关于EAST
EAST,全称为Extensible Azure Security Tool,即可扩展的Azure安全工具,该工具旨在帮助广大研究人员评估Azure以及Azure AD安全控制的安全健壮度。该工具可以收集各种用于Azure安全评估的各种安全数据,并以JSON格式提供数据以便研究人员用于其他工具之中。
工具依赖
axios
yargs
jsonwebtoken
chalk
js-beautify
控制类型
EAST提供了三种类型的控制机制:基础、高级和混合模式。机器可读的控制代码如下所示(忽略控制类型):
{"name": "fn-sql-2079","resource": "/subscriptions/6193053b-408b-44d0-b20f-4e29b9b67394/resourcegroups/rg-fn-2079/providers/microsoft.web/sites/fn-sql-2079","controlId": "managedIdentity","isHealthy": true,"id": "/subscriptions/6193053b-408b-44d0-b20f-4e29b9b67394/resourcegroups/rg-fn-2079/providers/microsoft.web/sites/fn-sql-2079","Description": "rn Ensure The Service calls downstream resources with managed identity","metadata": {"principalId": {"type": "SystemAssigned","tenantId": "033794f5-7c9d-4e98-923d-7b49114b7ac3","principalId": "cb073f1e-03bc-440e-874d-5ed3ce6df7f8"},"roles": [{"role": [{"properties": {"roleDefinitionId": "/subscriptions/6193053b-408b-44d0-b20f-4e29b9b67394/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c","principalId": "cb073f1e-03bc-440e-874d-5ed3ce6df7f8","scope": "/subscriptions/6193053b-408b-44d0-b20f-4e29b9b67394/resourceGroups/RG-FN-2079","createdOn": "2021-12-27T06:03:09.7052113Z","updatedOn": "2021-12-27T06:03:09.7052113Z","createdBy": "4257db31-3f22-4c0f-bd57-26cbbd4f5851","updatedBy": "4257db31-3f22-4c0f-bd57-26cbbd4f5851"},"id": "/subscriptions/6193053b-408b-44d0-b20f-4e29b9b67394/resourceGroups/RG-FN-2079/providers/Microsoft.Authorization/roleAssignments/ada69f21-790e-4386-9f47-c9b8a8c15674","type": "Microsoft.Authorization/roleAssignments","name": "ada69f21-790e-4386-9f47-c9b8a8c15674","RoleName": "Contributor"}]}]},"category": "Access"},
(向右滑动、查看更多)
工具下载&安装
本地安装
广大研究人员可以使用下列命令将该项目源码克隆至本地:
git clone https://github.com/jsa2/EAST.git
然后切换到项目目录中,运行下列命令完成工具依赖组件的安装:
cd EASTnpm install
在Cloud Shell安装Pandoc
wget "https://github.com/jgm/pandoc/releases/download/2.17.1.1/pandoc-2.17.1.1-linux-amd64.tar.gz";tar xvzf "pandoc-2.17.1.1-linux-amd64.tar.gz" --strip-components 1 -C ~
(向右滑动、查看更多)
在Linux发行版安装Pandoc
sudo apt install pandoc工具使用
运行EAST扫描
在下面的演示样例中,我们将以演示如何在BASH@linux,或Azure Cloud Shell上的BASH来使用EAST并执行扫描。如果你在Cloud Shell中运行该工具,则可能需要再次重新应用某些安装,因为Cloud Shell不会保留各种会话设置。
接下来,无需处理工具依赖组件,直接在Cloud Shell中运行下列命令即可:
curl -o- https://raw.githubusercontent.com/jsa2/EAST/preview/sh/initForuse.sh | bash;(向右滑动、查看更多)
登录Az CLI并运行扫描:
# Relogin is required to ensure token cache is placed on session on cloud shellaz account clearaz login#cd EAST# replace the subid below with your subscription ID!subId=6193053b-408b-44d0-b20f-4e29b9b67394#node ./plugins/main.js --batch=10 --nativescope=true --roleAssignments=true --helperTexts=true --checkAad=true --scanAuditLogs --composites --subInclude=$subId
(向右滑动、查看更多)
报告生成
cd EAST; node templatehelpers/eastReports.js --doc
cd EAST; node templatehelpers/eastReports.js --doc --asb从Cloud Shell导出报告
pandoc -s fullReport2.md -f markdown -t docx --reference-doc=pandoc-template.docx -o fullReport2.docx
工具运行截图
许可证协议
项目地址
参考资料:
https://www.npmjs.com/package/axios https://www.npmjs.com/package/yargs https://www.npmjs.com/package/jsonwebtoken https://www.npmjs.com/package/chalk https://www.npmjs.com/package/js-beautify https://github.com/Azure/azure-cli#microsoft-azure-cli
精彩推荐
原文始发于微信公众号(FreeBuf):EAST:一款功能强大的可扩展Azure安全工具
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论