Nuvola | Tool To Dump And Perform Automatic And Manual Security Analysis On Aws Environments Configurations And Services

[Ruchika oberoi]

You must be registered for see links

nuvola (with the lowercase n) is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax.

The general idea behind this project is to create an abstracted digital twin of a cloud platform. For a more concrete example: nuvola reflects the BloodHound traits used for Active Directory analysis but on cloud environments (at the moment only AWS).

The usage of a graph database also increases the possibility of finding different and innovative attack paths and can be used as an offline, centralised and lightweight digital twin.

Quick Start​

Requirements​

• docker-compose installed
• an AWS account configured to be used with awscli with full access to the cloud resources, better if in ReadOnly mode (the policy arn:aws:iam::awsolicy/ReadOnlyAccess is fine)

Setup​

1. Clone the repository

git clone --depth=1

You must be registered for see links

; cd nuvola

1. Create and edit, if required, the .env file to set your DB username/password/URL

cp .env_example .env;

1. Start the Neo4j docker instance

make start

1. Build the tool

make build

Usage​

1. Firstly you need to dump all the supported AWS services configurations and load the data into the Neo4j database:

./nuvola dump -profile default_RO -outputdir ~/DumpDumpFolder -format zip

1. To import a previously executed dump operation into the Neo4j database:

./nuvola assess -import ~/DumpDumpFolder/nuvola-default_RO_20220901.zip

1. To only perform static assessments on the data loaded into the Neo4j database using the
   You must be registered for see links
   :

./nuvola assess

1. Or use
   You must be registered for see links
   to manually explore the digital twin.

5

About nuvola​

To get started with nuvola and its database schema, check out the nuvola

You must be registered for see links

.

No data is sent or shared with Prima Assicurazioni.

How to contribute​

• reporting bugs and issues
• reporting new improvements
• reviewing issues and pull requests
• fixing bugs and issues
• creating new rules
• improving the overall quality

Presentations​

• RomHack 2022
  • You must be registered for see links
  • You must be registered for see links

License​

nuvola uses graph theory to reveal possible attack paths and security misconfigurations on cloud environments.

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this repository and program. If not, see

You must be registered for see links

.

GitHub:​

You must be registered for see images

You must be registered for see links

You must be registered for see links

Contribute to primait/nuvola development by creating an account on GitHub.