Showcase your innovative cybersecurity solution to our dedicated audience of security professionals.
Reach out!
A Python script to test the security of AWS S3 buckets
A tool to enumerate S3 buckets for a specific target
Converts the format of various S3 buckets for bug bounty and security testing.
A tool to identify publicly accessible S3 objects
Lists Amazon S3 Buckets while browsing
A security tool to identify interesting files in AWS S3 buckets
A tool for testing AWS S3 bucket permissions and security
A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies
S3Scanner scans for misconfigured S3 buckets across S3-compatible APIs, identifying potential security vulnerabilities and data exposure risks.
AWS serverless cloud security tool for parsing and alerting on CloudTrail logs using EQL.
Krampus is a security solution for managing AWS objects and can be used as a cost-control tool.
Access Undenied parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable fixes.
An open-source security tool for AWS, Azure, Google Cloud, and Kubernetes security assessments and audits.
A Python script that lists all main resources of your AWS account, helping you find resources that affect billing and/or security.
A CLI tool to simplify the use of AWS Systems Manager Session Manager
A tool to find S3 buckets from HTML, JS, and bucket misconfiguration testing
A Lambda Function that disables AWS IAM User Access Keys after a set amount of time to reduce the risk associated with old access keys.
A search engine for open Amazon S3 buckets and their contents, allowing users to search for files using keywords, filename extensions, and full path.
Multi-cloud OSINT tool for enumerating public resources in AWS, Azure, and Google Cloud.
Lists AWS resources using the AWS Cloud Control API and writes them to a JSON output file.
AWS Scout2 is a security tool for AWS administrators to assess their environment's security posture.
Implements a cloud version of the Shadow Copy attack against domain controllers in AWS, allowing theft of domain user hashes.
An open-sourced framework for managing resources across hundreds of AWS Accounts
Multi-account cloud security tool for AWS with real-time reporting and auto-remediation capabilities.
Comprehensive set of security controls for various AWS services to ensure a secure cloud environment.
Nuvola is a tool for security analysis on AWS environments with a focus on creating a digital twin of cloud platforms.
CloudFox helps gain situational awareness in unfamiliar cloud environments for penetration testers and offensive security professionals.
Open-source project for detecting security risks in cloud infrastructure accounts with support for AWS, Azure, GCP, OCI, and GitHub.
A collection of security workshops and hands-on content for AWS security services and techniques
An AWS Lambda auditing tool that provides asset visibility and actionable results through statistical analysis and security checks.
Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made, as well as regions, IP addresses and user agents they used.
Automatically compile AWS SCPs for compliant AWS services based on preferred frameworks.
CLI tool for deleting AWS resources in bulk with inspecting functionality.
Generate Amazon GuardDuty findings related to real AWS resources with multiple tests available.
A tool that discovers all AWS resources created in an account
A Terraform module to set up a secure AWS account configuration baseline
A tool to fetch all public IP addresses associated with an AWS account
A project that sets up partitioned Athena tables for CloudTrail logs and updates partitions nightly.
Cloud Security Suite (cs-suite) - Version 3.0 Usage for cloud security audits on AWS, GCP, Azure, and DigitalOcean.
A tool for spinning up insecure AWS infrastructure with Terraform for training and security assessment purposes.
AWS Cloud Security offers security services and compliance tools for securing data and applications on AWS.
A small project for continuous auditing of internet-facing AWS services
Automate AWS security checks and centralize security alerts.
Detect off-instance key usage in AWS by analyzing CloudTrail files locally.
A security tool that monitors AWS objects for ownership attribution, detects domain hijacking, and verifies security services.
A customized AWS EKS setup for PCI-DSS, SOC2, and HIPAA compliance
A tool to analyze and audit AWS environments for security issues and misconfigurations.
Ice provides a birds-eye view of cloud resources and usage patterns in AWS.
Stay up-to-date on the latest trends and developments in AWS Cloud Security with this weekly digest newsletter.
Find exposed AWS cloud assets that you did not know you had.
DataCop is a custom AWS framework for mitigating S3 bucket attack vectors based on customer configuration.
An open-source framework for testing and validating the security of AWS services and resources.
A free training course and lab environment for learning to test and attack cloud infrastructure, including AWS and Azure.
Metabadger helps prevent SSRF attacks on AWS EC2 by automating upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
Cloud Security Dashboard with AWS CIS Security Benchmarks and JIRA integration.
Open-source tool for analyzing AWS temporary tokens to detect malicious activity.
A script and library for identifying risks in AWS IAM configuration
Monitors AWS and GCP accounts for policy changes and alerts on insecure configurations, with support for OpenStack and GitHub monitoring.
A set of tools for fingerprinting and exploiting Amazon cloud infrastructures
Centrally Manage Cloud Firewall Rules with AWS Firewall Manager
A command line tool that counts Amazon resources across regions and displays the results in a friendly format.
A multi-threaded AWS security-focused inventory collection tool with comprehensive resource coverage and efficient data collection methods.
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
A graph-based tool for visualizing effective access and resource relationships within AWS
A tool that determines what AWS API calls are logged by CloudTrail and what they are logged as, and can also be used as an attack simulation framework.
An AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.
A fully managed service that securely stores, rotates, and manages sensitive data such as database credentials and API keys.
A CLI utility that makes it easier to switch between different AWS roles
In-depth analysis and insights on various cloud security topics by Rhino Security Labs team
Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices with a focus on Identity and Access Management.
