Security Assessment

A cloud security assessment tool that collects cloud resource information, analyzes it against best practices, and generates compliance reports in multiple formats.

Azucar is a multi-threaded plugin-based tool that performs read-only security assessments of Azure Cloud environments, analyzing various assets and configurations without modifying deployed resources.

A cloud security analysis tool that creates digital twins of AWS environments using graph databases to identify attack paths and security misconfigurations through automated and manual rule-based assessments.

A standalone Python script that audits system configurations against CIS Hardening Benchmarks to assess compliance readiness without requiring installation or dependencies.

A centralized reference resource containing default credentials for various devices and systems to assist security professionals in both offensive and defensive operations.

A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.

A Live CD and Live USB for penetration testing and security assessment

LambdaGuard is an AWS Lambda auditing tool that provides security configuration checks, statistical analysis, and service dependency mapping for serverless functions.

A comprehensive library documenting Amazon S3 attack scenarios and risk-based mitigation strategies for cloud storage security.

ZeusCloud is an open source cloud security platform that discovers AWS assets, identifies attack paths, and provides remediation guidance with customizable compliance controls.

A Docker container that bundles preinstalled AWS security tools for streamlined security operations and assessments in AWS environments.

A command-line tool that analyzes SPF and DMARC records to identify domains vulnerable to email spoofing attacks.

CSET is a free Windows-based tool that helps organizations identify cybersecurity vulnerabilities in enterprise and industrial control systems using hybrid risk and standards-based assessment approaches.

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

Sysreptor offers a customizable reporting solution for penetration testing and red teaming activities.

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

Sysreptor offers a customizable reporting solution for offensive security assessments.

A Node.js tool that analyzes HTTP security headers on websites to identify missing or problematic security configurations.

BeEF is a penetration testing framework that exploits web browsers to assess client-side security vulnerabilities and launch attacks from within the browser context.

A Python-based Docker security audit tool that performs CIS benchmark assessments with customizable profiles and JSON reporting capabilities.

A command-line security auditing tool that performs Lynis-based security assessments across AWS, GCP, Azure, and DigitalOcean cloud platforms.

A Terraform tool that creates intentionally misconfigured AWS infrastructure with 84 vulnerabilities across 22 services for security training and testing purposes.

SharpPrinter enables efficient discovery of network printers for security and management purposes.

SharpShares efficiently enumerates and maps network shares and resolves names within a domain.