Smogcloud
Find exposed AWS cloud assets that you did not know you had. A comprehensive asset inventory is step one to any capable security program. Smogcloud enables security engineers, penetration testers, and AWS administrators to monitor the collective changes that create dynamic and ephemeral internet-facing assets on a more frequent basis. It may be useful to identify Internet-facing FQDNs and IPs across one or hundreds of AWS accounts, misconfigurations or vulnerabilities, assets that are no longer in use, services not currently monitored, and shadow IT. To get started, install and setup golang, then install Smogcloud using the provided command. Set up AWS environment variables for the account you wish to query, and run the application.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A dynamic infrastructure framework for efficient multi-cloud security operations and distributed scanning.
A tool to find S3 buckets from HTML, JS, and bucket misconfiguration testing
A multi-threaded AWS security-focused inventory collection tool with comprehensive resource coverage and efficient data collection methods.
A security tool that monitors AWS objects for ownership attribution, detects domain hijacking, and verifies security services.
ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.
Metabadger helps prevent SSRF attacks on AWS EC2 by automating upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
Docker security audit tool with custom audit profiles and JSON report generation based on CIS Docker 1.6 Benchmark.
Show the history and changes between configuration versions of AWS resources
A cloud-native security platform that provides asset inventory, vulnerability management, compliance monitoring, and security posture management across multiple cloud providers.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.