CloudSploit by Aqua
CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub. Deployment Options: - Self-Hosted - Hosted at Aqua Wave Installation Configuration: - Amazon Web Services - Microsoft Azure - Google Cloud Platform - Oracle Cloud Infrastructure CloudSploit Config File Credential Files Environment Variables Running CLI Options: - Compliance (HIPAA, PCI, CIS Benchmarks) - Output Formats (Console Output, Ignoring Passing Results, CSV, JSON, JUnit XML) - Collection Output - Suppressions - Running a Single Plugin Architecture Writing a Plugin Other Notes
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Kube-bench is a tool for checking Kubernetes security based on CIS Kubernetes Benchmark.
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
Cloud Security Suite (cs-suite) - Version 3.0 Usage for cloud security audits on AWS, GCP, Azure, and DigitalOcean.
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
A collection of security workshops and hands-on content for AWS security services and techniques
A search engine for open Amazon S3 buckets and their contents, allowing users to search for files using keywords, filename extensions, and full path.
Discover and understand the Docker Layer 2 ICC Bug and its implications on inter-container communication.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.