Skip to content

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

License

Notifications You must be signed in to change notification settings

youngsecurity/aws-arsenal-of-security-tools

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Table of Contents

Contribute

Do you want to contribute to this list? Feel free to send a PR and make sure your tool is Open Source.

Name Description Popularity Metadata
My Arsenal of AWS Security Tools This list of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. stars contributors watchers last-commit open-issues closed-issues

Defensive: Hardening, Security Assessment and Inventory

Name Description Popularity Metadata
Prowler CIS benchmarks and additional checks for security best practices in AWS (bash and python components) stars contributorswatcherslast-commit open-issues closed-issues
CloudMapper helps you analyze your AWS environments (Python) stars contributorswatcherslast-commit open-issues closed-issues
ScoutSuite Multi-Cloud Security auditing tool for AWS Google Cloud and Azure environments (python) stars contributorswatcherslast-commit open-issues closed-issues
CloudCustodian Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources stars contributorswatcherslast-commit open-issues closed-issues
ICE Ice provides insights from a usage and cost perspective with high detail dashboards. stars contributorswatcherslast-commit open-issues closed-issues
CloudSploit Scans AWS security scanning checks (NodeJS) stars contributorswatcherslast-commit open-issues closed-issues
AWS Network Access Analyzer Automation for Amazon VPC Network Access Analyzer to identify all possible Internet Gateway reachability for your resources across all your AWS accounts stars contributorswatcherslast-commit open-issues closed-issues
CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies (Python) stars contributorswatcherslast-commit open-issues closed-issues
AWS Security Benchmarks scripts and templates guidance related to the AWS CIS Foundation framework (Python) stars contributorswatcherslast-commit open-issues closed-issues
AWS Public IPs Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6 Classic/VPC networking and across all AWS services (Ruby) stars contributorswatcherslast-commit open-issues closed-issues
PMapper Advanced and Automated AWS IAM Evaluation (Python) stars contributorswatcherslast-commit open-issues closed-issues
nccgroup AWS-Inventory Make a inventory of all your resources across regions (Python) stars contributorswatcherslast-commit open-issues closed-issues
Resource Counter Counts number of resources in categories across regions stars contributorswatcherslast-commit open-issues closed-issues
SkyArk SkyArk provides advanced discovery and security assessment for the most privileged entities in the tested AWS. stars contributorswatcherslast-commit open-issues closed-issues
Trailblazer AWS Trailblazer AWS determine what AWS API calls are logged by CloudTrail and what they are logged as. You can also use TrailBlazer as an attack simulation framework. stars contributorswatcherslast-commit open-issues closed-issues
Lunar Security auditing tool based on several security frameworks (it does some AWS checks) stars contributorswatcherslast-commit open-issues closed-issues
Cloud-reports Scans your AWS cloud resources and generates reports stars contributorswatcherslast-commit open-issues closed-issues
Pacbot Platform for continuous compliance monitoring compliance reporting and security automation for the cloud stars contributorswatcherslast-commit open-issues closed-issues
cs-suite Integrates tools like Scout2 and Prowler among others stars contributorswatcherslast-commit open-issues closed-issues
aws-key-disabler A small lambda script that will disable access keys older than a given amount of days stars contributorswatcherslast-commit open-issues closed-issues
Antiope AWS Inventory and Compliance Framework stars contributorswatcherslast-commit open-issues closed-issues
Cloud Reports Scans your AWS cloud resources and generates reports and includes security best practices. stars contributorswatcherslast-commit open-issues closed-issues
Terraform AWS Secure Baseline Terraform module to set up your AWS account with the secure stars contributorswatcherslast-commit open-issues closed-issues
ZeusCloud Discover, prioritize, and remediate security risks in your AWS cloud environments. stars contributors watchers last-commit open-issues closed-issues
Cartography Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database. stars contributorswatcherslast-commit open-issues closed-issues
TrailScraper A command-line tool to get valuable information out of AWS CloudTrail stars contributorswatcherslast-commit open-issues closed-issues
Komiser Cloud Environment Inspector analyze and manage cloud cost usage security and governance in one place. stars contributorswatcherslast-commit open-issues closed-issues
Perimeterator AWS perimeter monitoring. Periodically scan internet facing AWS resources to detect misconfigured services stars contributorswatcherslast-commit open-issues closed-issues
PolicySentry IAM Least Privilege Policy Generator auditor and analysis database stars contributorswatcherslast-commit open-issues closed-issues
Zeus AWS Auditing & Hardening Tool stars contributorswatcherslast-commit open-issues closed-issues
janiko71 AWS-inventory Python script for AWS resources inventory stars contributorswatcherslast-commit open-issues closed-issues
awspx A graph-based tool for visualizing effective access and resource relationships in AWS environments stars contributorswatcherslast-commit open-issues closed-issues
clinv DevSecOps command line asset inventory tool stars contributorswatcherslast-commit open-issues closed-issues
aws-gate Enhanced AWS SSM Session manager CLI client stars contributors watchers last-commit open-issues closed-issues
Detecting Credential Compromise Detecting of your compromised credential in AWS stars contributorswatcherslast-commit open-issues closed-issues
AWS-Security-Toolbox (AST) AWS Security Toolbox (Docker Image) for Security Assessments stars contributors watchers last-commit open-issues closed-issues
iam-lint Github action for linting AWS IAM policy documents for correctness and possible security issues stars contributors watchers last-commit open-issues closed-issues
aws-security-viz A tool to visualize aws security groups. stars contributors watchers last-commit open-issues closed-issues
AirIAM Least privilege AWS IAM using Terraform stars contributors watchers last-commit open-issues closed-issues
Cloudsplaining AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report. stars contributors watchers last-commit open-issues closed-issues
iam-policy-generator A simple library to generate IAM policy statements with no need to remember all the actions APIs stars contributors watchers last-commit open-issues closed-issues
SkyWrapper SkyWrapper helps to discover suspicious creation forms and uses of temporary tokens in AWS stars contributors watchers last-commit open-issues closed-issues
aws-recon Multi-threaded AWS inventory collection tool stars contributors watchers last-commit open-issues closed-issues
iam-policies-cli A CLI tool for building simple to complex IAM policies stars contributors watchers last-commit open-issues closed-issues
Aaia AWS Identity and Access Management Visualizer and Anomaly Finder stars contributors watchers last-commit open-issues closed-issues
iam-floyd IAM policy statement generator with fluent interface - Available for Node.js, Python, .Net and Java stars contributors watchers last-commit open-issues closed-issues
rpCheckup AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources. stars contributors watchers last-commit open-issues closed-issues
S3 Exif Cleaner Remove EXIF data from all objects in an S3 bucket stars contributorswatcherslast-commit open-issues closed-issues
Steampipe Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required. (SQL) stars contributorswatcherslast-commit open-issues closed-issues
access-undenied-aws Parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable remediation steps. stars contributors watchers last-commit open-issues closed-issues
Metabadger Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2). stars contributorswatcherslast-commit open-issues closed-issues
AWS-Firewall Factory Deploy, update, and stage your WAFs while managing them centrally via FMS (CDK) stars contributors watchers last-commit open-issues closed-issues
IAMSpy A library that utilises the Z3 prover to attempt to answer questions about AWS IAM. stars contributors watchers last-commit open-issues closed-issues
nuvola Dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax stars contributorswatcherslast-commit open-issues closed-issues
aws-security-architectures Architectures for AWS security. (Detect, Alarm, Macie, etc.) Many architectures will be added in the future. stars contributors watchers last-commit open-issues closed-issues
MetaHub for AWS Security Hub MetaHub is the CLI utility for AWS Security Hub which provides you with extra functionality like grouping your findings by affected reources, executing MetaChecks and MetaTags directly in the affected resource for enriching your findings, filters on top of MetaChecks and MetaTags, different reports like CSV, JSON and HTML, bulk updates, and enriching your findings directly in AWS Security Hub. stars contributors watchers last-commit open-issues closed-issues
Matano Matano is an open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS. stars contributors watchers last-commit open-issues closed-issues
AWSGoat : A Damn Vulnerable AWS Infrastructure AWSGoat is a vulnerable by design AWS infrastructure featuring OWASP Top 10 web application security risks (2021) and AWS service based misconfigurations. stars contributors watchers last-commit open-issues closed-issues

Offensive

Name Description Popularity Metadata
WeirdAAL AWS Attack Library stars contributorswatcherslast-commit open-issues closed-issues
Pacu AWS penetration testing toolkit stars contributorswatcherslast-commit open-issues closed-issues
Cred Scanner A simple file-based scanner to look for potential AWS access and secret keys in files stars contributorswatcherslast-commit open-issues closed-issues
AWS PWN A collection of AWS penetration testing junk stars contributorswatcherslast-commit open-issues closed-issues
Cloudfrunt A tool for identifying misconfigured CloudFront domains stars contributorswatcherslast-commit open-issues closed-issues
Cloudjack Route53/CloudFront Vulnerability Assessment Utility stars contributorswatcherslast-commit open-issues closed-issues
Nimbostratus Tools for fingerprinting and exploiting Amazon cloud infrastructures stars contributorswatcherslast-commit open-issues closed-issues
GitLeaks Audit git repos for secrets stars contributorswatcherslast-commit open-issues closed-issues
TruffleHog Searches through git repositories for high entropy strings and secrets digging deep into commit history stars contributorswatcherslast-commit open-issues closed-issues
DumpsterDiver "Tool to search secrets in various filetypes like keys (e.g. AWS Access Key Azure Share Key or SSH keys) or passwords." stars contributorswatcherslast-commit open-issues closed-issues
Mad-King Proof of Concept Zappa Based AWS Persistence and Attack Platform stars contributorswatcherslast-commit open-issues closed-issues
Cloud-Nuke A tool for cleaning up your cloud accounts by nuking (deleting) all resources within it stars contributorswatcherslast-commit open-issues closed-issues
MozDef - The Mozilla Defense Platform The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers. stars contributorswatcherslast-commit open-issues closed-issues
Lambda-Proxy A bridge between SQLMap and AWS Lambda which lets you use SQLMap to natively test AWS Lambda functions for SQL Injection vulnerabilities. stars contributorswatcherslast-commit open-issues closed-issues
CloudCopy Cloud version of the Shadow Copy attack against domain controllers running in AWS using only the EC2:CreateSnapshot permission stars contributorswatcherslast-commit open-issues closed-issues
enumerate-iam Enumerate the permissions associated with AWS credential set stars contributorswatcherslast-commit open-issues closed-issues
Barq A post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructure stars contributorswatcherslast-commit open-issues closed-issues
CCAT Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments stars contributorswatcherslast-commit open-issues closed-issues
Dufflebag Search exposed EBS volumes for secrets stars contributors watchers last-commit open-issues closed-issues
attack_range A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk stars contributors watchers last-commit open-issues closed-issues
whispers Identify hardcoded secrets and dangerous behaviours stars contributors watchers last-commit open-issues closed-issues
Redboto Red Team AWS Scripts stars contributors watchers last-commit open-issues closed-issues
CloudBrute A tool to find a company (target) infrastructure, files, and apps on the top cloud providers stars contributors watchers last-commit open-issues closed-issues

Purple Teaming & Adversary Emulation

Name Description Popularity Metadata
Stratus Red Team Granular, Actionable Adversary Emulation for the Cloud stars contributors watchers last-commit open-issues closed-issues
Leonidas Automated Attack Simulation in the Cloud complete with detection use cases. stars contributors watchers last-commit open-issues closed-issues
Amazon Guardduty Tester This script is used to generate some basic detections of the GuardDuty service stars contributors watchers last-commit open-issues closed-issues

Continuous Security Auditing

Name Description Popularity Metadata
Security Monkey stars contributorswatcherslast-commit open-issues closed-issues
Krampus stars contributorswatcherslast-commit open-issues closed-issues
Cloud Inquisitor stars contributorswatcherslast-commit open-issues closed-issues
Disable keys after X days stars contributorswatcherslast-commit open-issues closed-issues
Repokid Least Privilege stars contributorswatcherslast-commit open-issues closed-issues
Wazuh CloudTrail module stars contributorswatcherslast-commit open-issues closed-issues
Hammer stars contributorswatcherslast-commit open-issues closed-issues
Streamalert stars contributorswatcherslast-commit open-issues closed-issues
Billing Alerts CFN templates stars contributorswatcherslast-commit open-issues closed-issues
Watchmen AWS account compliance using centrally managed Config Rules stars contributorswatcherslast-commit open-issues closed-issues
ElectricEye Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability stars contributors watchers last-commit open-issues closed-issues
SyntheticSun a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats stars contributors watchers last-commit open-issues closed-issues
CloudQuery cloudquery exposes your cloud configuration and metadata as sql tables, providing powerful analysis and monitoring for compliance and security stars contributorswatcherslast-commit open-issues closed-issues
PrismX Cloud Security Dashboard for AWS - based on ScoutSuite stars contributors watchers last-commit open-issues closed-issues
Falco Threat detection and response for containers, hosts, Kubernetes and the cloud stars contributors watchers last-commit open-issues closed-issues

Digital Forensics and Incident Response

Name Description Popularity Metadata
AWS IR AWS specific Incident Response and Forensics Tool stars contributorswatcherslast-commit open-issues closed-issues
Margaritashotgun Linux memory remote acquisition tool stars contributorswatcherslast-commit open-issues closed-issues
Diffy Triage tool used during cloud-centric security incidents stars contributorswatcherslast-commit open-issues closed-issues
AWS Security Automation AWS scripts and resources for DevSecOps and automated incident response stars contributorswatcherslast-commit open-issues closed-issues
GDPatrol Automated Incident Response based off AWS GuardDuty findings stars contributorswatcherslast-commit open-issues closed-issues
AWSlog Show the history and changes between configuration versions of AWS resources using AWS Config stars contributorswatcherslast-commit open-issues closed-issues
DataCop Automated IR process that mitigates vulnerable AWS S3 buckets that are defined by AWS Macie results. stars contributors watchers last-commit open-issues closed-issues
AWS_Responder AWS Digital Forensic and Incident Response (DFIR) Response Python Scripts stars contributorswatcherslast-commit open-issues closed-issues
SSM-Acquire A python module for orchestrating content acquisitions and analysis via Amazon SSM stars contributorswatcherslast-commit open-issues closed-issues
cloudtrail-partitioner This project sets up partitioned Athena tables for your CloudTrail logs and updates the partitions nightly. Makes CloudTrail logs queries easier. stars contributorswatcherslast-commit open-issues closed-issues
fargate-ir Proof of concept incident response demo using SSM and AWS Fargate. stars contributors watchers last-commit open-issues closed-issues
aws-logsearch Search AWS CloudWatch logs all at once on the command line. stars contributors watchers last-commit open-issues closed-issues
Varna Quick & Cheap AWS CloudTrail Monitoring with Event Query Language (EQL) stars contributors watchers last-commit open-issues closed-issues
aws-auto-remediate Open source application to instantly remediate common security issues through the use of AWS Config stars contributors watchers last-commit open-issues closed-issues
panther-labs Detect threats with log data and improve cloud security posture stars contributors watchers last-commit open-issues closed-issues
aws-incident-response This page is a collection of useful things to look for in CloudTrail using Athena for AWS incident response stars contributors watchers last-commit open-issues closed-issues
cloud-forensics-utils Python library to carry out DFIR analysis on the Cloud stars contributors watchers last-commit open-issues closed-issues
aws-fast-fixes Scripts to quickly fix security and compliance issues stars contributors watchers last-commit open-issues closed-issues

Development Security

Name Description Popularity Metadata
CFN NAG CloudFormation security test (Ruby) stars contributorswatcherslast-commit open-issues closed-issues
Git-secrets stars contributorswatcherslast-commit open-issues closed-issues
Repository of sample Custom Rules for AWS Config stars contributorswatcherslast-commit open-issues closed-issues
CFripper "Lambda function to ""rip apart"" a CloudFormation template and check it for security compliance." stars contributorswatcherslast-commit open-issues closed-issues
Assume A simple CLI utility that makes it easier to switch between different AWS roles stars contributorswatcherslast-commit open-issues closed-issues
Terrascan A collection of security and best practice tests for static code analysis of terraform templates using terraform_validate stars contributorswatcherslast-commit open-issues closed-issues
tfsec Provides static analysis of your terraform templates to spot potential security issues stars contributorswatcherslast-commit open-issues closed-issues
Checkov Terraform, Cloudformation and Kubernetes static analysis written in python stars contributorswatcherslast-commit open-issues closed-issues
Yor Automatically tag and trace infrastructure as code frameworks (Terraform, Cloudformation and Serverless) stars contributorswatcherslast-commit open-issues closed-issues
pytest-services Unit testing framework for test driven security of AWS configurations and more stars contributorswatcherslast-commit open-issues closed-issues
IAM Least-Privileged Role Generator A Serverless framework plugin that statically analyzes AWS Lambda function code and automagically generates least-privileged IAM roles. stars contributorswatcherslast-commit open-issues closed-issues
AWS Vault A vault for securely storing and accessing AWS credentials in development environments stars contributorswatcherslast-commit open-issues closed-issues
AWS Service Control Policies Collection of semi-useful Service Control Policies and scripts to manage them stars contributorswatcherslast-commit open-issues closed-issues
Terraform-compliance A lightweight security focused BDD test framework against terraform (with helpful code for AWS) stars contributorswatcherslast-commit open-issues closed-issues
Get a List of AWS Managed Policies a way to get a list of all AWS managed policies stars contributorswatcherslast-commit open-issues closed-issues
Parliament AWS IAM linting library stars contributorswatchers last-commit open-issues closed-issues
AWS-ComplianceMachineDontStop Proof of Value Terraform Scripts to utilize Amazon Web Services (AWS) Security Identity & Compliance Services to Support your AWS Account Security Posture stars contributorswatcherslast-commit open-issues closed-issues
detect-secrets An enterprise friendly way of detecting and preventing secrets in code. stars contributorswatcherslast-commit open-issues closed-issues
tf-parliament Run Parliament AWS IAM Checker on Terraform Files stars contributors watchers last-commit open-issues closed-issues
aws-gate Better AWS SSM Session manager CLI client stars contributors watchers last-commit open-issues closed-issues
iam-lint Github action for linting AWS IAM policy documents for correctness and possible security issues stars contributors watchers last-commit open-issues closed-issues
Regula Regula checks Terraform for AWS security and compliance using Open Policy Agent/Rego stars contributors watchers last-commit open-issues closed-issues
whispers Identify hardcoded secrets and dangerous behaviours stars contributors watchers last-commit open-issues closed-issues
cloudformation-guard A set of tools to check AWS CloudFormation templates for policy compliance using a simple, policy-as-code, declarative syntax. stars contributors watchers last-commit open-issues closed-issues
IAMFinder Enumerates and finds users and IAM roles in a target AWS account stars contributors watchers last-commit open-issues closed-issues
iamlive Generate a basic IAM policy from AWS client-side monitoring (CSM) stars contributors watchers last-commit open-issues closed-issues
aws-allowlister Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks. stars contributors watchers last-commit open-issues closed-issues
Leapp Cross-platform app for managing AWS credentials programmatically, based on Electron stars contributorswatcherslast-commit open-issues closed-issues
KICS Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code stars contributorswatcherslast-commit open-issues closed-issues
SecurityHub CIS Compliance Automator Automatically configure your AWS Account to meet 95% of the 200+ controls for CIS Compliance, PCI DSS Compliance and AWS Security Best Practice stars contributorswatcherslast-commit open-issues closed-issues
SCPkit A SCP management tool that helps condense policies stars contributorswatcherslast-commit open-issues closed-issues

S3 Buckets Auditing

Name Description Popularity Metadata
mass3 enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP with a list of DNS resolvers and multi-threading stars contributorswatcherslast-commit open-issues closed-issues
teh_s3_bucketeers stars contributorswatcherslast-commit open-issues closed-issues
bucket-stream Find interesting Amazon S3 Buckets by watching certificate transparency logs stars contributorswatcherslast-commit open-issues closed-issues
s3-buckets-finder brute force Amazon S3 bucket stars contributorswatcherslast-commit open-issues closed-issues
s3find find S3 public buckets stars contributorswatcherslast-commit open-issues closed-issues
slurp-robbie Enumerate S3 buckets via certstream, domain, or keywords stars contributorswatcherslast-commit open-issues closed-issues
s3-inspector check AWS S3 bucket permissions stars contributorswatcherslast-commit open-issues closed-issues
s3-fuzzer stars contributorswatcherslast-commit open-issues closed-issues
AWSBucketDump Look For Interesting Files in S3 Buckets stars contributorswatcherslast-commit open-issues closed-issues
s3scan scan s3 buckets for security issues stars contributorswatcherslast-commit open-issues closed-issues
S3Scanner Scan for open AWS S3 buckets and dump the contents stars contributorswatcherslast-commit open-issues closed-issues
s3finder open S3 bucket finder stars contributorswatcherslast-commit open-issues closed-issues
S3Scan spider a website and find publicly open S3 buckets stars contributorswatcherslast-commit open-issues closed-issues
s3-meta Gather metadata about your S3 buckets stars contributorswatcherslast-commit open-issues closed-issues
s3-utils Utilities and tools based around Amazon S3 to provide convenience APIs in a CLI stars contributorswatcherslast-commit open-issues closed-issues
S3PublicBucketsCheck A lambda function that checks your account for Public buckets and emails you whenever a new public s3 bucket is created stars contributorswatcherslast-commit open-issues closed-issues
bucket_finder Amazon bucket brute force tool stars contributorswatcherslast-commit open-issues closed-issues
inSp3ctor AWS S3 Bucket/Object Finder stars contributorswatcherslast-commit open-issues closed-issues
bucketcat Brute-forces objects within a given bucket using Hashcat mask-like syntax stars contributorswatcherslast-commit open-issues closed-issues
aws-s3-data-finder AWS S3 Sensitive Data Search stars contributorswatcherslast-commit open-issues closed-issues
lazys3 bruteforce AWS s3 buckets using different permutations stars contributorswatcherslast-commit open-issues closed-issues
BucketScanner Test objects' permissions in AWS buckets stars contributorswatcherslast-commit open-issues closed-issues
aws-externder-cli Test S3 buckets as well as Google Storage buckets and Azure Storage containers to find interesting files stars contributorswatcherslast-commit open-issues closed-issues
festin S3 bucket weakness discovery stars contributors watchers last-commit open-issues closed-issues
S3Insights a platform for efficiently deriving security insights about S3 data through metadata analysis stars contributors watchers last-commit open-issues closed-issues
s3_objects_check Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files. stars contributors watchers last-commit open-issues closed-issues

Training

Name Description Popularity Metadata
Flaws.cloud flAWS challenge to learn through a series of levels about common mistakes and gotchas when using AWS
Flaws2.cloud flAWS 2 has two paths this time Attacker and Defender! In the Attacker path you'll exploit your way through misconfigurations in serverless (Lambda) and containers (ECS Fargate). In the Defender path that target is now viewed as the victim and you'll work as an incident responder for that same app understanding how an attack happened
CloudGoat Vulnerable by Design AWS infrastructure setup tool stars contributorswatcherslast-commit open-issues closed-issues
dvca Damn Vulnerable Cloud Application more info stars contributorswatcherslast-commit open-issues closed-issues
AWSDetonationLab Scripts and templates to generate some basic detections of the AWS security services stars contributorswatcherslast-commit open-issues closed-issues
OWASPServerlessGoat OWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda serverless application maintained by OWASP for educational purposes. Single click installation through the AWS Serverless Application Repository. stars contributorswatcherslast-commit open-issues closed-issues
Sadcloud A tool for spinning up insecure AWS infrastructure with Terraform. It supports approx. 84 misconfigurations across 22 AWS Services. stars contributorswatcherslast-commit open-issues closed-issues
BigOrange Actions Paste your IAM Policy and get a list of Actions it can effectively perform
IncidentResponseGenerator Incident response generator for training classes stars contributorswatcherslast-commit open-issues closed-issues
Breaking and Pwning Apps and Servers on AWS and Azure Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training! stars contributorswatcherslast-commit open-issues closed-issues
terragoat "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments. stars contributors watchers last-commit open-issues closed-issues
cfngoat "Vulnerable by Design" cloudformation repository. CfnGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments. stars contributors watchers last-commit open-issues closed-issues
CDKgoat "Vulnerable by Design" AWS CDK repository. CDKGoat is a learning and training project that demonstrates how common configuration errors can find their way into impartive IAC such as AWS CDK. stars contributors watchers last-commit open-issues closed-issues
aws_exposable_resources Resource types that can be publicly exposed on AWS stars contributors watchers last-commit open-issues closed-issues
IAM Vulnerable Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground stars contributors watchers last-commit open-issues closed-issues
PenTesting.Cloud Free AWS Security Labs - CTF Style

Other interesting tools/code

Honey-token:

More Resources:

About

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 87.9%
  • Makefile 12.1%