Cyntrisec CLI

概要

Cyntrisec CLI is a powerful, read-only command-line interface tool designed for deep analysis of AWS infrastructure. It builds a detailed capability graph encompassing IAM, network, and dependencies to uncover potential attack paths from public internet entry points to sensitive targets. Beyond identifying security risks, it prioritizes remediation efforts based on a unique ROI calculation that considers both security impact and potential cost savings, while also pinpointing unused capabilities to reduce blast radius. The tool stores all analysis locally and provides deterministic JSON outputs with proof chains, supporting both human review and integration with AI agents via its MCP server mode.

主な機能

• Scans AWS infrastructure via read-only API calls to build a comprehensive capability graph.
• Integrates with AI agents (Claude, Gemini) via an MCP server for natural language querying and explanations.
• Discovers and visualizes attack paths from internet-exposed assets to sensitive targets.
• Prioritizes security remediation fixes based on Return on Investment (ROI) and cost savings.
• Identifies unused IAM permissions and capabilities to reduce security blast radius.
• 2 GitHub stars

ユースケース

• Proactively identify and mitigate critical attack paths within AWS environments.
• Optimize AWS security posture by discovering cost-effective remediation actions and unused resources.
• Automate security compliance checks against standards like CIS AWS and SOC 2.