Do you want to contribute to this list? Feel free to send a PR and make sure your tool is Open Source.
Name | URL | Description | Popularity | Metadata |
---|---|---|---|---|
My Arsenal of AWS Security Tools | https://github.com/toniblyx/my-arsenal-of-aws-security-tools | This list of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. |
Name | URL | Description | Popularity | Metadata |
---|---|---|---|---|
ScoutSuite | https://github.com/nccgroup/ScoutSuite | Multi-Cloud Security auditing tool for AWS Google Cloud and Azure environments (python) | ||
Prowler | https://github.com/toniblyx/prowler | CIS benchmarks and additional checks for security best practices in AWS (bash and python components) | ||
CloudSploit Scans | https://github.com/cloudsploit/scans | AWS security scanning checks (NodeJS) | ||
CloudMapper | https://github.com/duo-labs/cloudmapper | helps you analyze your AWS environments (Python) | ||
CloudTracker | https://github.com/duo-labs/cloudtracker | helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies (Python) | ||
AWS Security Benchmarks | https://github.com/awslabs/aws-security-benchmark | scripts and templates guidance related to the AWS CIS Foundation framework (Python) | ||
AWS Public IPs | https://github.com/arkadiyt/aws_public_ips | Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6 Classic/VPC networking and across all AWS services (Ruby) | ||
PMapper | https://github.com/nccgroup/PMapper | Advanced and Automated AWS IAM Evaluation (Python) | ||
nccgroup AWS-Inventory | https://github.com/nccgroup/aws-inventory | Make a inventory of all your resources across regions (Python) | ||
Resource Counter | https://github.com/disruptops/resource-counter | Counts number of resources in categories across regions | ||
ICE | https://github.com/Teevity/ice | Ice provides insights from a usage and cost perspective with high detail dashboards. | ||
SkyArk | https://github.com/cyberark/SkyArk | SkyArk provides advanced discovery and security assessment for the most privileged entities in the tested AWS. | ||
Trailblazer AWS | https://github.com/willbengtson/trailblazer-aws | Trailblazer AWS determine what AWS API calls are logged by CloudTrail and what they are logged as. You can also use TrailBlazer as an attack simulation framework. | ||
Lunar | https://github.com/lateralblast/lunar | Security auditing tool based on several security frameworks (it does some AWS checks) | ||
Cloud-reports | https://github.com/tensult/cloud-reports | Scans your AWS cloud resources and generates reports | ||
Pacbot | https://github.com/tmobile/pacbot | Platform for continuous compliance monitoring compliance reporting and security automation for the cloud | ||
cs-suite | https://github.com/SecurityFTW/cs-suite | Integrates tools like Scout2 and Prowler among others | ||
aws-key-disabler | https://github.com/te-papa/aws-key-disabler | A small lambda script that will disable access keys older than a given amount of days | ||
Antiope | https://github.com/turnerlabs/antiope | AWS Inventory and Compliance Framework | ||
Cloud Reports | https://github.com/tensult/cloud-reports | Scans your AWS cloud resources and generates reports and includes security best practices. | ||
Terraform AWS Secure Baseline | https://github.com/nozaq/terraform-aws-secure-baseline | Terraform module to set up your AWS account with the secure | ||
Cartography | https://github.com/lyft/cartography | Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database. | ||
TrailScraper | https://github.com/flosell/trailscraper | A command-line tool to get valuable information out of AWS CloudTrail | ||
LambdaGuard | https://github.com/Skyscanner/LambdaGuard | An AWS Lambda auditing tool designed to create asset visibility and provide actionable results. | ||
Komiser | https://github.com/mlabouardy/komiser | Cloud Environment Inspector nalyze and manage cloud cost usage security and governance in one place. | ||
Perimeterator | https://github.com/darkarnium/perimeterator | AWS perimeter monitoring. Periodically scan internet facing AWS resources to detect misconfigured services | ||
PolicySentry | https://github.com/salesforce/policy_sentry | IAM Least Privilege Policy Generator auditor and analysis database | ||
Zeus | https://github.com/DenizParlak/Zeus | AWS Auditing & Hardening Tool | ||
janiko71 AWS-inventory | https://github.com/janiko71/aws-inventory | Python script for AWS resources inventory | ||
awspx | https://github.com/fsecurelabs/awspx | A graph-based tool for visualizing effective access and resource relationships in AWS environments |
Name | URL | Description | Popularity | Metadata |
---|---|---|---|---|
weirdALL | https://github.com/carnal0wnage/weirdAAL | AWS Attack Library | ||
Pacu | https://github.com/RhinoSecurityLabs/pacu | AWS penetration testing toolkit | ||
Cred Scanner | https://github.com/disruptops/cred_scanner | A simple file-based scanner to look for potential AWS access and secret keys in files | ||
AWS PWN | https://github.com/dagrz/aws_pwn | A collection of AWS penetration testing junk | ||
Cloudfrunt | https://github.com/MindPointGroup/cloudfrunt | A tool for identifying misconfigured CloudFront domains | ||
Cloudjack | https://github.com/prevade/cloudjack | Route53/CloudFront Vulnerability Assessment Utility | ||
Nimbostratus | https://github.com/andresriancho/nimbostratus | Tools for fingerprinting and exploiting Amazon cloud infrastructures | ||
GitLeaks | https://github.com/zricethezav/gitleaks | Audit git repos for secrets | ||
TruffleHog | https://github.com/dxa4481/truffleHog | Searches through git repositories for high entropy strings and secrets digging deep into commit history | ||
DumpsterDiver | https://github.com/securing/DumpsterDiver | "Tool to search secrets in various filetypes like keys (e.g. AWS Access Key Azure Share Key or SSH keys) or passwords." | ||
Mad-King | https://github.com/ThreatResponse/mad-king | Proof of Concept Zappa Based AWS Persistence and Attack Platform | ||
Cloud-Nuke | https://github.com/gruntwork-io/cloud-nuke | A tool for cleaning up your cloud accounts by nuking (deleting) all resources within it | ||
MozDef - The Mozilla Defense Platform | https://github.com/mozilla/MozDef | The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers. | ||
Lambda-Proxy | https://github.com/puresec/lambda-proxy | A bridge between SQLMap and AWS Lambda which lets you use SQLMap to natively test AWS Lambda functions for SQL Injection vulnerabilities. | ||
CloudCopy | https://github.com/Static-Flow/CloudCopy | Cloud version of the Shadow Copy attack against domain controllers running in AWS using only the EC2:CreateSnapshot permission | ||
enumerate-iam | https://github.com/andresriancho/enumerate-iam | Enumerate the permissions associated with AWS credential set | ||
Barq | https://github.com/Voulnet/barq | A post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructure |
Name | URL | Description | Popularity | Metadata |
---|---|---|---|---|
Security Monkey | https://github.com/Netflix/security_monkey | |||
Krampus | https://github.com/sendgrid/krampus | |||
Cloud Inquisitor | https://github.com/RiotGames/cloud-inquisitor | |||
CloudCustodian | https://github.com/capitalone/cloud-custodian | |||
Disable keys after X days | https://github.com/te-papa/aws-key-disabler | |||
Repokid Least Privilege | https://github.com/Netflix/repokid | |||
Wazuh CloudTrail module | https://github.com/wazuh/wazuh | |||
Hammer | https://github.com/dowjones/hammer | |||
Streamalert | https://github.com/airbnb/streamalert | |||
Billing Alerts CFN templates | https://github.com/btkrausen/AWS | |||
Watchmen | https://github.com/iagcl/watchmen | AWS account compliance using centrally managed Config Rules |
Name | URL | Description | Popularity | Metadata |
---|---|---|---|---|
AWS IR | https://github.com/ThreatResponse/aws_ir | AWS specific Incident Response and Forensics Tool | ||
Margaritashotgun | https://github.com/ThreatResponse/margaritashotgun | Linux memory remote acquisition tool | ||
Diffy | https://github.com/Netflix-Skunkworks/diffy | Triage tool used during cloud-centric security incidents | ||
AWS Security Automation | https://github.com/awslabs/aws-security-automation | AWS scripts and resources for DevSecOps and automated incident response | ||
GDPatrol | https://github.com/ansorren/GDPatrol | Automated Incident Response based off AWS GuardDuty findings | ||
AWSlog | https://github.com/jaksi/awslog | Show the history and changes between configuration versions of AWS resources using AWS Config | ||
AWS_Responder | https://github.com/prolsen/aws_responder | AWS Digital Forensic and Incident Response (DFIR) Response Python Scripts | ||
SSM-Acquire | https://github.com/mozilla/ssm-acquire | A python module for orchestrating content acquisitions and analysis via Amazon SSM | ||
cloudtrail-partitioner | https://github.com/duo-labs/cloudtrail-partitioner | This project sets up partitioned Athena tables for your CloudTrail logs and updates the partitions nightly. Makes CloudTrail logs queries easier. |
Name | URL | Description | Popularity | Metadata |
---|---|---|---|---|
CFN NAG | https://github.com/stelligent/cfn_nag | CloudFormation security test (Ruby) | ||
Git-secrets | https://github.com/awslabs/git-secrets | |||
Repository of sample Custom Rules for AWS Config | https://github.com/awslabs/aws-config-rules | |||
CFripper | https://github.com/Skyscanner/cfripper | "Lambda function to ""rip apart"" a CloudFormation template and check it for security compliance." | ||
Assume | https://github.com/SanderKnape/assume | A simple CLI utility that makes it easier to switch between different AWS roles | ||
Terrascan | https://github.com/cesar-rodriguez/terrascan | A collection of security and best practice tests for static code analysis of terraform templates using terraform_validate | ||
tfsec | https://github.com/liamg/tfsec | Provides static analysis of your terraform templates to spot potential security issues | ||
Checkov | https://github.com/bridgecrewio/checkov | Terraform static analysis written in python | ||
pytest-services | https://github.com/mozilla-services/pytest-services | Unit testing framework for test driven security of AWS configurations and more | ||
IAM Least-Privileged Role Generator | https://github.com/puresec/serverless-puresec-cli | A Serverless framework plugin that statically analyzes AWS Lambda function code and automagically generates least-privileged IAM roles. | ||
AWS Vault | https://github.com/99designs/aws-vault | A vault for securely storing and accessing AWS credentials in development environments | ||
AWS Service Control Policies | https://github.com/jchrisfarris/aws-service-control-policies | Collection of semi-useful Service Control Policies and scripts to manage them | ||
Half-Life | https://github.com/Skyscanner/halflife | AWS Lambda auditing tool that provides a meaningful overview in terms of statistical analysis AWS service dependencies and configuration checks from the security perspective | ||
Terraform-compliance | https://github.com/eerkunt/terraform-compliance | A lightweight security focused BDD test framework against terraform (with helpful code for AWS) | ||
Get a List of AWS Managed Policies | https://github.com/RyPeck/aws_managed_policies | a way to get a list of all AWS managed policies | ||
Parliament | https://github.com/duo-labs/parliament | AWS IAM linting library | ||
AWS-ComplianceMachineDontStop | https://github.com/jonrau1/AWS-ComplianceMachineDontStop | Proof of Value Terraform Scripts to utilize Amazon Web Services (AWS) Security Identity & Compliance Services to Support your AWS Account Security Posture |
Name | URL | Description | Popularity | Metadata |
---|---|---|---|---|
Flaws.cloud | https://github.com/flaws.cloud | flAWS challenge to learn through a series of levels about common mistakes and gotchas when using AWS | ||
Flaws2.cloud | https://github.com/flaws2.cloud | flAWS 2 has two paths this time Attacker and Defender! In the Attacker path you'll exploit your way through misconfigurations in serverless (Lambda) and containers (ECS Fargate). In the Defender path that target is now viewed as the victim and you'll work as an incident responder for that same app understanding how an attack happened | ||
CloudGoat | https://github.com/RhinoSecurityLabs/cloudgoat | Vulnerable by Design AWS infrastructure setup tool | ||
dvca | https://github.com/m6a-UdS/dvca | Damn Vulnerable Cloud Application more info | ||
AWSDetonationLab | https://github.com/sonofagl1tch/AWSDetonationLab | Scripts and templates to generate some basic detections of the AWS security services | ||
OWASPServerlessGoat | https://github.com/OWASP/Serverless-Goat | OWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda serverless application maintained by OWASP for educational purposes. Single click installation through the AWS Serverless Application Repository. | ||
Sadcloud | https://github.com/nccgroup/sadcloud | A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure |
Honey-token:
- https://bitbucket.org/asecurityteam/spacecrab
- https://breachinsider.com/honey-buckets/
- https://github.com/0x4D31/honeyLambda
- https://github.com/thinkst/canarytokens-docker
More Resources:
- asecure.cloud https://github.com/asecure.cloud A repository of cutomizable AWS security configurations (Cloudformation and CLI templates)
- s3-leaks https://github.com/nagwww/s3-leaks - a list of some biggest leaks recorded
- Model Risk AWS https://magoo.github.io/model-risk-aws/ - POC about probabilistic risk model for AWS
- asecure.cloud https://asecure.cloud/ - a great place for security resources regarding AWS Security.
- hoenybuckets https://github.com/honey-buckets/
- thebuckhacker https://github.com/thebuckhacker
- buckets.grayhatwarfare https://github.com/buckets.grayhatwarfare