8,812 tools
A CLI tool for generating AWS IAM policy documents, SAM policy templates, and SAM Connectors using JSON definitions from the AWS Policy Generator.
A CLI tool for generating AWS IAM policy documents, SAM policy templates, and SAM Connectors using JSON definitions from the AWS Policy Generator.
Clinv is a command line DevSecOps asset inventory tool for tracking and managing digital assets across organizational infrastructure.
Clinv is a command line DevSecOps asset inventory tool for tracking and managing digital assets across organizational infrastructure.
Cloud Custodian is a YAML-based rules engine that manages and enforces security, compliance, and cost optimization policies across AWS, Azure, and GCP cloud environments in real-time.
Cloud Custodian is a YAML-based rules engine that manages and enforces security, compliance, and cost optimization policies across AWS, Azure, and GCP cloud environments in real-time.
A CLI utility that simplifies switching between different AWS roles by automatically managing AWS credentials file modifications.
A CLI utility that simplifies switching between different AWS roles by automatically managing AWS credentials file modifications.
Ice is an AWS cloud cost management tool that provides multi-level visibility into cloud spending and resource utilization to support informed reservation purchases and resource optimization decisions.
Ice is an AWS cloud cost management tool that provides multi-level visibility into cloud spending and resource utilization to support informed reservation purchases and resource optimization decisions.
A Lambda function that automatically disables AWS IAM User Access Keys after a specified time period to reduce security risks from aging credentials.
A Lambda function that automatically disables AWS IAM User Access Keys after a specified time period to reduce security risks from aging credentials.
An AWS incident response framework that uses Athena to analyze CloudTrail events and EventBridge for notifications to investigate API activity and detect security misconfigurations.
An AWS incident response framework that uses Athena to analyze CloudTrail events and EventBridge for notifications to investigate API activity and detect security misconfigurations.
A cloud security analysis tool that creates digital twins of AWS environments using graph databases to identify attack paths and security misconfigurations through automated and manual rule-based assessments.
A cloud security analysis tool that creates digital twins of AWS environments using graph databases to identify attack paths and security misconfigurations through automated and manual rule-based assessments.
A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions.
A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions.
A Terraform module that establishes security baseline configurations for AWS accounts based on CIS benchmarks and AWS security best practices.
A Terraform module that establishes security baseline configurations for AWS accounts based on CIS benchmarks and AWS security best practices.
AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.
AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.
A command-line tool that discovers and catalogs all AWS resources across an account using botocore, outputting results in JSON format.
A command-line tool that discovers and catalogs all AWS resources across an account using botocore, outputting results in JSON format.
An automated AWS security compliance remediation system that uses Lambda functions and SQS queues to automatically fix security violations detected by AWS Config.
An automated AWS security compliance remediation system that uses Lambda functions and SQS queues to automatically fix security violations detected by AWS Config.
ElectricEye is a multi-cloud Python CLI tool that performs security posture management and attack surface monitoring across cloud service providers and SaaS platforms with over 1000 security checks mapped to 20+ compliance frameworks.
ElectricEye is a multi-cloud Python CLI tool that performs security posture management and attack surface monitoring across cloud service providers and SaaS platforms with over 1000 security checks mapped to 20+ compliance frameworks.
Steampipe is a zero-ETL solution for getting data directly from APIs and services.
Steampipe is a zero-ETL solution for getting data directly from APIs and services.
A NodeJS/TypeScript library that generates IAM Policy Actions Statements for AWS services with predefined constants and factory classes for AWS CDK integration.
A NodeJS/TypeScript library that generates IAM Policy Actions Statements for AWS services with predefined constants and factory classes for AWS CDK integration.
A command-line tool that shows configuration history and changes of AWS resources using AWS Config service.
A command-line tool that shows configuration history and changes of AWS resources using AWS Config service.
Gitleaks is a SAST tool for detecting and preventing hardcoded secrets in git repos.
Gitleaks is a SAST tool for detecting and preventing hardcoded secrets in git repos.
CloudTrail Partitioner automates the creation and management of partitioned Athena tables for AWS CloudTrail logs with nightly partition updates.
CloudTrail Partitioner automates the creation and management of partitioned Athena tables for AWS CloudTrail logs with nightly partition updates.
A multi-threaded Ruby tool for comprehensive AWS security inventory collection that gathers detailed resource attributes, metadata, and policy information across AWS environments.
A multi-threaded Ruby tool for comprehensive AWS security inventory collection that gathers detailed resource attributes, metadata, and policy information across AWS environments.
CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.
CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.
A collection of scripts and guidance for generating proof-of-concept Amazon GuardDuty findings to help users understand and test AWS security detection capabilities.
A collection of scripts and guidance for generating proof-of-concept Amazon GuardDuty findings to help users understand and test AWS security detection capabilities.
A security assessment tool that identifies AWS IAM permissions by systematically testing API calls to determine the actual scope of access granted to specific credentials.
A security assessment tool that identifies AWS IAM permissions by systematically testing API calls to determine the actual scope of access granted to specific credentials.
A command-line tool that performs automated IAM policy security linting across AWS accounts and organizations using AWS Access Analyzer validation.
A command-line tool that performs automated IAM policy security linting across AWS accounts and organizations using AWS Access Analyzer validation.