AWS How To

In order for Snotra to access your account and perform a scan you need to provide either a Cross-Account Role or AWS Access Keys.

Access Keys

  1. Create IAM User with programatic access (access keys)
  2. Attach "ReadOnlyAccess" and "SecurityAudit" AWS Managed Policies
  3. Enter your AWS Access Keys on teh scan page and click scan

Cross-Acount Role

The role should have the "ReadOnlyAccess" and "SecurityAudit" AWS Managed Policies attached and be configured with the following trust policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::243001516183:user/snotra"
            },
            "Action": "sts:AssumeRole",
            "Condition": {}
        }
    ]
    }

This will allow the user principal "snotra" in the AWS account "243001516183" to assume the role and perform the scan.

When the scan is launched you will be provided with a Scan ID, Remember to take note of this ID as you will need to enter it on the report page to view the completed scan report.

Scans can take 15 minutes to complete and for the report to become available in the portal.

Azure How To

In order for Snotra to access your Azure Tenancy and subscriptions and perform a scan you need to provide a client secret and id for a service principal / app registration.

Service Principal / App Registration

  1. Create an app registration
  2. Attach the "reader" role in Azure RBAC for all subscriptions you would like to include in the scan.
  3. Give the the service principal the following Microsoft Graph API permissions:
    1. Directory.Read.All
    2. Policy.Read.All
  4. Enter your client id, client secret and tenant id on the scan page and click scan.
  5. All subscriptions will be included in the scan.

When the scan is launched you will be provided with a Scan ID, Remember to take note of this ID as you will need to enter it on the report page to view the completed scan report.

Scans can take 15 minutes to complete and for the report to become available in the portal.

About

Snotra is an open source AWS cloud auditing tool written in Python. The tool was created to assist me when performing AWS configuration reviews and will audit the account against the latest CIS Benchmark as well a large number of additional common misconfigurations and security weaknesses.

Snotra.cloud is flask application which allows users to easily scan their own AWS environments with Snotra and presents the results in a easily navigable HTML report. Users are limited to one scan a day, if you would like more access just reach out. All scan results are encrypted at rest, can be deleted by clicking the delete button when viewing your report and are automatically removed after 30 days.

Terms

By entering your credentials and clicking the scan button you are authorising snotra.cloud to access your account and perform a security audit.

Shaun

Shaun Webber

Penetration Tester, CHECK Team Leader, Cyber Scheme Team Leader (CSTL Inf), AWS Certified Security Specialty, Certified Azure Red Team Professional (CARTP), Multi-Cloud Red Team Analyst (MCRTA)

Blog: shaunwebber.uk

LinkedIn: shaun-webber