Cloud Droid is a platform designed to manage Incident and Response Simulations; you can execute controlled actions that let you test your Incident Response plan in realistic scenarios.
The main goal of Cloud Droid is to provide red teaming exercises as code, generating simulations against attack scenarios and highlighting possible failures in your incident response plan. The tests are called Smokers, each one executing real actions and then cleaning up the resources created during execution.
The system is currently available for AWS, but it is to be extended to others cloud platforms.
How it works?
How to run it?
Using the official Docker image:
docker run --rm \ -e AWS_ACCESS_KEY_ID \ -e AWS_SECRET_ACCESS_KEY \ -e AWS_SESSION_TOKEN \ -e AWS_DEFAULT_REGION=us-east-1 \ cloudsniper/cloud-droid:latest -s XXXX -B XXXX
Running Docker build:
- Build the Docker image.
docker build -t cloud-droid .
- Run the container by passing your aws credentials.
docker run --rm \ -e AWS_ACCESS_KEY_ID \ -e AWS_SECRET_ACCESS_KEY \ -e AWS_SESSION_TOKEN \ -e AWS_DEFAULT_REGION=us-east-1 \ cloud-droid -s XXXX -B XXXX
Mandatory command options for running Cloud Droid
You must use the -s option to run a Smoker.
-s | Description |
---|---|
all | Run all Smokers |
test | Test Cloud Droid |
sg | Create an open security group |
pa | Multiple authentication failure in Palo Alto VPN portal. Must configure pano_url located in smoker/PanAuthSmoker.py |
au | Create an administrator user |
aca | Multiple authentication failure in AWS console. Must configure account_id located in smoker/awsConsoleAuthSmoker.py |
ctr | Create a CloudTrail trail |
s3p | Create a public S3 bucket |
esb | Create a public EBS snapshot. Must configure a snapshot id in smoker/EBSPublicSmoker - line27 |
Optional command options to run Cloud Droid
-b | Description |
---|---|
True | Store the results in an S3 bucket |
False | This is the default option, it prints the output on the console |
Requirements
- Docker
- AWS Credentials
- Variable named ‘BUCKETS3’ to store records in S3.
Upcoming Smokers
- Kubernetes
- AWS VPC changes
- AWS EC2
- GuardDuty
Get Involved
Contributing
We welcome all contributions, suggestions, and feedback, so please do not hesitate to reach out.
Ways you can contribute:
- Report potential bugs
- Request a feature
- Join our community
- Submit a PR for open issues
- Fix or improve documentation
Code of Conduct
This project adheres to the Linux Foundation Code of Conduct available on the event page. By participating, you are expected to honor this code.