PaloAltoNetworks / cnbas-tool

Cloud Native Breach and Attack Simulation (CNBAS) is an open-source tool designed to empower users to simulate attacks within multi-cloud environments, offering a comprehensive evaluation of security controls. By automating the testing of various threat vectors including external and insider threats, lateral movement, and data exfiltration, CNBAS enables organizations to gain insights into their security posture vulnerabilities. CNBAS is designed to conduct simulated attacks to assess an organization's ability to detect and respond to security threats effectively.

It facilitates Proof of Concept (POC) evaluations, assesses security controls, measures maturity levels, and generates comprehensive reports, enabling organizations to enhance their cloud security resilience through lifelike threat scenarios.

1. Seamless Integration for POC and Tool Evaluation: CNBAS provides seamless integration for Proof of Concept (POC) and tool evaluation purposes. Whether you're exploring new cloud-native applications or evaluating existing solutions, CNBAS offers a user-friendly interface and flexible deployment options to facilitate effortless testing and assessment.

2. Comprehensive Assessment of Cloud-Native Security Posture: Gain unparalleled insights into your organization's existing cloud-native security posture with CNBAS. Our advanced assessment capabilities enable you to identify vulnerabilities, assess security controls, and pinpoint areas for improvement. By understanding your current security posture, you can proactively address gaps and strengthen your defenses against emerging threats.

3. Benchmarking Against Industry Standards and Best Practices: CNBAS enables you to benchmark your cloud security controls against industry standards and best practices. With our comprehensive benchmarking framework, you can compare your security posture against established benchmarks, identify areas of strength and weakness, and prioritize remediation efforts accordingly.

4. Actionable Insights and Recommendations: CNBAS goes beyond providing insights by providing a report delivering actionable recommendations tailored to your organization's specific needs. Whether it's optimizing security configurations, implementing additional controls, or enhancing incident response processes, CNBAS equips you with the tools and guidance needed to bolster your cloud security defenses.

5. Continuous Threat Simulation: CNBAS offers a modular and templatized approach for users to easily integrate additional modules, allowing for continuous threat simulation and adaptability, by providing a flexible framework for adding modules, CNBAS ensures that users can tailor their threat simulation capabilities according to evolving security needs, making it an ideal platform for continuous threat simulation.

• 🤖 Supports Multi-cloud AWS, Azure and GCP environment.
• 🔍 Cloud Native Contextual based analysis.
• 🌐 Seamless multi-cloud attack path simulation.
• 💻 Cloud based tool evaluation based on controls analysis.
• 📊 Generate report and provide check list to mitigate the risk

• Python 3.8+
• pip3
• Pulumi Account
• AWS CLI
• Azure CLI
• Google Cloud SDK

1. Install the AWS CLI by following the instructions here.

2. Configure your AWS credentials by running:

   aws configure

   You'll be prompted to enter your Access Key ID, Secret Access Key, and default region name.

python3 -m venv ./venv

source ./venv/bin/activate

pip install -r requirements.txt

python3 cnbas.py -h

usage: cnbas.py [-h] [--simulation] [--scenario {scenario-1,scenario-2}] {aws,azure,gcp} {launch,status,destroy}

Terminal-based option tool

positional arguments:
  {aws,azure,gcp}       Cloud provider (aws, azure, gcp)
  {launch,status,destroy}
                        Action to perform (launch, status, destroy)

options:
  -h, --help            show this help message and exit
  --simulation          Enable simulation mode
  --scenario {scenario-1,scenario-2}
                        Scenario selection

python3 cnbas.py aws launch --simulation

  ____   _   _   ____       _      ____
 / ___| | \ | | | __ )     / \    / ___|
| |     |  \| | |  _ \    / _ \   \___ \
| |___  | |\  | | |_) |  / ___ \   ___) |
 \____| |_| \_| |____/  /_/   \_\ |____/


Select Attack Scenario of aws:
1. Exploit Vulnerable Application, EC2 takeover, Credential Exfiltration & Anomalous Compute Provisioning
2. Rest API exploit - command injection, credential exfiltration from backend lambda and privilige escalation, rogue identity creation & persistence
Enter your choice:

python3 cnbas.py aws status

python3 cnbas.py aws destroy --scenario <scenario-1/scenario-2>

1. Exploit Vulnerable Application, EC2 takeover, Credential Exfiltration & Anomalous Compute Provisioning
2. Rest API exploit - command injection, credential exfiltration from backend lambda and privilige escalation, rogue identity creation & persistence

3. Compromising a GKE Pod and accessing cluster secrets, taking over the cluster & escalating privileges at the Project level, possible project takeover.
4. Azure App exploit on a function, data exfiltration from Blob storage & abusing function misconfigs to escalate privileges & leaving a backdoor IAM entity.
5. Exploiting an App on VM, exfiltration of data from Cosmos DB & possible takeover of a resource group.
6. More scenarios loading...

This project is licensed under the Apache Version 2.0, - see the LICENSE file for details