Giters

jonrau1 / ElectricEye

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[PFR] Add V1 Attack Surface Management (ASM) capabilities to ElectricEye

jonrau1 opened this issue · comments

commented

Story
As the maintainer of ElectricEye, I want to add Attack Surface Management (ASM) capabilities to ElectricEye to expand its capabilities and prevent application-level misconfigurations running on AWS infrastructure so that users of ElectricEye can receive high-risk configurations and remediate them accordingly.

Definition of Done

  • Update Dockerfile to be able to install nmap using apk
  • Update requirements.txt to include python3-nmap
  • Ensure Dockerfile builds and runs correctly
  • Create a Minimal Viable Auditor (MVA, lol) for ASM for EC2
    • Banner checks for HTTP/HTTPS
    • Top 10 Ports + DB/Caching Ports
  • Create a Minimal Viable Auditor (MVA, lol) for ASM for ELB
    • Banner checks for HTTP/HTTPS
    • Top 10 Ports + DB/Caching Ports

Nice to Have
Adding limited scripts to check for wide-open DBs and caching without access such as MySQL, PostgreSQL or Redis and similar.
Ideally will add unauthorized access checks to MySQL, PostgreSQL, MSSQL and Redis

Additional Information
With two Auditors each checking Top 10 and MySQL, PostgreSQL, MSSQL, Redis, RabbitMQ, Docker, K8s that will come out to 34 Checks just for the ports.

Adding 4 to each auditor for HTTP and HTTPS Banners and Page Names is another 8 checks then an additional 2 per the "nice to have" checks I want to add will take this entire buildout to 50 checks

Naming conventions will need to be selected....either [ASM.EC2.1], [AttackSurface.EC2.1] or [NMAP.EC2.1]