The Cloud Has a Visibility Problem — Aurelian Fixes It

We are thrilled to announce Aurelian, our open-source multi-cloud security reconnaissance framework — now powering cloud assessments directly inside the Praetorian Guard Platform.

Cloud environments are sprawling, fragmented, and full of hidden risk. Secrets buried in Lambda environment variables. S3 buckets that look private but aren't. IAM policies that silently grant privilege escalation paths nobody mapped. Until now, finding all of this required stitching together a patchwork of single-cloud, compliance-focused tools that weren't built for offensive security.

Aurelian changes that — completely.

One Framework. Three Clouds. Zero Blind Spots.

Aurelian delivers a unified command-line interface for security reconnaissance across AWS, Azure, and GCP — with 25+ purpose-built modules designed by Praetorian's offensive security team. Whether you're hunting secrets, mapping IAM attack paths, or identifying publicly exposed resources, Aurelian gives you a single, consistent workflow across every major cloud provider.

What Makes Aurelian Different

• Real Policy Evaluation, Not Checkbox Compliance — Aurelian doesn't just check config flags. It evaluates actual IAM policies including condition keys, SCPs, and resource ARN patterns to determine true exposure. This is how penetration testers think — and now it's automated.
• Secrets Discovery Across 30+ Sources — EC2 user data, Lambda code, CloudFormation templates, CloudWatch logs, Azure Key Vaults, GCP storage blobs — Aurelian extracts and scans them all using the Titus secrets detection engine, with optional live validation to confirm active credentials.
• IAM Privilege Escalation Graphing — Export IAM relationships to Neo4j and run Cypher queries to visualize multi-hop escalation paths. See exactly how an attacker moves from a low-privilege role to domain dominance.
• Public Resource Detection That Actually Works — Combines resource enumeration, property enrichment, and access evaluation to find resources that are genuinely accessible — even when configuration appears private but resource-based policies tell a different story.
• Subdomain Takeover Detection — Identify dangling CNAMEs across CloudFront, S3, Elastic Beanstalk, CDK staging buckets, and managed DNS services before attackers do.
• OPSEC-Aware Reconnaissance — Built-in awareness of CloudTrail logging with configurable OPSEC levels. The whoami module identifies your caller identity without generating a single audit log entry.

Already Inside the Guard Platform

Aurelian isn't a standalone tool you bolt on — it's already integrated into the Praetorian Guard Platform. That means its reconnaissance capabilities feed directly into your attack surface management workflows. Discovered secrets, public resources, and IAM risks surface as actionable findings alongside everything else Guard already tracks.

Combined with Titus for secrets scanning and Trajan for CI/CD pipeline testing, Aurelian completes a powerful trifecta of cloud security capabilities that give your team comprehensive visibility across your entire cloud footprint.

Open Source and Extensible

Aurelian is fully open source under the Apache 2.0 license. Its plugin architecture makes adding new modules straightforward — implement the plugin.Module interface, call plugin.Register(), and the CLI wiring happens automatically. The streaming pipeline architecture handles backpressure and concurrency out of the box.

Whether you're a Praetorian Guard customer benefiting from Aurelian's capabilities automatically, or a security researcher extending the framework with custom modules — Aurelian is built for you.

Check out the project on GitHub: github.com/praetorian-inc/aurelian

Read the full deep dive: Aurelian: Open-Source Cloud Security Tool