CFRipper Logo

CFRipper

0
Free
Visit Website

CFRipper is a Library and CLI security analyzer for AWS CloudFormation templates. You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks by adding new custom plugins. Docs and more details available in [CFRipper Documentation](https://cfripper.readthedocs.io/) CLI Usage: Normal execution: $ cfripper /tmp/root.yaml /tmp/root_bypass.json --format txt Analysing /tmp/root.yaml... Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config. Valid: False Issues found: - FullWildcardPrincipalRule: rootRole should not allow full wildcard '*', or wildcard in account ID like 'arn:aws:iam::*:12345' at '*' - IAMRolesOverprivilegedRule: Role 'rootRole' contains an insecure permission '*' in policy 'root' Analysing /tmp/root_bypass.json... Valid: True Using the 'resolve' flag: $ cfripper /tmp/root.yaml /tmp/root_bypass.json --format txt --resolve Analysing /tmp/root.yaml... Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config. Valid: False Issues found: - FullWildcardPrincipalRule: rootRole should not allow full wildcard '*', or wildcard in acco

FEATURES

ALTERNATIVES

DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.

A Rust-based command-line tool for analyzing .apk files to detect vulnerabilities.

A DAST solution that performs automated security testing of APIs and web applications within development workflows and CI/CD pipelines.

Falco is a cloud native runtime security tool for Linux operating systems that detects and alerts on abnormal behavior and potential security threats in real-time.

An application security platform that provides runtime threat modeling, vulnerability management, and automated remediation workflows with a focus on identifying exploitable vulnerabilities in production environments.

Instrumentation-based approach for resolving reflective calls in Android apps.

Arnica is an application security platform that offers real-time scanning, risk mitigation, and management across various aspects of the software development lifecycle.

PINNED