A honey token manager and alert system for AWS.

Last update: Nov 09, 2022

Overview

SpaceSiren

SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and manage honey tokens at scale -- up to 10,000 per SpaceSiren instance -- at close to no cost.¹

How It Works

SpaceSiren provides an API to create no-permission AWS IAM users and access keys for those users.
You sprinkle the access keys wherever you like, for example in proprietary code or private data stores.
If one of those sources gets breached, an attacker is likely to use the stolen key to see what they can do with it.
You will receive an alert that someone attempted to use the key.

Alert Outputs

Email
PagerDuty
Slack
Pushover

Documentation Pages

Requirements

As with any open source project, this one assumes you have the required foundational tools and knowledge, mainly in AWS and Terraform.

Resources

Terraform >= 0.13
AWS CLI
A dedicated AWS account with admin access
A registered domain

Knowledge

Basic Terraform
Basic REST API
Basic AWS CLI, S3, and Route 53
Basic AWS Organizations and IAM Roles for cross-account access
Intermediate DNS (delegating a (sub)domain with NS records)

Contact

If you notice a critical security bug (e.g., one that would grant real access to an AWS account), please responsibly disclose it via email at [email protected].

For standard bugs or feature requests, please open a GitHub issue.

Attributions

Special thanks to:

Atlassian for Project SpaceCrab, the inspiration for this project. If you want to read about why I started SpaceSiren, please see my SpaceCrab critique page.
The wonderful and talented Alia Mancisidor for the artwork.
Anyone who volunteered to test this application for me.

Footnotes

While SpaceSiren was designed to run as cheaply as possible, even for individuals, it will not be entirely free of operating costs. You will incur nominal costs for DynamoDB, Lambda, API Gateway, Route 53, and perhaps CloudTrail, depending on your configuration. You should expect to spend between $1 and $5 per month to run SpaceSiren. Of course, the project's maintainers are not responsible for any actual costs you incur. Please closely monitor your AWS bill while it is in use.

You might also like...

Remote control your Greenbone Vulnerability Manager (GVM)

Greenbone Vulnerability Management Tools The Greenbone Vulnerability Management Tools gvm-tools are a collection of tools that help with remote contro

130 Dec 17, 2022

Encrypted Python Password Manager

PyPassKeep Encrypted Python Password Manager About PyPassKeep (PPK for short) is an encrypted python password manager used to secure your passwords fr

1 Nov 17, 2021

Password-Manager GUI

PASSWORD-MANAGER This repo contains all the project files. Project Description A Tkinter GUI that allows you to store website info like website name,

1 Dec 8, 2021

PassLock is a medium-security password manager that encrypts passwords using Advanced Encryption Standards (AES)

A medium security python password manager that encrypt passwords using Advanced Encryption Standard (AES) PassLock is a password manager and password

44 Nov 18, 2022

🔐 A simple command-line password manager.

PassVault What Is It? It is a command-line password manager, for educational purposes, that stores localy, in AES encryption, your sensitives datas in

5 Aug 15, 2022

This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way

Cryptographied Password Manager This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way without using external Service

3 Nov 23, 2022

Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

We are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them

13 Jan 4, 2022

Wonk is a tool for combining a set of AWS policy files into smaller compiled policy sets.

140 Dec 16, 2022

Security offerings for AWS Control Tower

Caylent Security Catalyst Reference Architecture Examples This repository contains solutions for Caylent's Security Catalyst. The Security Catalyst is

1 Oct 22, 2021

Comments

Multiple alert email addresses

Allow for more than one destination email address for alerts. Terraform should take a list of email addresses. They will all need to be verified in SES.

opened by khicks 0
Enhancement/Canary Resources scaffolding
Add support for canary resources:

This is the initial scaffolding, that adds an endpoint to monitor activity for given resource ARNs.

Under the current format, it only supports resources in the account where spacesiren is deployed

Will have to look into the best way to monitor arbitrary trails

TODOs:

[ ] Update documentation for the new endpoint
opened by x4v13r64 0

Releases(1.4.0)

1.4.0(Dec 19, 2021)
IMPROVEMENTS:

Update Terraform to version 1.1.2.

Provider dependency upgrades.

Source code(tar.gz)
Source code(zip)
1.3.0(Apr 15, 2021)
IMPROVEMENTS:

Update Terraform to version 0.15.

Source code(tar.gz)
Source code(zip)
1.2.1(Aug 23, 2020)
IMPROVEMENTS:

Update AWS provider to 3.3.0.

BUG FIXES:

Lambda logging permissions with the new aws_cloudwatch_log_group ARN format.

Source code(tar.gz)
Source code(zip)
1.2.0(Aug 15, 2020)
FEATURES:

Pushover support. New tfvars are alert_pushover_user_key and alert_pushover_api_key.

Test alert API endpoint: /test-alert.

IMPROVEMENTS:

Remove trimsuffix from Route 53 zone name.

Source code(tar.gz)
Source code(zip)
1.1.0(Aug 14, 2020)
IMPROVEMENTS:

Artwork!

Change directory structure. Terraform code now has its own directory.

If you previously had SpaceSiren set up, delete your functions-pkg/ directory and move the following files/dirs to the terraform/ directory:

.terraform/

terraform-local.tf

terraform.tfvars

Source code(tar.gz)
Source code(zip)
1.0.0(Aug 14, 2020)

Source code(tar.gz)
Source code(zip)

Owner

GitHub Repository

M.E.A.T. - Mobile Evidence Acquisition Toolkit

M.E.A.T. - Mobile Evidence Acquisition Toolkit Meet M.E.A.T! From Jack Farley - BlackStone Discovery This toolkit aims to help forensicators perform d

1 Nov 11, 2021

This is a Python program that implements a vacuum cleaner as an Artificial Intelligence.

Vacuum-Cleaner Python3 This is a Python3 agent that implements a simulator for a vacuum cleaner and it is introduction to Artificial Intelligence. A s

6 Nov 14, 2022

Python program that generates secure passwords.

Python program that generates secure passwords. The user has the option to select the length of the password, amount of passwords,

4 Dec 07, 2021

Experimental musig2 python code, not for production use!

musig2-py Experimental musig2 python code, not for production use! This is just for testing things out. All public keys are encoded as 32 bytes, assum

14 Jul 08, 2022

Mass Check Vulnerable Log4j CVE-2021-44228

Log4j-CVE-2021-44228 Mass Check Vulnerable Log4j CVE-2021-44228 Introduction Actually I just checked via Vulnerable Application from https://github.co

6 Dec 28, 2022

Tools for investigating Log4j CVE-2021-44228

Log4jTools Tools for investigating Log4j CVE-2021-44228 FetchPayload.py (Get java payload from ldap path provided in JNDI lookup). Example command: Re

91 Dec 29, 2022

The Web Application Firewall Paranoia Level Test Tool.

Quick WAF "paranoid" Doctor Evaluation WAFPARAN01D3 The Web Application Firewall Paranoia Level Test Tool. — From alt3kx.github.io Introduction to Par

22 Jul 25, 2022

🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Easy to setup customizable honeypots for monitoring network traffic, bots activities and username\password credentials. The current available honeypot

259 Dec 31, 2022

宝塔面板Windows版提权方法

宝塔面板Windows提权方法本项目整理一些宝塔特性，可以在无漏洞的情况下利用这些特性来增加提权的机会。

298 Dec 14, 2022

Virus-Builder - This tool will generate a virus that can only destroy Windows computer

Virus-Builder - This tool will generate a virus that can only destroy Windows computer. You can also configure to auto run in usb drive

16 Dec 30, 2022

Subdomain enumeration,Web scraping and finding usernames automation script written in python

12 Nov 22, 2022

Python HDFS client

Python HDFS client Because the world needs yet another way to talk to HDFS from Python. Usage This library provides a Python client for WebHDFS. NameN

82 Dec 28, 2022

Python decompiler for Python 1.5-2.4 (for historical archive)

This preserves the early code of a Python decompiler for Python versions 1.5 to 2.4. I have been able to install this using pyenv using Python 2.3.7 u

2 Jan 04, 2022

A forensic collection tool written in Python.

CHIRP A forensic collection tool written in Python. Watch the video overview 📝 Table of Contents 📝 Table of Contents 🧐 About 🏁 Getting Started Pre

1k Dec 09, 2022

Privilege escalation with polkit - CVE-2021-3560

Polkit-exploit - CVE-2021-3560 Privilege escalation with polkit - CVE-2021-3560 Summary CVE-2021-3560 is an authentication bypass on polkit, which all

95 Dec 27, 2022

Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

RedTeam Toolkit Note: Only legal activities should be conducted with this project. Red Team Toolkit is an Open-Source Django Offensive Web-App contain

382 Jan 01, 2023

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

187 Jan 03, 2023