leppikallio's Stars
OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
iann0036/iamlive
Generate an IAM policy from AWS, Azure, or Google Cloud (GCP) calls using client-side monitoring (CSM) or embedded proxy
dafthack/CloudPentestCheatsheets
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
snyk/driftctl
Detect, track and alert on infrastructure drift
aws/aws-eks-best-practices
A best practices guide for day 2 operations, including operational excellence, security, reliability, performance efficiency, and cost optimization.
BishopFox/cloudfox
Automating situational awareness for cloud penetration tests.
ine-labs/AWSGoat
AWSGoat : A Damn Vulnerable AWS Infrastructure
Noovolari/leapp
Leapp is the DevTool to access your cloud
rootsecdev/Azure-Red-Team
Azure Security Resources and Notes
Ge0rg3/requests-ip-rotator
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
pushsecurity/saas-attacks
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
mivano/azure-cost-cli
CLI tool to perform cost analysis on your Azure subscription
bridgecrewio/yor
Extensible auto-tagger for your IaC files. The ultimate way to link entities in the cloud back to the codified resource which created it.
flosell/trailscraper
A command-line tool to get valuable information out of AWS CloudTrail
ine-labs/AzureGoat
AzureGoat : A Damn Vulnerable Azure Infrastructure
rung/threat-matrix-cicd
Threat matrix for CI/CD Pipeline
SummitRoute/csp_security_mistakes
This repo has been replaced by https://www.cloudvulndb.org
DataDog/guarddog
:snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI and npm packages
RedTeamOperations/RedCloud-OS
RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs)
BloodHoundAD/BARK
BloodHound Attack Research Kit
threatcl/threatcl
Documenting your Threat Models with HCL
hashishrajan/cloud-security-vulnerabilities
List of all the Publicly disclosed vulnerabilities of Public Cloud Provider like Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Oracle Cloud, IBM Cloud etc
OpenCSPM/opencspm
Open Cloud Security Posture Management Engine
iann0036/iam-dataset
A consolidated cloud IAM dataset
rpetrich/patrolaroid
A production-friendly malware scanner for your AWS cloud
xnuinside/omymodels
O!My Models (omymodels) is a library to generate Pydantic, Dataclasses, GinoORM Models, SqlAlchemy ORM, SqlAlchemy Core Table, Models from SQL DDL. And convert one models to another.
benkehoe/aws-assume-role-lib
Assumed role session chaining (with credential refreshing) for boto3
aws/aws-imds-packet-analyzer
darkbitio/gcp-iam-role-permissions
Exports primitive and predefined GCP IAM Roles and their permissions
FishermansEnemy/bucket_finder
Amazon bucket brute force tool