SkyArk is a cloud security scanning tool designed to identify privileged entities within AWS and Azure environments. The tool consists of two main modules: AzureStealth for Azure environment scanning and AWStealth for AWS environment scanning. The primary objective of SkyArk is to discover the most privileged entities in target cloud environments, helping organizations identify potential security risks associated with excessive privileges. The tool focuses specifically on mitigating threats posed by Cloud Shadow Admins - highly privileged accounts that may not be properly monitored or secured. SkyArk assists organizations in discovering privileged entities across their cloud infrastructure, assessing the security posture of these entities, and implementing appropriate protection measures. The scanning capabilities help security teams gain visibility into privilege distribution and identify accounts or services that may pose elevated security risks due to their access levels.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
TerraGoat is a deliberately vulnerable Terraform repository that demonstrates common cloud infrastructure misconfigurations for training and testing security tools.
A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.
A search engine for open Amazon S3 buckets and their contents, allowing users to search for files using keywords, filename extensions, and full path.
A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.
Kube-bench is a security assessment tool that validates Kubernetes deployments against CIS Kubernetes Benchmark standards through automated configuration checks.
KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.
A setuid implementation of user namespaces that enables running unprivileged containers without root privileges as a secure alternative to traditional container runtimes.
A deprecated Kubernetes workload policy enforcement tool that helped secure multi-tenant clusters through various security policies and configurations.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.