v3.0.0 — 40 auditors, PowerShell orchestrator, Email & Network

Significant expansion since v2.0.0 — 25 new scripts, two full orchestrators, and a standardised report layer across all 40 auditors.

New: PowerShell Orchestrator

Run-Audit.ps1 — the Windows equivalent of audit.py. Runs all Azure, M365, and Windows on-premises PS1 auditors in one command, saves output to a timestamped client folder, prints a status table, and invokes exec_summary.py if Python is available.

.\Run-Audit.ps1 -Client "Acme Corp" -Azure -AllSubscriptions -Open
.\Run-Audit.ps1 -Client "Acme Corp" -All -OutputDir C:\Reports

New Auditors (15 scripts)

AWS (2)

• Config Auditor — AWS Config enablement per region, active rule counts, compliance status, and recording coverage gaps
• Backup Auditor — AWS Backup vault coverage, backup plan assignments, retention policy, and encryption across all supported resource types

Azure (2)

• Policy Auditor — Azure Policy assignments, compliance state, and exemptions across the subscription or management group
• Backup Auditor — Azure Backup vault coverage, backup policies, retention rules, redundancy settings, and soft-delete configuration

Windows On-Premises (1)

• LAPS Auditor — LAPS deployment coverage across domain-joined computers — managed vs unmanaged machines, password age, and expiry configuration

Email (1)

• Email Security Auditor — SPF, DKIM, and DMARC DNS configuration. No credentials required.

Network (2)

• SSL/TLS Auditor — cert expiry, hostname match, self-signed detection, key algorithm, TLS version (min 1.2), weak cipher suites, HSTS. No credentials required.
• HTTP Security Headers Auditor — X-Frame-Options, X-Content-Type-Options, Content-Security-Policy (unsafe-inline/eval detection), Referrer-Policy, Permissions-Policy. No credentials required.

Linux On-Premises (3)

• Sysctl Auditor — 24 CIS Benchmark kernel parameters via sysctl
• Patch Auditor — available updates (total + security-specific), auto-update agent, kernel upgrade status across apt/yum/dnf/zypper
• SSH Auditor — 21 SSH daemon hardening parameters via sshd -T

Azure (additional, v2.0.0 gap)

• Key Vault Auditor — RBAC vs legacy access policy, purge protection, soft delete, diagnostic logging, expiring secrets/certificates/keys
• Defender Auditor — Defender for Cloud plan enablement, secure score, security contacts, auto-provisioning

Windows On-Premises (additional, v2.0.0 gap)

• SMB Signing Auditor — SMB signing enforcement; missing server-side enforcement allows NTLM relay attacks
• Audit Policy Auditor — 15 critical Windows audit policy subcategories against CIS baseline
• BitLocker Auditor — BitLocker encryption status, method strength, TPM protector, recovery password

Improvements

• Standardised HTML reports — consistent CSS, severity cards, and colour palette across all 40 auditors
• M365 Auditor expanded — added OAuth consent policy, per-user MFA registration coverage, and guest/external user review
• CIS v8 control mapping — all JSON findings include a cis_control field
• Auto-discovery — audit.py now auto-discovers *_auditor.py scripts via AST scan; no AUDITOR_MAP edits needed for new scripts
• exec_summary.py — per-pillar scoring to prevent regional scan inflation; diff comparison against a previous baseline
• Pre-flight checks in audit.py — warns on missing credentials, modules, or permissions before running
• Bug fixes — Windows strict-mode crashes, exec_summary encoding on Windows, SSH auditor graceful handling when sshd is not installed

Testing

• 894 tests (pytest + Pester)
• Every auditor has its own tests/ directory
• CI covers Python (ubuntu-latest) and PowerShell (windows-latest)

v2.0.0

Adds Azure and On-Premises audit scripts, bringing the total to 15 scripts across three platforms.

New: Azure (5 scripts)

• Entra Auditor — MFA gaps, privileged guests, stale app credentials, custom role misuse, privilege escalation paths
• Storage Auditor — public access, shared key auth, encryption, soft delete, versioning, logging
• Activity Log Auditor — diagnostic setting coverage, retention, missing categories, alerting gaps
• NSG Auditor — dangerous open ports, internet-exposed rules, orphaned groups
• Subscription Auditor — Defender for Cloud, permanent privileged roles, Global Admin hygiene, budget alerts

New: On-Premises — Windows (3 scripts)

• AD Auditor — stale accounts, Kerberoastable/AS-REP roastable users, weak password policy, unconstrained delegation, privileged group hygiene
• Local User Auditor — local accounts, registry autologon, WDigest, NTLMv1, LAPS detection, local admin membership
• Windows Firewall Auditor — firewall profiles, default-allow policies, dangerous ports open to any source

New: On-Premises — Linux (2 scripts)

• Linux User Auditor — users, sudo rules, SSH config, password policy, stale accounts
• Linux Firewall Auditor — auto-detects iptables/nftables/ufw/firewalld; checks auditd rules and syslog

Testing & CI

• 239 tests total (124 existing AWS + 115 new)
• Pester 5 tests for all PowerShell scripts (Azure + OnPrem Windows)
• pytest tests for all Python scripts (AWS + OnPrem Linux)
• CI extended with a windows-latest Pester job covering Azure and OnPrem Windows

Other

• Consistent structure: every script now has its own tests/ subdirectory
• All output files written with owner-only permissions (mode 600)
• JSON, CSV, and HTML output for all 15 scripts

v1.0.0

Initial release of Cloud Audit Scripts.

Scripts

• IAM Privilege Mapper — maps users, roles, groups; detects privilege escalation paths, stale keys, MFA gaps
• S3 Bucket Auditor — checks public access, encryption, versioning, logging, lifecycle policies
• CloudTrail Auditor — checks logging gaps, KMS encryption, CloudWatch integration, region coverage
• Security Group Auditor — scans for dangerous open ports, unrestricted ingress, unused groups
• Root Account Auditor — audits root MFA, access keys, password policy, alternate contacts

What's included

• JSON, CSV, and HTML output for all scripts
• 72 pytest tests with mocked boto3 responses
• GitHub Actions CI workflow