Sadcloud Logo

Sadcloud

0
Free
Visit Website

Sadcloud is a tool for spinning up insecure AWS infrastructure with Terraform, supporting approximately 84 misconfigurations across 22 AWS Services. It was created to allow security researchers to misconfigure AWS for training purposes or assess AWS security tools, but it should not be run in production environments due to intentionally vulnerable configurations. Users are advised to set up a new AWS account to run this tool and to tear down all Terraform resources when not in use to minimize costs.

FEATURES

ALTERNATIVES

A CLI tool to simplify the use of AWS Systems Manager Session Manager

Gatekeeper is a policy management tool for Kubernetes that provides an extensible, parameterized policy library and native Kubernetes CRDs for instantiating and extending the policy library.

Managed Kubernetes Inspection Tool leveraging FOSS tools to query and validate security-related settings.

Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.

Commercial

Open source multi-cloud security-auditing tool for assessing security posture of cloud environments.

ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.

Metabadger helps prevent SSRF attacks on AWS EC2 by automating upgrades to the more secure Instance Metadata Service v2 (IMDSv2).

Show the history and changes between configuration versions of AWS resources