Cartography
Apache-2.0☁️ Cloud Recon · Python
Cartography is a Python tool developed by Lyft that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by Neo4j. It ingests data from AWS, GCP, Azure, Okta, GitHub, and other services to build a comprehensive map of your cloud environment. Security teams use Cartography to identify attack paths, find misconfigurations, and understand blast radius by querying relationships between resources like EC2 instances, S3 buckets, IAM roles, and security groups. Its graph-based approach makes it easy to ask questions like 'which instances can reach this database' or 'which IAM users have admin access across accounts' that would be extremely difficult with flat inventory tools.
Installation
pip
$ pip install cartographyfrom source
$ git clone https://github.com/lyft/cartography.git && cd cartography && pip install -e .Use Cases
- Mapping relationships between cloud resources across AWS, GCP, and Azure
- Identifying attack paths through IAM role chains and trust relationships
- Finding exposed assets with public access or overly permissive policies
- Tracking infrastructure drift and compliance violations over time
- Visualizing blast radius for compromised credentials or resources
Tags
Details
- Category
- ☁️ Cloud Recon
- Language
- Python
- Repository
- lyft/cartography
- License
- Apache-2.0
- Platforms
- 🐧linux🍎macos
Links
Alternatives & Comparisons
Prowler
PythonCloud security assessment tool. 300+ checks for AWS, Azure, GCP, and Kubernetes against CIS benchmarks.
Compare Cartography vs ProwlerScoutSuite
PythonMulti-cloud security auditing tool for AWS, Azure, GCP, Alibaba Cloud, and Oracle Cloud.
Compare Cartography vs ScoutSuiteCloudMapper
PythonAnalyze AWS environments to create network diagrams and identify security risks.
Compare Cartography vs CloudMapperCloudBrute
GoCloud infrastructure enumerator to find company assets across multiple cloud providers.
Compare Cartography vs CloudBruteCloudFox
GoFind exploitable attack paths in cloud infrastructure by enumerating IAM permissions, secrets, and network exposure.
Compare Cartography vs CloudFoxCloudSploit
JavaScriptOpen-source cloud security configuration scanner for AWS, Azure, GCP, and Oracle Cloud Infrastructure.
Compare Cartography vs CloudSploitSteampipe
GoQuery cloud APIs with SQL. Zero-ETL approach to infrastructure visibility across AWS, Azure, GCP, and 140+ plugins.
Compare Cartography vs Steampipecloud_enum
PythonMulti-cloud OSINT enumeration. Discovers public resources across AWS, Azure, and GCP from keyword input.
Compare Cartography vs cloud_enumMore in Cloud Recon
ScoutSuite
PythonMulti-cloud security auditing tool for AWS, Azure, GCP, Alibaba Cloud, and Oracle Cloud.
CloudMapper
PythonAnalyze AWS environments to create network diagrams and identify security risks.
S3Scanner
GoScan for misconfigured S3 buckets across AWS regions and dump accessible contents.
CloudBrute
GoCloud infrastructure enumerator to find company assets across multiple cloud providers.
MicroBurst
PowerShellPowerShell toolkit for attacking Azure services including storage, key vaults, and automation.
ROADtools
PythonFramework for Azure AD enumeration and exploitation via the internal ROADrecon and ROADlib modules.