Ethical hacking tools and resources for penetration testing and red team operations. Task: Cloud SecurityExplore 19 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
NetSPI Breach and Attack Simulation as a Service validates security control effectiveness through expert-led attack simulations mapped to the MITRE ATT&CK framework.
NetSPI Breach and Attack Simulation as a Service validates security control effectiveness through expert-led attack simulations mapped to the MITRE ATT&CK framework.
A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.
A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
A Python-based red team toolkit that leverages AWS boto3 SDK to perform offensive operations including credential extraction and file exfiltration from EC2 instances.
A Python-based red team toolkit that leverages AWS boto3 SDK to perform offensive operations including credential extraction and file exfiltration from EC2 instances.
Cloud_enum is a multi-cloud OSINT tool that enumerates publicly accessible resources across AWS, Azure, and Google Cloud platforms for security assessment purposes.
Cloud_enum is a multi-cloud OSINT tool that enumerates publicly accessible resources across AWS, Azure, and Google Cloud platforms for security assessment purposes.
CloudCopy implements a cloud version of the Shadow Copy attack to extract domain user hashes from AWS-hosted domain controllers by creating and mounting volume snapshots.
CloudCopy implements a cloud version of the Shadow Copy attack to extract domain user hashes from AWS-hosted domain controllers by creating and mounting volume snapshots.
CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.
CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.
Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.
Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.
Interactive online malware sandbox for real-time analysis and threat intelligence
Interactive online malware sandbox for real-time analysis and threat intelligence
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.
AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.
CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.
CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.
AzureGoat is a deliberately vulnerable Azure cloud infrastructure that incorporates OWASP Top 10 vulnerabilities and Azure service misconfigurations for security training and penetration testing practice.
AzureGoat is a deliberately vulnerable Azure cloud infrastructure that incorporates OWASP Top 10 vulnerabilities and Azure service misconfigurations for security training and penetration testing practice.
Documentation of an AWS IAM privilege escalation technique that exploits the iam:CreatePolicyVersion permission to gain elevated access through policy manipulation.
Documentation of an AWS IAM privilege escalation technique that exploits the iam:CreatePolicyVersion permission to gain elevated access through policy manipulation.
WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.
WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.
A training program that teaches security professionals how to conduct penetration testing and attack simulations against AWS and Azure cloud infrastructure.
A training program that teaches security professionals how to conduct penetration testing and attack simulations against AWS and Azure cloud infrastructure.
A PowerShell toolkit for penetration testing Microsoft Azure environments, providing discovery, configuration auditing, and post-exploitation capabilities.
A PowerShell toolkit for penetration testing Microsoft Azure environments, providing discovery, configuration auditing, and post-exploitation capabilities.
A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.
A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.
A security testing framework for assessing container environment security across AWS and GCP cloud platforms.
A security testing framework for assessing container environment security across AWS and GCP cloud platforms.