Cloud Container Attack Tool (CCAT)
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments. Quick reference Where to get help: the Pacu/CloudGoat/CCAT Community Slack, or Stack Overflow Where to file issues: https://github.com/RhinoSecurityLabs/ccat/issues Maintained by: the Rhino Assessment Team Requirements Python 3.5+ is required. Docker is required. Note: CCAT is tested with Docker Engine 19.03.1 version. Named profile is required for using AWS functionality. A service account or access token is required for using GCP functionality. Installation We recommend using the provided Docker image to run CCAT, so that you will not face any difficulty with the required dependencies on your own system. Install CCAT from source $ git clone https://github.com/RhinoSecurityLabs/ccat.git $ cd ccat $ python3 setup.py install $ python3 ccat.py Use CCAT's Docker Image Warning: Running this command will mount your local AWS configuration files into the Docker container when it is launched. This means that any user with access to the container will have access to your host computer's AWS credentials. Warning: Running this command will mount your local Unix
FEATURES
ALTERNATIVES
Managed Kubernetes Inspection Tool leveraging FOSS tools to query and validate security-related settings.
An open source cloud security platform for discovering, prioritizing, and remediating risks in the cloud.
Cloud security platform that provides configuration monitoring, compliance management, and security analysis across multi-cloud environments.
Conmachi is a Golang tool for scanning container environments for security issues.
Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices with a focus on Identity and Access Management.
A tool to analyze and audit AWS environments for security issues and misconfigurations.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.