AWS Cloud Template (Cloud Formation)

Some companies have internal or regulatory compliance to follow certain rules to create resources in their cloud environment. Because of that, we are providing a feature to create cloud resources based on the IaC template in the cloud.


Cloud Formation

AWS CloudFormation allow clients to create resources like TaskDefintion,Cluster,SecurityGroup,EC2, S3, VPC, ELB etc using JSON|YAML based template file, which comes under Cloud Formation.Cloud Formation is basically AWS template based platform which make our life easy for creating and deleting resources on AWS Platform.

Prancer Pentesting for Web application using Cloud formation

Create PAC Config, which is helpful to create AWS Resource by using Cloud Formation Template And it will help to run Pentest for provided target machine.

Pre-requisites

  • Create Github Repository private/public
  • Generate new/Existing Github AccessKey, with permission to Clone the project
  • Cloud Formation Template must be added just like this sample template, Note it should have replaced with parameters.
  • Family under the MyTaskDefinition.
  • ExecutionRoleArn under the MyTaskDefinition.
  • TaskRoleArn under the MyTaskDefinition.
  • Name under the ContainerDefinitions.
  • Image under the ContainerDefinitions,
  • ClusterName under the ECSCluster.
  • GroupDescription under the EcsSecurityGroup.

Note: For Container Image have following examples - prancer/prancer-pac. ===> always refer to hub.docker.com:prancer/prancer-pac:latest

  • public.ecr.aws/u4p5w7f1/prancer-pac:latest. =====> this refers to amazon;s current account's public repository and this will pulled and the penetration test will run from this image

../img/pac/wizard/aws/aws-ecr.png


Create PAC Config using following Steps

Create Git Connector using following Steps

Update the PAC Config file:

  • Open the PAC Management screen and click on PAC Configuration for which you want to add the script.

../img/pac/attacks/CVE_PAC_configure.png

Add the AWS field in the PAC configuration file.

Scanner:
  Cloud:
    Platform:
      AWS:
        Connector: <<git-connector>>
        StackName: <<name-of-stack>>
        TemplateFile: <<git location for template file eg. /cloud-formation/existing/ecs-template.json >>
        ParamsFile: <<git location for params file eg. /cloud-formation/existing/ecs-params.json >>
Field Value Description
Connector* connector name the Connector value would be the git connector file name.
TemplateFile* template path Provide location on Git repository must have cloud Formation template located.
ParamsFile params path Provide location on Git repository must have cloud Formation params file located.

You can find Complete PAC File like this

Collection: aws
ConnectionName: aws_connector
CloudType: aws
ApplicatioName: template_safe_001
RiskLevel: safe
Compliance:
- CIS
- HIPAA
ApplicationType: WebScan
Schedule: onetime
Target: <<your target endpoint>>
Scanner:
  Cloud:
    Platform:
      AWS:
        AfterRun: delete
        Connector: github_connector_collection
        TemplateFile: /cloud-formation/existing/ecs-template.json
        StackName: prancer-external-scanner
        NewFargate:
          External:
            AccountId: "<<account Id>>"
            Region: us-west-2
            TaskDefinition: pentest-task
            ClusterName: pentest-cluster
            SecurityGroup: pentest-security-group
            ContainerName: prancer-scanner
            SubnetId: <<subnet Id>>
AuthenticationMethod: noAuthentication
AddOns:
- accessControl
- ascanrulesBeta
- sqliplugin

Run the Pentest:

  • Click on start button to run the pentest.

../img/pac/attacks/CVE_run_pentest.png

  • After sometimes when the Pentest will complete then you can see the results by click on See Latest Results link.

../img/pac/attacks/CVE_see_results.png

  • It will open the Application Security Findings page.

../img/pac/attacks/CVE_pentest_result.png