[PFR] Add V1 Attack Surface Management (ASM) capabilities to ElectricEye
jonrau1 opened this issue · comments
Story
As the maintainer of ElectricEye, I want to add Attack Surface Management (ASM) capabilities to ElectricEye to expand its capabilities and prevent application-level misconfigurations running on AWS infrastructure so that users of ElectricEye can receive high-risk configurations and remediate them accordingly.
Definition of Done
- Update Dockerfile to be able to install
nmap
usingapk
- Update
requirements.txt
to includepython3-nmap
- Ensure Dockerfile builds and runs correctly
- Create a Minimal Viable Auditor (MVA, lol) for ASM for EC2
- Banner checks for HTTP/HTTPS
- Top 10 Ports + DB/Caching Ports
- Create a Minimal Viable Auditor (MVA, lol) for ASM for ELB
- Banner checks for HTTP/HTTPS
- Top 10 Ports + DB/Caching Ports
Nice to Have
Adding limited scripts to check for wide-open DBs and caching without access such as MySQL, PostgreSQL or Redis and similar.
Ideally will add unauthorized access checks to MySQL, PostgreSQL, MSSQL and Redis
Additional Information
With two Auditors each checking Top 10 and MySQL, PostgreSQL, MSSQL, Redis, RabbitMQ, Docker, K8s that will come out to 34 Checks just for the ports.
Adding 4 to each auditor for HTTP and HTTPS Banners and Page Names is another 8 checks then an additional 2 per the "nice to have" checks I want to add will take this entire buildout to 50 checks
Naming conventions will need to be selected....either [ASM.EC2.1]
, [AttackSurface.EC2.1]
or [NMAP.EC2.1]