Cloud Security Posture Management for Aws

A Python tool that tests multiple AWS S3 buckets for security misconfigurations including directory listing and upload permissions.

A security toolkit for Amazon S3 that provides bucket scanning, policy validation, ACL management, and encryption features to identify and remediate S3 security vulnerabilities.

A security tool that performs whitebox evaluation of S3 object permissions to identify publicly accessible files and generate reports on potential exposure risks.

S3cario is an AWS S3 bucket security testing tool that validates permissions and identifies potential vulnerabilities through scenario simulation.

TrailScraper is a command-line tool for extracting information from AWS CloudTrail logs and generating IAM policies based on actual API usage patterns.

S3Scanner is an open-source tool that scans S3 buckets across S3-compatible APIs to identify misconfigurations and security vulnerabilities.

Krampus is an AWS resource management tool that automates the deletion and disabling of cloud objects based on JSON task files for security remediation and cost control.

Access Undenied on AWS analyzes CloudTrail AccessDenied events to explain access denial reasons and provide least-privilege remediation suggestions.

A command-line tool that shows configuration history and changes of AWS resources using AWS Config service.

Prowler is an open source multi-cloud security assessment tool that performs audits, compliance checks, and security evaluations across AWS, Azure, GCP, and Kubernetes environments.

A security tool for discovering S3 bucket references in web content and testing buckets for misconfigurations.

An open-source policy-as-code platform that analyzes multi-cloud and SaaS environments using SQL and YAML policies with GPT integration for security, cost, and architecture assessments.

Cloud Custodian is a YAML-based rules engine that manages and enforces security, compliance, and cost optimization policies across AWS, Azure, and GCP cloud environments in real-time.

AWS Scout2 is a security assessment tool that uses the AWS API to gather configuration data and automatically identify security risks in AWS environments.

An open-source framework that inventories and manages AWS resources across multiple accounts by collecting data via Cross Account Assume Roles and storing it in a centralized S3 bucket for analysis.

A comprehensive AWS security automation toolkit that provides event monitoring, data protection, resource management, and security configuration validation across AWS environments.

A multi-account AWS security tool that identifies misconfigurations, provides real-time reporting, and performs automated remediation to establish secure cloud guardrails.

Comprehensive set of security controls for various AWS services to ensure a secure cloud environment.

A cloud security analysis tool that creates digital twins of AWS environments using graph databases to identify attack paths and security misconfigurations through automated and manual rule-based assessments.

ElectricEye is a multi-cloud Python CLI tool that performs security posture management and attack surface monitoring across cloud service providers and SaaS platforms with over 1000 security checks mapped to 20+ compliance frameworks.

CloudSploit by Aqua is an open-source multi-cloud security scanning tool that detects security risks and compliance issues across AWS, Azure, GCP, OCI, and GitHub platforms.

Dufflebag searches through public AWS EBS snapshots to identify accidentally exposed secrets and sensitive information.

cfn-nag is a static analysis tool that scans AWS CloudFormation templates to identify security vulnerabilities and misconfigurations in infrastructure-as-code.

ZeusCloud is an open source cloud security platform that discovers AWS assets, identifies attack paths, and provides remediation guidance with customizable compliance controls.