go-pillage-registries
This project takes a Docker registry and pillages the manifest and configuration for each image in its catalog. It uses Google's crane command's package, which should follow docker's keychain semantics. If you would like to override this, just change authn.DefaultKeychain as described in the https://github.com/google/go-containerregistry/tree/master/pkg/authn/k8schain Install: ```git clone https://github.com/nccgroup/go-pillage-registries.git cd go-pillage-registries go install ./...``` Usage: ```$ pilreg Usage: pilreg <registry> [flags] Flags: -c, --cache string Path to cache image layers (optional, only used if images are pulled) -h, --help help for pilreg -i, --insecure Fetch Data over plaintext -r, --repos strings list of repositories to scan on the registry. If blank, pilreg will attempt to enumerate them using the catalog API -o, --results string Path to directory for storing results. If blank, outputs configs and manifests as json object to Stdout.(must be used if 'store-images` is enabled) -k, --skip-tls Disables TLS certificate verification -s, --store-images Downloads filesystem for discovered images and stores an archive in the output directory (Disabled by default)
FEATURES
ALTERNATIVES
Stay up-to-date on the latest trends and developments in AWS Cloud Security with this weekly digest newsletter.
CloudScraper is a tool for enumerating cloud resources, including S3 Buckets, Azure Blobs, and Digital Ocean Storage Space.
A tool for discovering company infrastructure and apps on major cloud providers, beneficial for bug bounty hunters and penetration testers.
Comprehensive set of security controls for various AWS services to ensure a secure cloud environment.
Azure Guardrails enables rapid enforcement of cloud security guardrails by generating Terraform files for Azure Policy Initiatives.
Automatically compile AWS SCPs for compliant AWS services based on preferred frameworks.
A collection of security workshops and hands-on content for AWS security services and techniques
CloudFox helps gain situational awareness in unfamiliar cloud environments for penetration testers and offensive security professionals.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.