Find exposed AWS cloud assets that you did not know you had. A comprehensive asset inventory is step one to any capable security program. Smogcloud enables security engineers, penetration testers, and AWS administrators to monitor the collective changes that create dynamic and ephemeral internet-facing assets on a more frequent basis. It may be useful to identify Internet-facing FQDNs and IPs across one or hundreds of AWS accounts, misconfigurations or vulnerabilities, assets that are no longer in use, services not currently monitored, and shadow IT. To get started, install and setup golang, then install Smogcloud using the provided command. Set up AWS environment variables for the account you wish to query, and run the application.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Multi-cloud OSINT tool for enumerating public resources in AWS, Azure, and Google Cloud.
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
Tool for assessing compliance and running vulnerability scans on Docker images.
Kube-bench is a tool for checking Kubernetes security based on CIS Kubernetes Benchmark.
In-depth analysis and insights on various cloud security topics by Rhino Security Labs team
A framework to analyze container images and gather useful information.
A detection-as-code platform for streamlining cloud security operations and responding to security incidents.
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
A free training course and lab environment for learning to test and attack cloud infrastructure, including AWS and Azure.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.