cartography

Pros of CloudMapper

• Focused specifically on AWS, providing deep insights into AWS environments
• Generates interactive web-based network diagrams for easy visualization
• Includes security auditing features for identifying potential vulnerabilities

Cons of CloudMapper

• Limited to AWS, while Cartography supports multiple cloud providers and systems
• Less extensible compared to Cartography's graph-based approach
• Requires more manual configuration and setup for data collection

Code Comparison

CloudMapper (Python):

account = Account(None, args.account, args.config, args.config_file)
for region_json in get_regions(account):
    region = Region(account, region_json)
    # ... (processing for each region)

Cartography (Python):

def start_neo4j_import(neo4j_import_directory, neo4j_database):
    cmd = [
        NEO4J_ADMIN_CMD, "import",
        "--database", neo4j_database,
        "--nodes", f"{neo4j_import_directory}/nodes.csv",
        "--relationships", f"{neo4j_import_directory}/relationships.csv",
    ]
    # ... (execution of import command)

Both projects use Python, but CloudMapper focuses on AWS-specific data collection and processing, while Cartography demonstrates a more generic approach to importing data into a graph database for analysis across multiple platforms.

Pros of Cloud Custodian

• More comprehensive cloud management capabilities, covering a wider range of cloud services and providers
• Extensive policy-based automation for security, compliance, and cost optimization
• Large and active community with frequent updates and contributions

Cons of Cloud Custodian

• Steeper learning curve due to its extensive feature set and domain-specific language
• May be overkill for organizations primarily focused on asset visualization and relationship mapping

Code Comparison

Cartography (Python):

session = driver.session()
query = """
MERGE (a:AWSAccount{id: $AWS_ID})
ON CREATE SET a.firstseen = timestamp()
SET a.lastupdated = $UPDATE_TAG
"""
session.run(query, AWS_ID=account_id, UPDATE_TAG=update_tag)

Cloud Custodian (YAML):

policies:
  - name: ec2-tag-compliance
    resource: ec2
    filters:
      - "tag:Environment": absent
    actions:
      - type: tag
        key: Environment
        value: Unknown

Key Differences

• Cartography focuses on visualizing cloud infrastructure relationships, while Cloud Custodian emphasizes policy-based management and automation
• Cartography uses a graph database for storing and querying relationships, whereas Cloud Custodian relies on YAML-based policies for defining rules and actions
• Cloud Custodian offers more extensive cloud management features, while Cartography excels in providing a clear visual representation of cloud assets and their connections

Pros of Security Monkey

• More mature project with longer development history
• Broader cloud provider support (AWS, GCP, OpenStack)
• Includes a web UI for easier visualization and management

Cons of Security Monkey

• No longer actively maintained (last commit in 2020)
• More complex setup and configuration process
• Limited extensibility compared to Cartography's graph-based approach

Code Comparison

Security Monkey (Python):

def audit_rds(self):
    for region in self.regions:
        self.rds_instances = self.get_rds_instances(region)
        for instance in self.rds_instances:
            self.check_rds_encryption(instance)

Cartography (Python):

def sync_rds_instances(
    neo4j_session: neo4j.Session, boto3_session: boto3.Session, region: str,
    current_aws_account_id: str, update_tag: int, common_job_parameters: Dict,
) -> None:
    instances = get_rds_instances(boto3_session, region)
    load_rds_instances(neo4j_session, instances, region, current_aws_account_id, update_tag)

Both projects aim to enhance cloud security, but Cartography offers a more modern, graph-based approach for analyzing relationships between cloud assets. Security Monkey provides a more traditional security monitoring solution with a web interface, but its development has stalled. Cartography's active development and extensible architecture make it a more future-proof choice for organizations looking to implement comprehensive cloud asset management and security analysis.

Pros of ScoutSuite

• Multi-cloud support: Covers AWS, Azure, GCP, and more
• Extensive rule set: Comes with a large number of pre-defined security rules
• User-friendly HTML report: Generates an interactive, easy-to-navigate report

Cons of ScoutSuite

• Limited graph-based analysis: Focuses on individual resource findings rather than relationships
• Less extensible: Not designed for custom data ingestion or complex queries

Code Comparison

ScoutSuite (Python):

from ScoutSuite.core.cli_parser import *
from ScoutSuite.core.console import set_logger_configuration, print_info
from ScoutSuite.core.exceptions import RuleExceptions
from ScoutSuite.core.processingengine import ProcessingEngine
from ScoutSuite.core.ruleset import Ruleset

Cartography (Python):

from cartography.intel.aws import eks
from cartography.intel.aws import iam
from cartography.intel.aws import rds
from cartography.intel.aws import route53
from cartography.intel.aws import s3

Both projects use Python, but ScoutSuite focuses on rule-based scanning, while Cartography emphasizes graph-based analysis and relationships between cloud resources. ScoutSuite's code imports core components for rule processing and report generation, whereas Cartography's imports reflect its modular approach to data ingestion from various AWS services.

Pros of CloudSploit

• Broader cloud coverage, including AWS, Azure, GCP, and Oracle Cloud
• Provides a web-based interface for easier visualization and management
• Offers both open-source and commercial versions with additional features

Cons of CloudSploit

• Less focus on graph-based analysis and relationships between assets
• May require more setup and configuration for complex environments
• Limited customization options compared to Cartography's extensible architecture

Code Comparison

Cartography (Python):

from cartography.intel.aws import ec2
from cartography.util import run_analysis_job

def sync_ec2_instances(neo4j_session, boto3_session, region, aws_account_id):
    ec2.sync_ec2_instances(neo4j_session, boto3_session, region, aws_account_id)
    run_analysis_job('aws_ec2_asset_exposure.json', neo4j_session, {})

CloudSploit (JavaScript):

const AWS = require('aws-sdk');
const async = require('async');
const helpers = require('../helpers/aws');

module.exports = {
    title: 'EC2 Instance Asset Exposure',
    category: 'EC2',
    run: function(cache, settings, callback) {
        // Plugin logic here
    }
};

Both projects aim to improve cloud security, but Cartography focuses on graph-based analysis and relationships between assets, while CloudSploit provides a broader range of cloud coverage and a web-based interface. Cartography offers more extensibility, while CloudSploit may be easier to set up and use for basic security checks across multiple cloud providers.