EAST,全称为Extensible Azure Security Tool,即可扩展的Azure安全工具,该工具旨在帮助广大研究人员评估Azure以及Azure AD安全控制的安全健壮度。该工具可以收集各种用于Azure安全评估的各种安全数据,并以JSON格式提供数据以便研究人员用于其他工具之中。
axios
yargs
jsonwebtoken
chalk
js-beautify
EAST提供了三种类型的控制机制:基础、高级和混合模式。机器可读的控制代码如下所示(忽略控制类型):
{
"name": "fn-sql-2079",
"resource": "/subscriptions/6193053b-408b-44d0-b20f-4e29b9b67394/resourcegroups/rg-fn-2079/providers/microsoft.web/sites/fn-sql-2079",
"controlId": "managedIdentity",
"isHealthy": true,
"id": "/subscriptions/6193053b-408b-44d0-b20f-4e29b9b67394/resourcegroups/rg-fn-2079/providers/microsoft.web/sites/fn-sql-2079",
"Description": "\r\n Ensure The Service calls downstream resources with managed identity",
"metadata": {
"principalId": {
"type": "SystemAssigned",
"tenantId": "033794f5-7c9d-4e98-923d-7b49114b7ac3",
"principalId": "cb073f1e-03bc-440e-874d-5ed3ce6df7f8"
},
"roles": [{
"role": [{
"properties": {
"roleDefinitionId": "/subscriptions/6193053b-408b-44d0-b20f-4e29b9b67394/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
"principalId": "cb073f1e-03bc-440e-874d-5ed3ce6df7f8",
"scope": "/subscriptions/6193053b-408b-44d0-b20f-4e29b9b67394/resourceGroups/RG-FN-2079",
"createdOn": "2021-12-27T06:03:09.7052113Z",
"updatedOn": "2021-12-27T06:03:09.7052113Z",
"createdBy": "4257db31-3f22-4c0f-bd57-26cbbd4f5851",
"updatedBy": "4257db31-3f22-4c0f-bd57-26cbbd4f5851"
},
"id": "/subscriptions/6193053b-408b-44d0-b20f-4e29b9b67394/resourceGroups/RG-FN-2079/providers/Microsoft.Authorization/roleAssignments/ada69f21-790e-4386-9f47-c9b8a8c15674",
"type": "Microsoft.Authorization/roleAssignments",
"name": "ada69f21-790e-4386-9f47-c9b8a8c15674",
"RoleName": "Contributor"
}]
}]
},
"category": "Access"
},
(向右滑动、查看更多)
广大研究人员可以使用下列命令将该项目源码克隆至本地:
git clone https://github.com/jsa2/EAST.git
然后切换到项目目录中,运行下列命令完成工具依赖组件的安装:
cd EAST
npm install
wget "https://github.com/jgm/pandoc/releases/download/2.17.1.1/pandoc-2.17.1.1-linux-amd64.tar.gz";
tar xvzf "pandoc-2.17.1.1-linux-amd64.tar.gz" --strip-components 1 -C ~
sudo apt install pandoc
在下面的演示样例中,我们将以演示如何在[email protected],或Azure Cloud Shell上的BASH来使用EAST并执行扫描。如果你在Cloud Shell中运行该工具,则可能需要再次重新应用某些安装,因为Cloud Shell不会保留各种会话设置。
接下来,无需处理工具依赖组件,直接在Cloud Shell中运行下列命令即可:
curl -o- https://raw.githubusercontent.com/jsa2/EAST/preview/sh/initForuse.sh | bash;
(向右滑动、查看更多)
# Relogin is required to ensure token cache is placed on session on cloud shell
az account clear
az login
#
cd EAST
# replace the subid below with your subscription ID!
subId=6193053b-408b-44d0-b20f-4e29b9b67394
#
node ./plugins/main.js --batch=10 --nativescope=true --roleAssignments=true --helperTexts=true --checkAad=true --scanAuditLogs --composites --subInclude=$subId
(向右滑动、查看更多)
cd EAST; node templatehelpers/eastReports.js --doc
cd EAST; node templatehelpers/eastReports.js --doc --asb
pandoc -s fullReport2.md -f markdown -t docx --reference-doc=pandoc-template.docx -o fullReport2.docx
https://www.npmjs.com/package/axios https://www.npmjs.com/package/yargs https://www.npmjs.com/package/jsonwebtoken https://www.npmjs.com/package/chalk https://www.npmjs.com/package/js-beautify https://github.com/Azure/azure-cli#microsoft-azure-cli
精彩推荐