Aws

LambdaGuard is an AWS Lambda auditing tool that provides security configuration checks, statistical analysis, and service dependency mapping for serverless functions.

A comprehensive library documenting Amazon S3 attack scenarios and risk-based mitigation strategies for cloud storage security.

cfn-nag is a static analysis tool that scans AWS CloudFormation templates to identify security vulnerabilities and misconfigurations in infrastructure-as-code.

OWASP WrongSecrets is an educational game that teaches proper secrets management by demonstrating common mistakes through interactive challenges across various deployment platforms.

ZeusCloud is an open source cloud security platform that discovers AWS assets, identifies attack paths, and provides remediation guidance with customizable compliance controls.

AWS Web Application Firewall (WAF) for protecting web applications from common exploits.

A Docker container that bundles preinstalled AWS security tools for streamlined security operations and assessments in AWS environments.

A Python tool that analyzes AWS CloudTrail data to summarize IAM principal activities, API calls, regions, IP addresses, and user agents with configurable timeframes and visualization options.

A collection of AWS-native scripts and automation tools for DevSecOps, incident response, and security remediation in cloud environments.

CFRipper is a security analyzer for AWS CloudFormation templates that identifies vulnerabilities and misconfigurations before cloud deployment.

aws-allowlister automatically generates AWS Service Control Policies that restrict access to only compliance-framework-approved AWS services.

A CLI tool for bulk deletion and inspection of AWS resources to clean up testing accounts and prevent unnecessary charges.

A project for demonstrating AWS attack techniques with a focus on ethical hacking practices.

A collection of scripts and guidance for generating proof-of-concept Amazon GuardDuty findings to help users understand and test AWS security detection capabilities.

BinaryAlert is an open-source serverless AWS pipeline that automatically scans files uploaded to S3 buckets with YARA rules and generates immediate alerts when malware is detected.

Centralized workforce identity management for AWS applications.

A command-line tool that discovers and catalogs all AWS resources across an account using botocore, outputting results in JSON format.

A distributed systems simulator that creates intentionally vulnerable Kubernetes clusters in AWS for security training and attack scenario practice.

A Terraform module that establishes security baseline configurations for AWS accounts based on CIS benchmarks and AWS security best practices.

AWS Web Application Firewalls (WAFs) are cloud-based security services that protect web applications and APIs from internet-based attacks through customizable filtering rules and centralized management capabilities.

A Ruby-based tool that enumerates all public IPv4 and IPv6 addresses associated with an AWS account across multiple services including EC2, CloudFront, ELB, RDS, and others.

CloudTrail Partitioner automates the creation and management of partitioned Athena tables for AWS CloudTrail logs with nightly partition updates.

A command-line security auditing tool that performs Lynis-based security assessments across AWS, GCP, Azure, and DigitalOcean cloud platforms.

A Terraform tool that creates intentionally misconfigured AWS infrastructure with 84 vulnerabilities across 22 services for security training and testing purposes.