kmcquade
Founder/CTO @nvsecurity. I build security testing tools, mostly around AppSec, CloudSec, and AWS. Author of Cloudsplaining and Endgame.
NightVision Securityus-east-1
Pinned Repositories
endgame
An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈
awesome-azure-security
A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources.
aws-security-scripts
Some python scripts I wrote that help with various specialized AWS security things
conftest-terraform-multifolder-policies
Example of how to write OPA rules with conftest in a modular fashion for Terraform 0.12 plans.
OWASP-YouTube-2021
Deliberately vulnerable AWS resources for security assessment demos
terraform-aws-policy-sentry
Terraform module for Policy Sentry.
cloud-guardrails
Rapidly apply hundreds of security controls in Azure
cloudsplaining
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
policy_sentry
IAM Least Privilege Policy Generator
kmcquade's Repositories
kmcquade/awesome-azure-security
A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources.
kmcquade/cheatsheets.kmcquade.com
Github sync of my cheatsheets.kmcquade.com subdomain
kmcquade/policy_sentry
IAM Least Privilege Policy Generator
kmcquade/powertools-autodoc-proposal
My idea for auto-documenting arguments/input models for Lambda Functions using Lambda Powertools and Pydantic models
kmcquade/pypi-name-hog
Recursively hog namespaces on PyPi according to a YAML file, using GitHub actions.
kmcquade/checkov
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
kmcquade/cloudsplaining
Cloudsplaining is an AWS IAM Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report with a triage worksheet.
kmcquade/ChatGPT
🤖 ChatGPT Desktop Application (Mac, Windows and Linux)
kmcquade/kmcquade
Personal README.md
kmcquade/sleepnumber-github-actions
Use GitHub actions and my Sleep Number bed to wake me up in the morning
kmcquade/django_quiz
This is a configurable quiz app for Django.
kmcquade/zap-extensions
ZAP Add-ons
kmcquade/burpgpt
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.
kmcquade/cancel-draft-prs-action
GitHub Action to check if a PR is a draft
kmcquade/chatgpt-prompts-bug-bounty
ChatGPT Prompts for Bug Bounty & Pentesting
kmcquade/go-example
A minimal Go application for tutorials
kmcquade/install-pipenv-action
A Github action to install pipenv
kmcquade/java-github-actions-demo
kmcquade/langchain-aws-template
Application template for service api using langchain and generative model services
kmcquade/loguru-contextual-info-experiment
A simple experiment with Loguru and how we can pass contextual information to the logger and re-use it easily across the code base.
kmcquade/nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
kmcquade/python-postman
This repository will allow users to create API requests from postman collections at scale.
kmcquade/route-detect
Find authentication (authn) and authorization (authz) security bugs in web application routes.
kmcquade/SecGPT
A Test Project for a Network Security-oriented LLM Tool Emulating AutoGPT
kmcquade/security-crawl-maze
Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.
kmcquade/tmp
kmcquade/tracing-playground
Various examples of distributed tracing in action
kmcquade/VulnLab
kmcquade/xzbot
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
kmcquade/zap-session-issue
Example code for an issue with ZAP where we are not able to see messages in the history tab after loading a session.