CFRipper
CFRipper is a Library and CLI security analyzer for AWS CloudFormation templates. You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks by adding new custom plugins. Docs and more details available in [CFRipper Documentation](https://cfripper.readthedocs.io/) CLI Usage: Normal execution: $ cfripper /tmp/root.yaml /tmp/root_bypass.json --format txt Analysing /tmp/root.yaml... Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config. Valid: False Issues found: - FullWildcardPrincipalRule: rootRole should not allow full wildcard '*', or wildcard in account ID like 'arn:aws:iam::*:12345' at '*' - IAMRolesOverprivilegedRule: Role 'rootRole' contains an insecure permission '*' in policy 'root' Analysing /tmp/root_bypass.json... Valid: True Using the 'resolve' flag: $ cfripper /tmp/root.yaml /tmp/root_bypass.json --format txt --resolve Analysing /tmp/root.yaml... Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config. Valid: False Issues found: - FullWildcardPrincipalRule: rootRole should not allow full wildcard '*', or wildcard in acco
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A cloud-based web application firewall that protects applications from various cyber threats through rule-based filtering, machine learning detection, and integrated security features.
SSTImap is an automated detection tool that identifies Server-Side Template Injection vulnerabilities in web applications through an interactive testing interface.
A lightweight web application firewall that protects modern applications and APIs across distributed architectures with integrated DoS protection, bot defense, and DevOps-friendly deployment options.
A privacy-focused CAPTCHA alternative that protects websites from bot attacks using proof-of-work challenges and AI-based detection while maintaining GDPR compliance.
XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.
An agentless API security platform that discovers, tests, and secures APIs through source code analysis without requiring traffic monitoring.
A fake Django admin login screen to detect and notify admins of attempted unauthorized access
Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.