joshuaguda281-stack/cloud-scanner

GitHub: joshuaguda281-stack/cloud-scanner

一个基于 Python 的 AI 驱动多云安全扫描器，统一检测 AWS、Azure 与 GCP 的误配置并提供风险评分与修复建议。

Stars: 0 | Forks: 0

# AI-Powered Cloud Security Scanner [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![Python 3.8+](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/downloads/) [![Multi-Cloud](https://img.shields.io/badge/Multi-Cloud-purple)](https://github.com/yourusername) 一个用于 AWS、Azure 和 GCP 的智能云安全扫描器，使用 AI 检测错误配置、评估风险并提供修复建议。 ## 🚀 功能 ### 多云支持 | 提供商 | 扫描的服务 | 安全检查 | |----------|-----------------|-----------------| | **AWS** | S3、IAM、EC2、CloudTrail、GuardDuty | 公共存储桶、MFA、安全组、日志记录 | | **Azure** | 存储、NSG、资源 | 公共访问、开放规则、加密 | | **GCP** | 存储桶、IAM | 公共存储桶、权限 | ### AI 驱动能力 - ✅ **风险评分** - 基于机器学习的漏洞优先级排序（0-100） - ✅ **智能评估** - 上下文感知的安全分析 - ✅ **预测分析** - 基于模式的威胁预测 - ✅ **自动化修复** - 可操作的修复建议 - ✅ **合规性映射** - 与 CIS、NIST、GDPR 对齐 ## 📋 要求 - **Python 3.8** 或更高版本 - **云提供商凭证**（AWS/Azure/GCP） - **可选**：scikit-learn 用于 AI 功能 ## 🔧 安装 ``` # 克隆仓库 git clone https://github.com/joshuaguda281-stack/cloud-scanner.git cd cloud-scanner # 安装依赖 pip install -r requirements.txt # 仅适用于 AWS pip install boto3 # 仅适用于 Azure pip install azure-identity azure-mgmt-resource # 仅适用于 GCP pip install google-cloud-storage 💻 Usage AWS Security Scan # 配置 AWS 凭证 export AWS_ACCESS_KEY_ID="your-access-key" export AWS_SECRET_ACCESS_KEY="your-secret-key" export AWS_DEFAULT_REGION="us-east-1" # 运行扫描 python3 cloud_scanner.py --provider aws # 保存报告 python3 cloud_scanner.py --provider aws --report aws_report.json Azure Security Scan # 配置 Azure 凭证 export AZURE_SUBSCRIPTION_ID="your-subscription-id" az login # or use service principal # 运行扫描 python3 cloud_scanner.py --provider azure GCP Security Scan # 配置 GCP 凭证 export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account-key.json" # 运行扫描 python3 cloud_scanner.py --provider gcp 📊 Sample Output ====================================================================== AI-POWERED CLOUD SECURITY SCANNER Provider: AWS AI Analysis: ENABLED ====================================================================== [*] Scanning AWS resources... [*] Checking S3 buckets... [+] my-secure-bucket: OK [!] my-public-bucket: public_acl, no_encryption [*] Checking IAM users... [!] 3 users without MFA [!] admin-user: Old access key (120 days) [*] Checking security groups... [!] 2 open security group rules ====================================================================== AI-POWERED CLOUD SECURITY REPORT - AWS ====================================================================== Overall Security Score: 72/100 Risk Level: MEDIUM Total Findings: 8 Findings by Severity: CRITICAL: 1 HIGH: 3 MEDIUM: 4 AI Security Predictions: • HIGH RISK: Public buckets detected - potential data exposure • HIGH RISK: Multiple accounts without MFA - credential compromise risk • MEDIUM RISK: Open security groups - external attack surface exposed Recommendations: → Review and secure all public buckets immediately → Enable MFA for all user accounts → Review and restrict security group rules ====================================================================== 📁 Report Format { "timestamp": "2024-01-15T14:30:00", "provider": "AWS", "overall_score": 72, "risk_level": "MEDIUM", "findings": [ { "resource": "s3://my-public-bucket", "issues": ["public_acl", "no_encryption"], "risk_score": 40, "ai_assessment": { "verdict": "CRITICAL", "confidence": 85, "recommendation": "Remove public access and enable encryption" } } ], "ai_predictions": [ "HIGH RISK: Public buckets detected", "HIGH RISK: Multiple accounts without MFA" ] } 🤖 AI Models Risk Scoring (Random Forest) Input: Security findings, resource types, configurations Output: Risk score (0-100) and severity classification Predictive Analytics Input: Historical patterns, issue correlations Output: Threat predictions and risk forecasts 🔧 Environment Variables Provider Variable Description AWS AWS_ACCESS_KEY_ID IAM access key AWS AWS_SECRET_ACCESS_KEY IAM secret key AWS AWS_DEFAULT_REGION Region (default: us-east-1) Azure AZURE_SUBSCRIPTION_ID Subscription ID GCP GOOGLE_APPLICATION_CREDENTIALS Service account key path 🎯 Use Cases Security Audits - Regular compliance checks DevSecOps - CI/CD security integration Incident Response - Rapid misconfiguration detection Compliance - CIS/NIST/GDPR monitoring 🔧 Troubleshooting Issue Solution No module named boto3 pip install boto3 Unable to locate credentials Configure AWS CLI or environment variables Azure authentication failed Run az login or check service principal GCP permission denied Verify service account has appropriate roles 📝 License MIT License - See LICENSE file for details. 👤 Author Joshua Guda GitHub: @joshuaguda281-stack LinkedIn: www.linkedin.com/in/ joshua-guda-356879322 🙏 Acknowledgments AWS Security Hub Azure Security Center GCP Security Command Center Scikit-learn for ML capabilities ⭐ Support If this scanner helps secure your cloud infrastructure, please star the repository! ```

标签：AI安全, Apex, AWS, Azure, azure-identity, boto3, Chat Copilot, CIS, DPI, GCP, GDPR, google-cloud-storage, NIST, Python, scikit-learn, URL发现, 云安全评估, 云配置审计, 公开存储桶检测, 加密检查, 合规监控, 威胁建模, 安全扫描, 安全检测, 安全组检查, 无后门, 时序注入, 机器学习, 权限审计, 模块化设计, 自动化修复, 误配置检测, 逆向工具, 靶机, 风险评分, 风险预测