"What is my public exposure?”
This is a question we have heard time and time again from our customers. The Lightspin platform provides a variety of views of customers’ cloud environment – from surfacing the most critical attack paths, to lateral movements, poor configurations, to giving their teams a birds’ eye view of all their environment encapsulates – but what about a tool that only hones in on and highlights their public exposure?
Recon.Cloud is this tool.
The team set out on a mission to do research to understand what kind of information we could gather from the “outside,” in other words, via public information. Recon.Cloud started as a POC for our customers that had asked us what their environments looked like from the outside looking in, and it ended up revealing some interesting assets. As we yielded results and shared them with our customers, we realized that we had stumbled upon an area and perhaps the early stages of a very useful tool that could bring value to those interested in better understanding their environments’ public exposure.
Discover your public exposure with Recon.Cloud
Recon.Cloud is a public and free AWS cloud security reconnaissance tool that will enable users to reveal publicly exposed cloud assets on any domain. There are many tools in the market that are open to users for reconnaissance efforts, but there are few that specifically scope recon efforts to look at the cloud alone. Typical recon tools provide an exhaustive list of all assets they detect – there is no scope to define the cloud assets themselves. This leaves users overwhelmed with too much information that can be difficult and time-consuming to comb through.
With Recon.Cloud, less is more.
Recon.Cloud will be continually updated and refreshed with new features and technical capabilities to highlight risks – these will include open ports, known CVEs, and more.
The tool is an expansion of the vision of Lightspin’s broader platform and suite of offerings. It provides practitioners with the ability to view their landscape through the lens of an attacker, to focus on what is most critical. Beyond that, it provides the response to the tactical question of how an attacker may obtain access to your internal network.
The Lightspin Security Research Team is committed to continually providing value to our community of cloud security practitioners, our customers, and our partners, so stay tuned for added features, updates, and more free tools, coming soon!