hemedga/my-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Defensive (Hardening, Security Assessment, Inventory)

• Scout2: https://github.com/nccgroup/Scout2 - Security auditing tool for AWS environments (Python)
• Prowler: https://github.com/toniblyx/prowler - CIS benchmarks and additional checks for security best practices in AWS (Shell Script)
• CloudSploit: https://github.com/cloudsploit/scans - AWS security scanning checks (NodeJS)
• CloudMapper: https://github.com/duo-labs/cloudmapper - helps you analyze your AWS environments (Python)
• CloudTracker: https://github.com/duo-labs/cloudtracker - helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies (Python)
• AWS Security Benchmarks: https://github.com/awslabs/aws-security-benchmark - scrips and templates guidance related to the AWS CIS Foundation framework (Python)
• AWS Public IPs: https://github.com/arkadiyt/aws_public_ips - Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services (Ruby)
• PMapper: https://github.com/nccgroup/PMapper - Advanced and Automated AWS IAM Evaluation (Python)
• AWS-Inventory: https://github.com/nccgroup/aws-inventory - Make a inventory of all your resources across regions (Python)
• Resource Counter: https://github.com/disruptops/resource-counter - Counts number of resources in categories across regions
• ICE: https://github.com/Teevity/ice - Ice provides insights from a usage and cost perspective, with high detail dashboards.
• SkyArk: https://github.com/cyberark/SkyArk - SkyArk provides advanced discovery and security assessment for the most privileged entities in the tested AWS.
• Trailblazer AWS: https://github.com/willbengtson/trailblazer-aws - Trailblazer AWS, determine what AWS API calls are logged by CloudTrail and what they are logged as. You can also use TrailBlazer as an attack simulation framework.
• Lunar: https://github.com/lateralblast/lunar - Security auditing tool based on several security frameworks (it does some AWS checks)
• Cloud-reports: https://github.com/tensult/cloud-reports - Scans your AWS cloud resources and generates reports

Offensive:

• weirdALL: https://github.com/carnal0wnage/weirdAAL - AWS Attack Library
• Pacu: https://github.com/RhinoSecurityLabs/pacu - AWS penetration testing toolkit
• Cred Scanner: https://github.com/disruptops/cred_scanner
• AWS PWN: https://github.com/dagrz/aws_pwn
• Cloudfrunt: https://github.com/MindPointGroup/cloudfrunt
• Cloudjack: https://github.com/prevade/cloudjack
• Nimbostratus: https://github.com/andresriancho/nimbostratus
• GitLeaks: https://github.com/zricethezav/gitleaks - Audit git repos for secrets
• TruffleHog: https://github.com/dxa4481/truffleHog - Searches through git repositories for high entropy strings and secrets, digging deep into commit history
• DumpsterDiver: https://github.com/securing/DumpsterDiver - Tool to search secrets in various filetypes, like keys (e.g. AWS Access Key, Azure Share Key or SSH keys) or passwords.

Continuous Security Auditing:

• Security Monkey: https://github.com/Netflix/security_monkey
• Krampus (as Security Monkey complement) https://github.com/sendgrid/krampus
• Cloud Inquisitor: https://github.com/RiotGames/cloud-inquisitor
• CloudCustodian: https://github.com/capitalone/cloud-custodian
• Disable keys after X days: https://github.com/te-papa/aws-key-disabler
• Repokid Least Privilege: https://github.com/Netflix/repokid
• Wazuh CloudTrail module: https://documentation.wazuh.com/current/amazon/index.html
• Hammer: https://github.com/dowjones/hammer
• Streamalert: https://github.com/airbnb/streamalert
• Billing Alerts CFN templates: https://github.com/btkrausen/AWS/tree/master/CloudFormation/Billing%20Alerts

DFIR:

• AWS IR: https://github.com/ThreatResponse/aws_ir - AWS specific Incident Response and Forensics Tool
• Margaritashotgun: https://github.com/ThreatResponse/margaritashotgun - Linux memory remote acquisition tool
• LiMEaide: https://kd8bny.github.io/LiMEaide/ - Linux memory remote acquisition tool
• Diffy: https://github.com/Netflix-Skunkworks/diffy - Triage tool used during cloud-centric security incidents
• AWS Security Automation: https://github.com/awslabs/aws-security-automation - AWS scripts and resources for DevSecOps and automated incident response
• GDPatrol: https://github.com/ansorren/GDPatrol - Automated Incident Response based off AWS GuardDuty findings
• AWSlog: https://github.com/jaksi/awslog - Show the history and changes between configuration versions of AWS resources using AWS Config

Development Security:

• CFN NAG: https://github.com/stelligent/cfn_nag - CloudFormation security test (Ruby)
• Git-secrets: https://github.com/awslabs/git-secrets
• Repository of sample Custom Rules for AWS Config: https://github.com/awslabs/aws-config-rules
• asecure.cloud: https://asecure.cloud - A repository of cutomizable AWS security configurations (Cloudformation and CLI templates)
• CFripper: https://github.com/Skyscanner/cfripper/ - Lambda function to "rip apart" a CloudFormation template and check it for security compliance.
• Assume: https://github.com/SanderKnape/assume - A simple CLI utility that makes it easier to switch between different AWS roles
• Terrascan: https://github.com/cesar-rodriguez/terrascan - A collection of security and best practice tests for static code analysis of terraform templates using terraform_validate

S3 Buckets Auditing:

• https://github.com/Parasimpaticki/sandcastle
• https://github.com/smiegles/mass3
• https://github.com/koenrh/s3enum
• https://github.com/tomdev/teh_s3_bucketeers/
• https://github.com/Quikko/BuQuikker (multi threading for teh_s3_bucketeers)
• https://github.com/eth0izzle/bucket-stream
• https://github.com/gwen001/s3-buckets-finder
• https://github.com/aaparmeggiani/s3find
• https://github.com/bbb31/slurp
• https://github.com/random-robbie/slurp
• https://github.com/kromtech/s3-inspector
• https://github.com/petermbenjamin/s3-fuzzer
• https://github.com/jordanpotti/AWSBucketDump
• https://github.com/bear/s3scan
• https://github.com/sa7mon/S3Scanner
• https://github.com/magisterquis/s3finder
• https://github.com/abhn/S3Scan
• https://breachinsider.com/honey-buckets/
• https://www.buckhacker.com [Currently Offline]
• https://www.thebuckhacker.com/
• https://buckets.grayhatwarfare.com/
• https://github.com/whitfin/s3-meta
• https://github.com/vr00n/Amazon-Web-Shenanigans/tree/master/S3PublicBucketCheck
• https://github.com/FishermansEnemy/bucket_finder
• https://github.com/brianwarehime/inSp3ctor
• https://github.com/Atticuss/bucketcat
• https://github.com/Ucnt/aws-s3-bruteforce

Training:

• http://flaws.cloud/
• https://github.com/RhinoSecurityLabs/cloudgoat

Honey-token:

• https://bitbucket.org/asecurityteam/spacecrab
• https://breachinsider.com/honey-buckets/
• https://github.com/0x4D31/honeyLambda
• https://github.com/thinkst/canarytokens-docker

Others:

• https://github.com/nagwww/s3-leaks - a list of some biggest leaks recorded