z0ph · z0ph · May 23, 2020
diff --git a/Dockerfile b/Dockerfile
@@ -1,45 +1,104 @@
-FROM python:3.7-slim as aws-sec-toolbox
+FROM debian:buster-slim AS artifacts-image
 
 LABEL maintainer="Victor GRENU - https://github.com/z0ph/"
 LABEL Project="https://github.com/z0ph/aws-security-toolbox"
 
-WORKDIR /opt/secops
+WORKDIR /opt/tmp
 
 RUN apt-get update -y && \
     apt-get install --no-install-recommends -y \
-    bash \
-    build-essential \
-    autoconf \
-    automake \
-    libtool \
-    python3.7-dev \
-    python3-tk \
     jq \
-    vim \
     curl \
-    file \
-    netcat \
-    git
-
-RUN pip --no-cache-dir install \
-        pipenv \
-        ansi2html \
-        detect-secrets \
-        boto3 \
-        awscli \
-        cloudtracker \
-        scoutsuite \
-        principalmapper
+    awscli \
+    wget 
+
+RUN mkdir -p \
+    /opt/artifacts/prowler \
+    /opt/artifacts/scoutesuite \
+    /opt/artifacts/cloudmapper \
+    /opt/artifacts/cloudtracker \
+    /opt/artifacts/enumerate-iam \
+    /opt/artifacts/policy_sentry \
+    /opt/artifacts/principalmapper \
+    /opt/artifacts/parliament
+
+# prowler
+RUN curl -sk https://api.github.com/repos/toniblyx/prowler/releases \
+    | grep tarball_url \
+    | head -n 1 \
+    | cut -d '"' -f 4 \
+    | wget -q -O /opt/tmp/prowler.tar.gz --no-check-certificate -i - && \
+    tar -xz -C /opt/artifacts/prowler -f /opt/tmp/prowler.tar.gz --strip 1 && \
+    rm -f /opt/tmp/prowler.tar.gz
+#####################################################
+
+# ScouteSuite
+RUN curl -sk https://api.github.com/repos/nccgroup/ScoutSuite/releases \
+    | grep tarball_url \
+    | head -n 1 \
+    | cut -d '"' -f 4 \
+    | wget -q -O /opt/tmp/scoutesuite.tar.gz --no-check-certificate -i - && \
+    tar -xz -C /opt/artifacts/scoutesuite -f /opt/tmp/scoutesuite.tar.gz --strip 1 && \
+    rm -f /opt/tmp/scoutesuite.tar.gz
+######################################################
 
 # CloudMapper
-RUN git clone https://github.com/duo-labs/cloudmapper.git /opt/secops/cloudmapper && \
-        cd /opt/secops/cloudmapper && \
-        pipenv install --skip-lock
+# RUN curl -sk https://api.github.com/repos/duo-labs/cloudmapper/releases \
+#     | grep tarball_url \
+#     | head -n 1 \
+#     | cut -d '"' -f 4 \
+#     | wget -q -O /opt/tmp/cloudmapper.tar.gz --no-check-certificate -i -
+
+# RUN tar -xz -C /opt/artifacts/cloudmapper -f /opt/tmp/cloudmapper.tar.gz --strip 1 && \
+#     rm -f /opt/tmp/cloudmapper.tar.gz
+######################################################
+
+# CloudTracker
+# RUN curl -sk https://api.github.com/repos/duo-labs/cloudtracker/releases \
+#     | grep tarball_url \
+#     | head -n 1 \
+#     | cut -d '"' -f 4 \
+#     | wget -q -O /opt/tmp/cloudtracker.tar.gz --no-check-certificate -i -
+
+# RUN tar -xz -C /opt/artifacts/cloudtracker -f /opt/tmp/cloudtracker.tar.gz --strip 1 && \
+#     rm -f /opt/tmp/cloudtracker.tar.gz
+######################################################
 
 # Enumerate IAM
-RUN git clone https://github.com/andresriancho/enumerate-iam.git /opt/secops/enumerate-iam && \
-    cd /opt/secops/enumerate-iam/ && \
-    pip install -r requirements.txt
+# RUN curl -sk https://api.github.com/repos/andresriancho/enumerate-iam/releases \
+#     | grep tarball_url \
+#     | head -n 1 \
+#     | cut -d '"' -f 4 \
+#     | wget -q -O /opt/tmp/enumerate-iam.tar.gz --no-check-certificate -i -
 
-# prowler
-RUN git clone https://github.com/toniblyx/prowler /opt/secops/prowler
+# RUN tar -xz -C /opt/artifacts/enumerate-iam -f /opt/tmp/enumerate-iam.tar.gz --strip 1 && \
+#     rm -f /opt/tmp/enumerate-iam.tar.gz
+######################################################
+
+
+# FROM python:3.7-slim AS aws-sec-toolbox
+# COPY --from=artifacts-image /opt/artifacts /opt/secops
+
+# RUN pip --no-cache-dir install \
+#         pipenv \
+#         ansi2html \
+#         detect-secrets \
+#         boto3 \
+#         awscli
+#         # principalmapper \
+#         # policy_sentry
+
+# RUN apt-get update -y && \
+#     apt-get install --no-install-recommends -y \
+#     bash \
+#     build-essential \
+#     autoconf \
+#     automake \
+#     libtool \
+#     python3.7-dev \
+#     python3-tk \
+#     jq \
+#     curl \
+#     wget \
+#     file \
+#     netcat
diff --git a/LICENSE b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2020 Victor GRENU
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

diff --git a/Makefile b/Makefile
@@ -6,14 +6,24 @@ help:
 	@echo ""
 	@echo "	build - build the container based on Dockerfile (optional)"
 	@echo "	push - push the container to DockerHub"
+	@echo "	prowler - run prowler on audited account"
+	@echo "	creds - print aws creds"
 
 ################ Project #######################
 PROJECT ?= aws-security-toolbox
 DESCRIPTION ?= Docker container for SecOps folks
+DATE := $(shell date +%FT%T)
+PROFILE_NAME ?= "zoph-audit"
 ################################################
 
 build:
 	@docker build -t ${PROJECT} .
 
 push:
-	@docker push zoph/${PROJECT}
+	@docker push zoph/${PROJECT}
+
+prowler:
+	@./ast.sh exec /opt/artifacts/prowler/prowler -b -s > /tmp/prowler-report-${DATE}.txt
+
+creds:
+	@aws-vault exec ${PROFILE_NAME} -- env | grep AWS
diff --git a/README.md b/README.md
@@ -1,28 +1,31 @@
 # AWS Security Toolbox (AST) :lock:
 
-This toolbox will bring to you all necessary apps and tooling as a simple portable and preinstalled Docker container for SecOps on AWS, especially for auditing and assessments purpose.
+This toolbox will bring to you all necessary tooling for SecOps on AWS for auditing and assessments purpose as a simple portable and pre-installed Docker container.
 
-This will reduce the overhead and the headache of installation these tools and dependencies.
+This will reduce the overhead and the headache of installation of these tools and dependencies.
 
 ## Included Tools
 
-- [awscli](https://aws.amazon.com/cli/)
-- [CloudMapper](https://github.com/duo-labs/cloudmapper)
-- [CloudTracker](https://github.com/duo-labs/cloudtracker)
-- [prowler](https://github.com/toniblyx/prowler)
-- [ScoutSuite](https://github.com/nccgroup/ScoutSuite)
-- [PMapper](https://github.com/nccgroup/PMapper)
-- [Enumerate-IAM](https://github.com/andresriancho/enumerate-iam)
+1. [awscli](https://aws.amazon.com/cli/)
+2. [CloudMapper](https://github.com/duo-labs/cloudmapper)
+3. [CloudTracker](https://github.com/duo-labs/cloudtracker)
+4. [prowler](https://github.com/toniblyx/prowler)
+5. [ScoutSuite](https://github.com/nccgroup/ScoutSuite)
+6. [PMapper](https://github.com/nccgroup/PMapper)
+7. [Enumerate-IAM](https://github.com/andresriancho/enumerate-iam)
+8. [policy_sentry]()
 
 ## Getting Started
 
-### Optional (host machine)
+### Requirements
+
+#### Optional (host machine)
 
 - [aws-vault](https://github.com/99designs/aws-vault)
 
-### Requirements
+#### Mandatory
 
-- docker [macOS](https://docs.docker.com/docker-for-mac/) or [Linux](https://docs.docker.com/install/linux/docker-ce/debian/)
+- Docker: [macOS](https://docs.docker.com/docker-for-mac/) or [Linux](https://docs.docker.com/install/linux/docker-ce/debian/)
 - `awscli` installed & configured
 - create `.env` file before building your Docker image locally (see [.env.example](./.env.example)) to set your `DEFAULT_AWS_REGION` and `PROFILE_NAME` (for aws-vault)
 
@@ -31,11 +34,12 @@ This will reduce the overhead and the headache of installation these tools and d
 Clone the repository:
 
         $ git clone https://github.com/z0ph/aws-security-toolbox.git
+        $ make build
 
 There is two options to use this toolbox,
 
 - Option #1 (**Interactive**), you are using local `awscli` with `~/.aws/credentials` populated.
-- Option #2 (`aws-vault`), you want to use your local `aws-vault` installation.
+- Option #2 (`aws-vault`), if you want to use your local `aws-vault` installation.
 
 *Info: Working directory within the container: `/opt/secops`*
 
@@ -53,20 +57,14 @@ Example:
 
 ## Option 2 (`aws-vault`)
 
-        $ ./ast.sh exec /opt/secops/prowler/prowler -b -s > report-prod.txt 
+        $ ./ast.sh exec /opt/artifacts/prowler/prowler -b -s > report-prod.txt
 
 *nb: if you are not using `default` aws-vault profile name, please modify options in `ast.sh`*
 
-### Optional
-
-if you want to build your own container **locally** to get latest updates from tools maintainers, run the following command.
-
-        $ make build
-
 ## License
 
 This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details
 
 ## Authors
 
-* **Victor GRENU** - *Initial work* - [zoph.io](https://github.com/zoph-io)
+* **Victor GRENU** - *Initial work* - [zoph.io](https://github.com/zoph-io)
diff --git a/ast.sh b/ast.sh
@@ -1,15 +1,15 @@
 #!/bin/bash
 
 # vgrenu@zoph.io
-# https://zoph.me
+# https://zoph.io
 
 ################ Project #######################
 PROJECT="aws-security-toolbox"
 DESCRIPTION="Docker image for SecOps folks"
 ################################################
 
 ################ Config ########################
-PROFILE_NAME="default"
+PROFILE_NAME="zoph-audit"
 CONTAINER_IMAGE="aws-security-toolbox:latest"
 GREEN='\033[0;32m'
 NC='\033[0m' # No Color
@@ -23,7 +23,7 @@ help() {
 	echo "	build - build the container image based on Dockerfile (update tools)"
     echo "	pull - pull the container image from Docker hub"
 	echo "	login - log-in to the container image using interactive mode"
-	echo "	exec [command] - exec your command using aws-vault remotly"
+	echo "	exec [command] - exec your command using aws-vault remotly - using $PROFILE_NAME Profile"
 	echo "	stop - stop the current running SecOps Container"
 }
 
@@ -44,12 +44,8 @@ login() {
 
 exec() {
     unset AWS_VAULT
-    export $(aws-vault exec $PROFILE_NAME --assume-role-ttl=1h -- env | grep ^AWS | xargs)
-    # For troubleshooting, uncomment below :)
-    # echo $AWS_ACCESS_KEY_ID
-    # echo $AWS_SECRET_ACCESS_KEY
-    # echo $AWS_SESSION_TOKEN
-    # echo $AWS_SECURITY_TOKEN
+    PROFILE_NAME="zoph-audit"
+    export $(aws-vault exec $PROFILE_NAME -- env | grep ^AWS | xargs)
     printf "==> Running: ${GREEN}$@${NC} (aws-vault profile: $PROFILE_NAME)\n"
     docker run -it \
         -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \