Primary Use Case

CloudMapper is primarily used by cloud security engineers and AWS administrators to audit AWS accounts for misconfigurations, identify unused resources, and assess security risks. It helps organizations maintain compliance and improve their cloud security by providing detailed reports and insights into IAM policies, network exposure, and resource usage.

Key Features

Audits AWS accounts for potential security misconfigurations

Identifies admin users, roles, and principals with elevated privileges

Detects unused AWS resources such as Security Groups, Elastic IPs, and volumes

Finds publicly accessible hosts and open port ranges

Generates comprehensive HTML reports summarizing account resources and audit findings

Collects detailed metadata about AWS accounts

Provides geoip information on CIDRs trusted in Security Groups

Supports custom private commands extension

Insights & Recommendations

The network visualization feature (`prepare` command) is no longer maintained and may not function as expected. Installation requires additional system dependencies for `jq` and `pyjq`. Users should ensure Python 3.7+ compatibility and consider running the tool within a virtual environment for dependency management. Custom private commands can be added via a dedicated directory for extended functionality.

Installation

Clone the repository: git clone https://github.com/duo-labs/cloudmapper.git
Install prerequisites for pyjq (on macOS): brew install autoconf automake awscli freetype jq libtool python3
Navigate to the cloned directory: cd cloudmapper/
Create and activate a Python virtual environment: python3 -m venv ./venv && source ./venv/bin/activate
Install Python dependencies using pip (implied but not explicitly stated)
Ensure jq is installed (https://stedolan.github.io/jq/)
Install pyjq Python library (https://github.com/doloopwhile/pyjq)

Usage

audit

Check for potential misconfigurations in the AWS account.

collect

Collect metadata about an AWS account.

find_admins

Identify admin users, roles, or principals with specific privileges based on IAM policies.

find_unused

Detect unused AWS resources such as Security Groups, Elastic IPs, network interfaces, volumes, and load balancers.

prepare / webserver

Generate network visualizations (note: network visualization is no longer maintained).

public

Find public hosts and open port ranges in the AWS environment.

sg_ips

Retrieve geoip information on CIDRs trusted in Security Groups.

stats

Display counts of various AWS resources in the account.

weboftrust

Show Web Of Trust information.

report

Generate an HTML report summarizing account resources and audit findings.

iam_report

Generate an HTML report focused on IAM information of the AWS account.

Smart Usage Notes

Integrate CloudMapper reports into continuous integration pipelines for automated cloud security posture monitoring.Use findings from CloudMapper to prioritize remediation of high-risk IAM privileges and exposed network resources.Extend CloudMapper with custom private commands to tailor audits to organization-specific compliance requirements.Leverage geoip data on trusted CIDRs to detect anomalous network access patterns and potential lateral movement.Combine CloudMapper with cloud SIEM tools to enrich detection capabilities and accelerate incident response.

OpenSec Atlas

cloudmapper

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like