Skip to content

Vulnerability scanner for AWS customer managed policies using ChatGPT

Notifications You must be signed in to change notification settings

ustayready/cloudgpt

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CloudGPT

AWS vulnerability scanner

Scan customer managed AWS policies for vulnerabilities using ChatGPT.

This tool automatically redacts the customer account number by replacing them with a randomly generated account number before sending the policies to ChatGPT. Knowledge of a vulnerable policy without knowledge of the account that has the policy provisioned, is useless to OpenAI. Additionally, the internal prompt has continually returned responses starting with Yes or No, therefore, we are just parsing this portion of the response to determine vulnerability. Those using the tool should manually review the responses in the output to determine context of the response. It's not perfect but it's absolutely helpful.

Follow me on Twitter (Mike Felch - @ustayready)

Basic Usage

Requires OpenAI API key

usage: scan.py [-h] --key KEY [--profile PROFILE] [--redact]

Retrieve all customer managed policies and check the default policy version for vulnerabilities

optional arguments:
  -h, --help         show this help message and exit
  --key KEY          OpenAI API key
  --profile PROFILE  AWS profile name to use (default: default)
  --redact           Redact sensitive information in the policy document (default: True)
  
CloudGPT the AWS vulnerability scanner

python scan.py --key ABC --profile AWSPROFILE

Installation

You can install and run with the following command:

$ git clone https://github.com/ustayready/cloudgpt
$ cd cloudgpt
~/cloudgpt $ virtualenv -p python3 .
~/cloudgpt $ source bin/activate
(cloudgpt) ~/cloudgpt $ python scan.py

About

Vulnerability scanner for AWS customer managed policies using ChatGPT

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages