Next-generation AWS Cloud Adversary Emulation platform
Project description
Atlas
AWS Cloud Adversary Emulation Platform
⚠️ This tool is still under development. APIs and behavior may change. Use with caution in production environments.
Contributing Red Team Techniques
We welcome contributions of new red team techniques. If you have attack paths, privilege escalation methods, or AWS abuse techniques you'd like to add to Atlas, please open an issue or submit a pull request. The planner and attack graph are designed to be extended—see src/atlas/planner/attack_graph.py and src/atlas/knowledge/data/api_detection_profiles.yaml for how techniques are modeled.
What is Atlas?
Atlas is a next-generation AWS cloud adversary emulation platform. It helps red teams and security researchers:
- Discover attack paths from a given identity (recon + attack graph)
- Plan multi-step privilege escalation chains
- Simulate execution without making AWS API calls
- Execute attack paths with configurable stealth and safety guardrails
- Explain attack paths with AI-powered or template-based explanations
Requirements
- Python 3.12+
- AWS credentials configured (e.g.
~/.aws/credentials)
Installation
Install with pipx (recommended):
# Install pipx if you don't have it
sudo apt install pipx # Linux/WSL
brew install pipx # macOS
pipx ensurepath
# Install Atlas
pipx install git+https://github.com/Haggag-22/Atlas.git
Or install with pip (inside a virtual environment):
python3 -m venv ~/.venv/atlas
source ~/.venv/atlas/bin/activate
pip install git+https://github.com/Haggag-22/Atlas.git
For development (editable install):
git clone https://github.com/Haggag-22/Atlas.git
cd Atlas
pip install -e ".[dev]"
Quick Start
# Configure AWS profile
atlas config --profile my-profile --region us-east-1
# Run recon + planning (creates a case)
atlas plan --case mycase
# List attack paths and simulate
atlas simulate --case mycase --attack-path AP-01
# Explain an attack path
atlas explain --case mycase --attack-path AP-01
# Open the GUI
atlas gui --case mycase
Commands
| Command | Description |
|---|---|
atlas config |
Set or show AWS profile and region |
atlas plan |
Run reconnaissance + planning, save to output/<case>/plan/ |
atlas simulate |
Simulate an attack path (no AWS calls) |
atlas run |
Execute an attack path (uses AWS) |
atlas cases |
List saved cases |
atlas explain |
Explain an attack path (AI or template) |
atlas gui |
Open the Streamlit web UI |
atlas inspect |
Inspect detection profiles for API actions |
Output Structure
output/<case>/
├── case.json # Case metadata
├── plan/ # Recon + planning
│ ├── env_model.json
│ ├── attack_edges.json
│ ├── attack_paths.json
│ └── ...
├── sim/ # Simulation results (if run)
├── run/ # Execution results (if run)
└── explanations.json # Cached AI/template explanations
Attack Techniques (Examples)
Atlas models techniques such as:
- Role assumption (
sts:AssumeRole) - Access key creation (
iam:CreateAccessKey) - Policy attachment (
iam:AttachUserPolicy,iam:AttachRolePolicy) - Inline policy injection (
iam:PutUserPolicy,iam:PutRolePolicy) - PassRole abuse (Lambda, etc.)
- Trust policy modification (
iam:UpdateAssumeRolePolicy) - Lambda code injection
- S3 read/write access
Detection costs and noise levels are derived from CloudTrail and GuardDuty profiles in src/atlas/knowledge/.
Discovered Resources
The recon engine collects the following resource types (configurable via recon.resource_types):
| Resource | Service | Key Security Data |
|---|---|---|
| S3 Buckets | S3 | Bucket policies, Public Access Block |
| EC2 Instances | EC2 | Instance profiles, IMDS config, security groups |
| Lambda Functions | Lambda | Execution roles, resource policies, environment variables |
| RDS Instances | RDS | Public accessibility, encryption, IAM auth, snapshots |
| KMS Keys | KMS | Key policies, grants, rotation status |
| Secrets Manager Secrets | Secrets Manager | Resource policies, rotation, KMS encryption |
| SSM Parameters | SSM | Parameter types (SecureString), KMS key IDs |
| CloudFormation Stacks | CloudFormation | Stack roles, capabilities, outputs |
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file atlas_redteam-2.0.0a0.tar.gz.
File metadata
- Download URL: atlas_redteam-2.0.0a0.tar.gz
- Upload date:
- Size: 165.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
50b6b93d23eb3c26a369bba60dd3b8719d69d6e7faeeb7a72770d01bd9164728
|
|
| MD5 |
5e1040a07915e4dc9ff6967e1a2cec79
|
|
| BLAKE2b-256 |
e844c81eb82832a4578eea9c41a090bf213c9c71b74da2fec3a864e40dbe33cd
|
File details
Details for the file atlas_redteam-2.0.0a0-py3-none-any.whl.
File metadata
- Download URL: atlas_redteam-2.0.0a0-py3-none-any.whl
- Upload date:
- Size: 186.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2100360b1608d298b0b2c99dbbce58dbe6c812dc5a986c4abc3c348476e8f1e9
|
|
| MD5 |
231190dc9fade55c0e01e74911955634
|
|
| BLAKE2b-256 |
1aee00613a6e511cd66470aebfece6bb354f238c0c2af4b1d04954a838097dae
|
