Cloud Security

Azucar is a multi-threaded plugin-based tool that performs read-only security assessments of Azure Cloud environments, analyzing various assets and configurations without modifying deployed resources.

Continually audit your AWS usage to simplify risk and compliance assessment.

A cloud security analysis tool that creates digital twins of AWS environments using graph databases to identify attack paths and security misconfigurations through automated and manual rule-based assessments.

CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.

ElectricEye is a multi-cloud Python CLI tool that performs security posture management and attack surface monitoring across cloud service providers and SaaS platforms with over 1000 security checks mapped to 20+ compliance frameworks.

KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.

An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.

Endpoint protection platform using zero trust architecture and containment

CloudSploit by Aqua is an open-source multi-cloud security scanning tool that detects security risks and compliance issues across AWS, Azure, GCP, OCI, and GitHub platforms.

Microsoft Azure service for safeguarding cryptographic keys and secrets.

Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.

A collection of hands-on workshops and educational content focused on AWS security services, techniques, and best practices through practical scenarios.

Dufflebag searches through public AWS EBS snapshots to identify accidentally exposed secrets and sensitive information.

LambdaGuard is an AWS Lambda auditing tool that provides security configuration checks, statistical analysis, and service dependency mapping for serverless functions.

A comprehensive library documenting Amazon S3 attack scenarios and risk-based mitigation strategies for cloud storage security.

Comprehensive cybersecurity platform for hybrid and multi-cloud environments

LinuxKit is a toolkit for building custom minimal, immutable Linux distributions with secure defaults for running containerized applications like Docker and Kubernetes.

cfn-nag is a static analysis tool that scans AWS CloudFormation templates to identify security vulnerabilities and misconfigurations in infrastructure-as-code.

ZeusCloud is an open source cloud security platform that discovers AWS assets, identifies attack paths, and provides remediation guidance with customizable compliance controls.

A Docker container that bundles preinstalled AWS security tools for streamlined security operations and assessments in AWS environments.

Resmo's Cybersecurity Blog provides expert insights and tools for securing SaaS applications and cloud documents for IT and security teams.

A repository of Kubernetes Network Policy examples and YAML configurations for controlling network traffic and implementing security controls in Kubernetes clusters.

An archived community-driven collection of open source cloud security tools that provided monitoring and compliance capabilities for cloud infrastructure.

A Python tool that analyzes AWS CloudTrail data to summarize IAM principal activities, API calls, regions, IP addresses, and user agents with configurable timeframes and visualization options.