Skip to content

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

License

Notifications You must be signed in to change notification settings

cloud-architecture/my-arsenal-of-aws-security-tools

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CONTRIBUTE

Do you want to contribute to this list? Feel free to send a PR and make sure your tool is Open Source.

Name URL Description Popularity Metadata
My Arsenal of AWS Security Tools https://github.com/toniblyx/my-arsenal-of-aws-security-tools This list of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. stars contributors watchers last-commit open-issues closed-issues

Defensive: Hardening, Security Assessment and Inventory

Name URL Description Popularity Metadata
ScoutSuite https://github.com/nccgroup/ScoutSuite Multi-Cloud Security auditing tool for AWS Google Cloud and Azure environments (python) stars contributorswatcherslast-commit open-issues closed-issues
Prowler https://github.com/toniblyx/prowler CIS benchmarks and additional checks for security best practices in AWS (bash and python components) stars contributorswatcherslast-commit open-issues closed-issues
CloudSploit Scans https://github.com/cloudsploit/scans AWS security scanning checks (NodeJS) stars contributorswatcherslast-commit open-issues closed-issues
CloudMapper https://github.com/duo-labs/cloudmapper helps you analyze your AWS environments (Python) stars contributorswatcherslast-commit open-issues closed-issues
CloudTracker https://github.com/duo-labs/cloudtracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies (Python) stars contributorswatcherslast-commit open-issues closed-issues
AWS Security Benchmarks https://github.com/awslabs/aws-security-benchmark scripts and templates guidance related to the AWS CIS Foundation framework (Python) stars contributorswatcherslast-commit open-issues closed-issues
AWS Public IPs https://github.com/arkadiyt/aws_public_ips Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6 Classic/VPC networking and across all AWS services (Ruby) stars contributorswatcherslast-commit open-issues closed-issues
PMapper https://github.com/nccgroup/PMapper Advanced and Automated AWS IAM Evaluation (Python) stars contributorswatcherslast-commit open-issues closed-issues
nccgroup AWS-Inventory https://github.com/nccgroup/aws-inventory Make a inventory of all your resources across regions (Python) stars contributorswatcherslast-commit open-issues closed-issues
Resource Counter https://github.com/disruptops/resource-counter Counts number of resources in categories across regions stars contributorswatcherslast-commit open-issues closed-issues
ICE https://github.com/Teevity/ice Ice provides insights from a usage and cost perspective with high detail dashboards. stars contributorswatcherslast-commit open-issues closed-issues
SkyArk https://github.com/cyberark/SkyArk SkyArk provides advanced discovery and security assessment for the most privileged entities in the tested AWS. stars contributorswatcherslast-commit open-issues closed-issues
Trailblazer AWS https://github.com/willbengtson/trailblazer-aws Trailblazer AWS determine what AWS API calls are logged by CloudTrail and what they are logged as. You can also use TrailBlazer as an attack simulation framework. stars contributorswatcherslast-commit open-issues closed-issues
Lunar https://github.com/lateralblast/lunar Security auditing tool based on several security frameworks (it does some AWS checks) stars contributorswatcherslast-commit open-issues closed-issues
Cloud-reports https://github.com/tensult/cloud-reports Scans your AWS cloud resources and generates reports stars contributorswatcherslast-commit open-issues closed-issues
Pacbot https://github.com/tmobile/pacbot Platform for continuous compliance monitoring compliance reporting and security automation for the cloud stars contributorswatcherslast-commit open-issues closed-issues
cs-suite https://github.com/SecurityFTW/cs-suite Integrates tools like Scout2 and Prowler among others stars contributorswatcherslast-commit open-issues closed-issues
aws-key-disabler https://github.com/te-papa/aws-key-disabler A small lambda script that will disable access keys older than a given amount of days stars contributorswatcherslast-commit open-issues closed-issues
Antiope https://github.com/turnerlabs/antiope AWS Inventory and Compliance Framework stars contributorswatcherslast-commit open-issues closed-issues
Cloud Reports https://github.com/tensult/cloud-reports Scans your AWS cloud resources and generates reports and includes security best practices. stars contributorswatcherslast-commit open-issues closed-issues
Terraform AWS Secure Baseline https://github.com/nozaq/terraform-aws-secure-baseline Terraform module to set up your AWS account with the secure stars contributorswatcherslast-commit open-issues closed-issues
Cartography https://github.com/lyft/cartography Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database. stars contributorswatcherslast-commit open-issues closed-issues
TrailScraper https://github.com/flosell/trailscraper A command-line tool to get valuable information out of AWS CloudTrail stars contributorswatcherslast-commit open-issues closed-issues
LambdaGuard https://github.com/Skyscanner/LambdaGuard An AWS Lambda auditing tool designed to create asset visibility and provide actionable results. stars contributorswatcherslast-commit open-issues closed-issues
Komiser https://github.com/mlabouardy/komiser Cloud Environment Inspector nalyze and manage cloud cost usage security and governance in one place. stars contributorswatcherslast-commit open-issues closed-issues
Perimeterator https://github.com/darkarnium/perimeterator AWS perimeter monitoring. Periodically scan internet facing AWS resources to detect misconfigured services stars contributorswatcherslast-commit open-issues closed-issues
PolicySentry https://github.com/salesforce/policy_sentry IAM Least Privilege Policy Generator auditor and analysis database stars contributorswatcherslast-commit open-issues closed-issues
Zeus https://github.com/DenizParlak/Zeus AWS Auditing & Hardening Tool stars contributorswatcherslast-commit open-issues closed-issues
janiko71 AWS-inventory https://github.com/janiko71/aws-inventory Python script for AWS resources inventory stars contributorswatcherslast-commit open-issues closed-issues
awspx https://github.com/fsecurelabs/awspx A graph-based tool for visualizing effective access and resource relationships in AWS environments stars contributorswatcherslast-commit open-issues closed-issues

Offensive

Name URL Description Popularity Metadata
weirdALL https://github.com/carnal0wnage/weirdAAL AWS Attack Library stars contributorswatcherslast-commit open-issues closed-issues
Pacu https://github.com/RhinoSecurityLabs/pacu AWS penetration testing toolkit stars contributorswatcherslast-commit open-issues closed-issues
Cred Scanner https://github.com/disruptops/cred_scanner A simple file-based scanner to look for potential AWS access and secret keys in files stars contributorswatcherslast-commit open-issues closed-issues
AWS PWN https://github.com/dagrz/aws_pwn A collection of AWS penetration testing junk stars contributorswatcherslast-commit open-issues closed-issues
Cloudfrunt https://github.com/MindPointGroup/cloudfrunt A tool for identifying misconfigured CloudFront domains stars contributorswatcherslast-commit open-issues closed-issues
Cloudjack https://github.com/prevade/cloudjack Route53/CloudFront Vulnerability Assessment Utility stars contributorswatcherslast-commit open-issues closed-issues
Nimbostratus https://github.com/andresriancho/nimbostratus Tools for fingerprinting and exploiting Amazon cloud infrastructures stars contributorswatcherslast-commit open-issues closed-issues
GitLeaks https://github.com/zricethezav/gitleaks Audit git repos for secrets stars contributorswatcherslast-commit open-issues closed-issues
TruffleHog https://github.com/dxa4481/truffleHog Searches through git repositories for high entropy strings and secrets digging deep into commit history stars contributorswatcherslast-commit open-issues closed-issues
DumpsterDiver https://github.com/securing/DumpsterDiver "Tool to search secrets in various filetypes like keys (e.g. AWS Access Key Azure Share Key or SSH keys) or passwords." stars contributorswatcherslast-commit open-issues closed-issues
Mad-King https://github.com/ThreatResponse/mad-king Proof of Concept Zappa Based AWS Persistence and Attack Platform stars contributorswatcherslast-commit open-issues closed-issues
Cloud-Nuke https://github.com/gruntwork-io/cloud-nuke A tool for cleaning up your cloud accounts by nuking (deleting) all resources within it stars contributorswatcherslast-commit open-issues closed-issues
MozDef - The Mozilla Defense Platform https://github.com/mozilla/MozDef The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers. stars contributorswatcherslast-commit open-issues closed-issues
Lambda-Proxy https://github.com/puresec/lambda-proxy A bridge between SQLMap and AWS Lambda which lets you use SQLMap to natively test AWS Lambda functions for SQL Injection vulnerabilities. stars contributorswatcherslast-commit open-issues closed-issues
CloudCopy https://github.com/Static-Flow/CloudCopy Cloud version of the Shadow Copy attack against domain controllers running in AWS using only the EC2:CreateSnapshot permission stars contributorswatcherslast-commit open-issues closed-issues
enumerate-iam https://github.com/andresriancho/enumerate-iam Enumerate the permissions associated with AWS credential set stars contributorswatcherslast-commit open-issues closed-issues
Barq https://github.com/Voulnet/barq A post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructure stars contributorswatcherslast-commit open-issues closed-issues

Continuous Security Auditing

Name URL Description Popularity Metadata
Security Monkey https://github.com/Netflix/security_monkey stars contributorswatcherslast-commit open-issues closed-issues
Krampus https://github.com/sendgrid/krampus stars contributorswatcherslast-commit open-issues closed-issues
Cloud Inquisitor https://github.com/RiotGames/cloud-inquisitor stars contributorswatcherslast-commit open-issues closed-issues
CloudCustodian https://github.com/capitalone/cloud-custodian stars contributorswatcherslast-commit open-issues closed-issues
Disable keys after X days https://github.com/te-papa/aws-key-disabler stars contributorswatcherslast-commit open-issues closed-issues
Repokid Least Privilege https://github.com/Netflix/repokid stars contributorswatcherslast-commit open-issues closed-issues
Wazuh CloudTrail module https://github.com/wazuh/wazuh stars contributorswatcherslast-commit open-issues closed-issues
Hammer https://github.com/dowjones/hammer stars contributorswatcherslast-commit open-issues closed-issues
Streamalert https://github.com/airbnb/streamalert stars contributorswatcherslast-commit open-issues closed-issues
Billing Alerts CFN templates https://github.com/btkrausen/AWS stars contributorswatcherslast-commit open-issues closed-issues
Watchmen https://github.com/iagcl/watchmen AWS account compliance using centrally managed Config Rules stars contributorswatcherslast-commit open-issues closed-issues

Digital Forensics and Incident Response

Name URL Description Popularity Metadata
AWS IR https://github.com/ThreatResponse/aws_ir AWS specific Incident Response and Forensics Tool stars contributorswatcherslast-commit open-issues closed-issues
Margaritashotgun https://github.com/ThreatResponse/margaritashotgun Linux memory remote acquisition tool stars contributorswatcherslast-commit open-issues closed-issues
Diffy https://github.com/Netflix-Skunkworks/diffy Triage tool used during cloud-centric security incidents stars contributorswatcherslast-commit open-issues closed-issues
AWS Security Automation https://github.com/awslabs/aws-security-automation AWS scripts and resources for DevSecOps and automated incident response stars contributorswatcherslast-commit open-issues closed-issues
GDPatrol https://github.com/ansorren/GDPatrol Automated Incident Response based off AWS GuardDuty findings stars contributorswatcherslast-commit open-issues closed-issues
AWSlog https://github.com/jaksi/awslog Show the history and changes between configuration versions of AWS resources using AWS Config stars contributorswatcherslast-commit open-issues closed-issues
AWS_Responder https://github.com/prolsen/aws_responder AWS Digital Forensic and Incident Response (DFIR) Response Python Scripts stars contributorswatcherslast-commit open-issues closed-issues
SSM-Acquire https://github.com/mozilla/ssm-acquire A python module for orchestrating content acquisitions and analysis via Amazon SSM stars contributorswatcherslast-commit open-issues closed-issues
cloudtrail-partitioner https://github.com/duo-labs/cloudtrail-partitioner This project sets up partitioned Athena tables for your CloudTrail logs and updates the partitions nightly. Makes CloudTrail logs queries easier. stars contributorswatcherslast-commit open-issues closed-issues

Development Security

Name URL Description Popularity Metadata
CFN NAG https://github.com/stelligent/cfn_nag CloudFormation security test (Ruby) stars contributorswatcherslast-commit open-issues closed-issues
Git-secrets https://github.com/awslabs/git-secrets stars contributorswatcherslast-commit open-issues closed-issues
Repository of sample Custom Rules for AWS Config https://github.com/awslabs/aws-config-rules stars contributorswatcherslast-commit open-issues closed-issues
CFripper https://github.com/Skyscanner/cfripper "Lambda function to ""rip apart"" a CloudFormation template and check it for security compliance." stars contributorswatcherslast-commit open-issues closed-issues
Assume https://github.com/SanderKnape/assume A simple CLI utility that makes it easier to switch between different AWS roles stars contributorswatcherslast-commit open-issues closed-issues
Terrascan https://github.com/cesar-rodriguez/terrascan A collection of security and best practice tests for static code analysis of terraform templates using terraform_validate stars contributorswatcherslast-commit open-issues closed-issues
tfsec https://github.com/liamg/tfsec Provides static analysis of your terraform templates to spot potential security issues stars contributorswatcherslast-commit open-issues closed-issues
Checkov https://github.com/bridgecrewio/checkov Terraform static analysis written in python stars contributorswatcherslast-commit open-issues closed-issues
pytest-services https://github.com/mozilla-services/pytest-services Unit testing framework for test driven security of AWS configurations and more stars contributorswatcherslast-commit open-issues closed-issues
IAM Least-Privileged Role Generator https://github.com/puresec/serverless-puresec-cli A Serverless framework plugin that statically analyzes AWS Lambda function code and automagically generates least-privileged IAM roles. stars contributorswatcherslast-commit open-issues closed-issues
AWS Vault https://github.com/99designs/aws-vault A vault for securely storing and accessing AWS credentials in development environments stars contributorswatcherslast-commit open-issues closed-issues
AWS Service Control Policies https://github.com/jchrisfarris/aws-service-control-policies Collection of semi-useful Service Control Policies and scripts to manage them stars contributorswatcherslast-commit open-issues closed-issues
Half-Life https://github.com/Skyscanner/halflife AWS Lambda auditing tool that provides a meaningful overview in terms of statistical analysis AWS service dependencies and configuration checks from the security perspective stars contributorswatcherslast-commit open-issues closed-issues
Terraform-compliance https://github.com/eerkunt/terraform-compliance A lightweight security focused BDD test framework against terraform (with helpful code for AWS) stars contributorswatcherslast-commit open-issues closed-issues
Get a List of AWS Managed Policies https://github.com/RyPeck/aws_managed_policies a way to get a list of all AWS managed policies stars contributorswatcherslast-commit open-issues closed-issues
Parliament https://github.com/duo-labs/parliament AWS IAM linting library stars contributorswatcherslast-commit open-issues closed-issues
AWS-ComplianceMachineDontStop https://github.com/jonrau1/AWS-ComplianceMachineDontStop Proof of Value Terraform Scripts to utilize Amazon Web Services (AWS) Security Identity & Compliance Services to Support your AWS Account Security Posture stars contributorswatcherslast-commit open-issues closed-issues

S3 Buckets Auditing

Name URL Description Popularity Metadata
sandcastle https://github.com/Parasimpaticki/sandcastle stars contributorswatcherslast-commit open-issues closed-issues
mass3 https://github.com/smiegles/mass3 stars contributorswatcherslast-commit open-issues closed-issues
s3enum https://github.com/koenrh/s3enum stars contributorswatcherslast-commit open-issues closed-issues
teh_s3_bucketeers https://github.com/tomdev/teh_s3_bucketeers stars contributorswatcherslast-commit open-issues closed-issues
BuQuikker https://github.com/Quikko/BuQuikker stars contributorswatcherslast-commit open-issues closed-issues
bucket-stream https://github.com/eth0izzle/bucket-stream stars contributorswatcherslast-commit open-issues closed-issues
s3-buckets-finder https://github.com/gwen001/s3-buckets-finder stars contributorswatcherslast-commit open-issues closed-issues
s3find https://github.com/aaparmeggiani/s3find stars contributorswatcherslast-commit open-issues closed-issues
slurp https://github.com/bbb31/slurp stars contributorswatcherslast-commit open-issues closed-issues
slurp-robbie https://github.com/random-robbie/slurp stars contributorswatcherslast-commit open-issues closed-issues
s3-inspector https://github.com/kromtech/s3-inspector stars contributorswatcherslast-commit open-issues closed-issues
s3-fuzzer https://github.com/pbnj/s3-fuzzer stars contributorswatcherslast-commit open-issues closed-issues
AWSBucketDump https://github.com/jordanpotti/AWSBucketDump stars contributorswatcherslast-commit open-issues closed-issues
s3scan https://github.com/bear/s3scan stars contributorswatcherslast-commit open-issues closed-issues
S3Scanner https://github.com/sa7mon/S3Scanner stars contributorswatcherslast-commit open-issues closed-issues
s3finder https://github.com/magisterquis/s3finder stars contributorswatcherslast-commit open-issues closed-issues
S3Scan https://github.com/abhn/S3Scan stars contributorswatcherslast-commit open-issues closed-issues
s3-meta https://github.com/whitfin/s3-meta stars contributorswatcherslast-commit open-issues closed-issues
S3PublicBucketsCheck https://github.com/vr00n/Amazon-Web-Shenanigans stars contributorswatcherslast-commit open-issues closed-issues
bucket_finder https://github.com/FishermansEnemy/bucket_finder stars contributorswatcherslast-commit open-issues closed-issues
inSp3ctor https://github.com/brianwarehime/inSp3ctor stars contributorswatcherslast-commit open-issues closed-issues
bucketcat https://github.com/Atticuss/bucketcat stars contributorswatcherslast-commit open-issues closed-issues
aws-s3-bruteforce https://github.com/Ucnt/aws-s3-bruteforce stars contributorswatcherslast-commit open-issues closed-issues
lazys3 https://github.com/nahamsec/lazys3 stars contributorswatcherslast-commit open-issues closed-issues
BucketScanner https://github.com/securing/BucketScanner stars contributorswatcherslast-commit open-issues closed-issues
aws-externder-cli https://github.com/VirtueSecurity/aws-extender-cli stars contributorswatcherslast-commit open-issues closed-issues

Training

Name URL Description Popularity Metadata
Flaws.cloud https://github.com/flaws.cloud flAWS challenge to learn through a series of levels about common mistakes and gotchas when using AWS
Flaws2.cloud https://github.com/flaws2.cloud flAWS 2 has two paths this time Attacker and Defender! In the Attacker path you'll exploit your way through misconfigurations in serverless (Lambda) and containers (ECS Fargate). In the Defender path that target is now viewed as the victim and you'll work as an incident responder for that same app understanding how an attack happened
CloudGoat https://github.com/RhinoSecurityLabs/cloudgoat Vulnerable by Design AWS infrastructure setup tool stars contributorswatcherslast-commit open-issues closed-issues
dvca https://github.com/m6a-UdS/dvca Damn Vulnerable Cloud Application more info stars contributorswatcherslast-commit open-issues closed-issues
AWSDetonationLab https://github.com/sonofagl1tch/AWSDetonationLab Scripts and templates to generate some basic detections of the AWS security services stars contributorswatcherslast-commit open-issues closed-issues
OWASPServerlessGoat https://github.com/OWASP/Serverless-Goat OWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda serverless application maintained by OWASP for educational purposes. Single click installation through the AWS Serverless Application Repository. stars contributorswatcherslast-commit open-issues closed-issues
Sadcloud https://github.com/nccgroup/sadcloud A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure stars contributorswatcherslast-commit open-issues closed-issues

Other interesting tools/code

Honey-token:

More Resources:

About

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 87.5%
  • Makefile 12.5%