A honey token manager and alert system for AWS.

Related tags

Security related resourcesawssecuritylambdaterraformhoneypot
Overview

SpaceSiren

SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and manage honey tokens at scale -- up to 10,000 per SpaceSiren instance -- at close to no cost.1

SpaceSiren mascot

How It Works

  • SpaceSiren provides an API to create no-permission AWS IAM users and access keys for those users.
  • You sprinkle the access keys wherever you like, for example in proprietary code or private data stores.
  • If one of those sources gets breached, an attacker is likely to use the stolen key to see what they can do with it.
  • You will receive an alert that someone attempted to use the key.

Token API screenshot

Alert Outputs

  • Email
  • PagerDuty
  • Slack
  • Pushover

Email alert

Documentation Pages

Requirements

As with any open source project, this one assumes you have the required foundational tools and knowledge, mainly in AWS and Terraform.

Resources

  • Terraform >= 0.13
  • AWS CLI
  • A dedicated AWS account with admin access
  • A registered domain

Knowledge

  • Basic Terraform
  • Basic REST API
  • Basic AWS CLI, S3, and Route 53
  • Basic AWS Organizations and IAM Roles for cross-account access
  • Intermediate DNS (delegating a (sub)domain with NS records)

Contact

If you notice a critical security bug (e.g., one that would grant real access to an AWS account), please responsibly disclose it via email at [email protected].

For standard bugs or feature requests, please open a GitHub issue.

Attributions

Special thanks to:

  • Atlassian for Project SpaceCrab, the inspiration for this project. If you want to read about why I started SpaceSiren, please see my SpaceCrab critique page.
  • The wonderful and talented Alia Mancisidor for the artwork.
  • Anyone who volunteered to test this application for me.

Footnotes

  1. While SpaceSiren was designed to run as cheaply as possible, even for individuals, it will not be entirely free of operating costs. You will incur nominal costs for DynamoDB, Lambda, API Gateway, Route 53, and perhaps CloudTrail, depending on your configuration. You should expect to spend between $1 and $5 per month to run SpaceSiren. Of course, the project's maintainers are not responsible for any actual costs you incur. Please closely monitor your AWS bill while it is in use.
You might also like...
Remote control your Greenbone Vulnerability Manager (GVM)
Remote control your Greenbone Vulnerability Manager (GVM)

Greenbone Vulnerability Management Tools The Greenbone Vulnerability Management Tools gvm-tools are a collection of tools that help with remote contro

Greenbone 130 Dec 17, 2022
Encrypted Python Password Manager

PyPassKeep Encrypted Python Password Manager About PyPassKeep (PPK for short) is an encrypted python password manager used to secure your passwords fr

KrisIsHere 1 Nov 17, 2021
Password-Manager GUI
Password-Manager GUI

PASSWORD-MANAGER This repo contains all the project files. Project Description A Tkinter GUI that allows you to store website info like website name,

David .K. Danso 1 Dec 8, 2021
PassLock is a medium-security password manager that encrypts passwords using Advanced Encryption Standards (AES)
PassLock is a medium-security password manager that encrypts passwords using Advanced Encryption Standards (AES)

A medium security python password manager that encrypt passwords using Advanced Encryption Standard (AES) PassLock is a password manager and password

Akshay Vs 44 Nov 18, 2022
🔐 A simple command-line password manager.
🔐 A simple command-line password manager.

PassVault What Is It? It is a command-line password manager, for educational purposes, that stores localy, in AES encryption, your sensitives datas in

null 5 Aug 15, 2022
This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way

Cryptographied Password Manager This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way without using external Service

Francesco 3 Nov 23, 2022
Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.
Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

We are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them

Mitiga 13 Jan 4, 2022
Wonk is a tool for combining a set of AWS policy files into smaller compiled policy sets.

Wonk is a tool for combining a set of AWS policy files into smaller compiled policy sets.

Amino, Inc 140 Dec 16, 2022
Security offerings for AWS Control Tower

Caylent Security Catalyst Reference Architecture Examples This repository contains solutions for Caylent's Security Catalyst. The Security Catalyst is

Steven Connolly 1 Oct 22, 2021
Comments
  • Multiple alert email addresses

    Multiple alert email addresses

    Allow for more than one destination email address for alerts. Terraform should take a list of email addresses. They will all need to be verified in SES.

    opened by khicks 0
  • Enhancement/Canary Resources scaffolding

    Enhancement/Canary Resources scaffolding

    Add support for canary resources:

    • This is the initial scaffolding, that adds an endpoint to monitor activity for given resource ARNs.
    • Under the current format, it only supports resources in the account where spacesiren is deployed
      • Will have to look into the best way to monitor arbitrary trails

    TODOs:

    • [ ] Update documentation for the new endpoint
    opened by x4v13r64 0
Releases(1.4.0)

  • 1.4.0(Dec 19, 2021)

  • 1.3.0(Apr 15, 2021)

  • 1.2.1(Aug 23, 2020)

  • 1.2.0(Aug 15, 2020)

    FEATURES:

    • Pushover support. New tfvars are alert_pushover_user_key and alert_pushover_api_key.
    • Test alert API endpoint: /test-alert.

    IMPROVEMENTS:

    • Remove trimsuffix from Route 53 zone name.
    Source code(tar.gz)
    Source code(zip)

  • 1.1.0(Aug 14, 2020)

    IMPROVEMENTS:

    • Artwork!
    • Change directory structure. Terraform code now has its own directory.
      • If you previously had SpaceSiren set up, delete your functions-pkg/ directory and move the following files/dirs to the terraform/ directory:
        • .terraform/
        • terraform-local.tf
        • terraform.tfvars
    Source code(tar.gz)
    Source code(zip)

  • 1.0.0(Aug 14, 2020)

Owner
GitHub Repository
Auto Tor Ip Changer

AutoTor Auto Tor Ip Changer for Linux! git clone https://github.com/Arest7/AutoTor cd AutoTor pip install -r requirements.txt python3 AutoTor.py follo

Ken Ryuguji 3 Jan 23, 2022
Exploit for GitLab CVE-2021-22205 Unauthenticated Remote Code Execution

Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files tha

Hendrik Agung 2 Dec 30, 2021
Kriecher is a simple Web Scanner which will run it's own checks for the OWASP

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP top 10 https://owasp.org/www-project-top-ten/# as well as run a

1 Nov 12, 2021
Having a weak password is not good for a system that demands high confidentiality and security of user credentials

Having a weak password is not good for a system that demands high confidentiality and security of user credentials. It turns out that people find it difficult to make up a strong password that is str

PyLaboratory 0 Feb 07, 2022
Metal Gear Online 2 (MGO2) stage files decryption

Metal Gear Online 2 decryption tool Metal Gear Online 2 (MGO2) has an additional layer of encryption for stage files. I was not able to find info abou

4 Sep 02, 2022
Experimental musig2 python code, not for production use!

musig2-py Experimental musig2 python code, not for production use! This is just for testing things out. All public keys are encoded as 32 bytes, assum

Samuel Dobson 14 Jul 08, 2022
Scan your logs for CVE-2021-44228 related activity and report the attackers

jndiRep - CVE-2021-44228 Basically a bad grep on even worse drugs. search for malicious strings decode payloads print results to stdout or file report

js-on 2 Nov 24, 2022
The Decompressoin tool for Vxworks MINIFS

MINIFS-Decompression The Decompression tool for Vxworks MINIFS filesystem. USAGE python minifs_decompression.py [target_firmware] The example of Mercu

8 Jan 03, 2023
CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight;

CloakifyFactory CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of

3 Oct 18, 2022
BloodyAD is an Active Directory Privilege Escalation Framework

BloodyAD Framework BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combi

757 Jan 07, 2023
Password List Creator Simple !

Password List Creator Simple !

MR.D3F417 4 Jan 27, 2022
Burp Suite extension for encoding/decoding EVM calldata

unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi

Halborn 16 Aug 30, 2022
Proof of concept to check if hosts are vulnerable to CVE-2021-41773

CVE-2021-41773 PoC Proof of concept to check if hosts are vulnerable to CVE-2021-41773. Description (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV

Jordan Jay 43 Nov 09, 2022
PyExtractor is a decompiler that can fully decompile exe's compiled with pyinstaller or py2exe

PyExtractor is a decompiler that can fully decompile exe's compiled with pyinstaller or py2exe with additional features such as malware checker/detector! Also checks file(s) for suspicious words, dis

Rdimo 56 Jul 31, 2022
Unicode fuzzer for various purposes

UnicodeToy Unicode fuzzer for various purposes Unicode based on version 14.0 features Generate the shortest xss domain payload Generate unicode str, u

33 Nov 27, 2022
A tool for making python source difficult to read.

obscurepy Description A tool for obscuring, or making python source code difficult to read. Table of Contents Installation Limitations Usage Disclaime

Andrew Christiansen 10 Jul 31, 2022
Statistical Random Number Generator Attack Against The Kirchhoff-law-johnson-noise (Kljn) Secure Key Exchange Protocol

Statistical Random Number Generator Attack Against The Kirchhoff-law-johnson-noise (Kljn) Secure Key Exchange Protocol

zeze 1 Jan 13, 2022
Scarecrow is a tool written in Python3 allowing you to protect your Python3 scripts.

🕷️ Scarecrow 🕷️ Scarecrow is a tool written in Python3 allowing you to protect your Python3 scripts. It looks for processes with specific names to v

Billy 33 Sep 28, 2022
Log4j minecraft with python

log4jminecraft This code DOES NOT promote or encourage any illegal activities! The content in this document is provided solely for educational purpose

David Bombal 154 Dec 24, 2022
BOF-Roaster is an automated buffer overflow exploit machine which is begin written with Python 3.

BOF-Roaster is an automated buffer overflow exploit machine which is begin written with Python 3. On first release it was able to successfully break many of the most well-known buffer overflow exampl

Kaan Caglan 5 Nov 23, 2021