kmcquade
Founder/CTO @nvsecurity. I build security testing tools, mostly around AppSec, CloudSec, and AWS. Author of Cloudsplaining and Endgame.
NightVision Securityus-east-1
Pinned Repositories
endgame
An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈
awesome-azure-security
A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources.
aws-security-scripts
Some python scripts I wrote that help with various specialized AWS security things
conftest-terraform-multifolder-policies
Example of how to write OPA rules with conftest in a modular fashion for Terraform 0.12 plans.
OWASP-YouTube-2021
Deliberately vulnerable AWS resources for security assessment demos
terraform-aws-policy-sentry
Terraform module for Policy Sentry.
cloud-guardrails
Rapidly apply hundreds of security controls in Azure
cloudsplaining
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
policy_sentry
IAM Least Privilege Policy Generator
kmcquade's Repositories
kmcquade/terraform-aws-policy-sentry
Terraform module for Policy Sentry.
kmcquade/terraform-deployment-pentesting
Bits of Terraform that you can use to do bad things in CI/CD pipelines that run Terraform
kmcquade/get-account-authorization-details
Simple boto3 script that runs `aws iam get-authorization-details` with preconfigured options and stores the results in profilename.json
kmcquade/opa-standard-helper-functions
Stash for tried and true standard helper functions
kmcquade/terraform-azurerm-tfstate-backend
Terraform module that provisions an Azure Storage account to store the `terraform.tfstate` file and a Key Vault to store the customer-managed encryption key
kmcquade/python-security-tool-boilerplate
Boilerplate code for Python based security assessment tools that generate single file HTML reports.
kmcquade/bandit-report-artifacts-json
This is a github action which can make bandit security report of your python project
kmcquade/building-secure-aws-amis-blog-series
This is the code that accompanies my blog post, "Building Secure AWS AMIs."
kmcquade/parliament
AWS IAM linting library
kmcquade/rpCheckup
rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.
kmcquade/tinytoken
A command line tool to generate temporary security credentials via OpenID Connect federation with AWS Cognito IDP.
kmcquade/zap-cli-v2
A simple tool for interacting with OWASP ZAP from the commandline.
kmcquade/zipline
Zipline, a Pythonic Algorithmic Trading Library
kmcquade/CampusQwest-backend
This is the CampusQwest backend and its infrastructure setup
kmcquade/devsecops-cicd
kmcquade/django-DefectDojo
DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
kmcquade/docker-burp-suite-pro
Burp Suite Professional in a Docker container.
kmcquade/github-board-slack-notification-lambda
kmcquade/hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
kmcquade/modulesync_config
configuration for our module sync
kmcquade/moto
A library that allows you to easily mock out tests based on AWS infrastructure.
kmcquade/public-pentesting-reports
Curated list of public penetration test reports released by several consulting firms and academic security groups
kmcquade/python-msi
Python MSI Pod Identity
kmcquade/terraform-aws-dynamodb-kms-key
KMS Key for use with DynamoDB.
kmcquade/terraform-aws-scps
kmcquade/terraform-provider-policyguru
Terraform provider for Policyguru.io (IAM least privilege generator and auditor)
kmcquade/tfsec-example-project
A test project with known bad terraform to run tfsec against
kmcquade/tfsec-sarif-action
kmcquade/vuecli-python-demo
WIP. Building out a more sustainable way of managing the Cloudsplaining UI
kmcquade/vulnerabilities
Python framework to manipulate vulnerabilities.