Dow Jones Hammer is a multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources, across all regions and accounts. It has near real-time reporting capabilities (e.g. JIRA, Slack) to provide quick feedback to engineers and can perform auto-remediation of some misconfigurations. This helps to protect products deployed on cloud by creating secure guardrails.
Documentation
Dow Jones Hammer documentation is available via GitHub Pages at https://dowjones.github.io/hammer/.
Security features
- Insecure Services
- S3 ACL Public Access
- S3 Policy Public Access
- IAM User Inactive Keys
- IAM User Keys Rotation
- CloudTrail Logging Issues
- EBS Unencrypted Volumes
- EBS Public Snapshots
- RDS Public Snapshots
- SQS Public Policy Access
- S3 Unencrypted Buckets
- RDS Unencrypted Instances
- AMIs Public Access
Technologies
- Python 3.6
- AWS (Lambda, Dynamodb, EC2, SNS, CloudWatch, CloudFormation)
- Terraform
- JIRA
- Slack
Contributing
You are welcome to contribute!
Issues:
You can use GitHub Issues to report issues. Describe what is going on wrong and what you expect to be correct behaviour.
Patches:
We currently use dev branch for ongoing development. Please open PRs to this branch.
Run tests:
Run tests with this command:
tox
Contact Us
Feel free to create issue report, pull request or just email us at hammer@dowjones.com with any other questions or concerns you have.