156 tools and resources
A Python script to test the security of AWS S3 buckets
A tool to enumerate S3 buckets for a specific target
Converts the format of various S3 buckets for bug bounty and security testing.
A tool to identify publicly accessible S3 objects
Lists Amazon S3 Buckets while browsing
A security tool to identify interesting files in AWS S3 buckets
A tool for testing AWS S3 bucket permissions and security
A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies
S3Scanner scans for misconfigured S3 buckets across S3-compatible APIs, identifying potential security vulnerabilities and data exposure risks.
AWS serverless cloud security tool for parsing and alerting on CloudTrail logs using EQL.
Krampus is a security solution for managing AWS objects and can be used as a cost-control tool.
A python module for orchestrating content acquisitions and analysis via Amazon SSM.
Access Undenied parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable fixes.
A defense-in-depth security automation and monitoring framework utilizing threat intelligence, machine learning, and serverless technologies.
An open-source security tool for AWS, Azure, Google Cloud, and Kubernetes security assessments and audits.
Identify AWS IAM permissions by brute-forcing API calls.
Securely store and access AWS credentials in a development environment.
A Python script that lists all main resources of your AWS account, helping you find resources that affect billing and/or security.
A tool that generates least privilege IAM policies for AWS services
A CLI tool to simplify the use of AWS Systems Manager Session Manager
A tool to find S3 buckets from HTML, JS, and bucket misconfiguration testing
A Lambda Function that disables AWS IAM User Access Keys after a set amount of time to reduce the risk associated with old access keys.
pfSense is a leading open source firewall and network security solution, providing advanced protection and connectivity options.
Redboto is a collection of scripts for red team operations against the AWS API.
A tool for visualizing AWS IAM and Organizations in a graph format with Neo4j, supporting anomaly detection and custom data processing.
A search engine for open Amazon S3 buckets and their contents, allowing users to search for files using keywords, filename extensions, and full path.
Multi-cloud OSINT tool for enumerating public resources in AWS, Azure, and Google Cloud.
A post-exploitation framework for attacking running AWS infrastructure
Lists AWS resources using the AWS Cloud Control API and writes them to a JSON output file.
AWS account compliance using centrally managed Config Rules
A tool that assesses AWS accounts for subdomain hijacking vulnerabilities in Route53 and CloudFront configurations.
AWS Scout2 is a security tool for AWS administrators to assess their environment's security posture.
Python package for processing and analyzing Zeek data with Pandas, scikit-learn, Kafka, and Spark, with offloading capabilities and improved data analysis features.
Implements a cloud version of the Shadow Copy attack against domain controllers in AWS, allowing theft of domain user hashes.
On-demand access to AWS and ISV compliance reports with time-saving benefits.
An open-sourced framework for managing resources across hundreds of AWS Accounts
Tool to clean Exif data from images in AWS S3 bucket
A collection of AWS security architectures for various security operations.
Multi-account cloud security tool for AWS with real-time reporting and auto-remediation capabilities.
IAM Zero detects IAM issues and suggests least-privilege policies for AWS and other cloud platforms.
Comprehensive set of security controls for various AWS services to ensure a secure cloud environment.
A library utilizing Z3 prover to analyze AWS IAM policies.
Continually audit your AWS usage to simplify risk and compliance assessment.
Nuvola is a tool for security analysis on AWS environments with a focus on creating a digital twin of cloud platforms.
CloudFox helps gain situational awareness in unfamiliar cloud environments for penetration testers and offensive security professionals.
Open-source project for detecting security risks in cloud infrastructure accounts with support for AWS, Azure, GCP, OCI, and GitHub.
Pacu is an open-source AWS exploitation framework for offensive security testing against cloud environments.
A collection of security workshops and hands-on content for AWS security services and techniques
A tool for searching through public EBS snapshots for secrets, organized as an Elastic Beanstalk application.
Repokid uses Access Advisor to remove unused service permissions from IAM roles in AWS.
An AWS Lambda auditing tool that provides asset visibility and actionable results through statistical analysis and security checks.
A library of Amazon S3 attack scenarios with mitigation strategies.
AWS Web Application Firewall (WAF) for protecting web applications from common exploits.
A portable Docker container with preinstalled AWS security tools for SecOps on AWS.
Open-source project for building instrumented environments to simulate attacks and test detections.
Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made, as well as regions, IP addresses and user agents they used.
Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.
CFRipper is a Library and CLI security analyzer for AWS CloudFormation templates.
Automatically compile AWS SCPs for compliant AWS services based on preferred frameworks.
CLI tool for deleting AWS resources in bulk with inspecting functionality.
A project for demonstrating AWS attack techniques with a focus on ethical hacking practices.
Generate Amazon GuardDuty findings related to real AWS resources with multiple tests available.
A serverless, real-time, and retroactive malware detection tool that scans files with YARA rules and alerts incident response teams.
Centralized workforce identity management for AWS applications.
A tool that discovers all AWS resources created in an account
A Terraform module to set up a secure AWS account configuration baseline
AWS Web Application Firewalls (WAFs) protect web applications and APIs from attacks, providing prebuilt security rules and the ability to create custom rules.
A tool to fetch all public IP addresses associated with an AWS account
A project that sets up partitioned Athena tables for CloudTrail logs and updates partitions nightly.
Cloud Security Suite (cs-suite) - Version 3.0 Usage for cloud security audits on AWS, GCP, Azure, and DigitalOcean.
A tool for spinning up insecure AWS infrastructure with Terraform for training and security assessment purposes.
AWS Cloud Security offers security services and compliance tools for securing data and applications on AWS.
Provision, manage, and renew SSL/TLS certificates for your AWS resources with AWS Certificate Manager.
A small project for continuous auditing of internet-facing AWS services
Github action for linting AWS IAM policy documents.
A tutorial on setting up Dionaea on an EC2 instance in 20 minutes
A script that implements Cognito attacks such as Account Oracle or Priviledge Escalation
Static code analyzer for Infrastructure as Code with 500+ security policies and support for various IaC tools and cloud platforms.
Assess, audit, and evaluate configurations of AWS resources.
CloudGoat is a 'Vulnerable by Design' AWS deployment tool for honing cloud cybersecurity skills through 'capture-the-flag' style scenarios.
Automate AWS security checks and centralize security alerts.
Detect off-instance key usage in AWS by analyzing CloudTrail files locally.
A cloud-based key management service for encrypting and digitally signing data.
A utility for testing AWS Lambda functions for SQL Injection vulnerabilities using SQLMap attacks.
Identify unintended network access to AWS resources and ensure network security by analyzing network reachability conditions.
A security tool that monitors AWS objects for ownership attribution, detects domain hijacking, and verifies security services.
Scripts to quickly fix security and compliance issues
A customized AWS EKS setup for PCI-DSS, SOC2, and HIPAA compliance
A tool to analyze and audit AWS environments for security issues and misconfigurations.
Redirects EC2 metadata API traffic to a container that retrieves temporary AWS credentials and proxies other calls to the EC2 metadata API.
Ice provides a birds-eye view of cloud resources and usage patterns in AWS.
A collection of resources for securing AWS environments using the CIS Amazon Web Services Foundations Benchmark 1.1
A tool for discovering open S3 Buckets starting from a domain using various techniques such as crawling and DNS crawling.
Chamber is a tool for managing secrets that utilizes AWS SSM Parameter Store.
An attacker can create a new IAM policy version and set it as the default version without requiring the iam:SetDefaultPolicyVersion permission.
Multi-cloud antivirus scanning API with CLAMAV and YARA support for AWS S3, Azure Blob Storage, and GCP Cloud Storage.
Stay up-to-date on the latest trends and developments in AWS Cloud Security with this weekly digest newsletter.
Python command line utility for incident response in AWS
A cloud-native, event-driven data pipeline toolkit for security teams with extensible data processing and serverless deployment.
Find exposed AWS cloud assets that you did not know you had.
DataCop is a custom AWS framework for mitigating S3 bucket attack vectors based on customer configuration.
An open-source framework for testing and validating the security of AWS services and resources.
A free training course and lab environment for learning to test and attack cloud infrastructure, including AWS and Azure.
Metabadger helps prevent SSRF attacks on AWS EC2 by automating upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
AWS Network Firewall provides fine-grained control over network traffic and enables easy deployment of firewall security.
Discover and protect sensitive data at scale with automated data discovery and security assessment.
A NodeJS/Typescript library for generating IAM Policy Actions Statements for AWS CDK with predefined constants and a factory class.
Open source security data lake for AWS with real-time log normalization and Detection-as-Code capabilities.
Cloud Security Dashboard with AWS CIS Security Benchmarks and JIRA integration.
Automated contextual security findings enrichment and impact evaluation tool for vulnerability management.
A tool for finding AWS credentials in files, optimized for Jenkins integration.
Helm plugin for decrypting encrypted Helm value files on the fly and integrating with cloud native secret managers.
Open-source tool for analyzing AWS temporary tokens to detect malicious activity.
A module-based AWS response tool for incident response in AWS environments.
Tool for associating IAM roles to Pods in Kubernetes clusters.
Collection of penetration testing scripts for AWS with a focus on reconnaissance.
SOPS is an editor of encrypted files supporting various formats and encryption methods.
A tool to conduct preliminary security checks in code, infrastructure, or IAM configurations using various open-source tools.
Track user activity and API usage on AWS and in hybrid and multicloud environments.
A Python utility to takeover domains vulnerable to AWS NS Takeover
AWS Community repository of custom Config rules with instructions for leveraging and developing AWS Config Rules.
A script and library for identifying risks in AWS IAM configuration
A tool to visualize AWS security groups
A series of levels teaching about common mistakes and gotchas when using Amazon Web Services (AWS).
Monitors AWS and GCP accounts for policy changes and alerts on insecure configurations, with support for OpenStack and GitHub monitoring.
A set of tools for fingerprinting and exploiting Amazon cloud infrastructures
Centrally Manage Cloud Firewall Rules with AWS Firewall Manager
Manage single-tenant hardware security modules (HSMs) on AWS.
CLI for generating AWS IAM policy documents, SAM policy templates or SAM Connectors
A command line tool that counts Amazon resources across regions and displays the results in a friendly format.
A multi-threaded AWS security-focused inventory collection tool with comprehensive resource coverage and efficient data collection methods.
Search AWS CloudWatch logs on the command line with aws-sdk-for-go.
Amazon GuardDuty is a threat detection service for AWS accounts.
AWS IAM Security Assessment tool for identifying violations of least privilege and generating risk-prioritized reports.
Tool for generating AWS IAM policy statements with a fluent interface.
AWS Shield provides managed DDoS protection for your applications, automatically detecting and mitigating sophisticated network-level DDoS events.
A secret keeper that stores secrets in DynamoDB, encrypted at rest.
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
A web service for easier AWS IAM permissions and credential management with various login methods and IAM Self-Service Wizard.
CredStash is a tool for managing and securely storing credentials.
AirIAM is an AWS IAM to least privilege Terraform execution framework that compiles AWS IAM usage and leverages that data to create a least-privilege IAM Terraform.
A graph-based tool for visualizing effective access and resource relationships within AWS
A tool that determines what AWS API calls are logged by CloudTrail and what they are logged as, and can also be used as an attack simulation framework.
An AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.
A fully managed service that securely stores, rotates, and manages sensitive data such as database credentials and API keys.
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT) for scoping compromises across cloud instances.
A CLI utility that makes it easier to switch between different AWS roles
Scalable, cost-effective application recovery to AWS.
Runs IAM policy linting checks against AWS accounts to identify security best practices and policy errors.
In-depth analysis and insights on various cloud security topics by Rhino Security Labs team
CloudTracker helps identify over-privileged IAM users and roles by analyzing CloudTrail logs.
A Serverless Security Orchestration Automation and Response (SOAR) Framework for AWS GuardDuty with various supported actions.
A proof of concept for using the SSM Agent in Fargate for incident response
Templates for incident response run-books tailored for AWS environments based on NIST guidelines.
Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices with a focus on Identity and Access Management.
