each security group as a backup.

To delete the security groups, the tool will only look for each security with the tag 'MarkForDeletion' with a value of 'true'. If the security group has a dependency, it will not delete and just pass to the next group.

Resources evaluated:

  • ELB

  • ALB

  • Lambda Function

  • RDS Instance

  • EC2 Instance

  • ECS Service

  • Elastic Network Interface (ENI)

  • MISSING: Security group rule entry check

This tool will also locate any security groups will port rules that are open to the public that should not be. The default list of security group rules checked are below, and can be overriden via a flag.

  • 20, 21, 22, 389, 53, 445, 1433, 1434, 3306, 3389, 4333, 5432, 5500 and ALL PORTS (-1)

Usage

Arguments

# AWS Connection Authorization
--profile                 AWS Profile to use for making the call
-r, --region              The default region is us-east-1

# Ports to flag as bad ports if open to the public (0.0.0.0/0)
-p, --ports               Defaults to: [20, 21, 22, 389, 53, 445, 1433, 1434, 3306, 3389, 4333, 5432, 5500]
                          Specify ports deemed bad to be opened to the public to filter for. (seperate by space)


# White Listing security groups from removal
--equals                  Defaults to: ["default", "eks-cluster-default"]
                          Specify security group names to whitelist, exact match. (seperate by space)
--starts-with             Defaults to: ["d-", "AWS-OpsWorks-", "aurora-rds-"],
                          Specify security group names to whitelist, name starts with. (seperate by space)
--ends-with               Defaults to: ["-ecs-service-sg", "-ecs-task-sg"]
                          Specify security group names to whitelist, name ends with. (seperate by space)

# Output directory to backup security group rules before deletion (required if specifying --mark)
--outdir                  Directory to dump security groups in json format

# Directory containing json dump backup (see above) containing security groups to restore
--restore                 Directory containing json dump of security groups backed up in json format
--restore-ingress-rules   Will restore ingress rules to security group as specified from json backup files

# Output directory to save generated report to
--report                  Directory to create the security output report to


# Add tag to EC2 SecurityGroup to which this script checks for deleting security groups  
-m, --mark                Mark security group for removal prior to deleting
--remove-ingress-rules    Remove ALL ingress rules from security group when marking for deletion

# Will attempt to delete any security group that contains the flag "MarkedForDeletion" with a value of true
-d, --delete              Delete security groups from AWS

# Will use the boto3 dry-run functionality to determine if user has access to perform the function requested
--dryrun                  Enable the DryRun flag to not make changes to any resources

Run print report only:

python3 main.py [--dryrun]

Run xlsx report generation only:

python3 main.py --report <directory to generate report to> [--dryrun]

Backup only:

python3 main.py --outdir <directory to store json backups> [--dryrun]

Backup and tag/mark for deletions:

python3 main.py --outdir <directory to store json backups> --mark [--remove-ingress-rules] [--dryrun]

Restore groups marked for deletion (set "MarkedForDeletion" tag to false, and restore ingress rules if flag passed):

python3 main.py --restore <directory to store json backups> [--restore-ingress-rules] [--dryrun]

Delete security groups that were marked for deletion:

python3 main.py --delete [--dryrun]

aws-sg-audit's People

Contributors

mil1i avatar

Stargazers

jh avatar Vadim Sohin , Senior DevOps Engineer avatar

Watchers

avatar avatar

Forkers

vaibhavkhartode biolababs angarcia1010

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.