CloudBrute
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The tool addresses issues from previous approaches by providing cloud detection using IPINFO API and Source Code, supporting all major cloud providers, operating in a Black-Box (unauthenticated) manner, being fast (concurrent), and offering a modular design.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A collection of security workshops and hands-on content for AWS security services and techniques
A cloud-based security platform providing WAAP, ZTNA, public cloud security management, and threat intelligence sharing capabilities.
Open source multi-cloud security-auditing tool for assessing security posture of cloud environments.
A framework for executing attacker actions in the cloud with YAML-based format for defining TTPs and detection properties, deployable via AWS-native CI/CD pipeline.
Comprehensive set of security controls for various AWS services to ensure a secure cloud environment.
Grype is a vulnerability scanner for container images and filesystems that scans for known vulnerabilities and supports various image formats.
A search engine for open Amazon S3 buckets and their contents, allowing users to search for files using keywords, filename extensions, and full path.
Docker's Actuary automates security best-practices checks for Docker containers.
A comprehensive cloud security platform that combines vulnerability management, compliance monitoring, and automated remediation capabilities through an agentless architecture to protect cloud infrastructure and applications.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.