Skip to content

Add cloud-audit - AWS security auditing CLI with remediation engine#126

Merged
toniblyx merged 2 commits intotoniblyx:masterfrom
gebalamariusz:add-cloud-audit
Apr 17, 2026
Merged

Add cloud-audit - AWS security auditing CLI with remediation engine#126
toniblyx merged 2 commits intotoniblyx:masterfrom
gebalamariusz:add-cloud-audit

Conversation

@gebalamariusz
Copy link
Copy Markdown
Contributor

@gebalamariusz gebalamariusz commented Mar 3, 2026

Added cloud-audit to the Defensive section.

What it does: Python CLI that runs 17 opinionated security checks across IAM, S3, EC2, VPC, RDS, and EIP. Each finding includes ready-to-use AWS CLI commands and Terraform HCL snippets to fix the issue.

Open source, MIT licensed.

@gebalamariusz
Add cloud-audit to Defensive section
a4c1d87
@gebalamariusz
Update cloud-audit description: v2.0 features + canonical homepage
d84be4f 
- Stats refreshed: 94 checks across 23 services (was 17), 31 attack
  chains, 25 IAM privilege escalation methods (replaces dead PMapper)
- Link points to project homepage (haitmg.pl/cloud-audit/) instead
  of the GitHub repo; GitHub stats badges unchanged
- Added HelpNetSecurity feature reference
@gebalamariusz
Copy link
Copy Markdown
Contributor Author

gebalamariusz commented Apr 17, 2026
edited
Loading

Hi @toniblyx - gentle bump on this PR.

Since opening in March, cloud-audit has shipped v2.0 with significant additions that may be relevant for the list:

  • 94 curated checks across 23 AWS services (was 17 at PR open)
  • 31 attack chain detection rules correlating findings into realistic exploit paths (e.g. public SG + IMDSv1 + IAM role = full takeover)
  • 25 IAM privilege escalation detection methods - filling the gap left by PMapper, which was abandoned in 2024
  • CIS AWS v3.0 compliance at 89% automation (55 of 62 controls fully automated)
  • Featured in Help Net Security (March 2026): https://www.helpnetsecurity.com/2026/03/11/cloud-audit-open-source-aws-security-scanner/

I've pushed an updated commit (d84be4f) refreshing the entry with current stats and linking to the project homepage. Happy to trim, rephrase, or move it under a different section if you'd prefer.

Thanks for maintaining this list - it remains THE reference for AWS security tooling.

Disclosure: author of cloud-audit.

@toniblyx toniblyx merged commit f38aa54 into toniblyx:master Apr 17, 2026
@toniblyx
Copy link
Copy Markdown
Owner

toniblyx commented Apr 17, 2026

Awesome!

@toniblyx
Copy link
Copy Markdown
Owner

toniblyx commented Apr 17, 2026
edited
Loading

Please correct the comparison table in your repo, the Prowler column is 100% wrong. Prowler does all what you say it does not and multicloud. Please don't lie to your users.

@toniblyx
Copy link
Copy Markdown
Owner

toniblyx commented Apr 17, 2026

also look at hub.prowler.com to count the controls we support.

gebalamariusz added a commit to gebalamariusz/cloud-audit that referenced this pull request Apr 17, 2026
@gebalamariusz
docs: correct Prowler comparison in README per @toniblyx feedback
7a5bd00 
Fix inaccurate claims in the "How It Compares" table that mischaracterized
Prowler, raised by @toniblyx in
toniblyx/my-arsenal-of-aws-security-tools#126:

- Compliance frameworks for Prowler: "CIS" -> 41 (CIS, PCI-DSS, HIPAA,
  SOC2, NIST 800, ISO 27001, GDPR, FedRAMP, NIS2, MITRE ATT&CK + more)
- Auto-remediation: "CIS only" -> 55 fixers across 17 AWS services
- Attack chains: "No" -> Yes via Prowler App (Cartography + Neo4j graph)
- IAM privilege escalation: "No" -> Yes via Prowler App Attack Paths
- AI-SPM (Bedrock + SageMaker): "No" -> ~20 checks across both services
- AWS checks: 576 -> 572 (current master)
- Removed Trivy column (different category: container-first scanner)
- Added multi-cloud row as key Prowler advantage
- Rewrote surrounding prose to frame Prowler as the standard and
  cloud-audit as a complementary AWS-focused tool, not a competitor

Prowler stats verified from github.com/prowler-cloud/prowler master
(April 2026) via README table, fixer file count, and service directory
listing.
@gebalamariusz
Copy link
Copy Markdown
Contributor Author

gebalamariusz commented Apr 17, 2026

@toniblyx You were right and I'm sorry for the inaccuracies. I've just corrected the comparison table in the cloud-audit README:

gebalamariusz/cloud-audit@7a5bd00

Specific fixes (all verified against github.com/prowler-cloud/prowler master):

  • Compliance frameworks: "CIS" -> 41 (CIS, PCI-DSS, HIPAA, SOC2, NIST 800, ISO 27001, GDPR, FedRAMP, NIS2, MITRE ATT&CK + more)
  • Auto-remediation: "CIS only" -> 55 fixers across 17 AWS services
  • Attack path analysis: "No" -> Yes, via Prowler App (Cartography + Neo4j)
  • IAM privilege escalation: "No" -> Yes, via Prowler App Attack Paths
  • AI-SPM (Bedrock/SageMaker): "No" -> ~20 checks across both services
  • AWS check count: 576 -> 572 (current master)
  • Added explicit multi-cloud row (AWS + 13 others)
  • Reframed the surrounding text: Prowler is the AWS security standard, cloud-audit is a narrower AWS-only complement, not a replacement

The Prowler-alternative landing page on haitmg.pl and the scanners-compared blog post need the same pass - those are on my list this week.

Genuinely appreciate you calling this out. Maintaining this arsenal list plus Prowler and still stopping to review a PR entry and its attached README is a real service to the community - you could have left the PR unmerged and moved on. You didn't, and that matters.

Prowler is the tool I learned AWS security auditing from. Writing an inaccurate comparison about something you and your team have built was the wrong way to position cloud-audit. Won't happen again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gebalamariusz @toniblyx