Skip to content

Introduction

Overview

Cirro is a comprehensive security research tool designed to help penetration testers and security researchers map and analyze cloud environments across multiple platforms. Today, the project includes modules for Azure and Tailscale, with an architecture designed to support additional platforms over time.

Cirro uses a modular workflow with platform-specific collectors and graph schema mappings. This allows the same core tooling to ingest different data models and relationship structures without changing analyst workflows.

Quick Start

Get up and running with Cirro in minutes. Install, collect data, ingest into Neo4j, and begin graph analysis.

Security Notice

Cirro is designed for authorized security testing and research. Ensure you have proper permissions before running against any cloud environment.

Key Features

Platform-Aware Collection

  • Multi-source Inputs: Collect from supported cloud, identity, and network APIs
  • Relationship Data: Capture principals, resources, memberships, and trust links
  • Extensible Modules: Add new collectors through feature-based platform modules

Flexible Authentication

  • CLI-based Auth: Reuse authenticated local tooling where available
  • Token-based Auth: Use pre-obtained access tokens
  • Certificate Auth: Authenticate with client certificates
  • Secret-based Auth: Authenticate with service credentials

Graph Workflow

  • Neo4j Ingestion: Load collected data into a graph database for analysis
  • Schema Mapping: Transform platform data into consistent nodes and edges
  • Export Support: Export graph data for downstream tooling

YAML-Driven Mapping Extensibility

  • Platform Logic in Code: New platform collectors and ingestors are implemented as Rust modules
  • YAML Graph Specs: Extend node/edge mappings through YAML definitions used by ingestion
  • Reusable Pipeline: Keep a consistent ingest and analysis workflow across supported sources

Use Case Examples

Security Testing

Map complex environments during security assessments to identify:

  • Privilege escalation paths
  • Misconfigured permissions
  • Trust relationships
  • Environment reconnaissance
  • Attack path planning

Defensive Security

Strengthen platform security posture by analyzing:

  • Security posture assessment
  • Access control validation
  • Risk identification
  • Security monitoring gaps
  • Configuration hardening