Today i want spend few words for this amazing open source project.
Those who knows me are already aware that i love doing black-box penetration testing, mostly because is way more challenging. But, i realise is not enough.
So, recently, i got asked to do a full security audit for a company that has it’s entire infrastructure on AWS. And..oh boy i was wrong…
I did my due diligent work with my precious black-box approach, and didn’t find much (very weird considering what we have around). So, i decided to find various open source tool that promised a lot on paper. I used yatas and cloudfox and left me…well…what’s a good word…not happy.
So i stumbled upon ZeusCloud and a new world opened before my eyes !
How it Works
To use this tool all you need are your AWS credentials with the right permissions.
The use is extremely simple. It has a very nice web UI with all you need under your mouse cursor and installation is even easier since come with docker.
Key Features
ZeusCloud is a preventative cloud security platform. It helps you discover, prioritize, and remediate your risks in the cloud. You can:
- Build an asset inventory of your AWS accounts.
- Continuously monitor your environments for attack paths and misconfigurations.
- Customize security and compliance controls to fit your needs.
- Contextually prioritize and remediate security findings
- Meet compliance standards PCI DSS, CIS, and add any other standard you want
Some important things to know
- At this moment the GitHub repo appears to be “stale” since last commit is date 3 July 2023
- I have serious doubt about the authors/contributors still being on this project (their last activity dates back months)
- Lack a very important feature: export of findings in PDF or HTML (but at least you can have a nice json)
Where to get it
Their GitHub repo is @ https://github.com/Zeus-Labs/ZeusCloud
RTFM
Please, before starting Read The Fucking Manual: https://docs.zeuscloud.io/introduction/welcome
