Shield your
Network Perimeter

Ghost Armor performs a multi-region forensic scan of your Security Groups. It identifies exposed ingress points (0.0.0.0/0) and quantifies the financial risk of database and management ports open to the public web. Your credentials never leave your local session.

01

Copythe Network Shield Command.

02

Replace the *** with your Read-Only AWS Credentials. Requires EC2 DescribeRegions and EC2:DescribeSecurityGroups.

03

Execute to initiate the Global Multi-Region Scan and sync results.

Network Shield Command

docker run -it --rm \
  -e AWS_ACCESS_KEY_ID=*** \
  -e AWS_SECRET_ACCESS_KEY=*** \
  getghostarchitect/ghost-armor

This scan covers all 15+ official AWS Regions simultaneously using a high-concurrency engine. It provides a real-time breach risk assessment in USD.

Armor Node: Mapping Perimeter

Listening for VPC Flow Logs and Security Group metadata.
Bayesian Risk Model will activate upon sync.

Security & FAQ

HOW ARE MY CREDENTIALS HANDLED?

Ghost-Armor operates under Hardened by Design principles. Your AWS keys are used exclusively locally within the Docker container to scan Security Groups via boto3. No keys or raw infrastructure logs are ever stored or transmitted. All metadata is encrypted with AES-128 (Fernet) before synchronization.

WHAT DOES THE SCAN COVER?

The engine performs a Global Multi-Region Audit of your Security Groups. It specifically targets high-risk ingress points like SSH (22), RDP (3389), and Database Ports (MySQL/MongoDB) exposed to the public internet (0.0.0.0/0). It maps every entry point that could lead to a Full Takeover or Data Leak.

HOW IS THE "TOTAL BREACH RISK" CALCULATED?

Our Risk Intelligence engine assigns a financial value to each exposed port based on the potential cost of a data breach or ransomware attack. We apply a Regional Multiplier for high-target zones like us-east-1 and sa-east-1, providing a realistic estimate of your infrastructure’s financial liability.

WHAT HAPPENS AFTER PAYMENT?

You will receive the Network Exposure Dossier via PDF. This document identifies the exact Security Group IDs and Resource Names currently leaking access. You pay for the intelligence to identify the breach points; your team then uses the provided IDs to close the gaps on your own schedule.