Aurelian: Multi-Cloud Security Reconnaissance

Aurelian: Multi-Cloud Security Reconnaissance

Overview

Aurelian is an open-source, multi-cloud security reconnaissance framework built in Go. It provides a unified command-line interface for cloud security assessments across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

Where other tools require separate workflows per cloud provider, Aurelian gives you one command structure that works everywhere: aurelian [platform] recon [module]. Each module encapsulates a complex, multi-step security workflow — resource enumeration, content extraction, secrets scanning, policy analysis, access evaluation — behind a single command.

Key Capabilities

Secrets Discovery

Enumerates cloud resources, extracts content from 30+ source types (EC2 user data, Lambda code, CloudFormation templates, CloudWatch logs, ECS task definitions, environment variables, storage blobs, application configurations), and scans with Titus for hardcoded credentials, API keys, and tokens. Optional validation confirms whether discovered secrets are active.

Public Resource Detection

Combines resource listing, property enrichment, policy fetching, and access evaluation to identify publicly accessible resources — open S3 buckets, exposed databases, public IPs, anonymous-access storage accounts, and more.

IAM Privilege Escalation Analysis

Collects IAM data, evaluates effective permissions, and detects privilege escalation paths. Outputs JSON or populates a Neo4j graph database for interactive exploration.

Subdomain Takeover Detection

Checks DNS records in Route53, Azure DNS, and Cloud DNS against known cloud-specific takeover patterns — dangling CNAMEs pointing to unclaimed cloud resources.

OPSEC-Aware Reconnaissance

Covert techniques that avoid CloudTrail logging. The whoami module identifies the caller ARN using APIs that leak identity in error messages without generating audit log entries.

Supported Platforms

Platform

Modules

Capabilities

AWS

12

Secrets, public resources, IAM graph, subdomain takeover, OPSEC whoami, cost analysis

Azure

6

Secrets, public resources, configuration scan, subdomain takeover, conditional access

GCP

4

Secrets, public resources, subdomain takeover, resource enumeration

Quick Start

# Verify identity (OPSEC-safe, no CloudTrail logging)aurelian aws recon whoami# Find hardcoded secrets across all AWS regionsaurelian aws recon find-secrets# Detect publicly accessible resourcesaurelian aws recon public-resources# Build IAM privilege escalation graphaurelian aws recon graph --neo4j-uri bolt://localhost:7687# Detect subdomain takeoversaurelian aws recon subdomain-takeover

Installation

git clone https://github.com/praetorian-inc/aurelian.gitcd aureliango build -o aurelian main.go

Requires Go 1.24+. Docker support is also available.

Learn More

Full documentation and module reference at github.com/praetorian-inc/aurelian.