cloud-pathfinder 🛰️

Attack-path auditor for Infrastructure-as-Code — Terraform, CloudFormation and Kubernetes. Not a linter. It parses your IaC into a resource graph, resolves cross-resource (and cross-file) relationships, and searches for the multi-hop chains from the public internet to your crown jewels (data stores, secrets, admin). It returns a BREACHABLE / EXPOSED / HARDENED verdict and the concrete route an attacker would walk.

Example chain it finds: open security group (SSH 0.0.0.0/0) → EC2 instance-profile role → iam:PassRole privilege escalation to admin → S3 exfiltration

Available as an MCP server (for Claude, Cursor and any MCP agent) and a pay-per-call x402 API (for autonomous AI agents with a wallet).

Why this isn't a linter

A linter flags resources one at a time: "this SG is open", "this role is broad". cloud-pathfinder reasons about how those facts connect:

• 🔗 Graph, not lint. Builds a typed resource graph and resolves which security group is attached to which instance, which role that instance assumes, and what that role can actually read.

• 🧭 Reachability search. Runs a BFS from an INTERNET entry node to every data store / secret / admin sink, returning the full multi-hop chain with per-hop file:line evidence.

• 👑 IAM privilege-escalation knowledge base. Knows AWS managed-policy permissions and 20+ privilege-escalation primitives (PassRole+RunInstances, CreatePolicyVersion, AttachRolePolicy, SSM SendCommand, UpdateFunctionCode, UpdateAssumeRolePolicy…).

• ☸️ Kubernetes attack surface. LoadBalancer/NodePort exposure → privileged / hostPath / hostNetwork pods, cluster-admin ServiceAccounts, and mounted Secrets.

Formats are auto-detected per file and analyzed together — mix .tf, CloudFormation .yaml/.json and Kubernetes manifests in one call.

Related MCP server: stepsecurity-mcp

MCP server (free tier)

{
  "mcpServers": {
    "cloud-pathfinder": { "command": "npx", "args": ["-y", "cloud-pathfinder-mcp"] }
  }
}

Tool: audit_iac_attack_paths

{
  "files": {
    "main.tf": "resource \"aws_security_group\" \"web\" { ingress { ... cidr_blocks = [\"0.0.0.0/0\"] } } ...",
    "k8s.yaml": "apiVersion: v1\nkind: Service\n..."
  }
  // or: "source": "<a single IaC blob>", "filename": "main.tf"
}

The free tier returns the verdict, risk score, and the counts (how many attack paths, crown jewels and misconfigurations). The deep tier (deep: true) returns every full chain with hops, file:line evidence, privilege-escalation reachability and remediation.

diff_attack_paths — the CI/CD gate

Give it the IaC before and after a change (a PR's base and head trees) and it reports exactly what the change did to your attack surface: which internet→crown-jewel chains it INTRODUCES, which it ELIMINATES, and which it AGGRAVATES — with an INTRODUCES_BREACH / REDUCES_RISK / NEUTRAL / MIXED verdict. Wire it into PR review so a one-line security-group change that opens a path to admin is caught before merge.

{
  "before": { "files": { "main.tf": "...security group admits 10.0.0.0/16..." } },
  "after":  { "files": { "main.tf": "...security group admits 0.0.0.0/0..." } }
  // deep: true → the full introduced/eliminated chains + before→after exploitability + which choke points now matter
}

A per-file linter or a single-state scan cannot answer this: it needs the full graph + privesc reachability on both states and a semantic cross-state path match. HTTP: POST /diff (free, counts only) / POST /pro/diff (deep).

Free HTTP API

POST /audit
Content-Type: application/json

{ "files": { "main.tf": "resource \"aws_security_group\" ..." } }

Rate-limited to 30 requests/hour/IP. For unlimited/commercial/deep use, call /pro/audit.

Input formats: Terraform / OpenTofu, CloudFormation, Kubernetes, Helm, Kustomize, Pulumi (TS/JS/Python), Bicep/ARM, and AWS CDK — both the synthesized cdk.out/*.template.json and the un-synthed CDK program (TypeScript + Python), so a CI gate runs on the PR diff before cdk synth.

SARIF 2.1.0 → GitHub code scanning

Add ?format=sarif (or { "format": "sarif" }) to /audit, /pro/audit, /diff or /pro/diff to get SARIF 2.1.0 you can upload to GitHub code scanning — every attack chain shows up inline on the PR's Security tab.

• Each chain is one SARIF result with a codeFlow (a step-through walk: internet → SG → instance role → privesc → S3), anchored to the IaC file:line, plus security-severity/CVSS so the badge colors correctly.

• The diff SARIF only fails the check on introduced/aggravated routes (error-level); eliminated/eased land as note.

• The free tier returns a redacted-but-schema-valid SARIF (counts only — no chains, no code-flows, no route file:line); the full code-flows are premium.

# .github/workflows/cloud-pathfinder.yml (sketch)
- run: curl -s -X POST "$CPF/pro/diff?format=sarif" -H "Authorization: Bearer $KEY" \
       --data @payload.json -o cloud-pathfinder.sarif
- uses: github/codeql-action/upload-sarif@v3
  with: { sarif_file: cloud-pathfinder.sarif }

Unlock /pro — two ways to pay (dual-pay)

The deep /pro/audit returns the full attack chains, per-hop evidence, privilege-escalation analysis and remediation. Two payment lanes coexist:

POST /pro/audit          # 402 (shows BOTH lanes) → pay → result

What it catches (selected)

How it stays honest

The premium engine and knowledge base never ship in the npm package — the published client is a thin renderer that calls the hosted analysis service. The free tier is genuinely useful (verdict + counts); the deep chains, evidence and privesc analysis are server-side behind payment.

Heuristic static analysis of declared IaC, not a live cloud assessment. It reasons over what the templates declare (no runtime SCP/permissions-boundary/condition evaluation). Treat findings as prioritized leads, not a guarantee.

MIT · github.com/Baneado98/cloud-pathfinder