Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

awesome-cloud-sec

Awesome list for cloud security related projects
https://github.com/RyanJarv/awesome-cloud-sec

  • toniblyx/my-arsenal-of-aws-security-tools
  • pacu - - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
  • liquidswards - - Discover and maintain access to IAM roles.
  • aws_pwn - - A collection of AWS penetration testing junk.
  • IAMFinder - - Enumerates and finds users and IAM roles in a target AWS account.
  • enumerate-iam - - Brute force enumeration of permissions associated with AWS credential set.
  • endgame - - An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈
  • WeirdAAL - - WeirdAAL (AWS Attack Library)
  • marionett - - Example of how an attacker might swap user data temporarily to execute arbitrary commands.
  • terraformer - - CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
  • former2 - - Generate CloudFormation / Terraform / Troposphere templates from your existing AWS resources.
  • coldsnap - - A command line interface for Amazon EBS snapshots
  • lsh - - Run interactive shell commands on AWS Lambda
  • dsnap - - Utility for downloading and mounting EBS snapshots using the EBS Direct API's
  • cognitocurl - - 🦉🤖Easily sign curl calls to API Gateway with Cognito authorization token.
  • ScoutSuite - - Multi-Cloud Security Auditing Tool
  • awspx - - Graph-based tool for visualizing effective access and resource relationships.
  • PMapper - - A tool for quickly evaluating IAM permissions in AWS.
  • aws_public_ips - - Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services
  • steampipe - - The extensible SQL interface to your favorite cloud APIs.
  • introspector - - A schema and set of tools for using SQL to query cloud infrastructure
  • cartography - - Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.
  • cloudquery - - cloudquery transforms your cloud infrastructure into SQL or Graph database for easy monitoring, governance and security.
  • cloudsplaining - - Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
  • cloudiscovery - - Discover resources in the cloud environment.
  • cloudmapper - - Analyze your Amazon Web Services (AWS) environments
  • hammer - - Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)
  • cloudscout - - Identify and visualize cross platform attack paths, vulnerabilities, and enhance overall resilience.
  • parliament - - AWS IAM linting library
  • rpCheckup - - rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.
  • prowler - - Best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
  • AWS Config - - Lambda's that analyze resource state and changes, primarily in AWS but extensible
  • cloudsploit - - Cloud Security Posture Management (CSPM)
  • smogcloud - - Find cloud assets that no one wants exposed 🔎 ☁️
  • policy_sentry - - IAM Least Privilege Policy Generator.
  • repokid - - IAM least privilege service
  • cloudtracker - - Finds over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
  • iamlive - - Generate a basic IAM policy from AWS client-side monitoring (CSM)
  • aws-leastprivilege - - Generates an IAM policy for the CloudFormation service role that adheres to least privilege.
  • cloudjack - - Route53/CloudFront Vulnerability Assessment Utility
  • cloudgoat - - CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
  • terragoat - - TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository.
  • shimit - - A tool that implements the Golden SAML attack
  • subfinder - - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
  • ctfr - - Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
  • subdover - - Subdover is a MultiThreaded Subdomain Takeover Vulnerability Scanner Written In Python3
  • cloudjack - - Route53/CloudFront Vulnerability Assessment Utility
  • can-i-take-over-xyz - - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
  • takeover - - Sub-Domain TakeOver Vulnerability Scanner
  • SubOver - - A Powerful Subdomain Takeover Tool
  • cheatsheet
  • kube-hunter - - Hunt for security weaknesses in Kubernetes clusters
  • kubeaudit - - kubeaudit helps you audit your Kubernetes clusters against common security controls
  • kubiscan - - A tool to scan Kubernetes cluster for risky permissions
  • kubesploit - - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
  • kubernetes-rbac-audit - - Tool for auditing RBACs in Kubernetes
  • peirates - - Peirates - Kubernetes Penetration Testing tool
  • cheatsheet - - Kubernetes Cheat Sheet – 15 Kubectl Commands & Objects
  • pydevops - - gcp gcloud cheat sheet
  • GCP-IAM-Privilege-Escalation - - A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.
  • ScoutSuite - - Multi-Cloud Security Auditing Tool
  • terraformer - - CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
  • gcp_enum - - A simple bash script to enumerate Google Cloud Platform environments.
  • gcp_misc - - Miscellaneous tools related to attack operations in Google Cloud Platform.
  • gcp_firewall_enum - - Parse gcloud output to enumerate compute instances with network ports exposed to the Internet. Generates targeted nmap and masscan scripts based on the results.
  • gcp_k8s_enum - - Enumerate services exposed via GKE.
  • CRT - - This tool queries the following configurations in the Azure AD/O365 tenant which can shed light on hard to find permissions and configuration settings in order to assist organizations in securing these environments.
  • security-cloud-scout - - Cross-Cloud AWS/Azure
  • how to applied purple teaming lab build on azure with terraform
  • ScoutSuite - - Multi-Cloud Security Auditing Tool
  • DumpsterDiver - - Tool to search secrets in various filetypes.
  • ebs-direct-sec-tools - - Uses EBS Direct API to scan blocks for secrets
  • checkov - - Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
  • terrascan
  • KaiMonkey
  • tfsec - - Security scanner for your Terraform code
  • kics - - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
  • AirIAM - - Least privilege AWS IAM Terraformer.
  • terraform_aws_scp - - AWS Organizations Service Control Policies (SCPs) for Terraform.
  • terraformer - - CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
  • deepce - - Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE).
  • ccat - - Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
  • trivy - - Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
  • opa - - An open source, general-purpose policy engine.
  • fregot - - Alternative REPL to OPA's built-in interpreter.
  • policy-hub-cli - - CLI for searching Rego policies
  • conftest - - Write tests against structured configuration data using the Open Policy Agent Rego query language
  • website-openid-proxy - - This service provides authenticated access to a static website hosted in an s3 bucket.
  • Config Conformance Packs
  • detect-secrets - - An enterprise friendly way of detecting and preventing secrets in code.
  • proxify - - Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.
  • CloudFail - - Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network.
  • chalice - - Python Serverless Microframework for AWS
  • placebo - - Make boto3 calls that look real but have no effect.
  • serverlessish - - Run the same Docker images in AWS Lambda and AWS ECS
  • BloodHound - - Six Degrees of Domain Admin
  • ProcMon-for-Linux - - Procmon is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system.
  • exec-template - - Super simple go templater.
  • leapp - - Potential alternative to aws-vault
Programming Languages
Python 35 Go 20 JavaScript 5 PowerShell 2 HCL 2 TypeScript 2 C++ 1 Haskell 1 Open Policy Agent 1 Ruby 1
Keywords
aws 29 security 12 kubernetes 10 cloud 10 aws-security 9 iam 8 gcp 7 azure 7 devsecops 6 terraform 6 security-tools 6 golang 5 cloudsecurity 5 infrastructure-as-code 5 pentesting 4 cloud-security 4 python3 4 cspm 4 python 4 go 4 aws-lambda 4 open-policy-agent 3 iac 3 vulnerability-scanners 3 docker 3 compliance 3 cloudformation 3 infosec 3 aws-iam 3 vulnerability-detection 2 amazon 2 pentest 2 penetration-testing 2 scanner 2 misconfiguration 2 static-analysis 2 devops 2 containers 2 authorization 2 sql 2 hacking 2 google 2 salesforce 2 auditing 2 hostile-subdomain-takeover 2 serverless 2 lambda 2 subdomain 2 subdomain-enumeration 2 subdomain-takeover 2