Ramwingu is an open-source multi-cloud misconfiguration scanner for AWS and Azure — designed to help developers, sysadmins and security engineers identify dangerous default settings and insecure configurations before attackers do.
Ramwingu (Swahili: ramani ya wingu — "cloud map") — a lightweight open-source alternative to ScoutSuite, Prowler, or AzSecPack — focused, fast, and developer-friendly.
- Multi-Cloud Support – Scan AWS and Azure environments with a single CLI command
- Security Group Analysis – Detect open inbound rules (
0.0.0.0/0) in AWS EC2 and Azure NSGs - S3 Bucket + Storage Checks – Catch publicly accessible cloud storage
- IAM Review – Find overly permissive AWS IAM policies
- Formatted Output – View results in tables or JSON (for automation)
- Modular Design – Easy to extend, easy to integrate
git clone https://github.com/AchillesWasonga/ramwingu.git
cd ramwingu
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txtPython 3.8+ recommended
- Install Azure CLI
- Login with:
az login- Create an AWS IAM user with read-only access
- Export credentials:
export AWS_ACCESS_KEY_ID=your_access_key
export AWS_SECRET_ACCESS_KEY=your_secret_keyEdit the config/config.yaml file to set regions or scanner-specific options for AWS and Azure.
python -m ramwingu.cli --platform awspython -m ramwingu.cli --platform azurepython -m ramwingu.cli --platform aws --verboseramwingu/
├── ramwingu/
│ ├── scanners/ # AWS and Azure scanners
│ ├── utils/ # Output and misconfiguration helpers
│ ├── cli.py # Command-line interface
│ └── credentials.py # Credential management
├── tests/ # Unit tests for all major components
├── config/ # Platform config files (YAML)
├── requirements.txt
└── README.md
Pull requests are welcome! If you'd like to:
- Add new cloud providers
- Expand misconfiguration rules
- Improve output visualization
Create an issue or fork and PR!
MIT License. Free for personal and commercial use.
Inspired by security tools like:
