Nimbostratus Tools for fingerprinting and exploiting Amazon cloud infrastructures. These tools are a PoC which I developed for my "Pivoting in Amazon clouds" talk, developed using the great boto library for accessing Amazon's API. For more information visit the project page Feel free to report bugs, fork and send pull-requests. You can also drop me a line at @w3af.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Converts the format of various S3 buckets for bug bounty and security testing.
Weave Scope automatically generates a map of your application for troubleshooting and monitoring Docker & Kubernetes.
Learn how to secure applications in Kubernetes Engine by granting varying levels of privilege based on requirements.
A cloud-native security platform that provides asset inventory, vulnerability management, compliance monitoring, and security posture management across multiple cloud providers.
An AWS Lambda auditing tool that provides asset visibility and actionable results through statistical analysis and security checks.
Conmachi is a Golang tool for scanning container environments for security issues.
A multi-cloud tool for centralizing assets across multiple clouds with minimal configuration.
Krampus is a security solution for managing AWS objects and can be used as a cost-control tool.
A cloud-native security platform that combines vulnerability management, workload protection, and security monitoring for cloud environments with context-aware threat detection capabilities.
PINNED

Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.