kmcquade
Founder/CTO @nvsecurity. I build security testing tools, mostly around AppSec, CloudSec, and AWS. Author of Cloudsplaining and Endgame.
NightVision Securityus-east-1
Pinned Repositories
endgame
An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈
awesome-azure-security
A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources.
aws-security-scripts
Some python scripts I wrote that help with various specialized AWS security things
conftest-terraform-multifolder-policies
Example of how to write OPA rules with conftest in a modular fashion for Terraform 0.12 plans.
OWASP-YouTube-2021
Deliberately vulnerable AWS resources for security assessment demos
terraform-aws-policy-sentry
Terraform module for Policy Sentry.
cloud-guardrails
Rapidly apply hundreds of security controls in Azure
cloudsplaining
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
policy_sentry
IAM Least Privilege Policy Generator
kmcquade's Repositories
kmcquade/awesome-azure-security
A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources.
kmcquade/cheatsheets.kmcquade.com
Github sync of my cheatsheets.kmcquade.com subdomain
kmcquade/policy_sentry
IAM Least Privilege Policy Generator
kmcquade/powertools-autodoc-proposal
My idea for auto-documenting arguments/input models for Lambda Functions using Lambda Powertools and Pydantic models
kmcquade/pypi-name-hog
Recursively hog namespaces on PyPi according to a YAML file, using GitHub actions.
kmcquade/cloudsplaining
Cloudsplaining is an AWS IAM Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report with a triage worksheet.
kmcquade/kmcquade
Personal README.md
kmcquade/sleepnumber-github-actions
Use GitHub actions and my Sleep Number bed to wake me up in the morning
kmcquade/rick
Rick roll visitors with a GitHub pages site redirect
kmcquade/security-crawl-maze
Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.
kmcquade/zap-extensions
ZAP Add-ons
kmcquade/cancel-draft-prs-action
GitHub Action to check if a PR is a draft
kmcquade/dvcsa
Damn Vulnerable C# (Asp.Net core) application
kmcquade/flask-app
kmcquade/go-example
A minimal Go application for tutorials
kmcquade/GraphQLer
🔍A dependency-aware GraphQL API fuzzing tool
kmcquade/install-pipenv-action
A Github action to install pipenv
kmcquade/loguru-contextual-info-experiment
A simple experiment with Loguru and how we can pass contextual information to the logger and re-use it easily across the code base.
kmcquade/my-bloody-jenkins
Self Configured Jenkins Docker image based on Jenkins-LTS
kmcquade/nightvision-cli
kmcquade/otel-lambda-failure-example
An example repository to demonstrate an issue for the aws-otel-collector maintainers.
kmcquade/python-postman
This repository will allow users to create API requests from postman collections at scale.
kmcquade/route-detect
Find authentication (authn) and authorization (authz) security bugs in web application routes.
kmcquade/SecGPT
A Test Project for a Network Security-oriented LLM Tool Emulating AutoGPT
kmcquade/sectemplates
Open source templates you can use to bootstrap your security programs
kmcquade/tmp
kmcquade/tracing-playground
Various examples of distributed tracing in action
kmcquade/VulnLab
kmcquade/xzbot
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
kmcquade/zap-session-issue
Example code for an issue with ZAP where we are not able to see messages in the history tab after loading a session.