E40B Cloud Security Assessment · Issue #40 · samugit83/redamon · GitHub
[go: up one dir, main page]
Skip to content

Cloud Security Assessment #40

New issue
New issue
Open
Open
Cloud Security Assessment#40
Labels
enhancementNew feature or requesthelp wantedExtra attention is needed
@samugit83

Description

@samugit83
samugit83
opened on Mar 5, 2026

Description

AWS, Azure, GCP scanning. S3 buckets, IAM misconfigs, K8s security, all mapped into Neo4j.

What already exists

  • Kubernetes API exposure detection (ports 6443, 8443, 443)
  • Nuclei cloud tags (aws, azure, gcp, docker, kubernetes)
  • AWS metadata SSRF detection in attack paths
  • AWS secret detection in GitHub Secret Hunter
  • GVM scanner handles cloud targets (CONSIDER_ALIVE for ICMP-blocked hosts)

What needs to be built

  • S3/Blob/GCS bucket enumeration and permission testing
  • IAM/RBAC auditing (AWS IAM, Azure RBAC, GCP IAM)
  • Deep Kubernetes scanning (RBAC, pods, secrets, network policies)
  • Cloud API enumeration (AWS, Azure, GCP service discovery)
  • Infrastructure-as-Code scanning (Terraform, CloudFormation)
  • Cloud-specific Neo4j node types and relationships
  • CIS Benchmark checks for cloud providers

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requesthelp wantedExtra attention is needed

    Projects

    RedAmon Roadmap

    Status

    Up for grabs

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0