Enumerate IAM Permissions is a free Penetration Testing tool. Security professionals most commonly compare it with . All 48 alternatives are matched by shared capabilities, tags, and NIST CSF 2.0 coverage.
A closer look at the 8 most relevant alternatives and competitors to Enumerate IAM Permissions, including their key features and shared capabilities.
A Python script that performs security testing attacks against AWS Cognito services including account creation, user enumeration, and privilege escalation vulnerabilities.
Shares 3 capabilities with Enumerate IAM Permissions: Enumeration, AWS, Privilege Escalation
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
Shares 3 capabilities with Enumerate IAM Permissions: Enumeration, Reconnaissance, AWS
BloodHound is a Javascript web application that uses graph theory to analyze Active Directory and Azure environments, revealing hidden relationships and potential attack paths through visual mapping.
A toolkit to attack Office365, including tools for password spraying, password cracking, token manipulation, and exploiting vulnerabilities in Office365 APIs and services.
PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.
A script to enumerate Google Storage buckets and determine access and privilege escalation
Principal Mapper is a Python tool that models AWS IAM configurations as directed graphs to identify privilege escalation risks and alternative attack paths in AWS environments.
A proof-of-concept toolkit for fingerprinting and exploiting Amazon Web Services cloud infrastructures using the boto library.
A Python script that performs security testing attacks against AWS Cognito services including account creation, user enumeration, and privilege escalation vulnerabilities.
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
BloodHound is a Javascript web application that uses graph theory to analyze Active Directory and Azure environments, revealing hidden relationships and potential attack paths through visual mapping.
A toolkit to attack Office365, including tools for password spraying, password cracking, token manipulation, and exploiting vulnerabilities in Office365 APIs and services.
PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.
A script to enumerate Google Storage buckets and determine access and privilege escalation
Principal Mapper is a Python tool that models AWS IAM configurations as directed graphs to identify privilege escalation risks and alternative attack paths in AWS environments.
A proof-of-concept toolkit for fingerprinting and exploiting Amazon Web Services cloud infrastructures using the boto library.
Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.
A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.
A Python utility that identifies and exploits domains vulnerable to AWS name server takeover attacks by detecting misconfigured DNS settings.
Autonomous pentesting platform that discovers, exploits & maps attack paths.
SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.
A fast web crawler for discovering endpoints and assets within web applications during security reconnaissance.
A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.
x8 is a hidden parameters discovery suite that automatically identifies undocumented parameters in web applications and APIs for security testing purposes.
A Python-based network hacking toolkit that implements various attack and reconnaissance techniques for educational purposes and network security learning.
A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.
An open source network penetration testing framework with automatic recon and scanning capabilities.
A bash-based framework for discovering and extracting exposed .git repositories from web servers during penetration testing and bug bounty activities.
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
A collection of precompiled Windows exploits for privilege escalation.
Script to find exploits for vulnerable software packages on Linux systems using an exploit database.
A next generation version of enum4linux with enhanced features for enumerating information from Windows and Samba systems.
A Linux exploit suggestion tool that identifies potential privilege escalation vulnerabilities by analyzing kernel versions and matching them against a database of known exploits.
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
A Linux privilege escalation auditing tool that identifies potential kernel vulnerabilities and suggests applicable exploits based on system analysis.
A Burp Suite plugin that performs intelligent content discovery by analyzing current requests to identify directories, files, and variations based on the application's structure.
LinEnum is a tool for Linux enumeration that provides detailed system information and performs various checks and tasks.
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.
WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.
Lambda-Proxy is a utility that enables SQL injection testing of AWS Lambda functions by converting SQLMap HTTP attacks into Lambda invoke calls through a local proxy.
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.
ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
AI-powered autonomous penetration testing platform with multi-agent system
AI-powered automated penetration testing platform for vulnerability discovery
AI-powered automated penetration testing platform for web apps, APIs & GraphQL
Human-guided continuous pentesting platform with attack surface management
AI-powered automated pen testing & continuous red teaming platform
Pentest management platform for reporting, project mgmt & client collaboration
Common questions security professionals ask when evaluating alternatives and competitors to Enumerate IAM Permissions.
The most popular alternatives to Enumerate IAM Permissions include Cognito Scanner, AWSBucketDump, BloodHound, o365-attack-toolkit, and PowerUp. These Penetration Testing tools offer similar capabilities and are frequently compared by security professionals evaluating their options.
