s3reverse
Converts the format of various S3 buckets for bug bounty and security testing.
CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s an open source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. CloudFox helps you answer the following common questions (and many more): - What regions is this AWS account using and roughly how many resources are in the account? - What secrets are lurking in EC2 userdata or service specific environment variables? - What workloads have administrative permissions attached? - What actions/permissions does this [principal] have? - What role trusts are overly permissive or allow cross-account assumption? - What endpoints/hostnames/IPs can I attack from an external starting point (public internet)? - What endpoints/hostnames/IPs can I attack from an internal starting point (assumed breach within the VPC)? - What filesystems can I potentially mount from a compromised resource inside the VPC? Demos, Examples, Walkthroughs Blog - Introducing: CloudFox Video - CloudFox + CloudFoxable A Powerful Duo for Mastering the Art of Identifying and Exploiting AWS Attack Paths Video - Penetration Testing with CloudFox
Converts the format of various S3 buckets for bug bounty and security testing.
Docker security audit tool with custom audit profiles and JSON report generation based on CIS Docker 1.6 Benchmark.
Cloud Custodian (c7n) is a rules engine for managing public cloud accounts and resources with a focus on security, compliance, and cost optimization.
Exploring the transition towards real sandbox containers and the differences in privileges compared to traditional sandboxes like Chrome.
Automated script for creating a vulnerable Azure cloud lab to train offensive security skills.
A tool for building Open Container Initiative (OCI) container images with various functionalities.