Best Enumerate IAM Permissions Alternatives & Competitors in 2026

Active Directory Control Paths

A tool for analyzing and visualizing control relationships and privilege escalation paths within Active Directory environments using graph-based representations.

Cognito Scanner

A Python script that performs security testing attacks against AWS Cognito services including account creation, user enumeration, and privilege escalation vulnerabilities.

AWSBucketDump

A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.

s3reverse

A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.

BloodHound

BloodHound is a Javascript web application that uses graph theory to analyze Active Directory and Azure environments, revealing hidden relationships and potential attack paths through visual mapping.

o365-attack-toolkit

A toolkit to attack Office365, including tools for password spraying, password cracking, token manipulation, and exploiting vulnerabilities in Office365 APIs and services.

PowerUp

PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.

AWS IAM Privilege Escalation Methods

Documentation of an AWS IAM privilege escalation technique that exploits the iam:CreatePolicyVersion permission to gain elevated access through policy manipulation.

GCPBucketBrute

A script to enumerate Google Storage buckets and determine access and privilege escalation

Nimbostratus

A proof-of-concept toolkit for fingerprinting and exploiting Amazon Web Services cloud infrastructures using the boto library.

CloudCopy

CloudCopy implements a cloud version of the Shadow Copy attack to extract domain user hashes from AWS-hosted domain controllers by creating and mounting volume snapshots.

Pacu

Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.

parameth

A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.

NSBrute

A Python utility that identifies and exploits domains vulnerable to AWS name server takeover attacks by detecting misconfigured DNS settings.

Ironwood Cyber Enlight

Autonomous pentesting platform that discovers, exploits & maps attack paths.

StealthNet AI

AI agent fleet for autonomous pentesting across external, API, web & vishing surfaces.

Webray RayBox

Automated penetration testing appliance covering recon-to-exploitation attack chain.

SecLists

SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.

hakrawler

A fast web crawler for discovering endpoints and assets within web applications during security reconnaissance.

ParamSpider

A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.

x8

x8 is a hidden parameters discovery suite that automatically identifies undocumented parameters in web applications and APIs for security testing purposes.

Habu Hacking Toolkit

A Python-based network hacking toolkit that implements various attack and reconnaissance techniques for educational purposes and network security learning.

Google Search Operators: The Complete List (44 Advanced Operators)

A reference guide listing 44 advanced Google search operators for enhanced search filtering and precision in information gathering activities.

Allseek

Open-source autonomous penetration testing platform.

SprayingToolkit

A collection of Python scripts for password spraying attacks against Lync/S4B & OWA, featuring Atomizer, Vaporizer, Aerosol, and Spindrift tools.

Buster

Advanced email reconnaissance tool leveraging public data.

o365recon

A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.

Legion

An open source network penetration testing framework with automatic recon and scanning capabilities.

Git Scanner Framework

A bash-based framework for discovering and extracting exposed .git repositories from web servers during penetration testing and bug bounty activities.

Cloud Container Attack Tool (CCAT)

A security testing framework for assessing container environment security across AWS and GCP cloud platforms.

SUDO_KILLER

A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.

Offensive Docker

An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.

enum4linux-ng

A next generation version of enum4linux with enhanced features for enumerating information from Windows and Samba systems.

Raccoon

Offensive security tool for reconnaissance and information gathering with a wide range of features and future roadmap.

Linux Exploit Suggester 2

A Linux exploit suggestion tool that identifies potential privilege escalation vulnerabilities by analyzing kernel versions and matching them against a database of known exploits.

BurpSmartBuster

A Burp Suite plugin that performs intelligent content discovery by analyzing current requests to identify directories, files, and variations based on the application's structure.

LinEnum

LinEnum is a tool for Linux enumeration that provides detailed system information and performs various checks and tasks.

Dirtyc0w Docker POC

A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.

Payloads All The Things

A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.

AWS pwn

A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.

WeirdAAL (AWS Attack Library)

WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.

Lambda-Proxy

Lambda-Proxy is a utility that enables SQL injection testing of AWS Lambda functions by converting SQLMap HTTP attacks into Lambda invoke calls through a local proxy.

snmpcheck

A tool for enumerating information via SNMP protocol.

Tugarecon

A subdomain enumeration tool for penetration testers and security researchers.

Domain

Setup script for Regon-ng

screenshoteer

A command-line tool for capturing automated screenshots of websites and mobile applications with support for multiple browsers and device emulations.

gowitness

A Go-based command-line tool that uses Chrome Headless to automatically capture screenshots of web pages for reconnaissance and analysis purposes.

Gospider

A Go-based web spider tool for automated crawling and data collection from web resources across multiple protocols and formats.