A honey token manager and alert system for AWS.

Related tags

Security related resourcesawssecuritylambdaterraformhoneypot
Overview

SpaceSiren

SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and manage honey tokens at scale -- up to 10,000 per SpaceSiren instance -- at close to no cost.1

SpaceSiren mascot

How It Works

  • SpaceSiren provides an API to create no-permission AWS IAM users and access keys for those users.
  • You sprinkle the access keys wherever you like, for example in proprietary code or private data stores.
  • If one of those sources gets breached, an attacker is likely to use the stolen key to see what they can do with it.
  • You will receive an alert that someone attempted to use the key.

Token API screenshot

Alert Outputs

  • Email
  • PagerDuty
  • Slack
  • Pushover

Email alert

Documentation Pages

Requirements

As with any open source project, this one assumes you have the required foundational tools and knowledge, mainly in AWS and Terraform.

Resources

  • Terraform >= 0.13
  • AWS CLI
  • A dedicated AWS account with admin access
  • A registered domain

Knowledge

  • Basic Terraform
  • Basic REST API
  • Basic AWS CLI, S3, and Route 53
  • Basic AWS Organizations and IAM Roles for cross-account access
  • Intermediate DNS (delegating a (sub)domain with NS records)

Contact

If you notice a critical security bug (e.g., one that would grant real access to an AWS account), please responsibly disclose it via email at [email protected].

For standard bugs or feature requests, please open a GitHub issue.

Attributions

Special thanks to:

  • Atlassian for Project SpaceCrab, the inspiration for this project. If you want to read about why I started SpaceSiren, please see my SpaceCrab critique page.
  • The wonderful and talented Alia Mancisidor for the artwork.
  • Anyone who volunteered to test this application for me.

Footnotes

  1. While SpaceSiren was designed to run as cheaply as possible, even for individuals, it will not be entirely free of operating costs. You will incur nominal costs for DynamoDB, Lambda, API Gateway, Route 53, and perhaps CloudTrail, depending on your configuration. You should expect to spend between $1 and $5 per month to run SpaceSiren. Of course, the project's maintainers are not responsible for any actual costs you incur. Please closely monitor your AWS bill while it is in use.
You might also like...
Remote control your Greenbone Vulnerability Manager (GVM)
Remote control your Greenbone Vulnerability Manager (GVM)

Greenbone Vulnerability Management Tools The Greenbone Vulnerability Management Tools gvm-tools are a collection of tools that help with remote contro

Greenbone 130 Dec 17, 2022
Encrypted Python Password Manager

PyPassKeep Encrypted Python Password Manager About PyPassKeep (PPK for short) is an encrypted python password manager used to secure your passwords fr

KrisIsHere 1 Nov 17, 2021
Password-Manager GUI
Password-Manager GUI

PASSWORD-MANAGER This repo contains all the project files. Project Description A Tkinter GUI that allows you to store website info like website name,

David .K. Danso 1 Dec 8, 2021
PassLock is a medium-security password manager that encrypts passwords using Advanced Encryption Standards (AES)
PassLock is a medium-security password manager that encrypts passwords using Advanced Encryption Standards (AES)

A medium security python password manager that encrypt passwords using Advanced Encryption Standard (AES) PassLock is a password manager and password

Akshay Vs 44 Nov 18, 2022
🔐 A simple command-line password manager.
🔐 A simple command-line password manager.

PassVault What Is It? It is a command-line password manager, for educational purposes, that stores localy, in AES encryption, your sensitives datas in

null 5 Aug 15, 2022
This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way

Cryptographied Password Manager This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way without using external Service

Francesco 3 Nov 23, 2022
Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.
Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

We are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them

Mitiga 13 Jan 4, 2022
Wonk is a tool for combining a set of AWS policy files into smaller compiled policy sets.

Wonk is a tool for combining a set of AWS policy files into smaller compiled policy sets.

Amino, Inc 140 Dec 16, 2022
Security offerings for AWS Control Tower

Caylent Security Catalyst Reference Architecture Examples This repository contains solutions for Caylent's Security Catalyst. The Security Catalyst is

Steven Connolly 1 Oct 22, 2021
Comments
  • Multiple alert email addresses

    Multiple alert email addresses

    Allow for more than one destination email address for alerts. Terraform should take a list of email addresses. They will all need to be verified in SES.

    opened by khicks 0
  • Enhancement/Canary Resources scaffolding

    Enhancement/Canary Resources scaffolding

    Add support for canary resources:

    • This is the initial scaffolding, that adds an endpoint to monitor activity for given resource ARNs.
    • Under the current format, it only supports resources in the account where spacesiren is deployed
      • Will have to look into the best way to monitor arbitrary trails

    TODOs:

    • [ ] Update documentation for the new endpoint
    opened by x4v13r64 0
Releases(1.4.0)

  • 1.4.0(Dec 19, 2021)

  • 1.3.0(Apr 15, 2021)

  • 1.2.1(Aug 23, 2020)

  • 1.2.0(Aug 15, 2020)

    FEATURES:

    • Pushover support. New tfvars are alert_pushover_user_key and alert_pushover_api_key.
    • Test alert API endpoint: /test-alert.

    IMPROVEMENTS:

    • Remove trimsuffix from Route 53 zone name.
    Source code(tar.gz)
    Source code(zip)

  • 1.1.0(Aug 14, 2020)

    IMPROVEMENTS:

    • Artwork!
    • Change directory structure. Terraform code now has its own directory.
      • If you previously had SpaceSiren set up, delete your functions-pkg/ directory and move the following files/dirs to the terraform/ directory:
        • .terraform/
        • terraform-local.tf
        • terraform.tfvars
    Source code(tar.gz)
    Source code(zip)

  • 1.0.0(Aug 14, 2020)

Owner
GitHub Repository
IDA loader for Apple's iBoot, SecureROM and AVPBooter

IDA iBoot Loader IDA loader for Apple's iBoot, SecureROM and AVPBooter Installation Copy iboot-loader.py to the loaders folder in IDA directory. Credi

matteyeux 74 Dec 23, 2022
labsecurity is a framework and its use is for ethical hacking and computer security

labsecurity labsecurity is a framework and its use is for ethical hacking and computer security. Warning This tool is only for educational purpose. If

Dylan Meca 16 Dec 08, 2022
A dynamic multi-STL, multi-process OpenSCAD build system with autoplating support

scad-build This is a multi-STL OpenSCAD build system based around GNU make. It supports dynamic build targets, intelligent previews with user-defined

Jordan Mulcahey 1 Dec 21, 2021
A python module for retrieving and parsing WHOIS data

pythonwhois A WHOIS retrieval and parsing library for Python. Dependencies None! All you need is the Python standard library. Instructions The manual

Sven Slootweg 384 Dec 23, 2022
NEW FACEBOOK CLONER WITH NEW PASSWORD, TERMUX FB CLONE, FB CLONING COMMAND. M

NEW FACEBOOK CLONER WITH NEW PASSWORD, TERMUX FB CLONE, FB CLONING COMMAND. M

Mr. Error 81 Jan 08, 2023
Cisco RV110w UPnP stack overflow

Cisco RV110W UPnP 0day 分析 前言 最近UPnP比较火,恰好手里有一台Cisco RV110W,在2021年8月份思科官方公布了一个Cisco RV系列关于UPnP的0day,但是具体的细节并没有公布出来。于是想要用手中的设备调试挖掘一下这个漏洞,漏洞的公告可以在官网看到。 准

badmonkey 25 Nov 09, 2022
This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

CVE-2021-40444 builders This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit. This repo is just for testing, re

ASL IT Security 168 Nov 09, 2022
Credit Card And SK Checker Written In Python

💳 Credit Card Checker (CC Checker) & Mass SK Checker & Generator 💳

Rimuru Tempest 53 Dec 31, 2022
利用NTLM Hash读取Exchange邮件

GetMail 利用NTLM Hash读取Exchange邮件:在进行内网渗透时候,我们经常拿到的是账号的Hash凭据而不是明文口令。在这种情况下采用邮件客户端或者WEBMAIL的方式读取邮件就很麻烦,需要进行破解,NTLM的破解主要依靠字典强度,破解概率并不是很大。

<a href=[email protected]"> 388 Dec 27, 2022
A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities

master_librarian A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities. To install requirements: $ sudo pyth

CoolerVoid 167 Dec 19, 2022
JumpServer远程代码执行漏洞检测利用脚本

Jumpserver-EXP JumpServer远程代码执行漏洞检测利用脚本

Veraxy 181 Dec 20, 2022
OLOP: One-Line & Obfuscated Python

OLOP: One-Line & Obfuscated Python This repository contains useful python modules for one-line and obfuscated python. pip install olop-ShadowLugia650

1 Jan 09, 2022
This script allows you to make a onion host instantly.

Installation It only works in Debian based Linux distros. Clone the repo: git clone https://github.com/0xStevenson/Auto-Tor-Host.git Go to the direct

Steven 4 Feb 22, 2022
Chromepass - Hacking Chrome Saved Passwords

Chromepass - Hacking Chrome Saved Passwords and Cookies View Demo · Report Bug · Request Feature Table of Contents About the Project AV Detection Gett

darkArp 622 Jan 04, 2023
An Advanced Local Network IP Scanner, made in python of course!

██╗██████╗    ██████╗ █████╗ █████╗ ███╗ ██╗███╗ ██╗███████╗██████╗ ██║██╔══██╗  ██╔════╝██╔══██╗██╔══██╗████╗ ██║████╗ ██║██╔════╝██╔══██

Polsulpicien 2 Dec 18, 2021
Ethereum transaction decoder (community version).

EthTx Community Edition Community version of EthTx transaction decoder Local environment For local instance, you need few things: Depending on your di

240 Dec 21, 2022
A piece of software that shows a traceroute of a URL redirect path

Tracing URL redirects has never been easier! Usage • Download 🚩 Use Cases To see where an affiliate link ends up To see what affiliate network is bei

41 Nov 22, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Known issues it will not work outside kali , i will update it

Hossam 867 Dec 22, 2022
Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.

Fuzz introspector Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potenti

Open Source Security Foundation (OpenSSF) 221 Jan 01, 2023
Buff A simple BOF library I wrote under an hour to help me automate with BOF attack

What is Buff? A simple BOF library I wrote under an hour to help me automate with BOF attack. It comes with fuzzer and a generic method to generate ex

0x00 3 Nov 21, 2022